From 5c6232e24d008d062bb5e70dae5b111c32e96169 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 31 Jan 2011 16:20:40 -0500 Subject: Force sync in both direction before changing replication agreements Fixes: https://fedorahosted.org/freeipa/ticket/887 --- ipaserver/install/replication.py | 40 +++++++++++++++++++++++++--------------- 1 file changed, 25 insertions(+), 15 deletions(-) (limited to 'ipaserver') diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index 77ca0578..ac35db1a 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -653,21 +653,15 @@ class ReplicationManager: # First off make sure servers are in sync so that both KDCs # have all princiapls and their passwords and can release # the right tickets. We do this by force pushing all our changes - filter = "(&(nsDS5ReplicaHost=%s)(objectclass=nsds5ReplicationAgreement))" % r_hostname - entry = self.conn.search_s("cn=config", ldap.SCOPE_SUBTREE, filter) - if len(entry) == 0: - raise RuntimeError("Missing %s -> %s replication agreement" % - (self.hostname, r_hostname)) - if len(entry) > 1: - logging.info("Found multiple agreements for %s." % r_hostname) - logging.info("Syncing only the first one: %s" % entry[0].dn) - - self.force_synch(entry[0].dn, entry[0].nsds5replicaupdateschedule) - - # now wait until we are sure replication has succeeded. + self.force_sync(self.conn, r_hostname) cn, dn = self.agreement_dn(r_hostname) self.wait_for_repl_update(self.conn, dn, 30) + # now in the opposite direction + self.force_sync(r_conn, self.hostname) + cn, dn = self.agreement_dn(self.hostname) + self.wait_for_repl_update(r_conn, dn, 30) + # now that directories are in sync, # change the agreements to use GSSAPI self.gssapi_update_agreements(self.conn, r_conn) @@ -700,9 +694,25 @@ class ReplicationManager: except ldap.ALREADY_EXISTS: return - def force_synch(self, dn, schedule): + def force_sync(self, conn, hostname): + newschedule = '2358-2359 0' + filter = '(&(nsDS5ReplicaHost=%s)' \ + '(|(objectclass=nsDSWindowsReplicationAgreement)' \ + '(objectclass=nsds5ReplicationAgreement)))' % hostname + entry = conn.search_s("cn=config", ldap.SCOPE_SUBTREE, filter) + if len(entry) == 0: + logging.error("Unable to find replication agreement for %s" % + (hostname)) + raise RuntimeError("Unable to proceed") + if len(entry) > 1: + logging.error("Found multiple agreements for %s" % hostname) + logging.error("Using the first one only (%s)" % entry[0].dn) + + dn = entry[0].dn + schedule = entry[0].nsds5replicaupdateschedule + # On the remote chance of a match. We force a synch to happen right # now by changing the schedule to something else and quickly changing # it back. @@ -711,12 +721,12 @@ class ReplicationManager: logging.info("Changing agreement %s schedule to %s to force synch" % (dn, newschedule)) mod = [(ldap.MOD_REPLACE, 'nsDS5ReplicaUpdateSchedule', [ newschedule ])] - self.conn.modify_s(dn, mod) + conn.modify_s(dn, mod) time.sleep(1) logging.info("Changing agreement %s to restore original schedule %s" % (dn, schedule)) mod = [(ldap.MOD_REPLACE, 'nsDS5ReplicaUpdateSchedule', [ schedule ])] - self.conn.modify_s(dn, mod) + conn.modify_s(dn, mod) def get_agreement_type(self, hostname): cn, dn = self.agreement_dn(hostname) -- cgit