diff options
author | Noriko Hosoi <nhosoi@redhat.com> | 2005-10-14 16:08:09 +0000 |
---|---|---|
committer | Noriko Hosoi <nhosoi@redhat.com> | 2005-10-14 16:08:09 +0000 |
commit | 3722ac5f74b22059b7ee8e4e2c2f4f846e86d8cf (patch) | |
tree | a1765186cce30b275484dbc0216cd0eb3924f88e | |
parent | 79dfc67a91a7f1491f6f9ee418c59b78a4f8055a (diff) | |
download | ds-3722ac5f74b22059b7ee8e4e2c2f4f846e86d8cf.tar.gz ds-3722ac5f74b22059b7ee8e4e2c2f4f846e86d8cf.tar.xz ds-3722ac5f74b22059b7ee8e4e2c2f4f846e86d8cf.zip |
[170322] setup script hangs without prompting for token password
Disable SSL before applying the patch, then enable it when the patch installation is done.
-rw-r--r-- | ldap/cm/Makefile | 4 | ||||
-rwxr-xr-x | ldap/cm/newinst/setup | 166 | ||||
-rwxr-xr-x | ldap/cm/newinst/setup.patch | 155 | ||||
-rw-r--r-- | ldapserver.spec.tmpl | 48 |
4 files changed, 343 insertions, 30 deletions
diff --git a/ldap/cm/Makefile b/ldap/cm/Makefile index 0c8dc164..d5c52843 100644 --- a/ldap/cm/Makefile +++ b/ldap/cm/Makefile @@ -820,7 +820,7 @@ ifdef BUILD_PATCH echo "[$(SLAPDSP)]" >> $(PATCHINSTDIR)/setup.inf echo "ComponentInfoFile = $(SLAPDSP)/$(SLAPDSP).inf" >> $(PATCHINSTDIR)/setup.inf # create a zip file based upon the $(PATCHINF) file - cd $(ABSRELDIR)/slapd/$(NS_BUILD_FLAVOR); zip -r $(PATCHINSTDIR)/$(SLAPDSP)/ns$(SLAPDSP).zip `egrep "^file:" $(PATCHINF) | awk -F: '{print $$3}'` + cd $(ABSRELDIR)/slapd/$(NS_BUILD_FLAVOR); zip -r $(PATCHINSTDIR)/$(SLAPDSP)/ns$(SLAPDSP).zip `grep "^file:" $(PATCHINF) | awk -F: '{print $$3}'` # put ns-config and needed libs in the $(PATCHINSTDIR)/$(SLAPDSP) directory $(INSTALL) -m 755 $(RELDIR_32)/bin/slapd/admin/bin/ns-config $(PATCHINSTDIR)/$(SLAPDSP) -@for file in $(PACKAGE_SETUP_LIBS_32) ; \ @@ -830,7 +830,7 @@ ifdef BUILD_PATCH done # create patch inf file: $(SLAPD).inf cp $(OBJDIR)/slapd-patch.inf $(PATCHINSTDIR)/$(SLAPDSP)/$(SLAPDSP).inf - cd $(ABSRELDIR)/slapd/$(NS_BUILD_FLAVOR); ls `egrep "^file:" $(PATCHINF) | egrep -v "setup/setup" | awk -F: '{print $$3}'` > $(PATCHINSTDIR)/$(SLAPDSP)/$(SLAPDSP).inf.tmp + cd $(ABSRELDIR)/slapd/$(NS_BUILD_FLAVOR); ls `grep "^file:" $(PATCHINF) | egrep -v "setup/setup" | awk -F: '{print $$3}'` > $(PATCHINSTDIR)/$(SLAPDSP)/$(SLAPDSP).inf.tmp echo `cat $(PATCHINSTDIR)/$(SLAPDSP)/$(SLAPDSP).inf.tmp` | sed -e "s/ /,/g" > $(PATCHINSTDIR)/$(SLAPDSP)/$(SLAPDSP).inf.tmp2 echo "BackupFiles="`cat $(PATCHINSTDIR)/$(SLAPDSP)/$(SLAPDSP).inf.tmp2`>> $(PATCHINSTDIR)/$(SLAPDSP)/$(SLAPDSP).inf rm -f $(PATCHINSTDIR)/$(SLAPDSP)/$(SLAPDSP).inf.tmp $(PATCHINSTDIR)/$(SLAPDSP)/$(SLAPDSP).inf.tmp2 diff --git a/ldap/cm/newinst/setup b/ldap/cm/newinst/setup index 69543500..e4f04721 100755 --- a/ldap/cm/newinst/setup +++ b/ldap/cm/newinst/setup @@ -180,7 +180,7 @@ fi rm -f $sroot/setup/install.inf # Fix for "[160589] IBM JVM breaks on some machines/kernels : -# admin server fails to start +# admin server fails to start JAVA_COMPILER=NONE; export JAVA_COMPILER echo "INFO Begin Setup . . ." | tee -a $logfile @@ -199,8 +199,162 @@ if ! [ $silent ]; then askYN "Continue?" fi +isadminsslon=0 +sslparams="" + +adminSSLOff() { + conffile=$1 + confparam=$2 + tmpfile=$3 + if [ -f $conffile ]; then + security=`grep -i "^$confparam" $conffile | awk '{print $1}'` + issecure=`grep -i "^$confparam" $conffile | awk '{print $2}'` + if [ "$issecure" = "on" -o "$issecure" = "ON" -o "$issecure" = "On" -o "$issecure" = "oN" ] + then + if [ $isadminsslon -eq 0 ]; then + $sroot/stop-admin + isadminsslon=1 + fi + echo $conffile=$security >> $tmpfile + cat $conffile | sed -e "s/^\($security\) .*/\1 off/g" > $conffile.01 + mv $conffile.01 $conffile + echo "$conffile: SSL off ..." + fi + fi +} + +adminXmlSSLOff() { + conffile=$1 + confparam=$2 + tmpfile=$3 + if [ -f $conffile ]; then + grep -i "\<security=\"on\"" $conffile > /dev/null 2>&1 + rval=$? + if [ $rval -eq 0 ] + then + if [ $isadminsslon -eq 0 ]; then + $sroot/stop-admin + isadminsslon=1 + fi + echo $conffile=$confparam >> $tmpfile + cat $conffile | sed -e "s/\([Ss][Ee][Cc][Uu][Rr][Ii][Tt][Yy]=\)\"[A-Za-z]*\"/\1\"off\"/g" > $conffile.0 + mv $conffile.0 $conffile + echo "$conffile: SSL off ..." + fi + sslparams0=`grep -i "<.*SSLPARAMS " $conffile` + rval=$? + if [ $rval -eq 0 ] + then + if [ $isadminsslon -eq 0 ]; then + $sroot/stop-admin + isadminsslon=1 + fi +echo adminXmlSSLOff: SSLPARAMS off + sslparams1=`echo $sslparams0 | sed -e 's/\//\\\\\//g'` + sslparams=`echo $sslparams1 | sed -e 's/\"/\\\\\"/g'` + cat $conffile | sed -e "s/\($sslparams\)/\<\!-- \1 --\>/g" > $conffile.1 + mv $conffile.1 $conffile + fi + fi +} + +SSLOff() { + rm -f dssecure.txt assecure.txt > /dev/null 2>&1 + touch dssecure.txt + touch assecure.txt + + for dir in $sroot/slapd-* ; do + if [ -f $dir/config/dse.ldif ]; then + security=`grep -i "^nsslapd-security:" $dir/config/dse.ldif | awk '{print $1}'` + issecure=`grep -i "^nsslapd-security:" $dir/config/dse.ldif | awk '{print $2}'` + if [ "$issecure" = "on" -o "$issecure" = "ON" -o "$issecure" = "On" -o "$issecure" = "oN" ] + then + echo $dir >> dssecure.txt + $dir/stop-slapd + cat $dir/config/dse.ldif | sed -e "s/\($security\) .*/\1 off/g" > $dir/config/dse.ldif.0 + mv $dir/config/dse.ldif.0 $dir/config/dse.ldif + echo "$dir/config/dse.ldif: SSL off ..." + fi + $dir/start-slapd + fi + done + if [ -d $sroot/admin-serv/config ]; then + adminSSLOff $sroot/admin-serv/config/adm.conf security: assecure.txt + adminSSLOff $sroot/admin-serv/config/local.conf configuration.nsServerSecurity: assecure.txt + adminSSLOff $sroot/admin-serv/config/magnus.conf Security assecure.txt + adminXmlSSLOff $sroot/admin-serv/config/server.xml security assecure.txt + + if [ $isadminsslon -ne 0 ]; then + $sroot/start-admin + fi + fi +} + +adminSSLOn() { + conffile=$1 + confparam=$2 + if [ -f $conffile ]; then + cat $conffile | sed -e "s/^\($confparam\) .*/\1 on/g" > $conffile.00 + mv $conffile.00 $conffile + echo "$conffile $confparam: SSL on ..." + fi +} + +adminXmlSSLOn() { + conffile=$1 + if [ -f $conffile ]; then + cat $conffile | sed -e "s/\([Ss][Ee][Cc][Uu][Rr][Ii][Tt][Yy]=\)\"[A-Za-z]*\"/\1\"on\"/g" > $conffile.2 + mv $conffile.2 $conffile + fi + grep -i "<.*SSLPARAMS " $conffile > /dev/null 2>&1 + rval=$? + if [ $rval -eq 0 ] + then + cat $conffile | sed -e "s/<\!-- *$sslparams *-->/$sslparams/g" > $conffile.3 + mv $conffile.3 $conffile + fi + echo "$conffile: SSL on ..." +} + +SSLOn() { + for dir in `cat dssecure.txt` ; do + if [ -f $dir/config/dse.ldif ]; then + security=`grep -i "^nsslapd-security:" $dir/config/dse.ldif | awk '{print $1}'` + $dir/stop-slapd + cat $dir/config/dse.ldif | sed -e "s/\($security\) .*/\1 on/g" > $dir/config/dse.ldif.0 + mv $dir/config/dse.ldif.0 $dir/config/dse.ldif + echo "$dir/config/dse.ldif: SSL on ..." + echo "Restarting Directory Server: $dir/start-slapd" + $dir/start-slapd + fi + done + + if [ $isadminsslon -ne 0 ]; then + $sroot/stop-admin + fi + for confline in `cat assecure.txt` ; do + conffile=`echo $confline | awk -F= '{print $1}'` + confparam=`echo $confline | awk -F= '{print $2}'` + echo $conffile | grep "\.xml$" > /dev/null 2>&1 + rval=$? + if [ $rval -eq 0 ]; then + adminXmlSSLOn $conffile $confparam + else + adminSSLOn $conffile $confparam + fi + done + if [ $isadminsslon -ne 0 ]; then + echo "Restarting Administration Server: $sroot/start-admin" + $sroot/start-admin + fi + + rm -f dssecure.txt assecure.txt > /dev/null 2>&1 +} + # check whether it is an in-place installation if [ -f $sroot/admin-serv/config/adm.conf ]; then + SSLOff + dsinst=`getValFromAdminConf "ldapStart:" "adm.conf" | awk -F/ '{print $1}'` if [ -f $sroot/$dsinst/config/dse.ldif ]; then # it is an in=place installation @@ -213,7 +367,7 @@ if [ -f $sroot/admin-serv/config/adm.conf ]; then suitespotgroup=`ls -l $sroot/$dsinst/config/dse.ldif | awk '{print $4}'` admindomain=`echo $ldaphost | awk -F. '{print $5 ? $2 "." $3 "." $4 "." $5: $4 ? $2 "." $3 "." $4 : $3 ? $2 "." $3 : $2 ? $2 : ""}'` if [ "$admindomain" = "" ]; then - admindomain=`domainname` + admindomain=`domainname` fi echo "In order to reconfigure your installation, the Configuration Directory" @@ -227,8 +381,8 @@ if [ -f $sroot/admin-serv/config/adm.conf ]; then echo "administrator ID: $siepid" siepasswd="" while [ "$siepasswd" = "" ]; do - printf "Password: " - read siepasswd + printf "Password: " + read siepasswd done inffile=$sroot/setup/myinstall.inf @@ -343,8 +497,10 @@ fi `pwd`/bin/admin/ns-update $doreconfig $silentarg $myargs -f $inffile | tee -a $logfile || doExit +SSLOn + # Fix for "[160589] IBM JVM breaks on some machines/kernels : -# admin server fails to start +# admin server fails to start sed -e "s/jvm.option=\(.*\)/jvm.option=\1 -Djava.compiler=NONE/" admin-serv/config/jvm12.conf > admin-serv/config/jvm12.tmp mv admin-serv/config/jvm12.tmp admin-serv/config/jvm12.conf diff --git a/ldap/cm/newinst/setup.patch b/ldap/cm/newinst/setup.patch index 167be1f2..a5cf7cb9 100755 --- a/ldap/cm/newinst/setup.patch +++ b/ldap/cm/newinst/setup.patch @@ -92,7 +92,7 @@ getValFromAdminConf() { cattr=$1 cfile=$2 rval=`grep -i $cattr $serverroot/admin-serv/config/$cfile | awk '{print $2}'` - echo $rval + echo $rval } dsinst=`getValFromAdminConf "ldapStart:" "adm.conf" | awk -F/ '{print $1}'` @@ -105,6 +105,97 @@ fi clear +isadminsslon=0 +sslparams="" + +adminSSLOff() { + conffile=$1 + confparam=$2 + tmpfile=$3 + if [ -f $conffile ]; then + security=`grep -i "^$confparam" $conffile | awk '{print $1}'` + issecure=`grep -i "^$confparam" $conffile | awk '{print $2}'` + if [ "$issecure" = "on" -o "$issecure" = "ON" -o "$issecure" = "On" ] + if [ "$issecure" = "on" -o "$issecure" = "ON" -o "$issecure" = "On" -o "$issecure" = "oN" ] + then + if [ $isadminsslon -eq 0 ]; then + $serverroot/stop-admin + isadminsslon=1 + fi + echo $conffile=$security >> $tmpfile + cat $conffile | sed -e "s/^\($security\) .*/\1 off/g" > $conffile.0 + mv $conffile.0 $conffile + echo "$conffile: SSL off ..." + fi + fi +} + +adminXmlSSLOff() { + conffile=$1 + confparam=$2 + tmpfile=$3 + if [ -f $conffile ]; then + grep -i "\<security=\"on\"" $conffile > /dev/null 2>&1 + rval=$? + if [ $rval -eq 0 ] + then + if [ $isadminsslon -eq 0 ]; then + $serverroot/stop-admin + isadminsslon=1 + fi + echo $conffile=$confparam >> $tmpfile + cat $conffile | sed -e "s/\([Ss][Ee][Cc][Uu][Rr][Ii][Tt][Yy]=\)\"[A-Za-z]*\"/\1\"off\"/g" > $conffile.0 + mv $conffile.0 $conffile + echo "$conffile: SSL off ..." + fi + sslparams0=`grep -i "<.*SSLPARAMS " $conffile` + rval=$? + if [ $rval -eq 0 ] + then + if [ $isadminsslon -eq 0 ]; then + $serverroot/stop-admin + isadminsslon=1 + fi + sslparams1=`echo $sslparams0 | sed -e 's/\//\\\\\//g'` + sslparams=`echo $sslparams1 | sed -e 's/\"/\\\\\"/g'` + cat $conffile | sed -e "s/\($sslparams\)/\<\!-- \1 --\>/g" > $conffile.0 + mv $conffile.0 $conffile + echo "$conffile: SSL off ..." + fi + fi +} + +rm -f dssecure.txt assecure.txt > /dev/null 2>&1 +touch dssecure.txt +touch assecure.txt + +for dir in $serverroot/slapd-* ; do + if [ -f $dir/config/dse.ldif ]; then + security=`grep -i "^nsslapd-security:" $dir/config/dse.ldif | awk '{print $1}'` + issecure=`grep -i "^nsslapd-security:" $dir/config/dse.ldif | awk '{print $2}'` + if [ "$issecure" = "on" -o "$issecure" = "ON" -o "$issecure" = "On" -o "$issecure" = "oN" ] + then + echo $dir >> dssecure.txt + $dir/stop-slapd + cat $dir/config/dse.ldif | sed -e "s/\($security\) .*/\1 off/g" > $dir/config/dse.ldif.0 + mv $dir/config/dse.ldif.0 $dir/config/dse.ldif + echo "$dir/config/dse.ldif: SSL off ..." + $dir/start-slapd + fi + fi +done + +if [ -d $serverroot/admin-serv/config ]; then + adminSSLOff $serverroot/admin-serv/config/adm.conf security: assecure.txt + adminSSLOff $serverroot/admin-serv/config/local.conf configuration.nsServerSecurity: assecure.txt + adminSSLOff $serverroot/admin-serv/config/magnus.conf Security assecure.txt + adminXmlSSLOff $serverroot/admin-serv/config/server.xml security assecure.txt + + if [ $isadminsslon -ne 0 ]; then + $serverroot/start-admin + fi +fi + ldaphost=`getValFromAdminConf "ldapHost:" "adm.conf"` ldapport=`getValFromAdminConf "ldapPort:" "adm.conf"` siepid=`getValFromAdminConf "siepid:" "adm.conf"` @@ -115,6 +206,8 @@ if [ "$admindomain" = "" ]; then admindomain=`domainname` fi +clear + echo " Fedora Project" echo " Directory Installation/Uninstallation" echo "-------------------------------------------------------------------------------" @@ -153,3 +246,63 @@ echo "Components= slapd-71sp1" >> $inffile clear ./dssetup -s -f $inffile + +adminSSLOn() { + conffile=$1 + confparam=$2 + if [ -f $conffile ]; then + cat $conffile | sed -e "s/^\($confparam\) .*/\1 on/g" > $conffile.0 + mv $conffile.0 $conffile + echo "$conffile $confparam: SSL on ..." + fi +} + +adminXmlSSLOn() { + conffile=$1 + if [ -f $conffile ]; then + cat $conffile | sed -e "s/\([Ss][Ee][Cc][Uu][Rr][Ii][Tt][Yy]=\)\"[A-Za-z]*\"/\1\"on\"/g" > $conffile.0 + mv $conffile.0 $conffile + fi + grep -i "<.*SSLPARAMS " $conffile > /dev/null 2>&1 + rval=$? + if [ $rval -eq 0 ] + then + cat $conffile | sed -e "s/<\!-- *$sslparams *-->/$sslparams/g" > $conffile.0 + mv $conffile.0 $conffile + fi + echo "$conffile: SSL on ..." +} + +for dir in `cat dssecure.txt` ; do + clear + if [ -f $dir/config/dse.ldif ]; then + security=`grep -i "^nsslapd-security:" $dir/config/dse.ldif | awk '{print $1}'` + $dir/stop-slapd + cat $dir/config/dse.ldif | sed -e "s/\($security\) .*/\1 on/g" > $dir/config/dse.ldif.0 + mv $dir/config/dse.ldif.0 $dir/config/dse.ldif + echo "$dir/config/dse.ldif: SSL on ..." + echo "Restarting Directory Server: $dir/start-slapd" + $dir/start-slapd + fi +done + +if [ $isadminsslon -ne 0 ]; then + $serverroot/stop-admin +fi +for confline in `cat assecure.txt` ; do + conffile=`echo $confline | awk -F= '{print $1}'` + confparam=`echo $confline | awk -F= '{print $2}'` + echo $conffile | grep "\.xml$" > /dev/null 2>&1 + rval=$? + if [ $rval -eq 0 ]; then + adminXmlSSLOn $conffile $confparam + else + adminSSLOn $conffile $confparam + fi +done +if [ $isadminsslon -ne 0 ]; then + echo "Restarting Administration Server: $serverroot/start-admin" + $serverroot/start-admin +fi + +rm -f dssecure.txt assecuire.txt diff --git a/ldapserver.spec.tmpl b/ldapserver.spec.tmpl index 2fb69003..3ebf95a4 100644 --- a/ldapserver.spec.tmpl +++ b/ldapserver.spec.tmpl @@ -80,7 +80,7 @@ echo yes | ./setup -b $RPM_BUILD_ROOT/%{prefix} %clean if [ -z "$RPM_INSTALL_PREFIX" ]; then - RPM_INSTALL_PREFIX=%{prefix} + RPM_INSTALL_PREFIX=%{prefix} fi rm -rf $RPM_BUILD_ROOT/$RPM_INSTALL_PREFIX @@ -93,9 +93,9 @@ rm -rf $RPM_BUILD_ROOT/$RPM_INSTALL_PREFIX %pre # in case upgrade, need to shutdown the servers before the installation -ls $RPM_BUILD_ROOT/$RPM_INSTALL_PREFIX/slapd-* > /dev/null 2>&1 +ls $RPM_INSTALL_PREFIX/slapd-* > /dev/null 2>&1 if [ $? -eq 0 ]; then - for instance in `ls -d $RPM_BUILD_ROOT/$RPM_INSTALL_PREFIX/slapd-*` + for instance in `ls -d $RPM_INSTALL_PREFIX/slapd-*` do if [ -f $instance/logs/pid ]; then pid=`cat $instance/logs/pid` @@ -106,27 +106,31 @@ if [ $? -eq 0 ]; then fi done fi -if [ -f $RPM_BUILD_ROOT/$RPM_INSTALL_PREFIX/admin-serv/logs/pid ]; then - pid=`cat $RPM_BUILD_ROOT/$RPM_INSTALL_PREFIX/admin-serv/logs/pid` +if [ -f $RPM_INSTALL_PREFIX/admin-serv/logs/pid ]; then + pid=`cat $RPM_INSTALL_PREFIX/admin-serv/logs/pid` psval=`ps -ef | egrep $pid` if [ "$psval" != "" ]; then - $RPM_BUILD_ROOT/$RPM_INSTALL_PREFIX/stop-admin + $RPM_INSTALL_PREFIX/stop-admin + fi +fi +if [ -d $RPM_INSTALL_PREFIX/admin-serv/config ]; then + if [ -d $RPM_INSTALL_PREFIX/admin-serv/config.backup ]; then + rm -rf $RPM_INSTALL_PREFIX/admin-serv/config.backup fi + cp -r $RPM_INSTALL_PREFIX/admin-serv/config $RPM_INSTALL_PREFIX/admin-serv/config.backup fi %post -# in case upgrade, need to start the servers before running setup -ls $RPM_BUILD_ROOT/$RPM_INSTALL_PREFIX/slapd-* > /dev/null 2>&1 -if [ $? -eq 0 ]; then - for instance in `ls -d $RPM_BUILD_ROOT/$RPM_INSTALL_PREFIX/slapd-*` - do - $instance/start-slapd - done -fi -if [ -f $RPM_BUILD_ROOT/$RPM_INSTALL_PREFIX/start-admin ]; then - $RPM_BUILD_ROOT/$RPM_INSTALL_PREFIX/start-admin -fi echo "" +if [ -d $RPM_INSTALL_PREFIX/admin-serv/config.backup ]; then + if [ -d $RPM_INSTALL_PREFIX/admin-serv/config ]; then + if [ -d $RPM_INSTALL_PREFIX/admin-serv/config.generated ]; then + rm -rf $RPM_INSTALL_PREFIX/admin-serv/config.generated + fi + mv $RPM_INSTALL_PREFIX/admin-serv/config $RPM_INSTALL_PREFIX/admin-serv/config.generated + fi + mv $RPM_INSTALL_PREFIX/admin-serv/config.backup $RPM_INSTALL_PREFIX/admin-serv/config +fi if [ -z "$RPM_INSTALL_PREFIX" ]; then RPM_INSTALL_PREFIX=%{prefix} fi @@ -135,11 +139,11 @@ echo "Install finished. Please run $RPM_INSTALL_PREFIX/setup/setup to set up th %preun # only run uninstall if this is the last version of the package if [ "$1" = 0 ] ; then - if [ -z "$RPM_INSTALL_PREFIX" ]; then - RPM_INSTALL_PREFIX=%{prefix} - fi - cd $RPM_INSTALL_PREFIX - ./uninstall -s -force + if [ -z "$RPM_INSTALL_PREFIX" ]; then + RPM_INSTALL_PREFIX=%{prefix} + fi + cd $RPM_INSTALL_PREFIX + ./uninstall -s -force fi %changelog |