diff options
| author | Simo Sorce <simo@redhat.com> | 2016-08-19 09:23:55 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2017-02-14 17:36:04 -0500 |
| commit | 8b88ef00331f1fbb28802b3eba5ced62daeffc9e (patch) | |
| tree | 3236bbad94a1ada157e62070960948e9e5a0b08f /ipaserver/install/server | |
| parent | 8d3bea8accb9814b3a973f4a606110fee78baf72 (diff) | |
Change session handling
Stop using memcache, use mod_auth_gssapi filesystem based ccaches.
Remove custom session handling, use mod_auth_gssapi and mod_session to
establish and keep a session cookie.
Add loopback to mod_auth_gssapi to do form absed auth and pass back a
valid session cookie.
And now that we do not remove ccaches files to move them to the
memcache, we can avoid the risk of pollutting the filesystem by keeping
a common ccache file for all instances of the same user.
https://fedorahosted.org/freeipa/ticket/5959
Signed-off-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'ipaserver/install/server')
| -rw-r--r-- | ipaserver/install/server/install.py | 7 | ||||
| -rw-r--r-- | ipaserver/install/server/replicainstall.py | 5 | ||||
| -rw-r--r-- | ipaserver/install/server/upgrade.py | 18 |
3 files changed, 18 insertions, 12 deletions
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py index ef943f71c..2b19230ff 100644 --- a/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py @@ -32,7 +32,7 @@ from ipalib.util import ( import ipaclient.install.ntpconf from ipaserver.install import ( bindinstance, ca, cainstance, certs, dns, dsinstance, - httpinstance, installutils, kra, krbinstance, memcacheinstance, + httpinstance, installutils, kra, krbinstance, ntpinstance, otpdinstance, custodiainstance, replication, service, sysupgrade) from ipaserver.install.installutils import ( @@ -808,10 +808,6 @@ def install(installer): # generated ds.add_cert_to_service() - memcache = memcacheinstance.MemcacheInstance() - memcache.create_instance('MEMCACHE', host_name, - ipautil.realm_to_suffix(realm_name)) - otpd = otpdinstance.OtpdInstance() otpd.create_instance('OTPD', host_name, ipautil.realm_to_suffix(realm_name)) @@ -1056,7 +1052,6 @@ def uninstall(installer): if _server_trust_ad_installed: adtrustinstance.ADTRUSTInstance(fstore).uninstall() custodiainstance.CustodiaInstance().uninstall() - memcacheinstance.MemcacheInstance().uninstall() otpdinstance.OtpdInstance().uninstall() tasks.restore_hostname(fstore, sstore) fstore.restore_all_files() diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 24cc661d2..65e6f2097 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -37,7 +37,7 @@ from ipalib.util import ( from ipaclient.install.client import configure_krb5_conf, purge_host_keytab from ipaserver.install import ( bindinstance, ca, certs, dns, dsinstance, httpinstance, - installutils, kra, krbinstance, memcacheinstance, + installutils, kra, krbinstance, ntpinstance, otpdinstance, custodiainstance, service) from ipaserver.install.installutils import ( create_replica_config, ReplicaConfig, load_pkcs12, is_ipa_configured) @@ -163,9 +163,6 @@ def install_http(config, auto_redirect, ca_is_configured, ca_file, pkcs12_info = make_pkcs12_info(config.dir, "httpcert.p12", "http_pin.txt") - memcache = memcacheinstance.MemcacheInstance() - memcache.create_instance('MEMCACHE', config.host_name, - ipautil.realm_to_suffix(config.realm_name)) http = httpinstance.HTTPInstance() http.create_instance( diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index 0e034efac..2bdf6eede 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -34,7 +34,6 @@ from ipaplatform.paths import paths from ipaserver.install import installutils from ipaserver.install import dsinstance from ipaserver.install import httpinstance -from ipaserver.install import memcacheinstance from ipaserver.install import ntpinstance from ipaserver.install import bindinstance from ipaserver.install import service @@ -74,6 +73,21 @@ def uninstall_ipa_kpasswd(): if enabled is not None and not enabled: ipa_kpasswd.remove() + +def uninstall_ipa_memcached(): + """ + We can't use the full service uninstaller because that will attempt + to stop and disable the service which by now doesn't exist. We just + want to clean up sysrestore.state to remove all references to + ipa_kpasswd. + """ + ipa_memcached = service.SimpleServiceInstance('ipa_memcached') + + enabled = not ipa_memcached.restore_state("enabled") + + if enabled is not None and not enabled: + ipa_memcached.remove() + def backup_file(filename, ext): """Make a backup of filename using ext as the extension. Do not overwrite previous backups.""" @@ -1570,6 +1584,7 @@ def upgrade_configuration(): update_dbmodules(api.env.realm) uninstall_ipa_kpasswd() + uninstall_ipa_memcached() removed_sysconfig_file = paths.SYSCONFIG_HTTPD if fstore.has_file(removed_sysconfig_file): @@ -1620,7 +1635,6 @@ def upgrade_configuration(): uninstall_dogtag_9(ds, http) simple_service_list = ( - (memcacheinstance.MemcacheInstance(), 'MEMCACHE'), (otpdinstance.OtpdInstance(), 'OTPD'), ) |