enable topology plugin on upgrade

Reviewed-by: Simo Sorce <simo@redhat.com>

3 files changed, 52 insertions, 0 deletions

diff --git a/install/updates/20-replication.update b/install/updates/20-replication.update
index 43f4edc0d..009378aee 100644
--- a/install/updates/20-replication.update
+++ b/install/updates/20-replication.update
@@ -27,12 +27,37 @@ default: objectclass: top
 default: objectclass: iparepltopoconf
 default: ipaReplTopoConfRoot: $SUFFIX
 default: cn: realm
+add: nsDS5ReplicatedAttributeList: $EXCLUDES
+add: nsDS5ReplicatedAttributeListTotal: $TOTAL_EXCLUDES
+add: nsds5ReplicaStripAttrs: $STRIP_ATTRS
 
 # add IPA realm managed suffix to master entry
 dn: cn=$FQDN,cn=masters,cn=ipa,cn=etc,$SUFFIX
 add: objectclass: ipaReplTopoManagedServer
 add: ipaReplTopoManagedSuffix: $SUFFIX
 
+# Enable Topology Plugin
+dn: cn=IPA Topology Configuration,cn=plugins,cn=config
+default: changetype: add
+default: objectClass: top
+default: objectClass: nsSlapdPlugin
+default: objectClass: extensibleObject
+default: cn: IPA Topology Configuration
+default: nsslapd-pluginPath: libtopology
+default: nsslapd-pluginInitfunc: ipa_topo_init
+default: nsslapd-pluginType: object
+default: nsslapd-pluginEnabled: on
+default: nsslapd-topo-plugin-shared-config-base: cn=ipa,cn=etc,$SUFFIX
+default: nsslapd-topo-plugin-shared-replica-root: $SUFFIX
+default: nsslapd-topo-plugin-shared-binddngroup: cn=replication managers,cn=sysaccounts,cn=etc,$SUFFIX
+default: nsslapd-topo-plugin-startup-delay: 20
+default: nsslapd-pluginId: none
+default: nsslapd-plugin-depends-on-named: ldbm database
+default: nsslapd-plugin-depends-on-named: Multimaster Replication Plugin
+default: nsslapd-pluginVersion: 1.0
+default: nsslapd-pluginVendor: none
+default: nsslapd-pluginDescription: none
+
 # Set replication changelog limit (#5086)
 dn: cn=changelog5,cn=config
 addifnew: nsslapd-changelogmaxage: 7d
diff --git a/ipalib/constants.py b/ipalib/constants.py
index 987d40901..6cd39f8f0 100644
--- a/ipalib/constants.py
+++ b/ipalib/constants.py
@@ -239,3 +239,21 @@ SID_ANCHOR_PREFIX = ':SID:'
 
 MIN_DOMAIN_LEVEL = 0
 MAX_DOMAIN_LEVEL = 1
+
+# Constants used in generation of replication agreements and as topology
+# defaults
+
+# List of attributes that need to be excluded from replication initialization.
+REPL_AGMT_TOTAL_EXCLUDES = ('entryusn',
+                            'krblastsuccessfulauth',
+                            'krblastfailedauth',
+                            'krbloginfailedcount')
+
+# List of attributes that need to be excluded from normal replication.
+REPL_AGMT_EXCLUDES = ('memberof', 'idnssoaserial') + REPL_AGMT_TOTAL_EXCLUDES
+
+# List of attributes that are not updated on empty replication
+REPL_AGMT_STRIP_ATTRS = ('modifiersName',
+                         'modifyTimestamp',
+                         'internalModifiersName',
+                         'internalModifyTimestamp')
diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py
index 5fac58eca..fd02bdc02 100644
--- a/ipaserver/install/ldapupdate.py
+++ b/ipaserver/install/ldapupdate.py
@@ -303,6 +303,15 @@ class LDAPUpdate:
             self.sub_dict["MIN_DOMAIN_LEVEL"] = str(constants.MIN_DOMAIN_LEVEL)
         if not self.sub_dict.get("MAX_DOMAIN_LEVEL"):
             self.sub_dict["MAX_DOMAIN_LEVEL"] = str(constants.MAX_DOMAIN_LEVEL)
+        if not self.sub_dict.get("STRIP_ATTRS"):
+            self.sub_dict["STRIP_ATTRS"] = "%s" % (
+                " ".join(constants.REPL_AGMT_STRIP_ATTRS),)
+        if not self.sub_dict.get("EXCLUDES"):
+            self.sub_dict["EXCLUDES"] = "(objectclass=*) $ EXCLUDE %s" % (
+                " ".join(constants.REPL_AGMT_EXCLUDES),)
+        if not self.sub_dict.get("TOTAL_EXCLUDES"):
+            self.sub_dict["TOTAL_EXCLUDES"] = "(objectclass=*) $ EXCLUDE " + \
+                " ".join(constants.REPL_AGMT_TOTAL_EXCLUDES)
         self.api = create_api(mode=None)
         self.api.bootstrap(in_server=True, context='updates')
         self.api.finalize()