summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Cholasta <jcholast@redhat.com>2016-05-25 12:31:03 +0200
committerJan Cholasta <jcholast@redhat.com>2016-06-03 09:00:34 +0200
commit56c66f44a0e356504bf8a7edcc924777adc1b352 (patch)
tree116e503a2b25826f21ed6a10f131da96f6fedcd2
parente056b8dea208ccde8e06b199809ce038ccd0531e (diff)
downloadfreeipa-56c66f44a0e356504bf8a7edcc924777adc1b352.tar.gz
freeipa-56c66f44a0e356504bf8a7edcc924777adc1b352.tar.xz
freeipa-56c66f44a0e356504bf8a7edcc924777adc1b352.zip
rpc: specify connection options in API config
Specify RPC connection options once in API.bootstrap rather than in each invocation of rpcclient.connect. https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka <dkupka@redhat.com>
-rwxr-xr-xclient/ipa-client-install104
-rwxr-xr-xinstall/tools/ipa-replica-conncheck8
-rw-r--r--ipalib/__init__.py2
-rw-r--r--ipalib/backend.py3
-rw-r--r--ipatests/test_cmdline/test_cli.py2
-rw-r--r--ipatests/test_ipalib/test_rpc.py2
-rw-r--r--ipatests/test_xmlrpc/test_dns_plugin.py12
-rw-r--r--ipatests/test_xmlrpc/test_external_members.py2
-rw-r--r--ipatests/test_xmlrpc/test_trust_plugin.py2
-rw-r--r--ipatests/test_xmlrpc/test_vault_plugin.py2
-rw-r--r--ipatests/test_xmlrpc/xmlrpc_test.py4
11 files changed, 73 insertions, 70 deletions
diff --git a/client/ipa-client-install b/client/ipa-client-install
index 2c5b20769..7306c810a 100755
--- a/client/ipa-client-install
+++ b/client/ipa-client-install
@@ -2725,62 +2725,66 @@ def install(options, env, fstore, statestore):
# Configure ipa.conf
if not options.on_master:
- configure_ipa_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, hostname)
+ configure_ipa_conf(fstore, cli_basedn, cli_realm, cli_domain,
+ cli_server, hostname)
root_logger.info("Created /etc/ipa/default.conf")
- api.bootstrap(context='cli_installer', debug=options.debug)
- api.finalize()
- if 'config_loaded' not in api.env:
- root_logger.error("Failed to initialize IPA API.")
- return CLIENT_INSTALL_ERROR
-
- # Always back up sssd.conf. It gets updated by authconfig --enablekrb5.
- fstore.backup_file(paths.SSSD_CONF)
- if options.sssd:
- if configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options, client_domain, hostname):
+ with certdb.NSSDatabase() as tmp_db:
+ api.bootstrap(context='cli_installer',
+ debug=options.debug,
+ delegate=False,
+ nss_dir=tmp_db.secdir)
+ api.finalize()
+ if 'config_loaded' not in api.env:
+ root_logger.error("Failed to initialize IPA API.")
return CLIENT_INSTALL_ERROR
- root_logger.info("Configured /etc/sssd/sssd.conf")
- if options.on_master:
- # If on master assume kerberos is already configured properly.
- # Get the host TGT.
- try:
- ipautil.kinit_keytab(host_principal, paths.KRB5_KEYTAB,
- CCACHE_FILE,
- attempts=options.kinit_attempts)
- os.environ['KRB5CCNAME'] = CCACHE_FILE
- except gssapi.exceptions.GSSError as e:
- root_logger.error("Failed to obtain host TGT: %s" % e)
- return CLIENT_INSTALL_ERROR
- else:
- # Configure krb5.conf
- fstore.backup_file(paths.KRB5_CONF)
- if configure_krb5_conf(
- cli_realm=cli_realm,
- cli_domain=cli_domain,
- cli_server=cli_server,
- cli_kdc=cli_kdc,
- dnsok=dnsok,
- options=options,
- filename=paths.KRB5_CONF,
- client_domain=client_domain,
- client_hostname=hostname):
- return CLIENT_INSTALL_ERROR
+ # Always back up sssd.conf. It gets updated by authconfig --enablekrb5.
+ fstore.backup_file(paths.SSSD_CONF)
+ if options.sssd:
+ if configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server,
+ options, client_domain, hostname):
+ return CLIENT_INSTALL_ERROR
+ root_logger.info("Configured /etc/sssd/sssd.conf")
- root_logger.info(
- "Configured /etc/krb5.conf for IPA realm %s", cli_realm)
+ if options.on_master:
+ # If on master assume kerberos is already configured properly.
+ # Get the host TGT.
+ try:
+ ipautil.kinit_keytab(host_principal, paths.KRB5_KEYTAB,
+ CCACHE_FILE,
+ attempts=options.kinit_attempts)
+ os.environ['KRB5CCNAME'] = CCACHE_FILE
+ except gssapi.exceptions.GSSError as e:
+ root_logger.error("Failed to obtain host TGT: %s" % e)
+ return CLIENT_INSTALL_ERROR
+ else:
+ # Configure krb5.conf
+ fstore.backup_file(paths.KRB5_CONF)
+ if configure_krb5_conf(
+ cli_realm=cli_realm,
+ cli_domain=cli_domain,
+ cli_server=cli_server,
+ cli_kdc=cli_kdc,
+ dnsok=dnsok,
+ options=options,
+ filename=paths.KRB5_CONF,
+ client_domain=client_domain,
+ client_hostname=hostname):
+ return CLIENT_INSTALL_ERROR
- # Clear out any current session keyring information
- try:
- delete_persistent_client_session_data(host_principal)
- except ValueError:
- pass
+ root_logger.info(
+ "Configured /etc/krb5.conf for IPA realm %s", cli_realm)
- ca_certs = x509.load_certificate_list_from_file(CACERT)
- ca_certs = [cert.der_data for cert in ca_certs]
+ # Clear out any current session keyring information
+ try:
+ delete_persistent_client_session_data(host_principal)
+ except ValueError:
+ pass
- with certdb.NSSDatabase() as tmp_db:
# Add CA certs to a temporary NSS database
+ ca_certs = x509.load_certificate_list_from_file(CACERT)
+ ca_certs = [cert.der_data for cert in ca_certs]
try:
pwd_file = ipautil.write_tmp_file(ipautil.ipa_generate_password())
tmp_db.create_db(pwd_file.name)
@@ -2794,8 +2798,7 @@ def install(options, env, fstore, statestore):
# Now, let's try to connect to the server's RPC interface
connected = False
try:
- api.Backend.rpcclient.connect(delegate=False,
- nss_dir=tmp_db.secdir)
+ api.Backend.rpcclient.connect()
connected = True
root_logger.debug("Try RPC connection")
api.Backend.rpcclient.forward('ping')
@@ -2806,8 +2809,7 @@ def install(options, env, fstore, statestore):
"Cannot connect to the server due to Kerberos error: %s. "
"Trying with delegate=True", e)
try:
- api.Backend.rpcclient.connect(delegate=True,
- nss_dir=tmp_db.secdir)
+ api.Backend.rpcclient.connect(delegate=True)
root_logger.debug("Try RPC connection")
api.Backend.rpcclient.forward('ping')
diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck
index d88291e55..fdf08d631 100755
--- a/install/tools/ipa-replica-conncheck
+++ b/install/tools/ipa-replica-conncheck
@@ -453,8 +453,6 @@ def main():
xmlrpc_uri = ('https://%s/ipa/xml' %
ipautil.format_netloc(options.master))
- api.bootstrap(context='client', xmlrpc_uri=xmlrpc_uri)
- api.finalize()
if options.ca_cert_file:
nss_dir = None
@@ -462,6 +460,10 @@ def main():
nss_dir = paths.IPA_NSSDB_DIR
with certdb.NSSDatabase(nss_dir) as nss_db:
+ api.bootstrap(context='client', xmlrpc_uri=xmlrpc_uri,
+ nss_dir=nss_db.secdir)
+ api.finalize()
+
if options.ca_cert_file:
nss_dir = nss_db.secdir
@@ -480,7 +482,7 @@ def main():
nss_dir = None
try:
- api.Backend.rpcclient.connect(nss_dir=nss_dir)
+ api.Backend.rpcclient.connect()
api.Command.ping()
except Exception as e:
print_info(
diff --git a/ipalib/__init__.py b/ipalib/__init__.py
index 030a4f7d2..dffe2315e 100644
--- a/ipalib/__init__.py
+++ b/ipalib/__init__.py
@@ -949,7 +949,7 @@ api = create_api(mode=None)
if os.environ.get('IPA_UNIT_TEST_MODE', None) == 'cli_test':
from ipalib.cli import cli_plugins
- api.bootstrap(context='cli', in_server=False, in_tree=True)
+ api.bootstrap(context='cli', in_server=False, in_tree=True, fallback=False)
for klass in cli_plugins:
api.add_plugin(klass)
api.finalize()
diff --git a/ipalib/backend.py b/ipalib/backend.py
index 1bfb3e401..720d9781a 100644
--- a/ipalib/backend.py
+++ b/ipalib/backend.py
@@ -122,8 +122,7 @@ class Executioner(Backend):
if self.env.in_server:
self.Backend.ldap2.connect(ccache=ccache)
else:
- self.Backend.rpcclient.connect(verbose=self.env.verbose,
- fallback=self.env.fallback, delegate=self.env.delegate)
+ self.Backend.rpcclient.connect()
if client_ip is not None:
setattr(context, "client_ip", client_ip)
diff --git a/ipatests/test_cmdline/test_cli.py b/ipatests/test_cmdline/test_cli.py
index aeade0eda..c2e051769 100644
--- a/ipatests/test_cmdline/test_cli.py
+++ b/ipatests/test_cmdline/test_cli.py
@@ -33,7 +33,7 @@ class TestCLIParsing(object):
def run_command(self, command_name, **kw):
"""Run a command on the server"""
if not api.Backend.rpcclient.isconnected():
- api.Backend.rpcclient.connect(fallback=False)
+ api.Backend.rpcclient.connect()
try:
api.Command[command_name](**kw)
except errors.NetworkError:
diff --git a/ipatests/test_ipalib/test_rpc.py b/ipatests/test_ipalib/test_rpc.py
index 159fdd81a..f13e7cfcf 100644
--- a/ipatests/test_ipalib/test_rpc.py
+++ b/ipatests/test_ipalib/test_rpc.py
@@ -267,7 +267,7 @@ class test_xml_introspection(object):
@classmethod
def setup_class(self):
try:
- api.Backend.xmlclient.connect(fallback=False)
+ api.Backend.xmlclient.connect()
except (errors.NetworkError, IOError):
raise nose.SkipTest('%r: Server not available: %r' %
(__name__, api.env.xmlrpc_uri))
diff --git a/ipatests/test_xmlrpc/test_dns_plugin.py b/ipatests/test_xmlrpc/test_dns_plugin.py
index 7351d0b1d..dbc3bae37 100644
--- a/ipatests/test_xmlrpc/test_dns_plugin.py
+++ b/ipatests/test_xmlrpc/test_dns_plugin.py
@@ -429,7 +429,7 @@ class test_dns(Declarative):
super(test_dns, cls).setup_class()
if not api.Backend.rpcclient.isconnected():
- api.Backend.rpcclient.connect(fallback=False)
+ api.Backend.rpcclient.connect()
if not have_ldap2:
raise nose.SkipTest('server plugin not available')
@@ -3163,7 +3163,7 @@ class test_root_zone(Declarative):
super(test_root_zone, cls).setup_class()
if not api.Backend.rpcclient.isconnected():
- api.Backend.rpcclient.connect(fallback=False)
+ api.Backend.rpcclient.connect()
if not have_ldap2:
raise nose.SkipTest('server plugin not available')
@@ -3246,7 +3246,7 @@ class test_forward_zones(Declarative):
super(test_forward_zones, cls).setup_class()
if not api.Backend.rpcclient.isconnected():
- api.Backend.rpcclient.connect(fallback=False)
+ api.Backend.rpcclient.connect()
if not have_ldap2:
raise nose.SkipTest('server plugin not available')
@@ -4463,7 +4463,7 @@ class test_forward_master_zones_mutual_exlusion(Declarative):
super(test_forward_master_zones_mutual_exlusion, cls).setup_class()
if not api.Backend.rpcclient.isconnected():
- api.Backend.rpcclient.connect(fallback=False)
+ api.Backend.rpcclient.connect()
if not have_ldap2:
raise nose.SkipTest('server plugin not available')
@@ -4838,7 +4838,7 @@ class test_forwardzone_delegation_warnings(Declarative):
super(test_forwardzone_delegation_warnings, cls).setup_class()
if not api.Backend.rpcclient.isconnected():
- api.Backend.rpcclient.connect(fallback=False)
+ api.Backend.rpcclient.connect()
if not have_ldap2:
raise nose.SkipTest('server plugin not available')
@@ -5349,7 +5349,7 @@ class test_dns_soa(Declarative):
super(test_dns_soa, cls).setup_class()
if not api.Backend.rpcclient.isconnected():
- api.Backend.rpcclient.connect(fallback=False)
+ api.Backend.rpcclient.connect()
if not have_ldap2:
raise nose.SkipTest('server plugin not available')
diff --git a/ipatests/test_xmlrpc/test_external_members.py b/ipatests/test_xmlrpc/test_external_members.py
index 8e9d38729..9d1f240ac 100644
--- a/ipatests/test_xmlrpc/test_external_members.py
+++ b/ipatests/test_xmlrpc/test_external_members.py
@@ -49,7 +49,7 @@ class test_external_members(Declarative):
def setup_class(cls):
super(test_external_members, cls).setup_class()
if not api.Backend.rpcclient.isconnected():
- api.Backend.rpcclient.connect(fallback=False)
+ api.Backend.rpcclient.connect()
trusts = api.Command['trust_find']()
if trusts['count'] == 0:
diff --git a/ipatests/test_xmlrpc/test_trust_plugin.py b/ipatests/test_xmlrpc/test_trust_plugin.py
index 54ac96737..0427ed151 100644
--- a/ipatests/test_xmlrpc/test_trust_plugin.py
+++ b/ipatests/test_xmlrpc/test_trust_plugin.py
@@ -51,7 +51,7 @@ class test_trustconfig(Declarative):
def setup_class(cls):
super(test_trustconfig, cls).setup_class()
if not api.Backend.rpcclient.isconnected():
- api.Backend.rpcclient.connect(fallback=False)
+ api.Backend.rpcclient.connect()
try:
api.Command['trustconfig_show'](trust_type=u'ad')
except errors.NotFound:
diff --git a/ipatests/test_xmlrpc/test_vault_plugin.py b/ipatests/test_xmlrpc/test_vault_plugin.py
index c8d778583..932185f86 100644
--- a/ipatests/test_xmlrpc/test_vault_plugin.py
+++ b/ipatests/test_xmlrpc/test_vault_plugin.py
@@ -131,7 +131,7 @@ class test_vault_plugin(Declarative):
@classmethod
def setup_class(cls):
if not api.Backend.rpcclient.isconnected():
- api.Backend.rpcclient.connect(fallback=False)
+ api.Backend.rpcclient.connect()
if not api.Command.kra_is_enabled()['result']:
raise nose.SkipTest('KRA service is not enabled')
diff --git a/ipatests/test_xmlrpc/xmlrpc_test.py b/ipatests/test_xmlrpc/xmlrpc_test.py
index 4052ab918..0e326e1fa 100644
--- a/ipatests/test_xmlrpc/xmlrpc_test.py
+++ b/ipatests/test_xmlrpc/xmlrpc_test.py
@@ -111,7 +111,7 @@ def fuzzy_set_ci(s):
try:
if not api.Backend.rpcclient.isconnected():
- api.Backend.rpcclient.connect(fallback=False)
+ api.Backend.rpcclient.connect()
res = api.Command['user_show'](u'notfound')
except errors.NetworkError:
server_available = False
@@ -186,7 +186,7 @@ class XMLRPC_test(object):
raise nose.SkipTest('%r: Server not available: %r' %
(cls.__module__, api.env.xmlrpc_uri))
if not api.Backend.rpcclient.isconnected():
- api.Backend.rpcclient.connect(fallback=False)
+ api.Backend.rpcclient.connect()
@classmethod
def teardown_class(cls):