diff options
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/install/bindinstance.py | 11 | ||||
| -rw-r--r-- | ipaserver/install/plugins/fix_replica_memberof.py | 51 | ||||
| -rw-r--r-- | ipaserver/install/replication.py | 22 |
3 files changed, 45 insertions, 39 deletions
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index 3ff59329..9faf1769 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -467,7 +467,7 @@ class BindInstance(service.Service): def setup(self, fqdn, ip_address, realm_name, domain_name, forwarders, ntp, reverse_zone, named_user="named", zonemgr=None, - zone_refresh=0, persistent_search=True): + zone_refresh=0, persistent_search=True, serial_autoincrement=True): self.named_user = named_user self.fqdn = fqdn self.ip_address = ip_address @@ -480,6 +480,7 @@ class BindInstance(service.Service): self.reverse_zone = reverse_zone self.zone_refresh = zone_refresh self.persistent_search = persistent_search + self.serial_autoincrement = True if not zonemgr: self.zonemgr = 'hostmaster.%s' % self.domain @@ -576,7 +577,10 @@ class BindInstance(service.Service): optional_ntp += "_ntp._udp\t\tIN SRV 0 100 123\t%s""" % self.host_in_rr else: optional_ntp = "" - persistent_search = "yes" if self.persistent_search else "no" + + boolean_var = {} + for var in ('persistent_search', 'serial_autoincrement'): + boolean_var[var] = "yes" if getattr(self, var, False) else "no" self.sub_dict = dict(FQDN=self.fqdn, IP=self.ip_address, @@ -589,7 +593,8 @@ class BindInstance(service.Service): OPTIONAL_NTP=optional_ntp, ZONEMGR=self.zonemgr, ZONE_REFRESH=self.zone_refresh, - PERSISTENT_SEARCH=persistent_search) + PERSISTENT_SEARCH=boolean_var['persistent_search'], + SERIAL_AUTOINCREMENT=boolean_var['serial_autoincrement'],) def __setup_dns_container(self): self._ldap_mod("dns.ldif", self.sub_dict) diff --git a/ipaserver/install/plugins/fix_replica_memberof.py b/ipaserver/install/plugins/fix_replica_memberof.py index 04152d36..23bde0c9 100644 --- a/ipaserver/install/plugins/fix_replica_memberof.py +++ b/ipaserver/install/plugins/fix_replica_memberof.py @@ -25,28 +25,24 @@ from ipaserver import ipaldap from ipaserver.install import replication from ipalib import api -class update_replica_memberof(PreUpdate): +class update_replica_exclude_attribute_list(PreUpdate): """ - Run through all replication agreements and ensure that memberOf is - included in the EXCLUDE list so we don't cause replication storms. + Run through all replication agreements and ensure that EXCLUDE list + has all the required attributes so that we don't cause replication + storms. """ order=MIDDLE def execute(self, **options): - totalexcludes = ('entryusn', - 'krblastsuccessfulauth', - 'krblastfailedauth', - 'krbloginfailedcount') - excludes = ('memberof', ) + totalexcludes - # We need an IPAdmin connection to the backend + self.log.debug("Start replication agreement exclude list update task") conn = ipaldap.IPAdmin(api.env.host, ldapi=True, realm=api.env.realm) conn.do_external_bind(pwd.getpwuid(os.geteuid()).pw_name) repl = replication.ReplicationManager(api.env.realm, api.env.host, None, conn=conn) entries = repl.find_replication_agreements() - self.log.debug("Found %d agreement(s)" % len(entries)) + self.log.debug("Found %d agreement(s)", len(entries)) for replica in entries: self.log.debug(replica.description) attrlist = replica.getValue('nsDS5ReplicatedAttributeList') @@ -55,28 +51,33 @@ class update_replica_memberof(PreUpdate): current = replica.toDict() # Need to add it altogether replica.setValues('nsDS5ReplicatedAttributeList', - '(objectclass=*) $ EXCLUDE %s' % " ".join(excludes)) + '(objectclass=*) $ EXCLUDE %s' % " ".join(replication.EXCLUDES)) replica.setValues('nsDS5ReplicatedAttributeListTotal', - '(objectclass=*) $ EXCLUDE %s' % " ".join(totalexcludes)) + '(objectclass=*) $ EXCLUDE %s' % " ".join(replication.TOTAL_EXCLUDES)) try: repl.conn.updateEntry(replica.dn, current, replica.toDict()) self.log.debug("Updated") except Exception, e: - self.log.error("Error caught updating replica: %s" % str(e)) - elif 'memberof' not in attrlist.lower(): - self.log.debug("Attribute list needs updating") - current = replica.toDict() - replica.setValue('nsDS5ReplicatedAttributeList', - replica.nsDS5ReplicatedAttributeList + ' memberof') - try: - repl.conn.updateEntry(replica.dn, current, replica.toDict()) - self.log.debug("Updated") - except Exception, e: - self.log.error("Error caught updating replica: %s" % str(e)) + self.log.error("Error caught updating replica: %s", str(e)) else: - self.log.debug("No update necessary") + attrlist_normalized = attrlist.lower() + missing = [attr for attr in replication.EXCLUDES + if attr not in attrlist_normalized] + + if missing: + self.log.debug("Attribute list needs updating") + current = replica.toDict() + replica.setValue('nsDS5ReplicatedAttributeList', + replica.nsDS5ReplicatedAttributeList + ' %s' % ' '.join(missing)) + try: + repl.conn.updateEntry(replica.dn, current, replica.toDict()) + self.log.debug("Updated") + except Exception, e: + self.log.error("Error caught updating replica: %s", str(e)) + else: + self.log.debug("No update necessary") self.log.debug("Done updating agreements") return (False, False, []) # No restart, no apply now, no updates -api.register(update_replica_memberof) +api.register(update_replica_exclude_attribute_list) diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index 417b7a0c..38abfe21 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -43,6 +43,15 @@ REPL_MAN_DN = "cn=replication manager,cn=config" IPA_REPLICA = 1 WINSYNC = 2 +# List of attributes that need to be excluded from replication initialization. +TOTAL_EXCLUDES = ('entryusn', + 'krblastsuccessfulauth', + 'krblastfailedauth', + 'krbloginfailedcount') + +# List of attributes that need to be excluded from normal replication. +EXCLUDES = ('memberof', 'idnssoaserial') + TOTAL_EXCLUDES + def replica_conn_check(master_host, host_name, realm, check_ca, admin_password=None): """ @@ -467,15 +476,6 @@ class ReplicationManager(object): except errors.NotFound: pass - # List of attributes that need to be excluded from replication initialization. - totalexcludes = ('entryusn', - 'krblastsuccessfulauth', - 'krblastfailedauth', - 'krbloginfailedcount') - - # List of attributes that need to be excluded from normal replication. - excludes = ('memberof', ) + totalexcludes - entry = ipaldap.Entry(dn) entry.setValues('objectclass', "nsds5replicationagreement") entry.setValues('cn', cn) @@ -485,7 +485,7 @@ class ReplicationManager(object): entry.setValues('nsds5replicaroot', self.suffix) if master is None: entry.setValues('nsDS5ReplicatedAttributeList', - '(objectclass=*) $ EXCLUDE %s' % " ".join(excludes)) + '(objectclass=*) $ EXCLUDE %s' % " ".join(EXCLUDES)) entry.setValues('description', "me to %s" % b_hostname) if isgssapi: entry.setValues('nsds5replicatransportinfo', 'LDAP') @@ -503,7 +503,7 @@ class ReplicationManager(object): try: mod = [(ldap.MOD_ADD, 'nsDS5ReplicatedAttributeListTotal', - '(objectclass=*) $ EXCLUDE %s' % " ".join(totalexcludes))] + '(objectclass=*) $ EXCLUDE %s' % " ".join(TOTAL_EXCLUDES))] a_conn.modify_s(dn, mod) except ldap.LDAPError, e: # Apparently there are problems set the total list |