diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2016-05-25 12:31:03 +0200 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2016-06-03 09:00:34 +0200 |
| commit | 56c66f44a0e356504bf8a7edcc924777adc1b352 (patch) | |
| tree | 116e503a2b25826f21ed6a10f131da96f6fedcd2 | |
| parent | e056b8dea208ccde8e06b199809ce038ccd0531e (diff) | |
| download | freeipa-56c66f44a0e356504bf8a7edcc924777adc1b352.tar.gz freeipa-56c66f44a0e356504bf8a7edcc924777adc1b352.tar.xz freeipa-56c66f44a0e356504bf8a7edcc924777adc1b352.zip | |
rpc: specify connection options in API config
Specify RPC connection options once in API.bootstrap rather than in each
invocation of rpcclient.connect.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
| -rwxr-xr-x | client/ipa-client-install | 104 | ||||
| -rwxr-xr-x | install/tools/ipa-replica-conncheck | 8 | ||||
| -rw-r--r-- | ipalib/__init__.py | 2 | ||||
| -rw-r--r-- | ipalib/backend.py | 3 | ||||
| -rw-r--r-- | ipatests/test_cmdline/test_cli.py | 2 | ||||
| -rw-r--r-- | ipatests/test_ipalib/test_rpc.py | 2 | ||||
| -rw-r--r-- | ipatests/test_xmlrpc/test_dns_plugin.py | 12 | ||||
| -rw-r--r-- | ipatests/test_xmlrpc/test_external_members.py | 2 | ||||
| -rw-r--r-- | ipatests/test_xmlrpc/test_trust_plugin.py | 2 | ||||
| -rw-r--r-- | ipatests/test_xmlrpc/test_vault_plugin.py | 2 | ||||
| -rw-r--r-- | ipatests/test_xmlrpc/xmlrpc_test.py | 4 |
11 files changed, 73 insertions, 70 deletions
diff --git a/client/ipa-client-install b/client/ipa-client-install index 2c5b20769..7306c810a 100755 --- a/client/ipa-client-install +++ b/client/ipa-client-install @@ -2725,62 +2725,66 @@ def install(options, env, fstore, statestore): # Configure ipa.conf if not options.on_master: - configure_ipa_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, hostname) + configure_ipa_conf(fstore, cli_basedn, cli_realm, cli_domain, + cli_server, hostname) root_logger.info("Created /etc/ipa/default.conf") - api.bootstrap(context='cli_installer', debug=options.debug) - api.finalize() - if 'config_loaded' not in api.env: - root_logger.error("Failed to initialize IPA API.") - return CLIENT_INSTALL_ERROR - - # Always back up sssd.conf. It gets updated by authconfig --enablekrb5. - fstore.backup_file(paths.SSSD_CONF) - if options.sssd: - if configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options, client_domain, hostname): + with certdb.NSSDatabase() as tmp_db: + api.bootstrap(context='cli_installer', + debug=options.debug, + delegate=False, + nss_dir=tmp_db.secdir) + api.finalize() + if 'config_loaded' not in api.env: + root_logger.error("Failed to initialize IPA API.") return CLIENT_INSTALL_ERROR - root_logger.info("Configured /etc/sssd/sssd.conf") - if options.on_master: - # If on master assume kerberos is already configured properly. - # Get the host TGT. - try: - ipautil.kinit_keytab(host_principal, paths.KRB5_KEYTAB, - CCACHE_FILE, - attempts=options.kinit_attempts) - os.environ['KRB5CCNAME'] = CCACHE_FILE - except gssapi.exceptions.GSSError as e: - root_logger.error("Failed to obtain host TGT: %s" % e) - return CLIENT_INSTALL_ERROR - else: - # Configure krb5.conf - fstore.backup_file(paths.KRB5_CONF) - if configure_krb5_conf( - cli_realm=cli_realm, - cli_domain=cli_domain, - cli_server=cli_server, - cli_kdc=cli_kdc, - dnsok=dnsok, - options=options, - filename=paths.KRB5_CONF, - client_domain=client_domain, - client_hostname=hostname): - return CLIENT_INSTALL_ERROR + # Always back up sssd.conf. It gets updated by authconfig --enablekrb5. + fstore.backup_file(paths.SSSD_CONF) + if options.sssd: + if configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, + options, client_domain, hostname): + return CLIENT_INSTALL_ERROR + root_logger.info("Configured /etc/sssd/sssd.conf") - root_logger.info( - "Configured /etc/krb5.conf for IPA realm %s", cli_realm) + if options.on_master: + # If on master assume kerberos is already configured properly. + # Get the host TGT. + try: + ipautil.kinit_keytab(host_principal, paths.KRB5_KEYTAB, + CCACHE_FILE, + attempts=options.kinit_attempts) + os.environ['KRB5CCNAME'] = CCACHE_FILE + except gssapi.exceptions.GSSError as e: + root_logger.error("Failed to obtain host TGT: %s" % e) + return CLIENT_INSTALL_ERROR + else: + # Configure krb5.conf + fstore.backup_file(paths.KRB5_CONF) + if configure_krb5_conf( + cli_realm=cli_realm, + cli_domain=cli_domain, + cli_server=cli_server, + cli_kdc=cli_kdc, + dnsok=dnsok, + options=options, + filename=paths.KRB5_CONF, + client_domain=client_domain, + client_hostname=hostname): + return CLIENT_INSTALL_ERROR - # Clear out any current session keyring information - try: - delete_persistent_client_session_data(host_principal) - except ValueError: - pass + root_logger.info( + "Configured /etc/krb5.conf for IPA realm %s", cli_realm) - ca_certs = x509.load_certificate_list_from_file(CACERT) - ca_certs = [cert.der_data for cert in ca_certs] + # Clear out any current session keyring information + try: + delete_persistent_client_session_data(host_principal) + except ValueError: + pass - with certdb.NSSDatabase() as tmp_db: # Add CA certs to a temporary NSS database + ca_certs = x509.load_certificate_list_from_file(CACERT) + ca_certs = [cert.der_data for cert in ca_certs] try: pwd_file = ipautil.write_tmp_file(ipautil.ipa_generate_password()) tmp_db.create_db(pwd_file.name) @@ -2794,8 +2798,7 @@ def install(options, env, fstore, statestore): # Now, let's try to connect to the server's RPC interface connected = False try: - api.Backend.rpcclient.connect(delegate=False, - nss_dir=tmp_db.secdir) + api.Backend.rpcclient.connect() connected = True root_logger.debug("Try RPC connection") api.Backend.rpcclient.forward('ping') @@ -2806,8 +2809,7 @@ def install(options, env, fstore, statestore): "Cannot connect to the server due to Kerberos error: %s. " "Trying with delegate=True", e) try: - api.Backend.rpcclient.connect(delegate=True, - nss_dir=tmp_db.secdir) + api.Backend.rpcclient.connect(delegate=True) root_logger.debug("Try RPC connection") api.Backend.rpcclient.forward('ping') diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck index d88291e55..fdf08d631 100755 --- a/install/tools/ipa-replica-conncheck +++ b/install/tools/ipa-replica-conncheck @@ -453,8 +453,6 @@ def main(): xmlrpc_uri = ('https://%s/ipa/xml' % ipautil.format_netloc(options.master)) - api.bootstrap(context='client', xmlrpc_uri=xmlrpc_uri) - api.finalize() if options.ca_cert_file: nss_dir = None @@ -462,6 +460,10 @@ def main(): nss_dir = paths.IPA_NSSDB_DIR with certdb.NSSDatabase(nss_dir) as nss_db: + api.bootstrap(context='client', xmlrpc_uri=xmlrpc_uri, + nss_dir=nss_db.secdir) + api.finalize() + if options.ca_cert_file: nss_dir = nss_db.secdir @@ -480,7 +482,7 @@ def main(): nss_dir = None try: - api.Backend.rpcclient.connect(nss_dir=nss_dir) + api.Backend.rpcclient.connect() api.Command.ping() except Exception as e: print_info( diff --git a/ipalib/__init__.py b/ipalib/__init__.py index 030a4f7d2..dffe2315e 100644 --- a/ipalib/__init__.py +++ b/ipalib/__init__.py @@ -949,7 +949,7 @@ api = create_api(mode=None) if os.environ.get('IPA_UNIT_TEST_MODE', None) == 'cli_test': from ipalib.cli import cli_plugins - api.bootstrap(context='cli', in_server=False, in_tree=True) + api.bootstrap(context='cli', in_server=False, in_tree=True, fallback=False) for klass in cli_plugins: api.add_plugin(klass) api.finalize() diff --git a/ipalib/backend.py b/ipalib/backend.py index 1bfb3e401..720d9781a 100644 --- a/ipalib/backend.py +++ b/ipalib/backend.py @@ -122,8 +122,7 @@ class Executioner(Backend): if self.env.in_server: self.Backend.ldap2.connect(ccache=ccache) else: - self.Backend.rpcclient.connect(verbose=self.env.verbose, - fallback=self.env.fallback, delegate=self.env.delegate) + self.Backend.rpcclient.connect() if client_ip is not None: setattr(context, "client_ip", client_ip) diff --git a/ipatests/test_cmdline/test_cli.py b/ipatests/test_cmdline/test_cli.py index aeade0eda..c2e051769 100644 --- a/ipatests/test_cmdline/test_cli.py +++ b/ipatests/test_cmdline/test_cli.py @@ -33,7 +33,7 @@ class TestCLIParsing(object): def run_command(self, command_name, **kw): """Run a command on the server""" if not api.Backend.rpcclient.isconnected(): - api.Backend.rpcclient.connect(fallback=False) + api.Backend.rpcclient.connect() try: api.Command[command_name](**kw) except errors.NetworkError: diff --git a/ipatests/test_ipalib/test_rpc.py b/ipatests/test_ipalib/test_rpc.py index 159fdd81a..f13e7cfcf 100644 --- a/ipatests/test_ipalib/test_rpc.py +++ b/ipatests/test_ipalib/test_rpc.py @@ -267,7 +267,7 @@ class test_xml_introspection(object): @classmethod def setup_class(self): try: - api.Backend.xmlclient.connect(fallback=False) + api.Backend.xmlclient.connect() except (errors.NetworkError, IOError): raise nose.SkipTest('%r: Server not available: %r' % (__name__, api.env.xmlrpc_uri)) diff --git a/ipatests/test_xmlrpc/test_dns_plugin.py b/ipatests/test_xmlrpc/test_dns_plugin.py index 7351d0b1d..dbc3bae37 100644 --- a/ipatests/test_xmlrpc/test_dns_plugin.py +++ b/ipatests/test_xmlrpc/test_dns_plugin.py @@ -429,7 +429,7 @@ class test_dns(Declarative): super(test_dns, cls).setup_class() if not api.Backend.rpcclient.isconnected(): - api.Backend.rpcclient.connect(fallback=False) + api.Backend.rpcclient.connect() if not have_ldap2: raise nose.SkipTest('server plugin not available') @@ -3163,7 +3163,7 @@ class test_root_zone(Declarative): super(test_root_zone, cls).setup_class() if not api.Backend.rpcclient.isconnected(): - api.Backend.rpcclient.connect(fallback=False) + api.Backend.rpcclient.connect() if not have_ldap2: raise nose.SkipTest('server plugin not available') @@ -3246,7 +3246,7 @@ class test_forward_zones(Declarative): super(test_forward_zones, cls).setup_class() if not api.Backend.rpcclient.isconnected(): - api.Backend.rpcclient.connect(fallback=False) + api.Backend.rpcclient.connect() if not have_ldap2: raise nose.SkipTest('server plugin not available') @@ -4463,7 +4463,7 @@ class test_forward_master_zones_mutual_exlusion(Declarative): super(test_forward_master_zones_mutual_exlusion, cls).setup_class() if not api.Backend.rpcclient.isconnected(): - api.Backend.rpcclient.connect(fallback=False) + api.Backend.rpcclient.connect() if not have_ldap2: raise nose.SkipTest('server plugin not available') @@ -4838,7 +4838,7 @@ class test_forwardzone_delegation_warnings(Declarative): super(test_forwardzone_delegation_warnings, cls).setup_class() if not api.Backend.rpcclient.isconnected(): - api.Backend.rpcclient.connect(fallback=False) + api.Backend.rpcclient.connect() if not have_ldap2: raise nose.SkipTest('server plugin not available') @@ -5349,7 +5349,7 @@ class test_dns_soa(Declarative): super(test_dns_soa, cls).setup_class() if not api.Backend.rpcclient.isconnected(): - api.Backend.rpcclient.connect(fallback=False) + api.Backend.rpcclient.connect() if not have_ldap2: raise nose.SkipTest('server plugin not available') diff --git a/ipatests/test_xmlrpc/test_external_members.py b/ipatests/test_xmlrpc/test_external_members.py index 8e9d38729..9d1f240ac 100644 --- a/ipatests/test_xmlrpc/test_external_members.py +++ b/ipatests/test_xmlrpc/test_external_members.py @@ -49,7 +49,7 @@ class test_external_members(Declarative): def setup_class(cls): super(test_external_members, cls).setup_class() if not api.Backend.rpcclient.isconnected(): - api.Backend.rpcclient.connect(fallback=False) + api.Backend.rpcclient.connect() trusts = api.Command['trust_find']() if trusts['count'] == 0: diff --git a/ipatests/test_xmlrpc/test_trust_plugin.py b/ipatests/test_xmlrpc/test_trust_plugin.py index 54ac96737..0427ed151 100644 --- a/ipatests/test_xmlrpc/test_trust_plugin.py +++ b/ipatests/test_xmlrpc/test_trust_plugin.py @@ -51,7 +51,7 @@ class test_trustconfig(Declarative): def setup_class(cls): super(test_trustconfig, cls).setup_class() if not api.Backend.rpcclient.isconnected(): - api.Backend.rpcclient.connect(fallback=False) + api.Backend.rpcclient.connect() try: api.Command['trustconfig_show'](trust_type=u'ad') except errors.NotFound: diff --git a/ipatests/test_xmlrpc/test_vault_plugin.py b/ipatests/test_xmlrpc/test_vault_plugin.py index c8d778583..932185f86 100644 --- a/ipatests/test_xmlrpc/test_vault_plugin.py +++ b/ipatests/test_xmlrpc/test_vault_plugin.py @@ -131,7 +131,7 @@ class test_vault_plugin(Declarative): @classmethod def setup_class(cls): if not api.Backend.rpcclient.isconnected(): - api.Backend.rpcclient.connect(fallback=False) + api.Backend.rpcclient.connect() if not api.Command.kra_is_enabled()['result']: raise nose.SkipTest('KRA service is not enabled') diff --git a/ipatests/test_xmlrpc/xmlrpc_test.py b/ipatests/test_xmlrpc/xmlrpc_test.py index 4052ab918..0e326e1fa 100644 --- a/ipatests/test_xmlrpc/xmlrpc_test.py +++ b/ipatests/test_xmlrpc/xmlrpc_test.py @@ -111,7 +111,7 @@ def fuzzy_set_ci(s): try: if not api.Backend.rpcclient.isconnected(): - api.Backend.rpcclient.connect(fallback=False) + api.Backend.rpcclient.connect() res = api.Command['user_show'](u'notfound') except errors.NetworkError: server_available = False @@ -186,7 +186,7 @@ class XMLRPC_test(object): raise nose.SkipTest('%r: Server not available: %r' % (cls.__module__, api.env.xmlrpc_uri)) if not api.Backend.rpcclient.isconnected(): - api.Backend.rpcclient.connect(fallback=False) + api.Backend.rpcclient.connect() @classmethod def teardown_class(cls): |