X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fipsilon.git;a=blobdiff_plain;f=ipsilon%2Finstall%2Fipsilon-server-install;h=5f95d7e9b45bcf2bea68064121c7066320262442;hp=430087e6ed1928b3f18fff9fd64c627990963767;hb=eaaffe854977912f9a4c0cc477197bd8ba96230f;hpb=8fa20c6c81aab558cd00bf1e4ac87ec8ee5a8556 diff --git a/ipsilon/install/ipsilon-server-install b/ipsilon/install/ipsilon-server-install index 430087e..5f95d7e 100755 --- a/ipsilon/install/ipsilon-server-install +++ b/ipsilon/install/ipsilon-server-install @@ -18,9 +18,10 @@ # along with this program. If not, see . from ipsilon.login.common import LoginMgrsInstall +from ipsilon.info.common import InfoProviderInstall from ipsilon.providers.common import ProvidersInstall from ipsilon.helpers.common import EnvHelpersInstall -from ipsilon.util.data import Store +from ipsilon.util.data import UserStore from ipsilon.tools import files import ConfigParser import argparse @@ -39,6 +40,9 @@ TEMPLATES = '/usr/share/ipsilon/templates/install' CONFDIR = '/etc/ipsilon' DATADIR = '/var/lib/ipsilon' HTTPDCONFD = '/etc/httpd/conf.d' +BINDIR = '/usr/libexec' +STATICDIR = '/usr/share/ipsilon' +WSGI_SOCKET_PREFIX = None class ConfigurationError(Exception): @@ -89,13 +93,52 @@ def install(plugins, args): args['httpd_conf'] = os.path.join(HTTPDCONFD, 'ipsilon-%s.conf' % args['instance']) args['data_dir'] = os.path.join(DATADIR, args['instance']) + args['public_data_dir'] = os.path.join(args['data_dir'], 'public') + args['wellknown_dir'] = os.path.join(args['public_data_dir'], + 'well-known') if os.path.exists(ipsilon_conf): shutil.move(ipsilon_conf, '%s.bakcup.%s' % (ipsilon_conf, now)) if os.path.exists(idp_conf): shutil.move(idp_conf, '%s.backup.%s' % (idp_conf, now)) if not os.path.exists(instance_conf): os.makedirs(instance_conf, 0700) - confopts = {'instance': args['instance'], 'datadir': args['data_dir']} + confopts = {'instance': args['instance'], + 'datadir': args['data_dir'], + 'publicdatadir': args['public_data_dir'], + 'wellknowndir': args['wellknown_dir'], + 'sysuser': args['system_user'], + 'ipsilondir': BINDIR, + 'staticdir': STATICDIR, + 'admindb': args['admin_dburi'] or args['database_url'] % { + 'datadir': args['data_dir'], 'dbname': 'adminconfig'}, + 'usersdb': args['users_dburi'] or args['database_url'] % { + 'datadir': args['data_dir'], 'dbname': 'userprefs'}, + 'transdb': args['transaction_dburi'] or args['database_url'] % + {'datadir': args['data_dir'], 'dbname': 'transactions'}, + 'secure': "False" if args['secure'] == "no" else "True", + 'debugging': "True" if args['server_debugging'] else "False"} + # Testing database sessions + if 'session_type' in args: + confopts['sesstype'] = args['session_type'] + else: + confopts['sesstype'] = 'file' + if 'session_dburi' in args: + confopts['sessopt'] = 'dburi' + confopts['sessval'] = args['session_dburi'] + else: + confopts['sessopt'] = 'path' + confopts['sessval'] = os.path.join(args['data_dir'], 'sessions') + # Whether to disable security (for testing) + if args['secure'] == 'no': + confopts['secure'] = "False" + confopts['sslrequiressl'] = "" + else: + confopts['secure'] = "True" + confopts['sslrequiressl'] = " SSLRequireSSL" + if WSGI_SOCKET_PREFIX: + confopts['wsgi_socket'] = 'WSGISocketPrefix %s' % WSGI_SOCKET_PREFIX + else: + confopts['wsgi_socket'] = '' files.write_from_template(ipsilon_conf, os.path.join(TEMPLATES, 'ipsilon.conf'), confopts) @@ -104,6 +147,10 @@ def install(plugins, args): confopts) if not os.path.exists(args['httpd_conf']): os.symlink(idp_conf, args['httpd_conf']) + if not os.path.exists(args['public_data_dir']): + os.makedirs(args['public_data_dir'], 0755) + if not os.path.exists(args['wellknown_dir']): + os.makedirs(args['wellknown_dir'], 0755) sessdir = os.path.join(args['data_dir'], 'sessions') if not os.path.exists(sessdir): os.makedirs(sessdir, 0700) @@ -124,48 +171,111 @@ def install(plugins, args): users_db = cherrypy.config['user.prefs.db'] if os.path.exists(users_db): shutil.move(users_db, '%s.backup.%s' % (users_db, now)) - db = Store() + db = UserStore() db.save_user_preferences(args['admin_user'], {'is_admin': 1}) logger.info('Configuring environment helpers') for plugin_name in plugins['Environment Helpers']: plugin = plugins['Environment Helpers'][plugin_name] - plugin.configure_server(args) + if plugin.configure_server(args) == False: + print 'Configuration of environment helper %s failed' % plugin_name logger.info('Configuring login managers') for plugin_name in args['lm_order']: - plugin = plugins['Login Managers'][plugin_name] - plugin.configure(args) + try: + plugin = plugins['Login Managers'][plugin_name] + except KeyError: + sys.exit('Login provider %s not installed' % plugin_name) + if plugin.configure(args) == False: + print 'Configuration of login manager %s failed' % plugin_name + + logger.info('Configuring Info provider') + for plugin_name in plugins['Info Provider']: + plugin = plugins['Info Provider'][plugin_name] + if plugin.configure(args) == False: + print 'Configuration of info provider %s failed' % plugin_name logger.info('Configuring Authentication Providers') for plugin_name in plugins['Auth Providers']: plugin = plugins['Auth Providers'][plugin_name] - plugin.configure(args) + if plugin.configure(args) == False: + print 'Configuration of auth provider %s failed' % plugin_name # Fixup permissions so only the ipsilon user can read these files - files.fix_user_dirs(instance_conf, opts['system_user'], mode=0500) + files.fix_user_dirs(instance_conf, opts['system_user']) files.fix_user_dirs(args['data_dir'], opts['system_user']) try: subprocess.call(['/usr/sbin/restorecon', '-R', args['data_dir']]) except Exception: # pylint: disable=broad-except pass + def uninstall(plugins, args): logger.info('Uninstallation initiated') - raise Exception('Not Implemented') + instance_conf = os.path.join(CONFDIR, args['instance']) + + httpd_conf = os.path.join(HTTPDCONFD, + 'ipsilon-%s.conf' % args['instance']) + data_dir = os.path.join(DATADIR, args['instance']) + + if not os.path.exists(instance_conf): + raise Exception('Could not find instance %s configuration' + % args['instance']) + if not os.path.exists(httpd_conf): + raise Exception('Could not find instance %s httpd configuration' + % args['instance']) + if not args['yes']: + sure = raw_input(('Are you certain you want to erase instance %s ' + + '[yes/NO]: ') + % args['instance']) + if sure != 'yes': + raise Exception('Aborting') + + logger.info('Removing environment helpers') + for plugin_name in plugins['Environment Helpers']: + plugin = plugins['Environment Helpers'][plugin_name] + if plugin.unconfigure(args) == False: + print 'Removal of environment helper %s failed' % plugin_name + + logger.info('Removing login managers') + for plugin_name in plugins['Login Managers']: + plugin = plugins['Login Managers'][plugin_name] + if plugin.unconfigure(args) == False: + print 'Removal of login manager %s failed' % plugin_name + + logger.info('Removing Info providers') + for plugin_name in plugins['Info Provider']: + plugin = plugins['Info Provider'][plugin_name] + if plugin.unconfigure(args) == False: + print 'Removal of info provider %s failed' % plugin_name + + logger.info('Removing Authentication Providers') + for plugin_name in plugins['Auth Providers']: + plugin = plugins['Auth Providers'][plugin_name] + if plugin.unconfigure(args) == False: + print 'Removal of auth provider %s failed' % plugin_name + + logger.info('Removing httpd configuration') + os.remove(httpd_conf) + logger.info('Erasing instance configuration') + shutil.rmtree(instance_conf) + logger.info('Erasing instance data') + shutil.rmtree(data_dir) + logger.info('Uninstalled instance %s' % args['instance']) def find_plugins(): plugins = { 'Environment Helpers': EnvHelpersInstall().plugins, 'Login Managers': LoginMgrsInstall().plugins, + 'Info Provider': InfoProviderInstall().plugins, 'Auth Providers': ProvidersInstall().plugins } return plugins def parse_config_profile(args): - config = ConfigParser.ConfigParser() + config = ConfigParser.RawConfigParser() files = config.read(args['config_profile']) if len(files) == 0: raise ConfigurationError('Config Profile file %s not found!' % @@ -205,10 +315,26 @@ def parse_args(plugins): help="User account used to run the server") parser.add_argument('--admin-user', default='admin', help="User account that is assigned admin privileges") + parser.add_argument('--database-url', + default='sqlite:///%(datadir)s/%(dbname)s.sqlite', + help="The (templatized) database URL to use") + parser.add_argument('--secure', choices=['yes', 'no'], default='yes', + help="Turn on all security checks") parser.add_argument('--config-profile', default=None, - help="File containing install options") + help=argparse.SUPPRESS) + parser.add_argument('--server-debugging', action='store_true', + help="Enable debugging") parser.add_argument('--uninstall', action='store_true', help="Uninstall the server and all data") + parser.add_argument('--yes', action='store_true', + help="Always answer yes") + parser.add_argument('--admin-dburi', + help='Configuration database URI (override template)') + parser.add_argument('--users-dburi', + help='User configuration database URI (override ' + 'template)') + parser.add_argument('--transaction-dburi', + help='Transaction database URI (override template)') lms = [] @@ -228,9 +354,17 @@ def parse_args(plugins): if not args['hostname']: args['hostname'] = socket.getfqdn() + if args['uninstall']: + return args + if len(args['hostname'].split('.')) < 2: raise ConfigurationError('Hostname: %s is not a FQDN') + for plugin_group in plugins: + for plugin_name in plugins[plugin_group]: + plugin = plugins[plugin_group][plugin_name] + plugin.validate_args(args) + try: pwd.getpwnam(args['system_user']) except KeyError: @@ -245,12 +379,7 @@ def parse_args(plugins): args['lm_order'] = args['lm_order'].split(',') if len(args['lm_order']) == 0: - #force the basic pam provider if nothing else is selected - if 'pam' not in args: - parser.print_help() - sys.exit(-1) - args['lm_order'] = ['pam'] - args['pam'] = 'yes' + sys.exit('No login plugins are enabled.') #FIXME: check instance is only alphanums @@ -271,9 +400,12 @@ if __name__ == '__main__': logger.info('%s: %s', k, opts[k]) if 'uninstall' in opts and opts['uninstall'] is True: + if not os.path.exists(os.path.join(CONFDIR, opts['instance'])): + print 'Instance %s could not be found' % opts['instance'] + sys.exit(0) uninstall(fplugins, opts) - - install(fplugins, opts) + else: + install(fplugins, opts) except Exception, e: # pylint: disable=broad-except logger.exception(e) if 'uninstall' in opts and opts['uninstall'] is True: @@ -282,6 +414,9 @@ if __name__ == '__main__': print 'Installation aborted.' print 'See log file %s for details' % LOGFILE out = 1 + except SystemExit: + out = 1 + raise finally: if out == 0: if 'uninstall' in opts and opts['uninstall'] is True: