upgrade: ldap conn management

Clean up unnecessary starts/stops of DS and unnescessary attributes. If the DS is running, establish an LDAP connection and properly close it. https://fedorahosted.org/freeipa/ticket/6461 Reviewed-By: Martin Basti <mbasti@redhat.com>
author: Tomas Krizek <tkrizek@redhat.com> 2016-11-09 12:23:36 +0100
committer: Martin Basti <mbasti@redhat.com> 2016-11-22 16:17:27 +0100
commit: 0914fc6a6043846159f6d1c4bb433dcfe9ee3f46 (patch)
tree: 1cb6ce87d5607979d20d2e307ad8e8984a3038c2
parent: 68295bf8cfd57333deb50f58df1b336a4b48ffe7 (diff)
download: freeipa-0914fc6a6043846159f6d1c4bb433dcfe9ee3f46.tar.gz
freeipa-0914fc6a6043846159f6d1c4bb433dcfe9ee3f46.tar.xz
freeipa-0914fc6a6043846159f6d1c4bb433dcfe9ee3f46.zip
3 files changed, 3 insertions, 22 deletions
diff --git a/ipaserver/install/ipa_server_upgrade.py b/ipaserver/install/ipa_server_upgrade.py
index f03f95a8e..c38470474 100644
--- a/ipaserver/install/ipa_server_upgrade.py
+++ b/ipaserver/install/ipa_server_upgrade.py
@@ -40,7 +40,6 @@ class ServerUpgrade(admintool.AdminTool):
 
         api.bootstrap(in_server=True, context='updates')
         api.finalize()
-        api.Backend.ldap2.connect()
 
         try:
             server.upgrade_check(self.options)
@@ -48,8 +47,6 @@ class ServerUpgrade(admintool.AdminTool):
         except RuntimeError as e:
             raise admintool.ScriptError(str(e))
 
-        api.Backend.ldap2.disconnect()
-
     def handle_error(self, exception):
         if not isinstance(exception, SystemExit):
             # do not log this message when ipa is not installed
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index d93b9082b..64810fbbf 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -25,7 +25,6 @@ import ipalib.errors
 from ipaplatform import services
 from ipaplatform.tasks import tasks
 from ipapython import ipautil, sysrestore, version, certdb
-from ipapython import ipaldap
 from ipapython.ipa_log_manager import root_logger
 from ipapython import certmonger
 from ipapython import dnsutil
@@ -1605,23 +1604,14 @@ def upgrade_configuration():
     remove_ds_ra_cert(subject_base)
     ds.start(ds_serverid)
 
-    # Force enabling plugins via LDAPI and external bind
-    ds.ldapi = True
-    ds.autobind = ipaldap.AUTOBIND_ENABLED
     ds.fqdn = fqdn
     ds.realm = api.env.realm
     ds.suffix = ipautil.realm_to_suffix(api.env.realm)
 
     ds_enable_sidgen_extdom_plugins(ds)
 
-    # Now 389-ds is available, run the remaining http tasks
     if not http.is_kdcproxy_configured():
         root_logger.info('[Enabling KDC Proxy]')
-        if http.admin_conn is None:
-             # 389-ds needs to be running
-            ds.start()
-            http.ldapi = True
-            http.suffix = ipautil.realm_to_suffix(api.env.realm)
         httpinstance.create_kdcproxy_user()
         http.create_kdcproxy_conf()
         http.enable_kdcproxy()
@@ -1643,12 +1633,8 @@ def upgrade_configuration():
     )
 
     for service, ldap_name in simple_service_list:
-        service.ldapi = True
         try:
             if not service.is_configured():
-                # 389-ds needs to be running to create the instances
-                # because we record the new service in cn=masters.
-                ds.start()
                 service.create_instance(ldap_name, fqdn,
                                         ipautil.realm_to_suffix(api.env.realm),
                                         realm=api.env.realm)
@@ -1659,7 +1645,6 @@ def upgrade_configuration():
     if bindinstance.named_conf_exists():
             dnskeysyncd = dnskeysyncinstance.DNSKeySyncInstance(fstore)
             if not dnskeysyncd.is_configured():
-                ds.start()
                 dnskeysyncd.create_instance(fqdn, api.env.realm)
                 dnskeysyncd.start_dnskeysyncd()
 
@@ -1747,9 +1732,7 @@ def upgrade_configuration():
 
     set_sssd_domain_option('ipa_server_mode', 'True')
 
-    if ds_running and not ds.is_running():
-        ds.start(ds_serverid)
-    elif not ds_running and ds.is_running():
+    if not ds_running:
         ds.stop(ds_serverid)
 
     if ca.is_configured():
diff --git a/ipaserver/install/upgradeinstance.py b/ipaserver/install/upgradeinstance.py
index 0d6013fd3..b22f15a0b 100644
--- a/ipaserver/install/upgradeinstance.py
+++ b/ipaserver/install/upgradeinstance.py
@@ -96,8 +96,9 @@ class IPAUpgrade(service.Service):
 
     def __stop_instance(self):
         """Stop only the main DS instance"""
+        if api.Backend.ldap2.isconnected():
+            api.Backend.ldap2.disconnect()
         super(IPAUpgrade, self).stop(self.serverid)
-        api.Backend.ldap2.disconnect()
 
     def create_instance(self):
         ds_running = super(IPAUpgrade, self).is_running()
author	Tomas Krizek <tkrizek@redhat.com>	2016-11-09 12:23:36 +0100
committer	Martin Basti <mbasti@redhat.com>	2016-11-22 16:17:27 +0100
commit	0914fc6a6043846159f6d1c4bb433dcfe9ee3f46 (patch)
tree	1cb6ce87d5607979d20d2e307ad8e8984a3038c2
parent	68295bf8cfd57333deb50f58df1b336a4b48ffe7 (diff)
download	freeipa-0914fc6a6043846159f6d1c4bb433dcfe9ee3f46.tar.gz freeipa-0914fc6a6043846159f6d1c4bb433dcfe9ee3f46.tar.xz freeipa-0914fc6a6043846159f6d1c4bb433dcfe9ee3f46.zip