| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=593392
Resolves: bug 593392
Bug Description: setup-ds-admin.pl -k creates world readable file
Reviewed by: thoger (Thanks!)
Branch: HEAD
Fix Description: Use umask to make sure we create a .inf file that is
only viewable by the user. In addition, only create the temp file and
filename when necessary. In some places, the code was creating a .inf
file on disk when it could just create one in memory. The code should
check to see if the Inf object has a file associated with it before
attemtping to unlink it. Make sure we do not unlink a .inf file given
with -f on the command line. If the user specified -k, always write to
a temp file using __temp__ as the keyword to tell Inf->write to generate
a temp file.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updates are implemented in:
perl - code that plugs in to setup - scriptlets that are imported into
the setup perl interpreter and executed in process, giving access to all
of the packages and context provided by setup
ldif - applied to instances, in the same manner as ConfigFile directives
to setup
other - any executable file, shell script, etc. can be invoked, with a limited
amount of context from the setup process
An update directory is added to the package - /usr/share/dirsrv/update - this
directory contains the update files - the update filenames begin with two digits
and are executed in numeric order (00 first, then 01, etc. up to 99) which
should provide enough flexibility
In addition, there are 5 stages of update:
pre - invoked before any instance specific code
preinst, runinst, postinst - invoked for each instance
post - invoked after any instance specific code
Example files are provided which demonstrate how to get the context.
There are two different modes of operation for update:
online - must supply a bind dn and password for each instance - servers must
be up and running
offline - operates directly on the dse.ldif - servers must be shutdown first
A new section is added to the .inf file that can be passed in
[slapd-instancename]
RootDN = binddn
RootDNPwd = bindpw
The RootDN is optional - if not supplied, it will get the nsslapd-rootdn attribute from the dse.ldif for the instance.
I also fixed some problems with error messages.
The pam pta plugin entry was giving object class violations, so I added the
missing attributes - note that these are replaced by the plugin code when
the plugin is loaded - they are only needed during setup.
Fixed usage of $_ - $_ behaves like a dynamically scoped variable - which
means if you use it in an outer context, you cannot use it in an inner
context, even if it is used in a different function. Rather than attempting
to figure out how to use $_ safely in lower level functions, I just removed
the use of it altogether, which also makes the code easier to read.
Reviewed by: nhosoi (Thanks!) - fixed minor issues found
Platforms tested: Fedora 11
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: DS console: Can not delete DS instance
Reviewed by: nkinder (Thanks!)
Fix Description: As it turns out, my assumption that ds_remove in CGI mode also did the unregistration was false. It is the console that does the unregistration, only after the ds_remove CGI returns success. So, ds_remove needs to run with AdminSDK off, just like the other "special" CGI programs. In addition, ds_remove needs to be more robust - if there is an error during ds_remove, you should be allowed to try again after fixing something. However, the way the error handling worked did not differentiate between fatal errors and errors that could be ignored. In order to do this properly, we need to propagate the errors back up to the top level (oh how I wish perl had real exception handling . . .). The main type of error we need to ignore is file not found or process not found. If we attempted to remove before and that attempt failed for some reason, and left a partial instance, we need to be able to run the remove command again, skipping over the things we shutdown or removed already, and clean up the stuff we need to remove. This can also happen if you use the console to create a ds instance, and remove-ds.pl to remove the instance. The instance will still show up in the console. We need to be able to use the Remove Server in the console to remove the instance from the console, even through there is no physical instance on disk any more. Since the console will only do the unregistration if the CGI returns success, we need to make sure the CGI returns success even though there is no instance on disk. When ds_remove is run via ds_removal, it will do the unregistration.
I also took this opportunity to refactor the remove code, creating a removeDSInstance method in DSCreate.pm, and moving some of the other removal helper functions to Util.pm. That simplified the code in both ds_remove and remove-ds.pl.
I added a remove-ds-admin.pl script - one of the problems that users have is that they run setup-ds-admin.pl, then hit some error (e.g. bad DNS setup), then find that they cannot restore the system to the state before they ran setup-ds-admin.pl. remove-ds-admin.pl does this.
Finally, I added some man pages to the admin package for those commonly used commands.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
| |
Bug Description: overriding arguments to setup causes setup to fail
Reviewed by: ulf.weltman, nkinder (Thanks!)
Fix Description: Parameters specified on the command line should override and replace (not add to) any parameters specified in a given .inf file. I refactored the code a little too - I moved the argv processing into the Inf module out of the Setup and Migration modules. The code will first process the args and store the values in a temporary hash ref. Then it will process the temp hash ref, replacing the values in the main inf with the values from the hash.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: Pass in schema and config LDIF files to setup
Reviewed by: nhosoi (Thanks!)
Fix Description: 1) Allow multi-valued parameters in .inf files and command line. These values will be represented internally as an array ref. No existing parameters allow being multi-valued (e.g. you can't use Suffix=o=foo and Suffix=o=bar)
2) Add two new .inf parameters - SchemaFile and ConfigFile. The files listed in SchemaFile will be copied into the schema subdirectory of the new instance, so they must already be named appropriately (e.g. 60foo.ldif). The files listed in ConfigFile must be LDIF files with one or more whole entries to be added to the initial dse.ldif. These could be additional suffixes/databases to create, plugin configuration, replication configuration, or anything else.
Right now, if you have an LDIF file that relies on custom schema, you cannot use the InstallLdifFile directive during setup. SchemaFile allows you to do that.
Platforms tested: RHEL5
Flag Day: no
Doc impact: Will need to document the two additional parameters.
|
| |
|
|
|
|
|
|
|
|
| |
Bug Description: Replace ds_newinst binary with perl script
Reviewed by: nhosoi (Thanks!)
Fix Description: 1) Inf needs to be able to read the .inf file from stdin. This is what ds_newinst.pl does currently.
2) getlogin seems not to work in all cases, so add a more robust replacement.
Platforms tested: RHEL4, FC6
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
| |
Description: Move DS Admin Code into Admin Server - Inf, ds_newinst.pl
Fix Description: Some minor cleanup:
1) Setup must not write to the user supplied inf file. Setup uses the user supplied inf to initialize its cache, but creates a tempfile for writing.
2) When writing an Inf, preserve the continuation lines.
3) Added Noriko's fix for suffix generation to ds_newinst.pl
Platforms tested: RHEL4
Flag Day: No.
Doc impact: No.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Description: Move DS Admin Code into Admin Server - ldif templates, pwdhash
Reviewed by: nhosoi (Thanks!)
Fix Description: These changes are primarily to allow the admin server setup to run completely in perl with no more setuputil code.
1) Added LDIF templates for DS config. template-dse.ldif is the core minimal directory server configuration. Values can be replaced with parameters in the same style as used with register_server.pl - %token%. For the plugin entries, the plugin shared library name is now just a name. There is no more full path. The code in dynalib.c handles this case by using the compiled in PLUGINDIR. The NSPR function PR_GetLibraryName knows the correct shared lib suffix for the platform. All of this allows us to do 2).
2) Added ability to run pwdhash with no server configuration. If no configuration is given, it uses the template-dse.ldif above. And instead of having to worry about where the plugins are installed and the shared lib suffix, it just depends on the above changes. This allows us to generate password hashes during setup before the directory server instance is created, and also to keep clear text password usage to a minimum.
3) Added defaultuser and defaultgroup.
4) Added support for continuation lines in Inf files.
5) All user visible messages during setup should be localizable
Platforms tested: RHEL4
Flag Day: Yes, autotool file changes.
Doc impact: Yes, along with the previous fixes for this bug.
|
|
|
Description: Move DS Admin Code into Admin Server
Fix Description: This adds the setup related perl modules, scripts, and resource files to the DS base code. This will allow a user to interactively setup (create an instance of) a directory server. This will also form the base of the work to add the console and admin server related setup code.
New files/directories:
$libdir/fedora-ds/perl - this is where the perl modules (Setup.pm, etc.) will be installed.
$bindir/setup-ds.pl - the script to use to interactively create an instance of directory server. This has use lib '$libdir/fedora-ds/perl' hard coded into it at build time, in order to find the "private" setup perl modules. If you invoke this script in silent mode (setup-ds.pl -s) then it is exactly the same as just using ds_newinst.pl.
$sysconfdir/fedora-ds/property/setup-ds.res - Resources for setup-ds.pl and the associated modules.
I also fixed a problem with the libns-dshttpd linkage.
Platforms tested: RHEL4
Flag Day: no
Doc impact: Yes. All of these new items will need to be documented.
|
