-# Copyright (C) 2014 Simo Sorce <simo@redhat.com>
-#
-# see file 'COPYING' for use and warranty information
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
+# Copyright (C) 2014 Ipsilon project Contributors, for license see COPYING
import logging
import pwd
import os
import socket
import subprocess
-import sys
from ipsilon.helpers.common import EnvHelpersInstaller
# Check if we already have a keytab for HTTP
if 'gssapi_httpd_keytab' in opts:
msg = "Searching for keytab in: %s" % opts['gssapi_httpd_keytab']
- print >> sys.stdout, msg,
if os.path.exists(opts['gssapi_httpd_keytab']):
- print >> sys.stdout, "... Found!"
+ logger.info(msg + "... Found!")
return
else:
- print >> sys.stdout, "... Not found!"
+ logger.info(msg + "... Not found!")
msg = "Searching for keytab in: %s" % HTTPD_IPA_KEYTAB
- print >> sys.stdout, msg,
if os.path.exists(HTTPD_IPA_KEYTAB):
opts['gssapi_httpd_keytab'] = HTTPD_IPA_KEYTAB
- print >> sys.stdout, "... Found!"
+ logger.info(msg + "... Found!")
return
else:
- print >> sys.stdout, "... Not found!"
+ logger.info(msg + "... Not found!")
us = socket.gethostname()
princ = 'HTTP/%s@%s' % (us, self.realm)
api.Backend.rpcclient.connect()
logger.debug('Try RPC connection')
api.Backend.rpcclient.forward('ping')
- print >> sys.stdout, "... Succeeded!"
+ logger.debug("... Succeeded!")
except ipaerrors.KerberosError as e:
- print >> sys.stderr, NO_CREDS_FOR_KEYTAB
logger.error('Invalid credentials: [%s]', repr(e))
if api.Backend.rpcclient.isconnected():
api.Backend.rpcclient.disconnect()
raise Exception('Invalid credentials: [%s]' % e)
except ipaerrors.PublicError as e:
- print >> sys.stderr, "Can't connect to any IPA server"
logger.error(
'Cannot connect to the server due to generic error: %s', e)
if api.Backend.rpcclient.isconnected():
except ipaerrors.DuplicateEntry:
logger.debug('Principal %s already exists', princ)
except ipaerrors.NotFound as e:
- print >> sys.stderr, "%s" % e
logger.error('%s', e)
raise Exception('%s' % e)
except ipaerrors.ACIError as e:
- print >> sys.stderr, NO_CREDS_FOR_KEYTAB
- logger.error('Invalid credentials: [%s]', repr(e))
+ logger.error(NO_CREDS_FOR_KEYTAB)
+ logger.debug('Invalid credentials: [%s]', repr(e))
raise Exception('Invalid credentials: [%s]' % e)
finally:
server = api.Backend.rpcclient.api.env.server
try:
msg = "Trying to fetch keytab[%s] for %s" % (
opts['gssapi_httpd_keytab'], princ)
- print >> sys.stdout, msg,
+ logger.info(msg)
subprocess.check_output([IPA_GETKEYTAB,
'-s', server, '-p', princ,
'-k', opts['gssapi_httpd_keytab']],
stderr=subprocess.STDOUT)
except subprocess.CalledProcessError, e:
# unfortunately this one is fatal
- print >> sys.stderr, FAILED_TO_GET_KEYTAB
+ logger.error(FAILED_TO_GET_KEYTAB)
logger.info('Error trying to get HTTP keytab:')
logger.info('Cmd> %s\n%s', e.cmd, e.output)
raise Exception('Missing keytab: [%s]' % e)
pw = pwd.getpwnam(HTTPD_USER)
os.chown(opts['gssapi_httpd_keytab'], pw.pw_uid, pw.pw_gid)
- def configure_server(self, opts):
+ def configure_server(self, opts, changes):
if opts['ipa'] != 'yes' and opts['ipa'] != 'auto':
return
if opts['ipa'] != 'yes' and opts['gssapi'] == 'no':
projects / cascardo / ipsilon.git / blobdiff