diff options
author | Rob Crittenden <rcritten@redhat.com> | 2011-04-21 16:43:10 -0400 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2011-04-22 11:43:50 +0200 |
commit | 46a341142079d1722647d24d06155346fc1c8442 (patch) | |
tree | 66e716279075c0381016158c242ec0dbe589807d | |
parent | d2be41dd1b69020b11cdd6ba66436424f3a0033a (diff) | |
download | freeipa-46a341142079d1722647d24d06155346fc1c8442.tar.gz freeipa-46a341142079d1722647d24d06155346fc1c8442.tar.xz freeipa-46a341142079d1722647d24d06155346fc1c8442.zip |
Wait for memberof task and DS to start before proceeding in installation.
This was causing a replica DS instance to crash if the task was not
completed when we attempted a shutdown to do a restart.
In replication.py we were restarting the DS instance without waiting
for the ports to become available.
It is unlikely that the dn of the memberof task will change but just in
case I noted it in the two places it is referenced.
ticket 1188
-rw-r--r-- | install/share/memberof-task.ldif | 2 | ||||
-rw-r--r-- | ipaserver/install/dsinstance.py | 7 | ||||
-rw-r--r-- | ipaserver/install/replication.py | 2 | ||||
-rw-r--r-- | ipaserver/ipaldap.py | 23 |
4 files changed, 34 insertions, 0 deletions
diff --git a/install/share/memberof-task.ldif b/install/share/memberof-task.ldif index 827949e3..6ea18d4b 100644 --- a/install/share/memberof-task.ldif +++ b/install/share/memberof-task.ldif @@ -1,3 +1,5 @@ +# Note, if you change this dn also update the dn in +# ipaserver/install/dsinstance.py dn: cn=IPA install $TIME, cn=memberof task, cn=tasks, cn=config changetype: add objectClass: top diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 55412643..38195c72 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -427,6 +427,13 @@ class DsInstance(service.Service): def init_memberof(self): self._ldap_mod("memberof-task.ldif", self.sub_dict) + # Note, keep dn in sync with dn in install/share/memberof-task.ldif + dn = "cn=IPA install %s,cn=memberof task,cn=tasks,cn=config" % self.sub_dict["TIME"] + logging.debug("Waiting for memberof task to complete.") + conn = ipaldap.IPAdmin("127.0.0.1") + conn.simple_bind_s("cn=directory manager", self.dm_password) + conn.checkTask(dn, dowait=True) + conn.unbind() def apply_updates(self): ld = ldapupdate.LDAPUpdate(dm_password=self.dm_password, sub_dict=self.sub_dict) diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index 1dc112b2..3712d1c3 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -23,6 +23,7 @@ import os import ldap from ipaserver import ipaldap from ipaserver.install.service import restart +import installutils from ldap import modlist from ipalib import util from ipalib import errors @@ -69,6 +70,7 @@ def enable_replication_version_checking(hostname, realm, dirman_passwd): conn.unbind() serverid = "-".join(realm.split(".")) restart("dirsrv", instance_name=serverid) + installutils.wait_for_open_ports('localhost', [389, 636], 300) else: conn.unbind() diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py index b933839a..7df7ccef 100644 --- a/ipaserver/ipaldap.py +++ b/ipaserver/ipaldap.py @@ -641,6 +641,29 @@ class IPAdmin(SimpleLDAPObject): return entry + def checkTask(self, dn, dowait=False, verbose=False): + """check task status - task is complete when the nsTaskExitCode attr + is set return a 2 tuple (true/false,code) first is false if task is + running, true if done - if true, second is the exit code - if dowait + is True, this function will block until the task is complete + """ + attrlist = ['nsTaskLog', 'nsTaskStatus', 'nsTaskExitCode', 'nsTaskCurrentItem', 'nsTaskTotalItems'] + done = False + exitCode = 0 + while not done: + try: + entry = self.getEntry(dn, ldap.SCOPE_BASE, "(objectclass=*)", attrlist) + except errors.NotFound: + break + if verbose: + print entry + if entry.nsTaskExitCode: + exitCode = int(entry.nsTaskExitCode) + done = True + if dowait: time.sleep(1) + else: break + return (done, exitCode) + def normalizeDN(dn): # not great, but will do until we use a newer version of python-ldap # that has DN utilities |