X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fipsilon.git;a=blobdiff_plain;f=ipsilon%2Finstall%2Fipsilon-server-install;h=eeb87ddcdcacb613e940e58c61f30a82e5f0792a;hp=1ffd5940c3d606080728408336fa82d78c01de44;hb=aa5dc3b417db962a075a092d0d3528010c1059f7;hpb=f9abb07cc479008c6ee7f72e0c911768c7c9bd82 diff --git a/ipsilon/install/ipsilon-server-install b/ipsilon/install/ipsilon-server-install index 1ffd594..eeb87dd 100755 --- a/ipsilon/install/ipsilon-server-install +++ b/ipsilon/install/ipsilon-server-install @@ -18,9 +18,10 @@ # along with this program. If not, see . from ipsilon.login.common import LoginMgrsInstall +from ipsilon.info.common import InfoProviderInstall from ipsilon.providers.common import ProvidersInstall from ipsilon.helpers.common import EnvHelpersInstall -from ipsilon.util.data import Store +from ipsilon.util.data import UserStore from ipsilon.tools import files import ConfigParser import argparse @@ -39,7 +40,7 @@ TEMPLATES = '/usr/share/ipsilon/templates/install' CONFDIR = '/etc/ipsilon' DATADIR = '/var/lib/ipsilon' HTTPDCONFD = '/etc/httpd/conf.d' -BINDIR = '/usr/sbin' +BINDIR = '/usr/libexec' STATICDIR = '/usr/share/ipsilon' WSGI_SOCKET_PREFIX = None @@ -78,7 +79,15 @@ def openlogs(): lh = logging.StreamHandler(sys.stderr) formatter = logging.Formatter('[%(asctime)s] %(message)s') lh.setFormatter(formatter) + lh.setLevel(logging.DEBUG) logger.addHandler(lh) + logger.propagate = False + ch = logging.StreamHandler(sys.stdout) + formatter = logging.Formatter('%(message)s') + ch.setFormatter(formatter) + ch.setLevel(logging.INFO) + logger.addHandler(ch) + cherrypy.log.error_log.setLevel(logging.DEBUG) def install(plugins, args): @@ -92,6 +101,9 @@ def install(plugins, args): args['httpd_conf'] = os.path.join(HTTPDCONFD, 'ipsilon-%s.conf' % args['instance']) args['data_dir'] = os.path.join(DATADIR, args['instance']) + args['public_data_dir'] = os.path.join(args['data_dir'], 'public') + args['wellknown_dir'] = os.path.join(args['public_data_dir'], + 'well-known') if os.path.exists(ipsilon_conf): shutil.move(ipsilon_conf, '%s.bakcup.%s' % (ipsilon_conf, now)) if os.path.exists(idp_conf): @@ -100,12 +112,41 @@ def install(plugins, args): os.makedirs(instance_conf, 0700) confopts = {'instance': args['instance'], 'datadir': args['data_dir'], + 'publicdatadir': args['public_data_dir'], + 'wellknowndir': args['wellknown_dir'], 'sysuser': args['system_user'], 'ipsilondir': BINDIR, 'staticdir': STATICDIR, + 'admindb': args['admin_dburi'] or args['database_url'] % { + 'datadir': args['data_dir'], 'dbname': 'adminconfig'}, + 'usersdb': args['users_dburi'] or args['database_url'] % { + 'datadir': args['data_dir'], 'dbname': 'userprefs'}, + 'transdb': args['transaction_dburi'] or args['database_url'] % + {'datadir': args['data_dir'], 'dbname': 'transactions'}, + 'secure': "False" if args['secure'] == "no" else "True", 'debugging': "True" if args['server_debugging'] else "False"} + # Testing database sessions + if 'session_type' in args: + confopts['sesstype'] = args['session_type'] + else: + confopts['sesstype'] = 'file' + if 'session_dburi' in args: + confopts['sessopt'] = 'dburi' + confopts['sessval'] = args['session_dburi'] + else: + confopts['sessopt'] = 'path' + confopts['sessval'] = os.path.join(args['data_dir'], 'sessions') + # Whether to disable security (for testing) + if args['secure'] == 'no': + confopts['secure'] = "False" + confopts['sslrequiressl'] = "" + else: + confopts['secure'] = "True" + confopts['sslrequiressl'] = " SSLRequireSSL" if WSGI_SOCKET_PREFIX: confopts['wsgi_socket'] = 'WSGISocketPrefix %s' % WSGI_SOCKET_PREFIX + else: + confopts['wsgi_socket'] = '' files.write_from_template(ipsilon_conf, os.path.join(TEMPLATES, 'ipsilon.conf'), confopts) @@ -114,6 +155,10 @@ def install(plugins, args): confopts) if not os.path.exists(args['httpd_conf']): os.symlink(idp_conf, args['httpd_conf']) + if not os.path.exists(args['public_data_dir']): + os.makedirs(args['public_data_dir'], 0755) + if not os.path.exists(args['wellknown_dir']): + os.makedirs(args['wellknown_dir'], 0755) sessdir = os.path.join(args['data_dir'], 'sessions') if not os.path.exists(sessdir): os.makedirs(sessdir, 0700) @@ -134,23 +179,35 @@ def install(plugins, args): users_db = cherrypy.config['user.prefs.db'] if os.path.exists(users_db): shutil.move(users_db, '%s.backup.%s' % (users_db, now)) - db = Store() + db = UserStore() db.save_user_preferences(args['admin_user'], {'is_admin': 1}) logger.info('Configuring environment helpers') for plugin_name in plugins['Environment Helpers']: plugin = plugins['Environment Helpers'][plugin_name] - plugin.configure_server(args) + if plugin.configure_server(args) == False: + logger.info('Configuration of environment helper %s failed' % plugin_name) logger.info('Configuring login managers') for plugin_name in args['lm_order']: - plugin = plugins['Login Managers'][plugin_name] - plugin.configure(args) + try: + plugin = plugins['Login Managers'][plugin_name] + except KeyError: + sys.exit('Login provider %s not installed' % plugin_name) + if plugin.configure(args) == False: + logger.info('Configuration of login manager %s failed' % plugin_name) + + logger.info('Configuring Info provider') + for plugin_name in plugins['Info Provider']: + plugin = plugins['Info Provider'][plugin_name] + if plugin.configure(args) == False: + logger.info('Configuration of info provider %s failed' % plugin_name) logger.info('Configuring Authentication Providers') for plugin_name in plugins['Auth Providers']: plugin = plugins['Auth Providers'][plugin_name] - plugin.configure(args) + if plugin.configure(args) == False: + logger.info('Configuration of auth provider %s failed' % plugin_name) # Fixup permissions so only the ipsilon user can read these files files.fix_user_dirs(instance_conf, opts['system_user']) @@ -160,22 +217,73 @@ def install(plugins, args): except Exception: # pylint: disable=broad-except pass + def uninstall(plugins, args): logger.info('Uninstallation initiated') - raise Exception('Not Implemented') + instance_conf = os.path.join(CONFDIR, args['instance']) + + httpd_conf = os.path.join(HTTPDCONFD, + 'ipsilon-%s.conf' % args['instance']) + data_dir = os.path.join(DATADIR, args['instance']) + + if not os.path.exists(instance_conf): + raise Exception('Could not find instance %s configuration' + % args['instance']) + if not os.path.exists(httpd_conf): + raise Exception('Could not find instance %s httpd configuration' + % args['instance']) + if not args['yes']: + sure = raw_input(('Are you certain you want to erase instance %s ' + + '[yes/NO]: ') + % args['instance']) + if sure != 'yes': + raise Exception('Aborting') + + logger.info('Removing environment helpers') + for plugin_name in plugins['Environment Helpers']: + plugin = plugins['Environment Helpers'][plugin_name] + if plugin.unconfigure(args) == False: + logger.info('Removal of environment helper %s failed' % plugin_name) + + logger.info('Removing login managers') + for plugin_name in plugins['Login Managers']: + plugin = plugins['Login Managers'][plugin_name] + if plugin.unconfigure(args) == False: + logger.info('Removal of login manager %s failed' % plugin_name) + + logger.info('Removing Info providers') + for plugin_name in plugins['Info Provider']: + plugin = plugins['Info Provider'][plugin_name] + if plugin.unconfigure(args) == False: + logger.info('Removal of info provider %s failed' % plugin_name) + + logger.info('Removing Authentication Providers') + for plugin_name in plugins['Auth Providers']: + plugin = plugins['Auth Providers'][plugin_name] + if plugin.unconfigure(args) == False: + logger.info('Removal of auth provider %s failed' % plugin_name) + + logger.info('Removing httpd configuration') + os.remove(httpd_conf) + logger.info('Erasing instance configuration') + shutil.rmtree(instance_conf) + logger.info('Erasing instance data') + shutil.rmtree(data_dir) + logger.info('Uninstalled instance %s' % args['instance']) def find_plugins(): plugins = { 'Environment Helpers': EnvHelpersInstall().plugins, 'Login Managers': LoginMgrsInstall().plugins, + 'Info Provider': InfoProviderInstall().plugins, 'Auth Providers': ProvidersInstall().plugins } return plugins def parse_config_profile(args): - config = ConfigParser.ConfigParser() + config = ConfigParser.RawConfigParser() files = config.read(args['config_profile']) if len(files) == 0: raise ConfigurationError('Config Profile file %s not found!' % @@ -215,12 +323,26 @@ def parse_args(plugins): help="User account used to run the server") parser.add_argument('--admin-user', default='admin', help="User account that is assigned admin privileges") + parser.add_argument('--database-url', + default='sqlite:///%(datadir)s/%(dbname)s.sqlite', + help="The (templatized) database URL to use") + parser.add_argument('--secure', choices=['yes', 'no'], default='yes', + help="Turn on all security checks") parser.add_argument('--config-profile', default=None, - help="File containing install options") + help=argparse.SUPPRESS) parser.add_argument('--server-debugging', action='store_true', - help="Uninstall the server and all data") + help="Enable debugging") parser.add_argument('--uninstall', action='store_true', help="Uninstall the server and all data") + parser.add_argument('--yes', action='store_true', + help="Always answer yes") + parser.add_argument('--admin-dburi', + help='Configuration database URI (override template)') + parser.add_argument('--users-dburi', + help='User configuration database URI (override ' + 'template)') + parser.add_argument('--transaction-dburi', + help='Transaction database URI (override template)') lms = [] @@ -240,9 +362,17 @@ def parse_args(plugins): if not args['hostname']: args['hostname'] = socket.getfqdn() + if args['uninstall']: + return args + if len(args['hostname'].split('.')) < 2: raise ConfigurationError('Hostname: %s is not a FQDN') + for plugin_group in plugins: + for plugin_name in plugins[plugin_group]: + plugin = plugins[plugin_group][plugin_name] + plugin.validate_args(args) + try: pwd.getpwnam(args['system_user']) except KeyError: @@ -257,12 +387,7 @@ def parse_args(plugins): args['lm_order'] = args['lm_order'].split(',') if len(args['lm_order']) == 0: - #force the basic pam provider if nothing else is selected - if 'pam' not in args: - parser.print_help() - sys.exit(-1) - args['lm_order'] = ['pam'] - args['pam'] = 'yes' + sys.exit('No login plugins are enabled.') #FIXME: check instance is only alphanums @@ -278,27 +403,33 @@ if __name__ == '__main__': logger.setLevel(logging.DEBUG) - logger.info('Intallation arguments:') + logger.debug('Installation arguments:') for k in sorted(opts.iterkeys()): - logger.info('%s: %s', k, opts[k]) + logger.debug('%s: %s', k, opts[k]) if 'uninstall' in opts and opts['uninstall'] is True: + if not os.path.exists(os.path.join(CONFDIR, opts['instance'])): + logger.info('Instance %s could not be found' % opts['instance']) + sys.exit(0) uninstall(fplugins, opts) - - install(fplugins, opts) + else: + install(fplugins, opts) except Exception, e: # pylint: disable=broad-except logger.exception(e) if 'uninstall' in opts and opts['uninstall'] is True: - print 'Uninstallation aborted.' + logger.info('Uninstallation aborted.') else: - print 'Installation aborted.' - print 'See log file %s for details' % LOGFILE + logger.info('Installation aborted.') + logger.info('See log file %s for details' % LOGFILE) + out = 1 + except SystemExit: out = 1 + raise finally: if out == 0: if 'uninstall' in opts and opts['uninstall'] is True: - print 'Uninstallation complete.' + logger.info('Uninstallation complete.') else: - print 'Installation complete.' - print 'Please restart HTTPD to enable the IdP instance.' + logger.info('Installation complete.') + logger.info('Please restart HTTPD to enable the IdP instance.') sys.exit(out)