diff options
author | Martin Babinsky <mbabinsk@redhat.com> | 2016-06-12 17:02:09 +0200 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2016-06-15 13:51:48 +0200 |
commit | 567f00a59c53aca760336aea95423368ac621032 (patch) | |
tree | cddb9e0b7c2ca9e87feb47a5c147bf8542151cab /ipaserver | |
parent | 905db92e61c2e56f8cce723e9c9d28e7968eccc4 (diff) | |
download | freeipa-567f00a59c53aca760336aea95423368ac621032.tar.gz freeipa-567f00a59c53aca760336aea95423368ac621032.tar.xz freeipa-567f00a59c53aca760336aea95423368ac621032.zip |
Add NTP to the list of services stored in IPA masters LDAP subtree
IPA masters can be configured as NTP servers but the status of this service
can not be determined centrally from querying relevant LDAP subtree. This
patch makes IPA master and replica publish the newly configured NTP service in
their service container during installation.
If the master was configured as NTP server, the NTP service entry will be
created upon upgrade.
https://fedorahosted.org/freeipa/ticket/5815
https://fedorahosted.org/freeipa/ticket/5826
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/ntpinstance.py | 22 | ||||
-rw-r--r-- | ipaserver/install/server/install.py | 3 | ||||
-rw-r--r-- | ipaserver/install/server/replicainstall.py | 5 | ||||
-rw-r--r-- | ipaserver/install/server/upgrade.py | 3 | ||||
-rw-r--r-- | ipaserver/install/service.py | 1 |
5 files changed, 33 insertions, 1 deletions
diff --git a/ipaserver/install/ntpinstance.py b/ipaserver/install/ntpinstance.py index 8b0f0e539..2cac7baf1 100644 --- a/ipaserver/install/ntpinstance.py +++ b/ipaserver/install/ntpinstance.py @@ -19,6 +19,7 @@ # from ipaserver.install import service +from ipaserver.install import sysupgrade from ipapython import sysrestore from ipapython import ipautil from ipaplatform.constants import constants @@ -28,9 +29,28 @@ from ipapython.ipa_log_manager import root_logger NTPD_OPTS_VAR = constants.NTPD_OPTS_VAR NTPD_OPTS_QUOTE = constants.NTPD_OPTS_QUOTE +NTP_EXPOSED_IN_LDAP = 'exposed_in_ldap' + + +def ntp_ldap_enable(fqdn, base_dn, realm): + ntp = NTPInstance(realm=realm) + is_exposed_in_ldap = sysupgrade.get_upgrade_state( + 'ntp', NTP_EXPOSED_IN_LDAP) + + was_running = ntp.is_running() + + if ntp.is_configured() and not is_exposed_in_ldap: + ntp.ldap_enable('NTP', fqdn, None, base_dn) + sysupgrade.set_upgrade_state('ntp', NTP_EXPOSED_IN_LDAP, True) + + if was_running: + ntp.start() + + class NTPInstance(service.Service): - def __init__(self, fstore=None): + def __init__(self, realm=None, fstore=None): service.Service.__init__(self, "ntpd", service_desc="NTP daemon") + self.realm = realm if fstore: self.fstore = fstore diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py index e8d4db878..46b7190dc 100644 --- a/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py @@ -856,6 +856,9 @@ def install(installer): idstart=options.idstart, idmax=options.idmax, subject_base=options.subject, hbac_allow=not options.no_hbac_allow) + + ntpinstance.ntp_ldap_enable(host_name, ds.suffix, realm_name) + else: ds = dsinstance.DsInstance(fstore=fstore, domainlevel=options.domainlevel) diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 6c0ad6939..f59788047 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -780,6 +780,8 @@ def install(installer): # Configure dirsrv ds = install_replica_ds(config, options, ca_enabled, remote_api) + ntpinstance.ntp_ldap_enable(config.host_name, ds.suffix, api.env.realm) + # Always try to install DNS records install_dns_records(config, options, remote_api) finally: @@ -1350,6 +1352,9 @@ def promote(installer): # or certmonger will fail to contact the peer master install_http_certs(config, fstore, remote_api) + ntpinstance.ntp_ldap_enable(config.host_name, ds.suffix, + remote_api.env.realm) + finally: if conn.isconnected(): conn.disconnect() diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index cd9b7c4a8..0c5f32d95 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -32,6 +32,7 @@ from ipaserver.install import installutils from ipaserver.install import dsinstance from ipaserver.install import httpinstance from ipaserver.install import memcacheinstance +from ipaserver.install import ntpinstance from ipaserver.install import bindinstance from ipaserver.install import service from ipaserver.install import cainstance @@ -1584,6 +1585,8 @@ def upgrade_configuration(): ds.configure_dirsrv_ccache() + ntpinstance.ntp_ldap_enable(api.env.host, api.env.basedn, api.env.realm) + # ldap2 connection is not valid after DS restart, close connection otherwise # it will cause network errors if api.Backend.ldap2.isconnected(): diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py index 40767acd5..cdd4354df 100644 --- a/ipaserver/install/service.py +++ b/ipaserver/install/service.py @@ -41,6 +41,7 @@ SERVICE_LIST = { 'MEMCACHE': ('ipa_memcached', 39), 'HTTP': ('httpd', 40), 'KEYS': ('ipa-custodia', 41), + 'NTP': ('ntpd', 45), 'CA': ('pki-tomcatd', 50), 'KRA': ('pki-tomcatd', 51), 'ADTRUST': ('smb', 60), |