diff options
author | Simo Sorce <ssorce@redhat.com> | 2010-12-07 18:23:05 -0500 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2010-12-10 12:28:38 -0500 |
commit | ded15c72fff4805e9a095c5a8f82b463603f5d1b (patch) | |
tree | cb4384bcede5091446318a1220ac8f7d6917e472 /ipaserver | |
parent | fea4d3880ae78dd1e53380bc644638e4e3fc1dd5 (diff) | |
download | freeipa-ded15c72fff4805e9a095c5a8f82b463603f5d1b.tar.gz freeipa-ded15c72fff4805e9a095c5a8f82b463603f5d1b.tar.xz freeipa-ded15c72fff4805e9a095c5a8f82b463603f5d1b.zip |
Split dsinstance configuration
This is so that master and replica creation can perform different operations as
they need slightly diffeent settings to be applied.
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/dsinstance.py | 112 | ||||
-rw-r--r-- | ipaserver/install/replication.py | 3 |
2 files changed, 82 insertions, 33 deletions
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index d4f0683c0..03066984e 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -40,12 +40,13 @@ from ldap.dn import escape_dn_chars from ipaserver import ipaldap from ipaserver.install import ldapupdate from ipaserver.install import httpinstance +from ipaserver.install import replication from ipalib import util, errors from ipaserver.plugins.ldap2 import ldap2 SERVER_ROOT_64 = "/usr/lib64/dirsrv" SERVER_ROOT_32 = "/usr/lib/dirsrv" -CACERT="/usr/share/ipa/html/ca.crt" +CACERT="/erc/ipa/ca.crt" def find_server_root(): if ipautil.dir_exists(SERVER_ROOT_64): @@ -188,24 +189,7 @@ class DsInstance(service.Service): self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore') - def create_instance(self, ds_user, realm_name, fqdn, domain_name, - dm_password, pkcs12_info=None, self_signed_ca=False, - idstart=1100, idmax=999999, subject_base=None, - hbac_allow=True): - self.ds_user = ds_user - self.realm_name = realm_name.upper() - self.serverid = realm_to_serverid(self.realm_name) - self.suffix = util.realm_to_suffix(self.realm_name) - self.fqdn = fqdn - self.dm_password = dm_password - self.domain = domain_name - self.pkcs12_info = pkcs12_info - self.self_signed_ca = self_signed_ca - self.idstart = idstart - self.idmax = idmax - self.principal = "ldap/%s@%s" % (self.fqdn, self.realm_name) - self.subject_base = subject_base - self.__setup_sub_dict() + def __common_setup(self): self.step("creating directory server user", self.__create_ds_user) self.step("creating directory server instance", self.__create_instance) @@ -225,24 +209,90 @@ class DsInstance(service.Service): self.step("configuring certmap.conf", self.__certmap_conf) self.step("restarting directory server", self.__restart_instance) self.step("configuring user private groups", self.__user_private_groups) - self.step("adding default layout", self.__add_default_layout) - self.step("adding delegation layout", self.__add_delegation_layout) - self.step("configuring Posix uid/gid generation as first master", - self.__config_uidgid_gen_first_master) - self.step("adding master entry as first master", - self.__add_master_entry_first_master) - self.step("initializing group membership", - self.init_memberof) - if hbac_allow: - self.step("creating default HBAC rule allow_all", self.add_hbac) + + def __common_post_setup(self): + self.step("initializing group membership", self.init_memberof) + self.step("adding master entry", self.__add_master_entry) + self.step("configuring Posix uid/gid generation", + self.__config_uidgid_gen) self.step("enabling compatibility plugin", self.__enable_compat_plugin) self.step("tuning directory server", self.__tuning) self.step("configuring directory to start on boot", self.__enable) + def create_instance(self, ds_user, realm_name, fqdn, domain_name, + dm_password, pkcs12_info=None, self_signed_ca=False, + idstart=1100, idmax=999999, subject_base=None, + hbac_allow=True): + self.ds_user = ds_user + self.realm_name = realm_name.upper() + self.serverid = realm_to_serverid(self.realm_name) + self.suffix = util.realm_to_suffix(self.realm_name) + self.fqdn = fqdn + self.dm_password = dm_password + self.domain = domain_name + self.pkcs12_info = pkcs12_info + self.self_signed_ca = self_signed_ca + self.idstart = idstart + self.idmax = idmax + self.principal = "ldap/%s@%s" % (self.fqdn, self.realm_name) + self.subject_base = subject_base + + self.__setup_sub_dict() + self.__common_setup() + + self.step("adding default layout", self.__add_default_layout) + self.step("adding delegation layout", self.__add_delegation_layout) + if hbac_allow: + self.step("creating default HBAC rule allow_all", self.add_hbac) + + self.__common_post_setup() + self.start_creation("Configuring directory server", 60) + def create_replica(self, ds_user, realm_name, master_fqdn, fqdn, + domain_name, dm_password, pkcs12_info=None): + self.ds_user = ds_user + self.realm_name = realm_name.upper() + self.serverid = realm_to_serverid(self.realm_name) + self.suffix = util.realm_to_suffix(self.realm_name) + self.master_fqdn = master_fqdn + self.fqdn = fqdn + self.dm_password = dm_password + self.domain = domain_name + self.pkcs12_info = pkcs12_info + self.principal = "ldap/%s@%s" % (self.fqdn, self.realm_name) + + self.self_signed_ca = False + self.subject_base = None + # idstart and idmax are configured so that the range is seen as + # depleted by the DNA plugin and the replica will go and get a + # new range from the master. + # This way all servers use the initially defined range by default. + self.idstart = 1101 + self.idmax = 1100 + + self.__setup_sub_dict() + self.__common_setup() + + self.step("Setting up initial replication", self.__setup_replica) + + self.__common_post_setup() + + self.start_creation("Configuring directory server", 60) + + + def __setup_replica(self): + try: + repl = replication.ReplicationManager(self.fqdn, self.dm_password) + ret = repl.setup_replication(self.master_fqdn, self.realm_name) + except Exception, e: + logging.debug("Connection error: %s" % e) + raise RuntimeError("Unable to connect to LDAP server %s." % self.fqdn) + if ret != 0: + raise RuntimeError("Failed to start replication") + def __enable(self): self.backup_state("enabled", self.is_enabled()) self.chkconfig_on() @@ -378,12 +428,12 @@ class DsInstance(service.Service): def __set_unique_attrs(self): self._ldap_mod("unique-attributes.ldif", self.sub_dict) - def __config_uidgid_gen_first_master(self): + def __config_uidgid_gen(self): if not has_managed_entries(self.fqdn, self.dm_password): raise errors.NotFound(reason='Missing Managed Entries Plugin') self._ldap_mod("dna.ldif", self.sub_dict) - def __add_master_entry_first_master(self): + def __add_master_entry(self): self._ldap_mod("master-entry.ldif", self.sub_dict) def __add_winsync_module(self): diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index 340a82ef3..ed1badc1e 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -20,14 +20,13 @@ import time, logging import ldap -from ipaserver.install import dsinstance from ipaserver import ipaldap from ldap import modlist from ipalib import util from ipalib import errors DIRMAN_CN = "cn=directory manager" -CACERT = "/usr/share/ipa/html/ca.crt" +CACERT = "/etc/ipa/ca.crt" # the default container used by AD for user entries WIN_USER_CONTAINER = "cn=Users" # the default container used by IPA for user entries |