diff options
author | Karl MacMillan <kmacmill@redhat.com> | 2007-11-21 18:01:32 -0500 |
---|---|---|
committer | Karl MacMillan <kmacmill@redhat.com> | 2007-11-21 18:01:32 -0500 |
commit | c373ed5c5ccbee64c956a9a682a1427387498d8d (patch) | |
tree | 19fcf8a26828b0bacf8efe615db96d1a7c094ef0 /ipa-server/ipaserver/dsinstance.py | |
parent | b456d8424a89b157eb9b1438ed0c3590221cee70 (diff) | |
download | freeipa-c373ed5c5ccbee64c956a9a682a1427387498d8d.tar.gz freeipa-c373ed5c5ccbee64c956a9a682a1427387498d8d.tar.xz freeipa-c373ed5c5ccbee64c956a9a682a1427387498d8d.zip |
Initial replication setup.
This add replication setup through two new commands: ipa-replica-prepare
and ipa-replica-install. The procedure is to run ipa-replica-prepare
on an existing master. This will collect information about the realm
and the current master and create a file storing all of the information.
After copying that file to the new replica, ipa-replica-install is
run (with -r to create a read-only replica).
This version of the patch also includes fixes for the sasl mappings
on the replicas.
Remaining features:
- ssl for replication.
- automatic configuration of mesh topology for
master (or a simpler way to replicate multiple
masters.
- tool for view / configuring current replication.
Diffstat (limited to 'ipa-server/ipaserver/dsinstance.py')
-rw-r--r-- | ipa-server/ipaserver/dsinstance.py | 104 |
1 files changed, 79 insertions, 25 deletions
diff --git a/ipa-server/ipaserver/dsinstance.py b/ipa-server/ipaserver/dsinstance.py index 3cf80f46..79a57182 100644 --- a/ipa-server/ipaserver/dsinstance.py +++ b/ipa-server/ipaserver/dsinstance.py @@ -24,10 +24,14 @@ import tempfile import shutil import logging import pwd +import glob +import sys from ipa.ipautil import * import service +import installutils + SERVER_ROOT_64 = "/usr/lib64/dirsrv" SERVER_ROOT_32 = "/usr/lib/dirsrv" @@ -35,9 +39,6 @@ def ldap_mod(fd, dn, pwd): args = ["/usr/bin/ldapmodify", "-h", "127.0.0.1", "-xv", "-D", dn, "-w", pwd, "-f", fd.name] run(args) - text = fd.read() - print text - def realm_to_suffix(realm_name): s = realm_name.split(".") terms = ["dc=" + x.lower() for x in s] @@ -49,6 +50,61 @@ def find_server_root(): else: return SERVER_ROOT_32 +def realm_to_serverid(realm_name): + return "-".join(realm_name.split(".")) + +def config_dirname(realm_name): + return "/etc/dirsrv/slapd-" + realm_to_serverid(realm_name) + "/" + +def schema_dirname(realm_name): + return config_dirname(realm_name) + "/schema/" + +def erase_ds_instance_data(serverid): + try: + shutil.rmtree("/etc/dirsrv/slapd-%s" % serverid) + except: + pass + try: + shutil.rmtree("/var/lib/dirsrv/slapd-%s" % serverid) + except: + pass + try: + shutil.rmtree("/var/lock/dirsrv/slapd-%s" % serverid) + except: + pass + +def check_existing_installation(): + dirs = glob.glob("/etc/dirsrv/slapd-*") + if not dirs: + return + print "" + print "An existing Directory Server has been detected." + yesno = raw_input("Do you wish to remove it and create a new one? [no]: ") + if not yesno or yesno.lower()[0] != "y": + sys.exit(1) + + try: + run(["/sbin/service", "dirsrv", "stop"]) + except: + pass + for d in dirs: + serverid = os.path.basename(d).split("slapd-", 1)[1] + if serverid: + erase_ds_instance_data(serverid) + +def check_ports(): + ds_unsecure = installutils.port_available(389) + ds_secure = installutils.port_available(636) + if not ds_unsecure or not ds_secure: + print "IPA requires ports 389 and 636 for the Directory Server." + print "These are currently in use:" + if not ds_unsecure: + print "\t389" + if not ds_secure: + print "\t636" + sys.exit(1) + + INF_TEMPLATE = """ [General] FullMachineName= $FQHN @@ -72,20 +128,25 @@ class DsInstance(service.Service): self.dm_password = None self.sub_dict = None - def create_instance(self, ds_user, realm_name, host_name, dm_password): + def create_instance(self, ds_user, realm_name, host_name, dm_password, ro_replica=False): self.ds_user = ds_user self.realm_name = realm_name.upper() - self.serverid = "-".join(self.realm_name.split(".")) + self.serverid = realm_to_serverid(self.realm_name) self.suffix = realm_to_suffix(self.realm_name) self.host_name = host_name self.dm_password = dm_password self.__setup_sub_dict() + + if ro_replica: + self.start_creation(15, "Configuring directory server:") + else: + self.start_creation(15, "Configuring directory server:") - self.start_creation(15, "Configuring directory server:") self.__create_ds_user() self.__create_instance() self.__add_default_schemas() - self.__add_memberof_module() + if not ro_replica: + self.__add_memberof_module() self.__add_referint_module() self.__add_dna_module() self.__create_indeces() @@ -97,10 +158,11 @@ class DsInstance(service.Service): except: # TODO: roll back here? logging.critical("Failed to restart the ds instance") - self.__config_uidgid_gen_first_master() self.__add_default_layout() - self.__add_master_entry_first_master() - self.__init_memberof() + if not ro_replica: + self.__config_uidgid_gen_first_master() + self.__add_master_entry_first_master() + self.__init_memberof() self.step("configuring directoy to start on boot") @@ -108,14 +170,6 @@ class DsInstance(service.Service): self.done_creation() - def config_dirname(self): - if not self.serverid: - raise RuntimeError("serverid not set") - return "/etc/dirsrv/slapd-" + self.serverid + "/" - - def schema_dirname(self): - return self.config_dirname() + "/schema/" - def __setup_sub_dict(self): server_root = find_server_root() self.sub_dict = dict(FQHN=self.host_name, SERVERID=self.serverid, @@ -165,13 +219,13 @@ class DsInstance(service.Service): def __add_default_schemas(self): self.step("adding default schema") shutil.copyfile(SHARE_DIR + "60kerberos.ldif", - self.schema_dirname() + "60kerberos.ldif") + schema_dirname(self.realm_name) + "60kerberos.ldif") shutil.copyfile(SHARE_DIR + "60samba.ldif", - self.schema_dirname() + "60samba.ldif") + schema_dirname(self.realm_name) + "60samba.ldif") shutil.copyfile(SHARE_DIR + "60radius.ldif", - self.schema_dirname() + "60radius.ldif") + schema_dirname(self.realm_name) + "60radius.ldif") shutil.copyfile(SHARE_DIR + "60ipaconfig.ldif", - self.schema_dirname() + "60ipaconfig.ldif") + schema_dirname(self.realm_name) + "60ipaconfig.ldif") def __add_memberof_module(self): self.step("enabling memboerof plugin") @@ -235,7 +289,7 @@ class DsInstance(service.Service): def __enable_ssl(self): self.step("configuring ssl for ds instance") - dirname = self.config_dirname() + dirname = config_dirname(self.realm_name) args = ["/usr/share/ipa/ipa-server-setupssl", self.dm_password, dirname, self.host_name] try: @@ -273,7 +327,7 @@ class DsInstance(service.Service): def __certmap_conf(self): self.step("configuring certmap.conf") - dirname = self.config_dirname() + dirname = config_dirname(self.realm_name) certmap_conf = template_file(SHARE_DIR+"certmap.conf.template", self.sub_dict) certmap_fd = open(dirname+"certmap.conf", "w+") certmap_fd.write(certmap_conf) @@ -281,7 +335,7 @@ class DsInstance(service.Service): def change_admin_password(self, password): logging.debug("Changing admin password") - dirname = self.config_dirname() + dirname = config_dirname(self.realm_name) if dir_exists("/usr/lib64/mozldap"): app = "/usr/lib64/mozldap/ldappasswd" else: |