X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fipsilon.git;a=blobdiff_plain;f=ipsilon%2Finstall%2Fipsilon-server-install;h=5c1ef705e8ced667012cfb1cfb1ff4e22e46a06b;hp=df2a9659a8a93911f59187c444b2e11e58c62690;hb=2858e7a24f9f071a20be00700dc9cec8931434a6;hpb=5e0b9747121eab67c5a3ee3bb42a677e35da7fd6 diff --git a/ipsilon/install/ipsilon-server-install b/ipsilon/install/ipsilon-server-install index df2a965..5c1ef70 100755 --- a/ipsilon/install/ipsilon-server-install +++ b/ipsilon/install/ipsilon-server-install @@ -1,21 +1,5 @@ #!/usr/bin/python -# -# Copyright (C) 2014 Simo Sorce -# -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . +# Copyright (C) 2014 Ipsilon project Contributors, for license see COPYING from ipsilon.login.common import LoginMgrsInstall from ipsilon.info.common import InfoProviderInstall @@ -26,6 +10,7 @@ from ipsilon.tools import files import ConfigParser import argparse import cherrypy +import json import logging import os import pwd @@ -40,7 +25,7 @@ TEMPLATES = '/usr/share/ipsilon/templates/install' CONFDIR = '/etc/ipsilon' DATADIR = '/var/lib/ipsilon' HTTPDCONFD = '/etc/httpd/conf.d' -BINDIR = '/usr/sbin' +BINDIR = '/usr/libexec' STATICDIR = '/usr/share/ipsilon' WSGI_SOCKET_PREFIX = None @@ -79,7 +64,15 @@ def openlogs(): lh = logging.StreamHandler(sys.stderr) formatter = logging.Formatter('[%(asctime)s] %(message)s') lh.setFormatter(formatter) + lh.setLevel(logging.DEBUG) logger.addHandler(lh) + logger.propagate = False + ch = logging.StreamHandler(sys.stdout) + formatter = logging.Formatter('%(message)s') + ch.setFormatter(formatter) + ch.setLevel(logging.INFO) + logger.addHandler(ch) + cherrypy.log.error_log.setLevel(logging.DEBUG) def install(plugins, args): @@ -93,6 +86,9 @@ def install(plugins, args): args['httpd_conf'] = os.path.join(HTTPDCONFD, 'ipsilon-%s.conf' % args['instance']) args['data_dir'] = os.path.join(DATADIR, args['instance']) + args['public_data_dir'] = os.path.join(args['data_dir'], 'public') + args['wellknown_dir'] = os.path.join(args['public_data_dir'], + 'well-known') if os.path.exists(ipsilon_conf): shutil.move(ipsilon_conf, '%s.bakcup.%s' % (ipsilon_conf, now)) if os.path.exists(idp_conf): @@ -101,15 +97,20 @@ def install(plugins, args): os.makedirs(instance_conf, 0700) confopts = {'instance': args['instance'], 'datadir': args['data_dir'], + 'publicdatadir': args['public_data_dir'], + 'wellknowndir': args['wellknown_dir'], 'sysuser': args['system_user'], 'ipsilondir': BINDIR, 'staticdir': STATICDIR, - 'admindb': args['database_url'] % { + 'admindb': args['admin_dburi'] or args['database_url'] % { 'datadir': args['data_dir'], 'dbname': 'adminconfig'}, - 'usersdb': args['database_url'] % { + 'usersdb': args['users_dburi'] or args['database_url'] % { 'datadir': args['data_dir'], 'dbname': 'userprefs'}, - 'transdb': args['database_url'] % { - 'datadir': args['data_dir'], 'dbname': 'transactions'}, + 'transdb': args['transaction_dburi'] or args['database_url'] % + {'datadir': args['data_dir'], 'dbname': 'transactions'}, + 'samlsessionsdb': args['samlsessions_dburi'] or args[ + 'database_url'] % {'datadir': args['data_dir'], + 'dbname': 'saml2sessions'}, 'secure': "False" if args['secure'] == "no" else "True", 'debugging': "True" if args['server_debugging'] else "False"} # Testing database sessions @@ -123,7 +124,7 @@ def install(plugins, args): else: confopts['sessopt'] = 'path' confopts['sessval'] = os.path.join(args['data_dir'], 'sessions') - # Whetehr to disable security (for testing) + # Whether to disable security (for testing) if args['secure'] == 'no': confopts['secure'] = "False" confopts['sslrequiressl'] = "" @@ -142,6 +143,10 @@ def install(plugins, args): confopts) if not os.path.exists(args['httpd_conf']): os.symlink(idp_conf, args['httpd_conf']) + if not os.path.exists(args['public_data_dir']): + os.makedirs(args['public_data_dir'], 0755) + if not os.path.exists(args['wellknown_dir']): + os.makedirs(args['wellknown_dir'], 0755) sessdir = os.path.join(args['data_dir'], 'sessions') if not os.path.exists(sessdir): os.makedirs(sessdir, 0700) @@ -153,6 +158,12 @@ def install(plugins, args): # components cherrypy.config.update(ipsilon_conf) + # Prepare to allow plugins to save things changed during install + changes = {'env_helper': {}, + 'login_manager': {}, + 'info_provider': {}, + 'auth_provider': {}} + # Move pre-existing admin db away admin_db = cherrypy.config['admin.config.db'] if os.path.exists(admin_db): @@ -168,22 +179,43 @@ def install(plugins, args): logger.info('Configuring environment helpers') for plugin_name in plugins['Environment Helpers']: plugin = plugins['Environment Helpers'][plugin_name] - plugin.configure_server(args) + plugin_changes = {} + if plugin.configure_server(args, plugin_changes) == False: + logger.info('Configuration of environment helper %s failed' % plugin_name) + changes['env_helper'][plugin_name] = plugin_changes logger.info('Configuring login managers') for plugin_name in args['lm_order']: - plugin = plugins['Login Managers'][plugin_name] - plugin.configure(args) + try: + plugin = plugins['Login Managers'][plugin_name] + except KeyError: + sys.exit('Login provider %s not installed' % plugin_name) + plugin_changes = {} + if plugin.configure(args, plugin_changes) == False: + logger.info('Configuration of login manager %s failed' % plugin_name) + changes['login_manager'][plugin_name] = plugin_changes logger.info('Configuring Info provider') for plugin_name in plugins['Info Provider']: plugin = plugins['Info Provider'][plugin_name] - plugin.configure(args) + plugin_changes = {} + if plugin.configure(args, plugin_changes) == False: + logger.info('Configuration of info provider %s failed' % plugin_name) + changes['info_provider'][plugin_name] = plugin_changes logger.info('Configuring Authentication Providers') for plugin_name in plugins['Auth Providers']: plugin = plugins['Auth Providers'][plugin_name] - plugin.configure(args) + plugin_changes = {} + if plugin.configure(args, plugin_changes) == False: + logger.info('Configuration of auth provider %s failed' % plugin_name) + changes['auth_provider'][plugin_name] = plugin_changes + + # Save any changes that were made + install_changes = os.path.join(instance_conf, 'install_changes') + changes = json.dumps(changes) + with open(install_changes, 'w+') as f: + f.write(changes) # Fixup permissions so only the ipsilon user can read these files files.fix_user_dirs(instance_conf, opts['system_user']) @@ -193,9 +225,68 @@ def install(plugins, args): except Exception: # pylint: disable=broad-except pass + def uninstall(plugins, args): logger.info('Uninstallation initiated') - raise Exception('Not Implemented') + instance_conf = os.path.join(CONFDIR, args['instance']) + + httpd_conf = os.path.join(HTTPDCONFD, + 'ipsilon-%s.conf' % args['instance']) + data_dir = os.path.join(DATADIR, args['instance']) + + if not os.path.exists(instance_conf): + raise Exception('Could not find instance %s configuration' + % args['instance']) + if not os.path.exists(httpd_conf): + raise Exception('Could not find instance %s httpd configuration' + % args['instance']) + if not args['yes']: + sure = raw_input(('Are you certain you want to erase instance %s ' + + '[yes/NO]: ') + % args['instance']) + if sure != 'yes': + raise Exception('Aborting') + + # Get the details of what we changed during installation + install_changes = os.path.join(instance_conf, 'install_changes') + with open(install_changes, 'r') as f: + changes = json.loads(f.read()) + + logger.info('Removing environment helpers') + for plugin_name in plugins['Environment Helpers']: + plugin = plugins['Environment Helpers'][plugin_name] + plugin_changes = changes['env_helper'].get(plugin_name, {}) + if plugin.unconfigure(args, plugin_changes) == False: + logger.info('Removal of environment helper %s failed' % plugin_name) + + logger.info('Removing login managers') + for plugin_name in plugins['Login Managers']: + plugin = plugins['Login Managers'][plugin_name] + plugin_changes = changes['login_manager'].get(plugin_name, {}) + if plugin.unconfigure(args, plugin_changes) == False: + logger.info('Removal of login manager %s failed' % plugin_name) + + logger.info('Removing Info providers') + for plugin_name in plugins['Info Provider']: + plugin = plugins['Info Provider'][plugin_name] + plugin_changes = changes['info_provider'].get(plugin_name, {}) + if plugin.unconfigure(args, plugin_changes) == False: + logger.info('Removal of info provider %s failed' % plugin_name) + + logger.info('Removing Authentication Providers') + for plugin_name in plugins['Auth Providers']: + plugin = plugins['Auth Providers'][plugin_name] + plugin_changes = changes['auth_provider'].get(plugin_name, {}) + if plugin.unconfigure(args, plugin_changes) == False: + logger.info('Removal of auth provider %s failed' % plugin_name) + + logger.info('Removing httpd configuration') + os.remove(httpd_conf) + logger.info('Erasing instance configuration') + shutil.rmtree(instance_conf) + logger.info('Erasing instance data') + shutil.rmtree(data_dir) + logger.info('Uninstalled instance %s' % args['instance']) def find_plugins(): @@ -255,11 +346,22 @@ def parse_args(plugins): parser.add_argument('--secure', choices=['yes', 'no'], default='yes', help="Turn on all security checks") parser.add_argument('--config-profile', default=None, - help="File containing install options") + help=argparse.SUPPRESS) parser.add_argument('--server-debugging', action='store_true', - help="Uninstall the server and all data") + help="Enable debugging") parser.add_argument('--uninstall', action='store_true', help="Uninstall the server and all data") + parser.add_argument('--yes', action='store_true', + help="Always answer yes") + parser.add_argument('--admin-dburi', + help='Configuration database URI (override template)') + parser.add_argument('--users-dburi', + help='User configuration database URI (override ' + 'template)') + parser.add_argument('--transaction-dburi', + help='Transaction database URI (override template)') + parser.add_argument('--samlsessions-dburi', + help='SAML 2 sessions database URI (override template)') lms = [] @@ -279,9 +381,17 @@ def parse_args(plugins): if not args['hostname']: args['hostname'] = socket.getfqdn() + if args['uninstall']: + return args + if len(args['hostname'].split('.')) < 2: raise ConfigurationError('Hostname: %s is not a FQDN') + for plugin_group in plugins: + for plugin_name in plugins[plugin_group]: + plugin = plugins[plugin_group][plugin_name] + plugin.validate_args(args) + try: pwd.getpwnam(args['system_user']) except KeyError: @@ -296,12 +406,7 @@ def parse_args(plugins): args['lm_order'] = args['lm_order'].split(',') if len(args['lm_order']) == 0: - #force the basic pam provider if nothing else is selected - if 'pam' not in args: - parser.print_help() - sys.exit(-1) - args['lm_order'] = ['pam'] - args['pam'] = 'yes' + sys.exit('No login plugins are enabled.') #FIXME: check instance is only alphanums @@ -317,27 +422,33 @@ if __name__ == '__main__': logger.setLevel(logging.DEBUG) - logger.info('Intallation arguments:') + logger.debug('Installation arguments:') for k in sorted(opts.iterkeys()): - logger.info('%s: %s', k, opts[k]) + logger.debug('%s: %s', k, opts[k]) if 'uninstall' in opts and opts['uninstall'] is True: + if not os.path.exists(os.path.join(CONFDIR, opts['instance'])): + logger.info('Instance %s could not be found' % opts['instance']) + sys.exit(0) uninstall(fplugins, opts) - - install(fplugins, opts) + else: + install(fplugins, opts) except Exception, e: # pylint: disable=broad-except logger.exception(e) if 'uninstall' in opts and opts['uninstall'] is True: - print 'Uninstallation aborted.' + logger.info('Uninstallation aborted.') else: - print 'Installation aborted.' - print 'See log file %s for details' % LOGFILE + logger.info('Installation aborted.') + logger.info('See log file %s for details' % LOGFILE) + out = 1 + except SystemExit: out = 1 + raise finally: if out == 0: if 'uninstall' in opts and opts['uninstall'] is True: - print 'Uninstallation complete.' + logger.info('Uninstallation complete.') else: - print 'Installation complete.' - print 'Please restart HTTPD to enable the IdP instance.' + logger.info('Installation complete.') + logger.info('Please restart HTTPD to enable the IdP instance.') sys.exit(out)