diff options
author | Christian Heimes <cheimes@redhat.com> | 2015-07-10 18:18:29 +0200 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2015-07-14 10:43:17 +0000 |
commit | d98aa76b26daf461f19d733fedc4bd9a8c36f05f (patch) | |
tree | 4fb5db7d60e04d541bf5a2e3f9d11c97e26749ca /ipaserver | |
parent | c210b3d2843326e5bc934d397831d4d128c1b603 (diff) | |
download | freeipa-d98aa76b26daf461f19d733fedc4bd9a8c36f05f.tar.gz freeipa-d98aa76b26daf461f19d733fedc4bd9a8c36f05f.tar.xz freeipa-d98aa76b26daf461f19d733fedc4bd9a8c36f05f.zip |
Start dirsrv for kdcproxy upgrade
The kdcproxy upgrade step in ipa-server-upgrade needs a running dirsrv
instance. Under some circumstances the dirsrv isn't running. The patch
rearranges some upgrade steps and starts DS before enable_kdcproxy().
https://fedorahosted.org/freeipa/ticket/5113
Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/server/upgrade.py | 35 |
1 files changed, 19 insertions, 16 deletions
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index 84a5b06ac..f295655dc 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -1396,22 +1396,6 @@ def upgrade_configuration(): http.change_mod_nss_port_from_http() http.configure_certmonger_renewal_guard() - if not http.is_kdcproxy_configured(): - root_logger.info('[Enabling KDC Proxy]') - if http.admin_conn is None: - http.ldapi = True - http.fqdn = fqdn - http.realm = api.env.realm - http.suffix = ipautil.realm_to_suffix(api.env.realm) - http.ldap_connect() - http.create_kdcproxy_conf() - http.enable_kdcproxy() - - http.stop() - update_mod_nss_protocol(http) - fix_trust_flags() - http.start() - ds = dsinstance.DsInstance() ds.configure_dirsrv_ccache() @@ -1433,6 +1417,25 @@ def upgrade_configuration(): ds.suffix = ipautil.realm_to_suffix(api.env.realm) ds_enable_sidgen_extdom_plugins(ds) + # Now 389-ds is available, run the remaining http tasks + if not http.is_kdcproxy_configured(): + root_logger.info('[Enabling KDC Proxy]') + if http.admin_conn is None: + # 389-ds needs to be running + ds.start() + http.ldapi = True + http.fqdn = fqdn + http.realm = api.env.realm + http.suffix = ipautil.realm_to_suffix(api.env.realm) + http.ldap_connect() + http.create_kdcproxy_conf() + http.enable_kdcproxy() + + http.stop() + update_mod_nss_protocol(http) + fix_trust_flags() + http.start() + uninstall_selfsign(ds, http) simple_service_list = ( |