diff options
author | Rob Crittenden <rcritten@redhat.com> | 2012-02-15 16:55:59 -0500 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2012-02-16 14:44:27 +0100 |
commit | 7cb549edefa717324d75577f122aa3545dfb9cb5 (patch) | |
tree | 4a96ffe9e9b98b03b0b97580fb35561431b6c1e5 | |
parent | c8cdb75e9bf72f9ef48eab2544c27d4303ef56c2 (diff) | |
download | freeipa-7cb549edefa717324d75577f122aa3545dfb9cb5.tar.gz freeipa-7cb549edefa717324d75577f122aa3545dfb9cb5.tar.xz freeipa-7cb549edefa717324d75577f122aa3545dfb9cb5.zip |
Enable ipa_memcached when upgrading
Add support for autobind to services. This is a bit of a special case
so I currently require the caller to specify ldapi separately. It only
makes sense to do this only in upgrade cases.
Also uninstall ipa_memcached when uninstalling the server.
https://fedorahosted.org/freeipa/ticket/2399
-rwxr-xr-x | install/tools/ipa-server-install | 1 | ||||
-rw-r--r-- | install/tools/ipa-upgradeconfig | 12 | ||||
-rw-r--r-- | ipaserver/install/installutils.py | 2 | ||||
-rw-r--r-- | ipaserver/install/service.py | 35 |
4 files changed, 41 insertions, 9 deletions
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index f7de54403..284362206 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -464,6 +464,7 @@ def uninstall(): httpinstance.HTTPInstance(fstore).uninstall() krbinstance.KrbInstance(fstore).uninstall() dsinstance.DsInstance(fstore=fstore).uninstall() + memcacheinstance.MemcacheInstance().uninstall() fstore.restore_all_files() try: os.remove(ANSWER_CACHE) diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig index 764b17c42..725a9d106 100644 --- a/install/tools/ipa-upgradeconfig +++ b/install/tools/ipa-upgradeconfig @@ -29,12 +29,15 @@ try: from ipaserver.install import installutils from ipaserver.install import dsinstance from ipaserver.install import httpinstance + from ipaserver.install import memcacheinstance from ipaserver.install import service + import ldap import krbV import re import os import shutil import fileinput + import ipalib.errors except ImportError: print >> sys.stderr, """\ There was a problem importing one of the required Python modules. The @@ -254,6 +257,15 @@ def main(): http = httpinstance.HTTPInstance() http.remove_httpd_ccache() + memcache = memcacheinstance.MemcacheInstance() + memcache.ldapi = True + memcache.realm = krbctx.default_realm + try: + if not memcache.is_configured(): + memcache.create_instance('MEMCACHE', fqdn, None, ipautil.realm_to_suffix(krbctx.default_realm)) + except (ldap.ALREADY_EXISTS, ipalib.errors.DuplicateEntry): + pass + try: if __name__ == "__main__": sys.exit(main()) diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py index 94c1fabfb..a9a3ec431 100644 --- a/ipaserver/install/installutils.py +++ b/ipaserver/install/installutils.py @@ -36,7 +36,7 @@ from ipapython import ipautil, dnsclient, sysrestore from ipapython.ipa_log_manager import * # Used to determine install status -IPA_MODULES = ['httpd', 'kadmin', 'dirsrv', 'pki-cad', 'pkids', 'install', 'krb5kdc', 'ntpd', 'named'] +IPA_MODULES = ['httpd', 'kadmin', 'dirsrv', 'pki-cad', 'pkids', 'install', 'krb5kdc', 'ntpd', 'named', 'ipa_memcached'] class BadHostError(Exception): pass diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py index 5188b3d56..c101678af 100644 --- a/ipaserver/install/service.py +++ b/ipaserver/install/service.py @@ -20,6 +20,7 @@ import sys import os, socket import tempfile +import pwd from ipapython import sysrestore from ipapython import ipautil from ipapython import services as ipaservices @@ -50,12 +51,13 @@ def print_msg(message, output_fd=sys.stdout): class Service(object): - def __init__(self, service_name, sstore=None, dm_password=None): + def __init__(self, service_name, sstore=None, dm_password=None, ldapi=False): self.service_name = service_name self.service = ipaservices.service(service_name) self.steps = [] self.output_fd = sys.stdout self.dm_password = dm_password + self.ldapi = ldapi self.fqdn = socket.gethostname() self.admin_conn = None @@ -71,7 +73,12 @@ class Service(object): self.dercert = None def ldap_connect(self): - self.admin_conn = self.__get_conn(self.fqdn, self.dm_password) + if self.ldapi: + if not self.realm: + raise RuntimeError('realm must be set to use ldapi connection') + self.admin_conn = self.__get_conn(None, None, ldapi=True, realm=self.realm) + else: + self.admin_conn = self.__get_conn(self.fqdn, self.dm_password) def ldap_disconnect(self): self.admin_conn.unbind() @@ -257,14 +264,25 @@ class Service(object): self.steps = [] - def __get_conn(self, fqdn, dm_password): + def __get_conn(self, fqdn, dm_password, ldapi=False, realm=None): # If we are passed a password we'll use it as the DM password # otherwise we'll do a GSSAPI bind. try: # conn = ipaldap.IPAdmin(fqdn, port=636, cacert=CACERT) - conn = ipaldap.IPAdmin(fqdn, port=389) + if ldapi: + conn = ipaldap.IPAdmin(ldapi=ldapi, realm=realm) + else: + conn = ipaldap.IPAdmin(fqdn, port=389) if dm_password: conn.do_simple_bind(bindpw=dm_password) + elif os.getegid() == 0 and self.ldapi: + try: + # autobind + pw_name = pwd.getpwuid(os.geteuid()).pw_name + conn.do_external_bind(pw_name) + except errors.NotFound: + # Fall back + conn.do_sasl_gssapi_bind() else: conn.do_sasl_gssapi_bind() except Exception, e: @@ -275,7 +293,8 @@ class Service(object): def ldap_enable(self, name, fqdn, dm_password, ldap_suffix): self.disable() - conn = self.__get_conn(fqdn, dm_password) + if not self.admin_conn: + self.ldap_connect() entry_name = "cn=%s,cn=%s,%s,%s" % (name, fqdn, "cn=masters,cn=ipa,cn=etc", @@ -289,9 +308,9 @@ class Service(object): "enabledService", "startOrder " + str(order)) try: - conn.addEntry(entry) - except ldap.ALREADY_EXISTS, e: - root_logger.critical("failed to add %s Service startup entry" % name) + self.admin_conn.addEntry(entry) + except (ldap.ALREADY_EXISTS, errors.DuplicateEntry), e: + root_logger.debug("failed to add %s Service startup entry" % name) raise e class SimpleServiceInstance(Service): |