diff options
| author | Martin Basti <mbasti@redhat.com> | 2015-03-17 17:56:34 +0100 |
|---|---|---|
| committer | Petr Vobornik <pvoborni@redhat.com> | 2015-04-14 19:25:47 +0200 |
| commit | cc19b5a76a37d1fb87deb45d9cbfc71472a99fa4 (patch) | |
| tree | 1dbecc1e9cb5b4bf972996fc45a2738f9942863d /ipaserver | |
| parent | b4ca5c57d230c80ecc4f8eaaa01d8e7a36bcb3b4 (diff) | |
| download | freeipa-cc19b5a76a37d1fb87deb45d9cbfc71472a99fa4.tar.gz freeipa-cc19b5a76a37d1fb87deb45d9cbfc71472a99fa4.tar.xz freeipa-cc19b5a76a37d1fb87deb45d9cbfc71472a99fa4.zip | |
Server Upgrade: Apply plugin updates immediately
Preparation to moving plugins executin into update files.
* remove apply_now flag
* plugins will return only (restart, modifications)
https://fedorahosted.org/freeipa/ticket/4904
Reviewed-By: David Kupka <dkupka@redhat.com>
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/install/plugins/adtrust.py | 12 | ||||
| -rw-r--r-- | ipaserver/install/plugins/ca_renewal_master.py | 16 | ||||
| -rw-r--r-- | ipaserver/install/plugins/dns.py | 30 | ||||
| -rw-r--r-- | ipaserver/install/plugins/fix_replica_agreements.py | 2 | ||||
| -rw-r--r-- | ipaserver/install/plugins/rename_managed.py | 4 | ||||
| -rw-r--r-- | ipaserver/install/plugins/update_idranges.py | 18 | ||||
| -rw-r--r-- | ipaserver/install/plugins/update_managed_permissions.py | 2 | ||||
| -rw-r--r-- | ipaserver/install/plugins/update_pacs.py | 4 | ||||
| -rw-r--r-- | ipaserver/install/plugins/update_passsync.py | 10 | ||||
| -rw-r--r-- | ipaserver/install/plugins/update_referint.py | 8 | ||||
| -rw-r--r-- | ipaserver/install/plugins/update_services.py | 12 | ||||
| -rw-r--r-- | ipaserver/install/plugins/update_uniqueness.py | 4 | ||||
| -rw-r--r-- | ipaserver/install/plugins/updateclient.py | 17 | ||||
| -rw-r--r-- | ipaserver/install/plugins/upload_cacrt.py | 2 |
14 files changed, 67 insertions, 74 deletions
diff --git a/ipaserver/install/plugins/adtrust.py b/ipaserver/install/plugins/adtrust.py index dbec429aa..3ad75135d 100644 --- a/ipaserver/install/plugins/adtrust.py +++ b/ipaserver/install/plugins/adtrust.py @@ -42,7 +42,7 @@ class update_default_range(PostUpdate): pass else: root_logger.debug("default_range: ipaDomainIDRange entry found, skip plugin") - return (False, False, []) + return False, [] dn = DN(('cn', 'admins'), api.env.container_group, api.env.basedn) try: @@ -50,7 +50,7 @@ class update_default_range(PostUpdate): except errors.NotFound: root_logger.error("default_range: No local ID range and no admins " "group found. Cannot create default ID range") - return (False, False, []) + return False, [] id_range_base_id = admins_entry['gidnumber'][0] id_range_name = '%s_id_range' % api.env.realm @@ -114,7 +114,7 @@ class update_default_range(PostUpdate): root_logger.error("default_range: %s", "\n".join(msg)) - return (False, True, [update]) + return False, [update] class update_default_trust_view(PostUpdate): @@ -141,7 +141,7 @@ class update_default_trust_view(PostUpdate): # First, see if trusts are enabled on the server if not self.api.Command.adtrust_is_enabled()['result']: self.log.info('AD Trusts are not enabled on this server') - return (False, False, []) + return False, [] # Second, make sure the Default Trust View does not exist yet try: @@ -150,7 +150,7 @@ class update_default_trust_view(PostUpdate): pass else: self.log.info('Default Trust View already present on this server') - return (False, False, []) + return False, [] # We have a server with AD trust support without Default Trust View. # Create the Default Trust View entry. @@ -160,7 +160,7 @@ class update_default_trust_view(PostUpdate): 'default': default_trust_view_entry } - return (False, True, [update]) + return False, [update] api.register(update_default_range) api.register(update_default_trust_view) diff --git a/ipaserver/install/plugins/ca_renewal_master.py b/ipaserver/install/plugins/ca_renewal_master.py index b0fb527a3..3cd1ad240 100644 --- a/ipaserver/install/plugins/ca_renewal_master.py +++ b/ipaserver/install/plugins/ca_renewal_master.py @@ -37,7 +37,7 @@ class update_ca_renewal_master(PostUpdate): ca = cainstance.CAInstance(self.api.env.realm, certs.NSS_DIR) if not ca.is_configured(): self.debug("CA is not configured on this host") - return (False, False, []) + return False, [] ldap = self.obj.backend base_dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), @@ -50,7 +50,7 @@ class update_ca_renewal_master(PostUpdate): pass else: self.debug("found CA renewal master %s", entries[0].dn[1].value) - return (False, False, []) + return False, [] criteria = { 'cert-database': paths.HTTPD_ALIAS_DIR, @@ -65,20 +65,20 @@ class update_ca_renewal_master(PostUpdate): self.warning( "certmonger request for ipaCert is missing ca_name, " "assuming local CA is renewal slave") - return (False, False, []) + return False, [] ca_name = ca_name.strip() if ca_name == 'dogtag-ipa-renew-agent': pass elif ca_name == 'dogtag-ipa-retrieve-agent-submit': - return (False, False, []) + return False, [] elif ca_name == 'dogtag-ipa-ca-renew-agent': - return (False, False, []) + return False, [] else: self.warning( "certmonger request for ipaCert has unknown ca_name '%s', " "assuming local CA is renewal slave", ca_name) - return (False, False, []) + return False, [] else: self.debug("certmonger request for ipaCert not found") @@ -89,7 +89,7 @@ class update_ca_renewal_master(PostUpdate): if config == 'New': pass elif config == 'Clone': - return (False, False, []) + return False, [] else: self.warning( "CS.cfg has unknown subsystem.select value '%s', " @@ -102,4 +102,4 @@ class update_ca_renewal_master(PostUpdate): 'updates': ['add:ipaConfigString: caRenewalMaster'], } - return (False, True, [update]) + return False, [update] diff --git a/ipaserver/install/plugins/dns.py b/ipaserver/install/plugins/dns.py index f562978bc..082c066d0 100644 --- a/ipaserver/install/plugins/dns.py +++ b/ipaserver/install/plugins/dns.py @@ -62,13 +62,13 @@ class update_dnszones(PostUpdate): def execute(self, **options): ldap = self.obj.backend if not dns_container_exists(ldap): - return (False, False, []) + return False, [] try: zones = api.Command.dnszone_find(all=True)['result'] except errors.NotFound: self.log.info('No DNS zone to update found') - return (False, False, []) + return False, [] for zone in zones: update = {} @@ -90,7 +90,7 @@ class update_dnszones(PostUpdate): api.Command.dnszone_mod(zone[u'idnsname'][0].make_absolute(), **update) - return (False, False, []) + return False, [] api.register(update_dnszones) @@ -109,7 +109,7 @@ class update_dns_limits(PostUpdate): ldap = self.obj.backend if not dns_container_exists(ldap): - return (False, False, []) + return False, [] dns_principal = 'DNS/%s@%s' % (self.env.host, self.env.realm) dns_service_dn = DN(('krbprincipalname', dns_principal), @@ -121,12 +121,12 @@ class update_dns_limits(PostUpdate): except errors.NotFound: # this host may not have DNS service set root_logger.debug("DNS: service %s not found, no need to update limits" % dns_service_dn) - return (False, False, []) + return False, [] if all(entry.get(limit.lower(), [None])[0] == self.limit_value for limit in self.limit_attributes): root_logger.debug("DNS: limits for service %s already set" % dns_service_dn) # service is already updated - return (False, False, []) + return False, [] limit_updates = [] @@ -137,7 +137,7 @@ class update_dns_limits(PostUpdate): root_logger.debug("DNS: limits for service %s will be updated" % dns_service_dn) - return (False, True, [dnsupdate]) + return False, [dnsupdate] api.register(update_dns_limits) @@ -166,7 +166,7 @@ class update_master_to_dnsforwardzones(PostUpdate): container_entry = ldap.get_entry(dns_container_dn) except errors.NotFound: # DNS container not found, nothing to upgrade - return (False, False, []) + return False, [] for config_option in container_entry.get("ipaConfigString", []): matched = re.match("^DNSVersion\s+(?P<version>\d+)$", @@ -174,7 +174,7 @@ class update_master_to_dnsforwardzones(PostUpdate): if matched and int(matched.group("version")) >= 1: # forwardzones already uses new semantics, # no upgrade is required - return (False, False, []) + return False, [] self.log.info('Updating forward zones') # update the DNSVersion, following upgrade can be executed only once @@ -193,7 +193,7 @@ class update_master_to_dnsforwardzones(PostUpdate): else: if fwzones: # fwzones exist, do not execute upgrade again - return (False, False, []) + return False, [] zones = [] try: @@ -206,7 +206,7 @@ class update_master_to_dnsforwardzones(PostUpdate): if not zones: self.log.info('No DNS zone to update found') - return (False, False, []) + return False, [] zones_to_transform = [] @@ -271,7 +271,7 @@ class update_master_to_dnsforwardzones(PostUpdate): self.log.error('Unable to backup zone %s' % zone['idnsname'][0]) self.log.error(traceback.format_exc()) - return (False, False, []) + return False, [] for privilege_dn in privileges_to_ldif: try: @@ -281,13 +281,13 @@ class update_master_to_dnsforwardzones(PostUpdate): self.log.error('Unable to backup privilege %s' % privilege_dn) self.log.error(traceback.format_exc()) - return (False, False, []) + return False, [] f.close() except Exception: self.log.error('Unable to create backup file') self.log.error(traceback.format_exc()) - return (False, False, []) + return False, [] # update for zone in zones_to_transform: @@ -352,6 +352,6 @@ class update_master_to_dnsforwardzones(PostUpdate): self.log.info('Zone %s was sucessfully transformed to forward zone', zone['idnsname'][0]) - return (False, False, []) + return False, [] api.register(update_master_to_dnsforwardzones) diff --git a/ipaserver/install/plugins/fix_replica_agreements.py b/ipaserver/install/plugins/fix_replica_agreements.py index a5ff4819f..98ed9e637 100644 --- a/ipaserver/install/plugins/fix_replica_agreements.py +++ b/ipaserver/install/plugins/fix_replica_agreements.py @@ -65,7 +65,7 @@ class update_replica_attribute_lists(PreUpdate): self.log.debug("Done updating agreements") - return (False, False, []) # No restart, no apply now, no updates + return False, [] # No restart, no updates def _update_attr(self, repl, replica, attribute, values, template='%s'): """Add or update an attribute of a replication agreement diff --git a/ipaserver/install/plugins/rename_managed.py b/ipaserver/install/plugins/rename_managed.py index adb814c17..d3c5bf249 100644 --- a/ipaserver/install/plugins/rename_managed.py +++ b/ipaserver/install/plugins/rename_managed.py @@ -144,7 +144,7 @@ class update_managed_post_first(PreUpdate, GenerateUpdateMixin): # Never need to restart with the pre-update changes (ignore, update_list) = self.generate_update(False) - return (False, True, update_list) + return False, update_list api.register(update_managed_post_first) @@ -157,6 +157,6 @@ class update_managed_post(PostUpdate, GenerateUpdateMixin): def execute(self, **options): (restart, update_list) = self.generate_update(True) - return (restart, True, update_list) + return restart, update_list api.register(update_managed_post) diff --git a/ipaserver/install/plugins/update_idranges.py b/ipaserver/install/plugins/update_idranges.py index 1aa5fa763..ff061bef7 100644 --- a/ipaserver/install/plugins/update_idranges.py +++ b/ipaserver/install/plugins/update_idranges.py @@ -51,18 +51,18 @@ class update_idrange_type(PostUpdate): except errors.NotFound: root_logger.debug("update_idrange_type: no ID range without " "type set found") - return (False, False, []) + return False, [] except errors.ExecutionError, e: root_logger.error("update_idrange_type: cannot retrieve list " "of ranges with no type set: %s", e) - return (False, False, []) + return False, [] if not entries: # No entry was returned, rather break than continue cycling root_logger.debug("update_idrange_type: no ID range was " "returned") - return (False, False, []) + return False, [] root_logger.debug("update_idrange_type: found %d " "idranges to update, truncated: %s", @@ -101,15 +101,15 @@ class update_idrange_type(PostUpdate): # Exit loop to avoid infinite cycles root_logger.error("update_idrange_type: error(s) " "detected during idrange type update") - return (False, False, []) + return False, [] elif not truncated: # All affected entries updated, exit the loop root_logger.debug("update_idrange_type: all affected idranges " "were assigned types") - return (False, False, []) + return False, [] - return (False, False, []) + return False, [] class update_idrange_baserid(PostUpdate): @@ -140,12 +140,12 @@ class update_idrange_baserid(PostUpdate): except errors.NotFound: root_logger.debug("update_idrange_baserid: no AD domain " "range with posix attributes found") - return (False, False, []) + return False, [] except errors.ExecutionError, e: root_logger.error("update_idrange_baserid: cannot retrieve " "list of affected ranges: %s", e) - return (False, False, []) + return False, [] root_logger.debug("update_idrange_baserid: found %d " "idranges possible to update", @@ -175,7 +175,7 @@ class update_idrange_baserid(PostUpdate): root_logger.debug("update_idrange_baserid: all affected " "idranges updated") - return (False, False, []) + return False, [] api.register(update_idrange_type) api.register(update_idrange_baserid) diff --git a/ipaserver/install/plugins/update_managed_permissions.py b/ipaserver/install/plugins/update_managed_permissions.py index 430a2919a..e98523f44 100644 --- a/ipaserver/install/plugins/update_managed_permissions.py +++ b/ipaserver/install/plugins/update_managed_permissions.py @@ -441,7 +441,7 @@ class update_managed_permissions(PostUpdate): else: self.log.info('Obsolete permission deleted: %s', obsolete_name) - return False, False, () + return False, () def update_permission(self, ldap, obj, name, template, anonymous_read_aci): """Update the given permission and the corresponding ACI""" diff --git a/ipaserver/install/plugins/update_pacs.py b/ipaserver/install/plugins/update_pacs.py index 653456bb8..ffe6c6670 100644 --- a/ipaserver/install/plugins/update_pacs.py +++ b/ipaserver/install/plugins/update_pacs.py @@ -39,7 +39,7 @@ class update_pacs(PostUpdate): pacs = entry.get('ipakrbauthzdata', []) except errors.NotFound: self.log.warning('Error retrieving: %s' % str(dn)) - return (False, False, []) + return False, [] nfs_pac_set = any(pac.startswith('nfs:') for pac in pacs) @@ -52,6 +52,6 @@ class update_pacs(PostUpdate): else: self.log.debug('PAC for nfs is already set, not adding nfs:NONE.') - return (False, False, []) + return False, [] api.register(update_pacs) diff --git a/ipaserver/install/plugins/update_passsync.py b/ipaserver/install/plugins/update_passsync.py index e0d2fc01c..61c3a77c5 100644 --- a/ipaserver/install/plugins/update_passsync.py +++ b/ipaserver/install/plugins/update_passsync.py @@ -16,7 +16,7 @@ class update_passync_privilege_check(PreUpdate): update_done = sysupgrade.get_upgrade_state('winsync', 'passsync_privilege_updated') if update_done: root_logger.debug("PassSync privilege update pre-check not needed") - return False, False, [] + return False, [] root_logger.debug("Check if there is existing PassSync privilege") @@ -34,7 +34,7 @@ class update_passync_privilege_check(PreUpdate): root_logger.debug("PassSync privilege found, skip updating PassSync") sysupgrade.set_upgrade_state('winsync', 'passsync_privilege_updated', True) - return False, False, [] + return False, [] api.register(update_passync_privilege_check) @@ -49,7 +49,7 @@ class update_passync_privilege_update(PostUpdate): update_done = sysupgrade.get_upgrade_state('winsync', 'passsync_privilege_updated') if update_done: root_logger.debug("PassSync privilege update not needed") - return False, False, [] + return False, [] root_logger.debug("Add PassSync user as a member of PassSync privilege") ldap = self.obj.backend @@ -64,7 +64,7 @@ class update_passync_privilege_update(PostUpdate): except errors.NotFound: root_logger.debug("PassSync user not found, no update needed") sysupgrade.set_upgrade_state('winsync', 'passsync_privilege_updated', True) - return False, False, [] + return False, [] else: root_logger.debug("PassSync user found, do update") @@ -72,6 +72,6 @@ class update_passync_privilege_update(PostUpdate): 'updates': ["add:member:'%s'" % passsync_dn]} sysupgrade.set_upgrade_state('winsync', 'passsync_privilege_updated', True) - return (False, True, [update]) + return False, [update] api.register(update_passync_privilege_update) diff --git a/ipaserver/install/plugins/update_referint.py b/ipaserver/install/plugins/update_referint.py index 1b7411035..aa3a4a3fa 100644 --- a/ipaserver/install/plugins/update_referint.py +++ b/ipaserver/install/plugins/update_referint.py @@ -35,7 +35,7 @@ class update_referint(PreUpdate): entry = ldap.get_entry(self.referint_dn) except errors.NotFound: root_logger.error("Referential integrity configuration not found") - return False, False, [] + return False, [] referint_membership_attrs = [] @@ -49,7 +49,7 @@ class update_referint(PreUpdate): entry['nsslapd-pluginArg0'] = None else: root_logger.info("Plugin already uses new style, skipping") - return False, False, [] + return False, [] # nsslapd-pluginArg1 -> referint-logfile logfile = entry.get('nsslapd-pluginArg1') @@ -83,8 +83,8 @@ class update_referint(PreUpdate): ldap.update_entry(entry) except errors.EmptyModlist: root_logger.debug("No modifications required") - return False, False, [] + return False, [] - return False, True, [] + return False, [] api.register(update_referint) diff --git a/ipaserver/install/plugins/update_services.py b/ipaserver/install/plugins/update_services.py index 2122abb10..1de856885 100644 --- a/ipaserver/install/plugins/update_services.py +++ b/ipaserver/install/plugins/update_services.py @@ -51,16 +51,16 @@ class update_service_principalalias(PostUpdate): except errors.NotFound: root_logger.debug("update_service_principalalias: no service " "to update found") - return (False, False, []) + return False, [] except errors.ExecutionError, e: root_logger.error("update_service_principalalias: cannot " "retrieve list of affected services: %s", e) - return (False, False, []) + return False, [] if not entries: # no entry was returned, rather break than continue cycling root_logger.debug("update_service_principalalias: no service " "was returned") - return (False, False, []) + return False, [] root_logger.debug("update_service_principalalias: found %d " "services to update, truncated: %s", len(entries), truncated) @@ -83,12 +83,12 @@ class update_service_principalalias(PostUpdate): # exit loop to avoid infinite cycles root_logger.error("update_service_principalalias: error(s)" "detected during service update") - return (False, False, []) + return False, [] elif not truncated: # all affected entries updated, exit the loop root_logger.debug("update_service_principalalias: all affected" " services updated") - return (False, False, []) - return (False, False, []) + return False, [] + return False, [] api.register(update_service_principalalias) diff --git a/ipaserver/install/plugins/update_uniqueness.py b/ipaserver/install/plugins/update_uniqueness.py index e0ee150a7..fa6b990e0 100644 --- a/ipaserver/install/plugins/update_uniqueness.py +++ b/ipaserver/install/plugins/update_uniqueness.py @@ -184,7 +184,7 @@ class update_uniqueness_plugins_to_new_syntax(PreUpdate): except errors.NotFound: root_logger.debug("No uniqueness plugin entries with old style " "configuration found") - return False, False, [] + return False, [] update_list = [] new_attributes = [ @@ -220,6 +220,6 @@ class update_uniqueness_plugins_to_new_syntax(PreUpdate): update_list.append(update) - return False, True, update_list + return False, update_list api.register(update_uniqueness_plugins_to_new_syntax) diff --git a/ipaserver/install/plugins/updateclient.py b/ipaserver/install/plugins/updateclient.py index 745171dd0..782ad0eda 100644 --- a/ipaserver/install/plugins/updateclient.py +++ b/ipaserver/install/plugins/updateclient.py @@ -32,13 +32,9 @@ class updateclient(backend.Executioner): An update plugin can be executed before the file-based plugins or afterward. Each plugin returns three values: - 1. restart: dirsrv needs to be restarted BEFORE this update is + 1. restart: dirsrv will be restarted AFTER this update is applied. - 2. apply_now: when True the update is applied when the plugin - returns. Otherwise the update is cached until all - plugins of that update type are complete, then they - are applied together. - 3. updates: A list of updates to be applied. + 2. updates: A list of updates to be applied. The value of an update is a dictionary with the following possible values: @@ -120,18 +116,15 @@ class updateclient(backend.Executioner): result = [] ld = LDAPUpdate(dm_password=dm_password, sub_dict={}, ldapi=ldapi) for update in self.order(updatetype): - (restart, apply_now, res) = self.run(update.name, **kw) + restart, res = self.run(update.name, **kw) + + ld.update_from_dict(res) if restart: # connection has to be closed before restart, otherwise # ld instance will try to reuse old non-valid connection ld.close_connection() self.restart(dm_password) - if apply_now: - ld.update_from_dict(res) - elif res: - result.extend(res) - self.destroy_context() return result diff --git a/ipaserver/install/plugins/upload_cacrt.py b/ipaserver/install/plugins/upload_cacrt.py index 4d5ce52d4..c9c3c9f9c 100644 --- a/ipaserver/install/plugins/upload_cacrt.py +++ b/ipaserver/install/plugins/upload_cacrt.py @@ -93,6 +93,6 @@ class update_upload_cacrt(PostUpdate): entry.single_value['cACertificate;binary'] = ca_cert ldap.update_entry(entry) - return (False, False, []) + return False, [] api.register(update_upload_cacrt) |