#6474 Remove ipaplatform dependency from ipa modules
Closed: Fixed None Opened 7 years ago by cheimes.

EDIT: aim of this ticket has been changed to remove dependency of ipaplatform from client libraries.

Currently ipaplatform's platform is detected and selected on build time by configure. The script uses /etc/os-release ID field as platform selector and creates symlinks from ipaplatform/$PLATFORM/module.py to ipaplatform/module.py. The approach basically hard-codes a platform on build time.

While the approach is reasonable for distribution packages like RPM, it doesn't work for Python wheels and PyPI packages. In order to make an ipaplatform wheel package usable on another platform (e.g. build on fedora, imported on centos), ipaplatform has to select the platform at runtime.

I propose to parse /etc/os-release at import time and auto-detect the best matching platform based on ID and ID_LIKE.

Related to that, ipaplatform also should become a namespace package. A namespace package allows 3rd parties to add their own platform definition as external packages.


See #6475 for ipaplatform.debian support.

I forgot to explain ID and ID_LIKE. ID_LIKE contains a space separated list of similar distributions. For example CentOS has ID=centos and ID_LIKE="rhel fedora". With my proposal CentOS will automatically use ipaplatform.rhel.

It has been decided that it'd be better to rather strip the critical modules off the ipaplatform dependency:
Integration Improvements ML thread.
This should be worked in the design page.

Closing per triage from Mon Nov 21.

Different approach was decided.

Platform dependent code will be removed from libraries.

Push failed, reopening.

It was actually pushed, an error in tooling occured

master:

  • 9117a5d paths: remove DEV_NULL
  • 8e5d2c7 custodiainstance: automatic restart on config file update
  • a1f260d ipapython: move dnssec, p11helper and secrets to ipaserver
  • 26c46a4 ipapython: move certmonger and sysrestore to ipalib.install
  • f919ab4 certdb: use a temporary file to pass password to pk12util
  • d6b755e ipautil: remove SHARE_DIR and PLUGIN_SHARE_DIR
  • 7b966e8 ipautil: remove get_domain_name()
  • d911f49 ipautil: remove the timeout argument of run()
  • 75b70e3 ipautil: move is_fips_enabled() to ipaplatform.tasks
  • 7d5c680 ipautil: move kinit functions to ipalib.install
  • 6e50fae ipautil: move file encryption functions to installutils
  • 528012f ipapython: remove hard dependency on ipaplatform
  • a2c5888 ipalib: move certstore to the install subpackage
  • 977050c constants: remove CACERT
  • d43b57d ipalib: remove hard dependency on ipapython
  • 70c3cd7 ipaclient: move install modules to the install subpackage
  • a260fd8 ipaclient: remove hard dependency on ipaplatform

Two relevant files still import ipaplatform:

ipatests/test_ipalib/test_errors.py:from ipaplatform.paths import paths
ipatests/test_ipalib/test_config.py:from ipaplatform.paths import paths

The line https://github.com/freeipa/freeipa/blob/master/ipapython/certdb.py#L35 needs a pylint disable comment. The assignment of CERTUTIL, PK12UTIL and OPENSSL should be moved into a else block, too.

master:

pr 295 pushed. Christian is it all, can the ticket be closed?

master:

  • fb307ba Add pylint guard to import of ipaplatform in ipapython.certdb
  • 3e3b546 Remove BIN_FALSE and BIN_TRUE
  • 98f0077 Remove import of ipaplatform.paths from test_ipalib

Metadata Update from @cheimes:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.5

7 years ago

master:

  • 490682a Make ipaplatform a regular top-level package

ipa-4-8:

  • 07da5ab Make ipaplatform a regular top-level package

Login to comment on this ticket.

Metadata