diff options
author | Jan Cholasta <jcholast@redhat.com> | 2014-12-01 12:12:15 +0000 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2014-12-09 13:46:29 +0000 |
commit | f92d0efca693ddcf4de0bc3413ab26c76bad6963 (patch) | |
tree | 6d6afb36ae2a2e8dee465b4b74d384bd9af5ddbc | |
parent | 7f1db9303e14fc7b3f505cf63d21544197ea6047 (diff) | |
download | freeipa-f92d0efca693ddcf4de0bc3413ab26c76bad6963.tar.gz freeipa-f92d0efca693ddcf4de0bc3413ab26c76bad6963.tar.xz freeipa-f92d0efca693ddcf4de0bc3413ab26c76bad6963.zip |
Improve validation of --instance and --backend options in ipa-restore
https://fedorahosted.org/freeipa/ticket/4744
Reviewed-By: David Kupka <dkupka@redhat.com>
-rw-r--r-- | ipaplatform/base/paths.py | 2 | ||||
-rw-r--r-- | ipaserver/install/ipa_backup.py | 2 | ||||
-rw-r--r-- | ipaserver/install/ipa_restore.py | 73 |
3 files changed, 46 insertions, 31 deletions
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index c4cdc58d6..3389042cd 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -262,7 +262,7 @@ class BasePathNamespace(object): VAR_LIB_DIRSRV_INSTANCE_SCRIPTS_TEMPLATE = "/var/lib/dirsrv/scripts-%s" VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s" SLAPD_INSTANCE_BACKUP_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s/bak/%s" - IPACA_DIRSRV_INSTANCE_DB_TEMPLATE = "/var/lib/dirsrv/slapd-%s/db/ipaca" + SLAPD_INSTANCE_DB_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s/db/%s" SLAPD_INSTANCE_LDIF_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s/ldif" VAR_LIB_SLAPD_PKI_IPA_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-PKI-IPA" VAR_LIB_IPA = "/var/lib/ipa" diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py index 5d583f7e9..72d1475d6 100644 --- a/ipaserver/install/ipa_backup.py +++ b/ipaserver/install/ipa_backup.py @@ -292,7 +292,7 @@ class Backup(admintool.AdminTool): for instance in [realm_to_serverid(api.env.realm), 'PKI-IPA']: if os.path.exists(paths.VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE % instance): - if os.path.exists(paths.IPACA_DIRSRV_INSTANCE_DB_TEMPLATE % instance): + if os.path.exists(paths.SLAPD_INSTANCE_DB_DIR_TEMPLATE % (instance, 'ipaca')): self.db2ldif(instance, 'ipaca', online=options.online) self.db2ldif(instance, 'userRoot', online=options.online) self.db2bak(instance, online=options.online) diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py index 9cb978a51..097703938 100644 --- a/ipaserver/install/ipa_restore.py +++ b/ipaserver/install/ipa_restore.py @@ -188,15 +188,35 @@ class Restore(admintool.AdminTool): self.log.info("Preparing restore from %s on %s", self.backup_dir, api.env.host) - if not options.instance: - instances = [] - for instance in [realm_to_serverid(api.env.realm), 'PKI-IPA']: - if os.path.exists(paths.VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE % instance): - instances.append(instance) + if options.instance and options.backend: + database = (options.instance, options.backend) + if not os.path.exists(paths.SLAPD_INSTANCE_DB_DIR_TEMPLATE % + database): + raise admintool.ScriptError( + "Instance %s with backend %s does not exist" % database) + + databases = [database] else: - instances = [options.instance] - if options.data_only and not instances: - raise admintool.ScriptError('No instances to restore to') + if options.instance: + instances = [options.instance] + else: + instances = [realm_to_serverid(api.env.realm), 'PKI-IPA'] + + if options.backend: + backends = [options.backend] + else: + backends = ['userRoot', 'ipaca'] + + databases = [] + for instance in instances: + for backend in backends: + database = (instance, backend) + if os.path.exists(paths.SLAPD_INSTANCE_DB_DIR_TEMPLATE % + database): + databases.append(database) + + if options.data_only and not databases: + raise admintool.ScriptError('No instances to restore to') create_ds_user() pent = pwd.getpwnam(DS_USER) @@ -223,7 +243,7 @@ class Restore(admintool.AdminTool): # These two checks would normally be in the validate method but # we need to know the type of backup we're dealing with. if (self.backup_type != 'FULL' and not options.data_only and - not instances): + not databases): raise admintool.ScriptError('Cannot restore a data backup into an empty system') if (self.backup_type == 'FULL' and not options.data_only and (options.instance or options.backend)): @@ -244,6 +264,15 @@ class Restore(admintool.AdminTool): not user_input("Continue to restore?", False)): raise admintool.ScriptError("Aborted") + self.extract_backup(options.gpg_keyring) + + for database in databases: + ldifname = '%s-%s.ldif' % database + ldiffile = os.path.join(self.dir, ldifname) + if not os.path.exists(ldiffile): + raise admintool.ScriptError( + "Instance %s with backend %s not in backup" % database) + # Big fat warning if (not options.unattended and not user_input("Restoring data will overwrite existing live data. Continue to restore?", False)): @@ -261,7 +290,6 @@ class Restore(admintool.AdminTool): self.log.info("Disabling all replication.") self.disable_agreements() - self.extract_backup(options.gpg_keyring) if options.data_only: if not options.online: self.log.info('Stopping Directory Server') @@ -295,16 +323,8 @@ class Restore(admintool.AdminTool): # userRoot backend in it and the main IPA instance. If we # have a unified instance we need to restore both userRoot and # ipaca. - for instance in instances: - if os.path.exists(paths.VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE % instance): - if options.backend is None: - self.ldif2db(instance, 'userRoot', online=options.online) - if os.path.exists(paths.IPACA_DIRSRV_INSTANCE_DB_TEMPLATE % instance): - self.ldif2db(instance, 'ipaca', online=options.online) - else: - self.ldif2db(instance, options.backend, online=options.online) - else: - raise admintool.ScriptError('389-ds instance %s does not exist' % instance) + for instance, backend in databases: + self.ldif2db(instance, backend, online=options.online) if options.data_only: if not options.online: @@ -447,20 +467,15 @@ class Restore(admintool.AdminTool): try: conn.add_entry(ent) except Exception, e: - raise admintool.ScriptError( - 'Unable to bind to LDAP server: %s' % e) + self.log.error("Unable to bind to LDAP server: %s" % e) + return self.log.info("Waiting for LDIF to finish") wait_for_task(conn, dn) else: args = ['%s/ldif2db' % self.__find_scripts_dir(instance), - '-i', ldiffile] - if backend is not None: - args.append('-n') - args.append(backend) - else: - args.append('-n') - args.append('userRoot') + '-i', ldiffile, + '-n', backend] (stdout, stderr, rc) = run(args, raiseonerr=False) if rc != 0: self.log.critical("ldif2db failed: %s" % stderr) |