diff options
| author | Christian Heimes <cheimes@redhat.com> | 2015-07-10 18:18:29 +0200 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2015-07-14 10:37:43 +0000 |
| commit | c701ab612de831f72f21e0f3bfd105fbc515cd4d (patch) | |
| tree | 44dddd8eb742c98f073e432ff2791d271ab4829e | |
| parent | 510642196184e588b3014db1d1fdd7bc4aa2f5dd (diff) | |
| download | freeipa-c701ab612de831f72f21e0f3bfd105fbc515cd4d.tar.gz freeipa-c701ab612de831f72f21e0f3bfd105fbc515cd4d.tar.xz freeipa-c701ab612de831f72f21e0f3bfd105fbc515cd4d.zip | |
Start dirsrv for kdcproxy upgrade
The kdcproxy upgrade step in ipa-server-upgrade needs a running dirsrv
instance. Under some circumstances the dirsrv isn't running. The patch
rearranges some upgrade steps and starts DS before enable_kdcproxy().
https://fedorahosted.org/freeipa/ticket/5113
Reviewed-By: Martin Basti <mbasti@redhat.com>
| -rw-r--r-- | ipaserver/install/server/upgrade.py | 35 |
1 files changed, 19 insertions, 16 deletions
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index 84a5b06ac..f295655dc 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -1396,22 +1396,6 @@ def upgrade_configuration(): http.change_mod_nss_port_from_http() http.configure_certmonger_renewal_guard() - if not http.is_kdcproxy_configured(): - root_logger.info('[Enabling KDC Proxy]') - if http.admin_conn is None: - http.ldapi = True - http.fqdn = fqdn - http.realm = api.env.realm - http.suffix = ipautil.realm_to_suffix(api.env.realm) - http.ldap_connect() - http.create_kdcproxy_conf() - http.enable_kdcproxy() - - http.stop() - update_mod_nss_protocol(http) - fix_trust_flags() - http.start() - ds = dsinstance.DsInstance() ds.configure_dirsrv_ccache() @@ -1433,6 +1417,25 @@ def upgrade_configuration(): ds.suffix = ipautil.realm_to_suffix(api.env.realm) ds_enable_sidgen_extdom_plugins(ds) + # Now 389-ds is available, run the remaining http tasks + if not http.is_kdcproxy_configured(): + root_logger.info('[Enabling KDC Proxy]') + if http.admin_conn is None: + # 389-ds needs to be running + ds.start() + http.ldapi = True + http.fqdn = fqdn + http.realm = api.env.realm + http.suffix = ipautil.realm_to_suffix(api.env.realm) + http.ldap_connect() + http.create_kdcproxy_conf() + http.enable_kdcproxy() + + http.stop() + update_mod_nss_protocol(http) + fix_trust_flags() + http.start() + uninstall_selfsign(ds, http) simple_service_list = ( |