replica install: add remote connection check over API

Add server_conncheck command which calls ipa-replica-conncheck --replica over oddjob. https://fedorahosted.org/freeipa/ticket/5497 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> Reviewed-By: Tomas Babej <tbabej@redhat.com>
author: Jan Cholasta <jcholast@redhat.com> 2015-12-09 08:18:21 +0100
committer: Tomas Babej <tbabej@redhat.com> 2015-12-11 18:44:13 +0100
commit: 8d7f67e08c8320712321501451e4a444b89a4423 (patch)
tree: ced31cce2bf2c83a8d1e3106d6b72f8b5c9bff80 /ipaserver
parent: 00f591d4e93cfe1f6f020a1c708a3d90b5b34288 (diff)
download: freeipa-8d7f67e08c8320712321501451e4a444b89a4423.tar.gz
freeipa-8d7f67e08c8320712321501451e4a444b89a4423.tar.xz
freeipa-8d7f67e08c8320712321501451e4a444b89a4423.zip
8 files changed, 37 insertions, 56 deletions
diff --git a/ipaserver/install/adtrustinstance.py b/ipaserver/install/adtrustinstance.py
index 813d48e50..118f848cf 100644
--- a/ipaserver/install/adtrustinstance.py
+++ b/ipaserver/install/adtrustinstance.py
@@ -726,9 +726,6 @@ class ADTRUSTInstance(service.Service):
         except Exception as e:
             root_logger.critical("Enabling nsswitch support in slapi-nis failed with error '%s'" % e)
 
-    def  __enable_and_start_oddjobd(self):
-        installutils.enable_and_start_oddjobd(self.sstore)
-
     def __start(self):
         try:
             self.start()
@@ -881,7 +878,6 @@ class ADTRUSTInstance(service.Service):
         self.step("adding Default Trust View", self.__add_default_trust_view)
         self.step("setting SELinux booleans", \
                   self.__configure_selinux_for_smbd)
-        self.step("enabling oddjobd", self.__enable_and_start_oddjobd)
         self.step("starting CIFS services", self.__start)
 
         if self.add_sids:
@@ -911,21 +907,6 @@ class ADTRUSTInstance(service.Service):
         except Exception:
             pass
 
-        # Restore oddjobd to its original state
-        oddjobd = services.service('oddjobd')
-
-        if not self.sstore.restore_state('oddjobd', 'running'):
-            try:
-                oddjobd.stop()
-            except Exception:
-                pass
-
-        if not self.sstore.restore_state('oddjobd', 'enabled'):
-            try:
-                oddjobd.disable()
-            except Exception:
-                pass
-
         # Since we do not guarantee restoring back to working samba state,
         # we should not restore smb.conf
 
diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py
index 1a51ebc8c..36a7d57b9 100644
--- a/ipaserver/install/ca.py
+++ b/ipaserver/install/ca.py
@@ -40,7 +40,7 @@ def install_check(standalone, replica_config, options):
             replica_conn_check(
                 replica_config.master_host_name, host_name, realm_name, True,
                 replica_config.ca_ds_port, options.admin_password,
-                principal=principal)
+                principal=principal, ca_cert_file=options.ca_cert_file)
 
         if options.skip_schema_check or options.promote:
             root_logger.info("Skipping CA DS schema check")
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index 1b68573d7..b51cc4a00 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -163,6 +163,7 @@ class HTTPInstance(service.Service):
             self.step("enable KDC proxy", self.enable_kdcproxy)
         self.step("restarting httpd", self.__start)
         self.step("configuring httpd to start on boot", self.__enable)
+        self.step("enabling oddjobd", self.enable_and_start_oddjobd)
 
         self.start_creation(runtime=60)
 
@@ -441,6 +442,17 @@ class HTTPInstance(service.Service):
             f.write(http_txt)
         os.chmod(target_fname, 0o644)
 
+    def enable_and_start_oddjobd(self):
+        oddjobd = services.service('oddjobd')
+        self.sstore.backup_state('oddjobd', 'running', oddjobd.is_running())
+        self.sstore.backup_state('oddjobd', 'enabled', oddjobd.is_enabled())
+
+        try:
+            oddjobd.enable()
+            oddjobd.start()
+        except Exception as e:
+            root_logger.critical("Unable to start oddjobd: {0}".format(str(e)))
+
     def uninstall(self):
         if self.is_configured():
             self.print_msg("Unconfiguring web server")
@@ -448,6 +460,20 @@ class HTTPInstance(service.Service):
         running = self.restore_state("running")
         enabled = self.restore_state("enabled")
 
+        # Restore oddjobd to its original state
+        oddjobd = services.service('oddjobd')
+
+        if not self.sstore.restore_state('oddjobd', 'running'):
+            try:
+                oddjobd.stop()
+            except Exception:
+                pass
+
+        if not self.sstore.restore_state('oddjobd', 'enabled'):
+            try:
+                oddjobd.disable()
+            except Exception:
+                pass
 
         self.stop_tracking_certificates()
 
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index 156c8a5eb..bdbe2e38b 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -1103,18 +1103,6 @@ def realm_to_ldapi_uri(realm_name):
     return 'ldapi://' + ldapurl.ldapUrlEscape(socketname)
 
 
-def enable_and_start_oddjobd(sstore):
-    oddjobd = services.service('oddjobd')
-    sstore.backup_state('oddjobd', 'running', oddjobd.is_running())
-    sstore.backup_state('oddjobd', 'enabled', oddjobd.is_enabled())
-
-    try:
-        oddjobd.enable()
-        oddjobd.start()
-    except Exception as e:
-        root_logger.critical("Unable to start oddjobd: {0}".format(str(e)))
-
-
 def install_service_keytab(principal, server, path, force_service_add=False):
 
     try:
diff --git a/ipaserver/install/plugins/adtrust.py b/ipaserver/install/plugins/adtrust.py
index 45bcc5f2f..5510dfd36 100644
--- a/ipaserver/install/plugins/adtrust.py
+++ b/ipaserver/install/plugins/adtrust.py
@@ -164,26 +164,5 @@ class update_default_trust_view(Updater):
 
         return False, [update]
 
-
-class update_oddjobd_for_adtrust(Updater):
-    """
-    Enables and starts oddjobd daemon if ipa-adtrust-install has been run
-    on this system.
-    """
-
-    def execute(self, **options):
-        adtrust_is_enabled = self.api.Command['adtrust_is_enabled']()['result']
-
-        if adtrust_is_enabled:
-            self.log.debug('Try to enable and start oddjobd')
-            sstore = sysrestore.StateFile(paths.SYSRESTORE)
-            installutils.enable_and_start_oddjobd(sstore)
-        else:
-            self.log.debug('ADTrust not configured on this server, do not '
-                           'start and enable oddjobd')
-
-        return False, []
-
 api.register(update_default_range)
 api.register(update_default_trust_view)
-api.register(update_oddjobd_for_adtrust)
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
index aaa841ca6..ee1b50724 100644
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -67,7 +67,7 @@ STRIP_ATTRS = ('modifiersName',
 
 def replica_conn_check(master_host, host_name, realm, check_ca,
                        dogtag_master_ds_port, admin_password=None,
-                       principal="admin"):
+                       principal="admin", ca_cert_file=None):
     """
     Check the ports used by the replica both locally and remotely to be sure
     that replication will work.
@@ -89,6 +89,10 @@ def replica_conn_check(master_host, host_name, realm, check_ca,
 
     if check_ca and dogtag_master_ds_port == 7389:
         args.append('--check-ca')
+
+    if ca_cert_file:
+        args.extend(["--ca-cert-file", ca_cert_file])
+
     (stdin, stderr, returncode) = ipautil.run(
         args, raiseonerr=False, capture_output=False, nolog=nolog)
 
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index dc8f31db5..aca25bbe7 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -668,7 +668,8 @@ def install_check(installer):
     if not options.skip_conncheck:
         replica_conn_check(
             config.master_host_name, config.host_name, config.realm_name,
-            options.setup_ca, config.ca_ds_port, options.admin_password)
+            options.setup_ca, config.ca_ds_port, options.admin_password,
+            ca_cert_file=cafile)
 
     installer._remote_api = remote_api
     installer._fstore = fstore
@@ -1206,7 +1207,8 @@ def promote_check(installer):
             replica_conn_check(
                 config.master_host_name, config.host_name, config.realm_name,
                 options.setup_ca, 389,
-                options.admin_password, principal=options.principal)
+                options.admin_password, principal=options.principal,
+                ca_cert_file=cafile)
         finally:
             os.environ['KRB5CCNAME'] = ccache
 
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index e193b85b9..8ac235593 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -1478,6 +1478,7 @@ def upgrade_configuration():
     http.configure_selinux_for_httpd()
     http.change_mod_nss_port_from_http()
     http.configure_certmonger_renewal_guard()
+    http.enable_and_start_oddjobd()
 
     ds.configure_dirsrv_ccache()
author	Jan Cholasta <jcholast@redhat.com>	2015-12-09 08:18:21 +0100
committer	Tomas Babej <tbabej@redhat.com>	2015-12-11 18:44:13 +0100
commit	8d7f67e08c8320712321501451e4a444b89a4423 (patch)
tree	ced31cce2bf2c83a8d1e3106d6b72f8b5c9bff80 /ipaserver
parent	00f591d4e93cfe1f6f020a1c708a3d90b5b34288 (diff)
download	freeipa-8d7f67e08c8320712321501451e4a444b89a4423.tar.gz freeipa-8d7f67e08c8320712321501451e4a444b89a4423.tar.xz freeipa-8d7f67e08c8320712321501451e4a444b89a4423.zip