X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fipsilon.git;a=blobdiff_plain;f=ipsilon%2Fhelpers%2Fipa.py;h=e6f87e8c8604167b10c2246f12d4ba108af17c32;hp=531e9b24e0233280d8062c9cfd3e2d1c9b5d4378;hb=aa5dc3b417db962a075a092d0d3528010c1059f7;hpb=8236943374c978a8f9dc6142daac58ee0201f991

diff --git a/ipsilon/helpers/ipa.py b/ipsilon/helpers/ipa.py
index 531e9b2..e6f87e8 100644
--- a/ipsilon/helpers/ipa.py
+++ b/ipsilon/helpers/ipa.py
@@ -20,7 +20,6 @@ import pwd
 import os
 import socket
 import subprocess
-import sys
 
 from ipsilon.helpers.common import EnvHelpersInstaller
 
@@ -93,23 +92,21 @@ class Installer(EnvHelpersInstaller):
                 raise Exception('No IPA tools found!')
 
         # Check if we already have a keytab for HTTP
-        if 'krb_httpd_keytab' in opts:
-            msg = "Searching for keytab in: %s" % opts['krb_httpd_keytab']
-            print >> sys.stdout, msg,
-            if os.path.exists(opts['krb_httpd_keytab']):
-                print >> sys.stdout, "... Found!"
+        if 'gssapi_httpd_keytab' in opts:
+            msg = "Searching for keytab in: %s" % opts['gssapi_httpd_keytab']
+            if os.path.exists(opts['gssapi_httpd_keytab']):
+                logger.info(msg + "... Found!")
                 return
             else:
-                print >> sys.stdout, "... Not found!"
+                logger.info(msg + "... Not found!")
 
         msg = "Searching for keytab in: %s" % HTTPD_IPA_KEYTAB
-        print >> sys.stdout, msg,
         if os.path.exists(HTTPD_IPA_KEYTAB):
-            opts['krb_httpd_keytab'] = HTTPD_IPA_KEYTAB
-            print >> sys.stdout, "... Found!"
+            opts['gssapi_httpd_keytab'] = HTTPD_IPA_KEYTAB
+            logger.info(msg + "... Found!")
             return
         else:
-            print >> sys.stdout, "... Not found!"
+            logger.info(msg + "... Not found!")
 
         us = socket.gethostname()
         princ = 'HTTP/%s@%s' % (us, self.realm)
@@ -125,15 +122,13 @@ class Installer(EnvHelpersInstaller):
             api.Backend.rpcclient.connect()
             logger.debug('Try RPC connection')
             api.Backend.rpcclient.forward('ping')
-            print >> sys.stdout, "... Succeeded!"
+            logger.debug("... Succeeded!")
         except ipaerrors.KerberosError as e:
-            print >> sys.stderr, NO_CREDS_FOR_KEYTAB
             logger.error('Invalid credentials: [%s]', repr(e))
             if api.Backend.rpcclient.isconnected():
                 api.Backend.rpcclient.disconnect()
             raise Exception('Invalid credentials: [%s]' % e)
         except ipaerrors.PublicError as e:
-            print >> sys.stderr, "Can't connect to any IPA server"
             logger.error(
                 'Cannot connect to the server due to generic error: %s', e)
             if api.Backend.rpcclient.isconnected():
@@ -151,14 +146,13 @@ class Installer(EnvHelpersInstaller):
                 version=u'2.0',
             )
         except ipaerrors.DuplicateEntry:
-            logger.debug('Principal %s already exists' % princ)
+            logger.debug('Principal %s already exists', princ)
         except ipaerrors.NotFound as e:
-            print >> sys.stderr, "%s" % e
-            logger.error('%s' % e)
+            logger.error('%s', e)
             raise Exception('%s' % e)
         except ipaerrors.ACIError as e:
-            print >> sys.stderr, NO_CREDS_FOR_KEYTAB
-            logger.error('Invalid credentials: [%s]', repr(e))
+            logger.error(NO_CREDS_FOR_KEYTAB)
+            logger.debug('Invalid credentials: [%s]', repr(e))
             raise Exception('Invalid credentials: [%s]' % e)
         finally:
             server = api.Backend.rpcclient.api.env.server
@@ -167,27 +161,27 @@ class Installer(EnvHelpersInstaller):
 
         try:
             msg = "Trying to fetch keytab[%s] for %s" % (
-                  opts['krb_httpd_keytab'], princ)
-            print >> sys.stdout, msg,
+                  opts['gssapi_httpd_keytab'], princ)
+            logger.info(msg)
             subprocess.check_output([IPA_GETKEYTAB,
                                      '-s', server, '-p', princ,
-                                     '-k', opts['krb_httpd_keytab']],
+                                     '-k', opts['gssapi_httpd_keytab']],
                                     stderr=subprocess.STDOUT)
         except subprocess.CalledProcessError, e:
             # unfortunately this one is fatal
-            print >> sys.stderr, FAILED_TO_GET_KEYTAB
+            logger.error(FAILED_TO_GET_KEYTAB)
             logger.info('Error trying to get HTTP keytab:')
             logger.info('Cmd> %s\n%s', e.cmd, e.output)
             raise Exception('Missing keytab: [%s]' % e)
 
         # Fixup permissions so only the ipsilon user can read these files
         pw = pwd.getpwnam(HTTPD_USER)
-        os.chown(opts['krb_httpd_keytab'], pw.pw_uid, pw.pw_gid)
+        os.chown(opts['gssapi_httpd_keytab'], pw.pw_uid, pw.pw_gid)
 
     def configure_server(self, opts):
         if opts['ipa'] != 'yes' and opts['ipa'] != 'auto':
             return
-        if opts['ipa'] != 'yes' and opts['krb'] == 'no':
+        if opts['ipa'] != 'yes' and opts['gssapi'] == 'no':
             return
 
         self.logger = logging.getLogger()
@@ -196,12 +190,12 @@ class Installer(EnvHelpersInstaller):
 
         self.get_keytab(opts)
 
-        # Forcibly use krb then pam modules
+        # Forcibly use gssapi then pam modules
         if 'lm_order' not in opts:
             opts['lm_order'] = []
-        opts['krb'] = 'yes'
-        if 'krb' not in opts['lm_order']:
-            opts['lm_order'].insert(0, 'krb')
+        opts['gssapi'] = 'yes'
+        if 'gssapi' not in opts['lm_order']:
+            opts['lm_order'].insert(0, 'gssapi')
         opts['form'] = 'yes'
         if not any(lm in opts['lm_order'] for lm in ('form', 'pam')):
             opts['lm_order'].append('form')