diff options
author | Jan Cholasta <jcholast@redhat.com> | 2015-12-09 08:18:21 +0100 |
---|---|---|
committer | Tomas Babej <tbabej@redhat.com> | 2015-12-11 18:44:13 +0100 |
commit | 8d7f67e08c8320712321501451e4a444b89a4423 (patch) | |
tree | ced31cce2bf2c83a8d1e3106d6b72f8b5c9bff80 /ipaserver | |
parent | 00f591d4e93cfe1f6f020a1c708a3d90b5b34288 (diff) | |
download | freeipa-8d7f67e08c8320712321501451e4a444b89a4423.tar.gz freeipa-8d7f67e08c8320712321501451e4a444b89a4423.tar.xz freeipa-8d7f67e08c8320712321501451e4a444b89a4423.zip |
replica install: add remote connection check over API
Add server_conncheck command which calls ipa-replica-conncheck --replica
over oddjob.
https://fedorahosted.org/freeipa/ticket/5497
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Reviewed-By: Tomas Babej <tbabej@redhat.com>
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/adtrustinstance.py | 19 | ||||
-rw-r--r-- | ipaserver/install/ca.py | 2 | ||||
-rw-r--r-- | ipaserver/install/httpinstance.py | 26 | ||||
-rw-r--r-- | ipaserver/install/installutils.py | 12 | ||||
-rw-r--r-- | ipaserver/install/plugins/adtrust.py | 21 | ||||
-rw-r--r-- | ipaserver/install/replication.py | 6 | ||||
-rw-r--r-- | ipaserver/install/server/replicainstall.py | 6 | ||||
-rw-r--r-- | ipaserver/install/server/upgrade.py | 1 |
8 files changed, 37 insertions, 56 deletions
diff --git a/ipaserver/install/adtrustinstance.py b/ipaserver/install/adtrustinstance.py index 813d48e50..118f848cf 100644 --- a/ipaserver/install/adtrustinstance.py +++ b/ipaserver/install/adtrustinstance.py @@ -726,9 +726,6 @@ class ADTRUSTInstance(service.Service): except Exception as e: root_logger.critical("Enabling nsswitch support in slapi-nis failed with error '%s'" % e) - def __enable_and_start_oddjobd(self): - installutils.enable_and_start_oddjobd(self.sstore) - def __start(self): try: self.start() @@ -881,7 +878,6 @@ class ADTRUSTInstance(service.Service): self.step("adding Default Trust View", self.__add_default_trust_view) self.step("setting SELinux booleans", \ self.__configure_selinux_for_smbd) - self.step("enabling oddjobd", self.__enable_and_start_oddjobd) self.step("starting CIFS services", self.__start) if self.add_sids: @@ -911,21 +907,6 @@ class ADTRUSTInstance(service.Service): except Exception: pass - # Restore oddjobd to its original state - oddjobd = services.service('oddjobd') - - if not self.sstore.restore_state('oddjobd', 'running'): - try: - oddjobd.stop() - except Exception: - pass - - if not self.sstore.restore_state('oddjobd', 'enabled'): - try: - oddjobd.disable() - except Exception: - pass - # Since we do not guarantee restoring back to working samba state, # we should not restore smb.conf diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py index 1a51ebc8c..36a7d57b9 100644 --- a/ipaserver/install/ca.py +++ b/ipaserver/install/ca.py @@ -40,7 +40,7 @@ def install_check(standalone, replica_config, options): replica_conn_check( replica_config.master_host_name, host_name, realm_name, True, replica_config.ca_ds_port, options.admin_password, - principal=principal) + principal=principal, ca_cert_file=options.ca_cert_file) if options.skip_schema_check or options.promote: root_logger.info("Skipping CA DS schema check") diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 1b68573d7..b51cc4a00 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -163,6 +163,7 @@ class HTTPInstance(service.Service): self.step("enable KDC proxy", self.enable_kdcproxy) self.step("restarting httpd", self.__start) self.step("configuring httpd to start on boot", self.__enable) + self.step("enabling oddjobd", self.enable_and_start_oddjobd) self.start_creation(runtime=60) @@ -441,6 +442,17 @@ class HTTPInstance(service.Service): f.write(http_txt) os.chmod(target_fname, 0o644) + def enable_and_start_oddjobd(self): + oddjobd = services.service('oddjobd') + self.sstore.backup_state('oddjobd', 'running', oddjobd.is_running()) + self.sstore.backup_state('oddjobd', 'enabled', oddjobd.is_enabled()) + + try: + oddjobd.enable() + oddjobd.start() + except Exception as e: + root_logger.critical("Unable to start oddjobd: {0}".format(str(e))) + def uninstall(self): if self.is_configured(): self.print_msg("Unconfiguring web server") @@ -448,6 +460,20 @@ class HTTPInstance(service.Service): running = self.restore_state("running") enabled = self.restore_state("enabled") + # Restore oddjobd to its original state + oddjobd = services.service('oddjobd') + + if not self.sstore.restore_state('oddjobd', 'running'): + try: + oddjobd.stop() + except Exception: + pass + + if not self.sstore.restore_state('oddjobd', 'enabled'): + try: + oddjobd.disable() + except Exception: + pass self.stop_tracking_certificates() diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py index 156c8a5eb..bdbe2e38b 100644 --- a/ipaserver/install/installutils.py +++ b/ipaserver/install/installutils.py @@ -1103,18 +1103,6 @@ def realm_to_ldapi_uri(realm_name): return 'ldapi://' + ldapurl.ldapUrlEscape(socketname) -def enable_and_start_oddjobd(sstore): - oddjobd = services.service('oddjobd') - sstore.backup_state('oddjobd', 'running', oddjobd.is_running()) - sstore.backup_state('oddjobd', 'enabled', oddjobd.is_enabled()) - - try: - oddjobd.enable() - oddjobd.start() - except Exception as e: - root_logger.critical("Unable to start oddjobd: {0}".format(str(e))) - - def install_service_keytab(principal, server, path, force_service_add=False): try: diff --git a/ipaserver/install/plugins/adtrust.py b/ipaserver/install/plugins/adtrust.py index 45bcc5f2f..5510dfd36 100644 --- a/ipaserver/install/plugins/adtrust.py +++ b/ipaserver/install/plugins/adtrust.py @@ -164,26 +164,5 @@ class update_default_trust_view(Updater): return False, [update] - -class update_oddjobd_for_adtrust(Updater): - """ - Enables and starts oddjobd daemon if ipa-adtrust-install has been run - on this system. - """ - - def execute(self, **options): - adtrust_is_enabled = self.api.Command['adtrust_is_enabled']()['result'] - - if adtrust_is_enabled: - self.log.debug('Try to enable and start oddjobd') - sstore = sysrestore.StateFile(paths.SYSRESTORE) - installutils.enable_and_start_oddjobd(sstore) - else: - self.log.debug('ADTrust not configured on this server, do not ' - 'start and enable oddjobd') - - return False, [] - api.register(update_default_range) api.register(update_default_trust_view) -api.register(update_oddjobd_for_adtrust) diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index aaa841ca6..ee1b50724 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -67,7 +67,7 @@ STRIP_ATTRS = ('modifiersName', def replica_conn_check(master_host, host_name, realm, check_ca, dogtag_master_ds_port, admin_password=None, - principal="admin"): + principal="admin", ca_cert_file=None): """ Check the ports used by the replica both locally and remotely to be sure that replication will work. @@ -89,6 +89,10 @@ def replica_conn_check(master_host, host_name, realm, check_ca, if check_ca and dogtag_master_ds_port == 7389: args.append('--check-ca') + + if ca_cert_file: + args.extend(["--ca-cert-file", ca_cert_file]) + (stdin, stderr, returncode) = ipautil.run( args, raiseonerr=False, capture_output=False, nolog=nolog) diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index dc8f31db5..aca25bbe7 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -668,7 +668,8 @@ def install_check(installer): if not options.skip_conncheck: replica_conn_check( config.master_host_name, config.host_name, config.realm_name, - options.setup_ca, config.ca_ds_port, options.admin_password) + options.setup_ca, config.ca_ds_port, options.admin_password, + ca_cert_file=cafile) installer._remote_api = remote_api installer._fstore = fstore @@ -1206,7 +1207,8 @@ def promote_check(installer): replica_conn_check( config.master_host_name, config.host_name, config.realm_name, options.setup_ca, 389, - options.admin_password, principal=options.principal) + options.admin_password, principal=options.principal, + ca_cert_file=cafile) finally: os.environ['KRB5CCNAME'] = ccache diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index e193b85b9..8ac235593 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -1478,6 +1478,7 @@ def upgrade_configuration(): http.configure_selinux_for_httpd() http.change_mod_nss_port_from_http() http.configure_certmonger_renewal_guard() + http.enable_and_start_oddjobd() ds.configure_dirsrv_ccache() |