summaryrefslogtreecommitdiffstats
path: root/ipaserver
diff options
context:
space:
mode:
authorMartin Basti <mbasti@redhat.com>2015-04-27 10:34:25 +0200
committerPetr Vobornik <pvoborni@redhat.com>2015-05-05 11:56:49 +0200
commit5db962d167c77388d6b80fd22d69a1ca475f03cc (patch)
tree8a56877af678c9f98f2569b39c623f075490d66b /ipaserver
parent882ce85ad566a1f426398ce346829b1a4dcb5422 (diff)
downloadfreeipa-5db962d167c77388d6b80fd22d69a1ca475f03cc.tar.gz
freeipa-5db962d167c77388d6b80fd22d69a1ca475f03cc.tar.xz
freeipa-5db962d167c77388d6b80fd22d69a1ca475f03cc.zip
Server Upgrade: enable DS global lock during upgrade
https://fedorahosted.org/freeipa/ticket/4925 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Diffstat (limited to 'ipaserver')
-rw-r--r--ipaserver/install/dsinstance.py7
-rw-r--r--ipaserver/install/upgradeinstance.py31
2 files changed, 34 insertions, 4 deletions
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 52df6b7de..e216edbfa 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -36,6 +36,7 @@ import ldap
from ipaserver.install import ldapupdate
from ipaserver.install import replication
from ipaserver.install import sysupgrade
+from ipaserver.install import upgradeinstance
from ipalib import api
from ipalib import certstore
from ipalib import errors
@@ -504,10 +505,8 @@ class DsInstance(service.Service):
conn.unbind()
def apply_updates(self):
- ld = ldapupdate.LDAPUpdate(dm_password=self.dm_password,
- sub_dict=self.sub_dict)
- files = ld.get_all_files(ldapupdate.UPDATES_DIR)
- ld.update(files)
+ data_upgrade = upgradeinstance.IPAUpgrade(self.realm)
+ data_upgrade.create_instance()
installutils.store_version()
diff --git a/ipaserver/install/upgradeinstance.py b/ipaserver/install/upgradeinstance.py
index f70312f09..1466450b2 100644
--- a/ipaserver/install/upgradeinstance.py
+++ b/ipaserver/install/upgradeinstance.py
@@ -25,6 +25,7 @@ import random
import traceback
from ipaplatform.paths import paths
from ipapython.ipa_log_manager import *
+from ipapython import ipaldap
from ipaserver.install import installutils
from ipaserver.install import schemaupdate
@@ -170,6 +171,7 @@ class IPAUpgrade(service.Service):
self.upgradefailed = False
self.serverid = serverid
self.schema_files = schema_files
+ self.realm = realm_name
def __start_nowait(self):
# Don't wait here because we've turned off port 389. The connection
@@ -184,6 +186,7 @@ class IPAUpgrade(service.Service):
self.step("stopping directory server", self.__stop_instance)
self.step("saving configuration", self.__save_config)
self.step("disabling listeners", self.__disable_listeners)
+ self.step("enabling DS global lock", self.__enable_ds_global_write_lock)
self.step("starting directory server", self.__start_nowait)
if self.schema_files:
self.step("updating schema", self.__update_schema)
@@ -223,9 +226,31 @@ class IPAUpgrade(service.Service):
else:
self.backup_state('nsslapd-security', security)
+ try:
+ global_lock = config_entry['nsslapd-global-backend-lock'][0]
+ except KeyError:
+ pass
+ else:
+ self.backup_state('nsslapd-global-backend-lock', global_lock)
+
+ def __enable_ds_global_write_lock(self):
+ ldif_outfile = "%s.modified.out" % self.filename
+ with open(ldif_outfile, "wb") as out_file:
+ ldif_writer = ldif.LDIFWriter(out_file)
+ with open(self.filename, "rb") as in_file:
+ parser = ModifyLDIF(in_file, ldif_writer)
+
+ parser.remove_value("cn=config", "nsslapd-global-backend-lock")
+ parser.add_value("cn=config", "nsslapd-global-backend-lock",
+ "on")
+ parser.parse()
+
+ shutil.copy2(ldif_outfile, self.filename)
+
def __restore_config(self):
port = self.restore_state('nsslapd-port')
security = self.restore_state('nsslapd-security')
+ global_lock = self.restore_state('nsslapd-global-backend-lock')
ldif_outfile = "%s.modified.out" % self.filename
with open(ldif_outfile, "wb") as out_file:
@@ -240,6 +265,12 @@ class IPAUpgrade(service.Service):
parser.remove_value("cn=config", "nsslapd-security")
parser.add_value("cn=config", "nsslapd-security", security)
+ # disable global lock by default
+ parser.remove_value("cn=config", "nsslapd-global-backend-lock")
+ if global_lock is not None:
+ parser.add_value("cn=config", "nsslapd-global-backend-lock",
+ global_lock)
+
parser.parse()
shutil.copy2(ldif_outfile, self.filename)