moulinette/yunohost_tools.py

188 lines
6.2 KiB
Python
Raw Normal View History

2012-10-23 17:28:35 +02:00
# -*- coding: utf-8 -*-
2012-10-26 15:26:50 +02:00
import os
import sys
2012-10-23 17:28:35 +02:00
import yaml
2012-10-26 15:26:50 +02:00
import re
2012-10-27 17:06:43 +02:00
import getpass
2012-10-29 16:25:40 +01:00
from yunohost import YunoHostError, YunoHostLDAP, validate, colorize, get_required_args, win_msg
2012-10-25 21:15:37 +02:00
from yunohost_domain import domain_add
2012-10-27 17:06:43 +02:00
def tools_ldapinit():
2012-10-27 17:06:43 +02:00
"""
Initialize YunoHost LDAP scheme
2013-02-26 20:36:37 +01:00
Returns:
2012-10-27 17:06:43 +02:00
dict
"""
2012-11-09 18:04:15 +01:00
with YunoHostLDAP() as yldap:
2012-10-26 15:26:50 +02:00
2013-02-26 20:36:37 +01:00
with open('ldap_scheme.yml') as f:
2012-11-09 18:04:15 +01:00
ldap_map = yaml.load(f)
2012-10-23 17:28:35 +02:00
2012-11-09 18:04:15 +01:00
for rdn, attr_dict in ldap_map['parents'].items():
yldap.add(rdn, attr_dict)
2012-10-23 18:10:39 +02:00
2012-11-09 18:04:15 +01:00
for rdn, attr_dict in ldap_map['childs'].items():
yldap.add(rdn, attr_dict)
2013-02-26 20:36:37 +01:00
2012-11-09 18:04:15 +01:00
admin_dict = {
'cn': 'admin',
'uid': 'admin',
'description': 'LDAP Administrator',
'gidNumber': '1007',
'uidNumber': '1007',
'homeDirectory': '/home/admin',
'loginShell': '/bin/bash',
'objectClass': ['organizationalRole', 'posixAccount', 'simpleSecurityObject']
}
yldap.update('cn=admin', admin_dict)
2012-10-23 19:55:40 +02:00
2012-10-29 16:06:46 +01:00
win_msg(_("LDAP has been successfully initialized"))
2012-10-26 15:26:50 +02:00
2012-10-27 17:06:43 +02:00
2013-02-26 20:36:37 +01:00
def tools_adminpw(old_password, new_password):
2012-10-27 17:06:43 +02:00
"""
Change admin password
2013-02-26 20:36:37 +01:00
2012-10-27 17:06:43 +02:00
Keyword arguments:
old_password
new_password
2013-02-26 20:36:37 +01:00
Returns:
2012-10-27 17:06:43 +02:00
dict
"""
2012-10-26 15:26:50 +02:00
# Validate password length
if len(new_password) < 4:
2012-10-26 15:26:50 +02:00
raise YunoHostError(22, _("Password is too short"))
result = os.system('ldappasswd -h localhost -D cn=admin,dc=yunohost,dc=org -w "'+ old_password +'" -a "'+ old_password +'" -s "' + new_password + '"')
2012-10-27 17:06:43 +02:00
2012-10-25 21:17:26 +02:00
if result == 0:
2012-10-29 16:06:46 +01:00
win_msg(_("Admin password has been changed"))
2012-10-25 21:17:26 +02:00
else:
raise YunoHostError(22, _("Invalid password"))
2012-10-27 17:06:43 +02:00
2013-02-26 20:36:37 +01:00
def tools_maindomain(old_domain, new_domain):
2012-10-27 17:06:43 +02:00
"""
Change admin password
2013-02-26 20:36:37 +01:00
2012-10-27 17:06:43 +02:00
Keyword arguments:
old_domain
new_domain
2013-02-26 20:36:37 +01:00
Returns:
2012-10-27 17:06:43 +02:00
dict
"""
if not old_domain:
2012-10-27 17:06:43 +02:00
with open('/usr/share/yunohost/yunohost-config/others/current_host', 'r') as f:
old_domain = f.readline().rstrip()
2012-10-27 17:06:43 +02:00
validate(r'^([a-zA-Z0-9]{1}([a-zA-Z0-9\-]*[a-zA-Z0-9])*)(\.[a-zA-Z0-9]{1}([a-zA-Z0-9\-]*[a-zA-Z0-9])*)*(\.[a-zA-Z]{1}([a-zA-Z0-9\-]*[a-zA-Z0-9])*)$', old_domain)
2012-10-26 15:26:50 +02:00
config_files = [
'/etc/postfix/main.cf',
2012-10-27 17:06:43 +02:00
'/etc/dovecot/dovecot.conf',
2012-10-26 15:26:50 +02:00
'/etc/lemonldap-ng/lemonldap-ng.ini',
'/etc/hosts',
]
2013-02-28 11:24:48 +01:00
config_dir = []
2012-10-26 15:26:50 +02:00
for dir in config_dir:
for file in os.listdir(dir):
config_files.append(dir + '/' + file)
for file in config_files:
with open(file, "r") as sources:
lines = sources.readlines()
with open(file, "w") as sources:
for line in lines:
sources.write(re.sub(r''+ old_domain +'', new_domain, line))
2012-10-26 15:26:50 +02:00
domain_add([new_domain], web=True)
2013-02-26 20:36:37 +01:00
lemon_tmp_conf = '/tmp/tmplemonconf'
if os.path.exists(lemon_tmp_conf): os.remove(lemon_tmp_conf)
lemon_conf_lines = [
"delete $tmp->{'locationRules'}->{'"+ old_domain +"'}->{'^/sso/'};", # Remove SSO access rule from old domain
"$tmp->{'domain'} = '"+ old_domain +"';", # Replace Lemon domain
"$tmp->{'ldapBase'} = 'dc=yunohost,dc=org';", # Set ldap basedn
"$tmp->{'portal'} = 'https://"+ new_domain +"/sso/';", # Set SSO url
"$tmp->{'locationRules'}->{'"+ new_domain +"'}->{'^/sso/'} = 'unprotect';" # Add SSO access rule to new domain
]
with open(lemon_tmp_conf,'a') as lemon_conf:
for line in lemon_conf_lines:
lemon_conf.write(line + '\n')
2013-02-28 12:03:51 +01:00
os.system('rm /etc/yunohost/apache/domains/' + old_domain + '.d/*.sso.conf') # remove SSO apache conf dir from old domain conf (fail if postinstall)
2013-02-26 20:36:37 +01:00
2012-10-27 17:06:43 +02:00
tmp = '/usr/share/yunohost/yunohost-config'
2013-02-28 12:03:51 +01:00
command_list = [
'cp /etc/yunohost/apache/templates/fixed.sso.conf /etc/yunohost/apache/domains/' + new_domain + '.d/fixed.sso.conf', # add SSO apache conf dir to new domain conf
'/etc/init.d/hostname.sh',
'echo "01" > '+ tmp +'/ssl/yunoCA/serial',
'rm '+ tmp +'/ssl/yunoCA/index.txt',
'touch '+ tmp +'/ssl/yunoCA/index.txt',
'sed -i "s/' + old_domain + '/' + new_domain + '/g" '+ tmp +'/ssl/yunoCA/openssl.cnf',
'openssl req -x509 -new -config '+ tmp +'/ssl/yunoCA/openssl.cnf -days 3650 -out '+ tmp +'/ssl/yunoCA/ca/cacert.pem -keyout '+ tmp +'/ssl/yunoCA/ca/cakey.pem -nodes -batch',
'openssl req -new -config '+ tmp +'/ssl/yunoCA/openssl.cnf -days 730 -out '+ tmp +'/ssl/yunoCA/certs/yunohost_csr.pem -keyout '+ tmp +'/ssl/yunoCA/certs/yunohost_key.pem -nodes -batch',
'openssl ca -config '+ tmp +'/ssl/yunoCA/openssl.cnf -days 730 -in '+ tmp +'/ssl/yunoCA/certs/yunohost_csr.pem -out '+ tmp +'/ssl/yunoCA/certs/yunohost_crt.pem -batch',
'cp '+ tmp +'/ssl/yunoCA/ca/cacert.pem /etc/ssl/certs/ca-yunohost_crt.pem',
'cp '+ tmp +'/ssl/yunoCA/certs/yunohost_key.pem /etc/ssl/private/',
'cp '+ tmp +'/ssl/yunoCA/newcerts/01.pem /etc/ssl/certs/yunohost_crt.pem',
'echo '+ new_domain +' > /usr/share/yunohost/yunohost-config/others/current_host',
'service apache2 restart',
'service postfix restart'
]
for command in command_list:
if os.system(command) != 0:
raise YunoHostError(17, _("There were a problem during domain changing"))
win_msg(_("Main domain has been successfully changed"))
2012-10-27 17:06:43 +02:00
2012-10-26 15:26:50 +02:00
def tools_postinstall(domain, password):
2012-10-27 17:06:43 +02:00
"""
Post-install configuration
2013-02-26 20:36:37 +01:00
2012-10-27 17:06:43 +02:00
Keyword arguments:
domain -- Main domain
password -- New admin password
2013-02-26 20:36:37 +01:00
Returns:
2012-10-27 17:06:43 +02:00
dict
"""
2012-11-09 18:04:15 +01:00
with YunoHostLDAP(password='yunohost') as yldap:
try:
with open('/usr/share/yunohost/yunohost-config/others/installed') as f: pass
except IOError:
print('Installing YunoHost')
else:
raise YunoHostError(17, _("YunoHost is already installed"))
2012-10-25 19:50:14 +02:00
2012-11-09 18:04:15 +01:00
# Initialize YunoHost LDAP base
tools_ldapinit()
2012-10-26 15:26:50 +02:00
2013-02-27 22:34:16 +01:00
# New domain config
tools_maindomain(old_domain='yunohost.org', new_domain=domain)
2012-11-09 18:04:15 +01:00
# Change LDAP admin password
tools_adminpw(old_password='yunohost', new_password=password)
2012-10-26 15:26:50 +02:00
2012-11-09 18:04:15 +01:00
os.system('touch /usr/share/yunohost/yunohost-config/others/installed')
2013-02-26 20:36:37 +01:00
2012-10-29 16:06:46 +01:00
win_msg(_("YunoHost has been successfully configured"))