Server Upgrade: enable DS global lock during upgrade

https://fedorahosted.org/freeipa/ticket/4925 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
author: Martin Basti <mbasti@redhat.com> 2015-04-27 10:34:25 +0200
committer: Petr Vobornik <pvoborni@redhat.com> 2015-05-05 11:56:49 +0200
commit: 5db962d167c77388d6b80fd22d69a1ca475f03cc (patch)
tree: 8a56877af678c9f98f2569b39c623f075490d66b /ipaserver
parent: 882ce85ad566a1f426398ce346829b1a4dcb5422 (diff)
download: freeipa-5db962d167c77388d6b80fd22d69a1ca475f03cc.tar.gz
freeipa-5db962d167c77388d6b80fd22d69a1ca475f03cc.tar.xz
freeipa-5db962d167c77388d6b80fd22d69a1ca475f03cc.zip
2 files changed, 34 insertions, 4 deletions
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 52df6b7de..e216edbfa 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -36,6 +36,7 @@ import ldap
 from ipaserver.install import ldapupdate
 from ipaserver.install import replication
 from ipaserver.install import sysupgrade
+from ipaserver.install import upgradeinstance
 from ipalib import api
 from ipalib import certstore
 from ipalib import errors
@@ -504,10 +505,8 @@ class DsInstance(service.Service):
         conn.unbind()
 
     def apply_updates(self):
-        ld = ldapupdate.LDAPUpdate(dm_password=self.dm_password,
-                                   sub_dict=self.sub_dict)
-        files = ld.get_all_files(ldapupdate.UPDATES_DIR)
-        ld.update(files)
+        data_upgrade = upgradeinstance.IPAUpgrade(self.realm)
+        data_upgrade.create_instance()
         installutils.store_version()
 
 
diff --git a/ipaserver/install/upgradeinstance.py b/ipaserver/install/upgradeinstance.py
index f70312f09..1466450b2 100644
--- a/ipaserver/install/upgradeinstance.py
+++ b/ipaserver/install/upgradeinstance.py
@@ -25,6 +25,7 @@ import random
 import traceback
 from ipaplatform.paths import paths
 from ipapython.ipa_log_manager import *
+from ipapython import ipaldap
 
 from ipaserver.install import installutils
 from ipaserver.install import schemaupdate
@@ -170,6 +171,7 @@ class IPAUpgrade(service.Service):
         self.upgradefailed = False
         self.serverid = serverid
         self.schema_files = schema_files
+        self.realm = realm_name
 
     def __start_nowait(self):
         # Don't wait here because we've turned off port 389. The connection
@@ -184,6 +186,7 @@ class IPAUpgrade(service.Service):
         self.step("stopping directory server", self.__stop_instance)
         self.step("saving configuration", self.__save_config)
         self.step("disabling listeners", self.__disable_listeners)
+        self.step("enabling DS global lock", self.__enable_ds_global_write_lock)
         self.step("starting directory server", self.__start_nowait)
         if self.schema_files:
             self.step("updating schema", self.__update_schema)
@@ -223,9 +226,31 @@ class IPAUpgrade(service.Service):
             else:
                 self.backup_state('nsslapd-security', security)
 
+            try:
+                global_lock = config_entry['nsslapd-global-backend-lock'][0]
+            except KeyError:
+                pass
+            else:
+                self.backup_state('nsslapd-global-backend-lock', global_lock)
+
+    def __enable_ds_global_write_lock(self):
+        ldif_outfile = "%s.modified.out" % self.filename
+        with open(ldif_outfile, "wb") as out_file:
+            ldif_writer = ldif.LDIFWriter(out_file)
+            with open(self.filename, "rb") as in_file:
+                parser = ModifyLDIF(in_file, ldif_writer)
+
+                parser.remove_value("cn=config", "nsslapd-global-backend-lock")
+                parser.add_value("cn=config", "nsslapd-global-backend-lock",
+                                 "on")
+                parser.parse()
+
+        shutil.copy2(ldif_outfile, self.filename)
+
     def __restore_config(self):
         port = self.restore_state('nsslapd-port')
         security = self.restore_state('nsslapd-security')
+        global_lock = self.restore_state('nsslapd-global-backend-lock')
 
         ldif_outfile = "%s.modified.out" % self.filename
         with open(ldif_outfile, "wb") as out_file:
@@ -240,6 +265,12 @@ class IPAUpgrade(service.Service):
                     parser.remove_value("cn=config", "nsslapd-security")
                     parser.add_value("cn=config", "nsslapd-security", security)
 
+                # disable global lock by default
+                parser.remove_value("cn=config", "nsslapd-global-backend-lock")
+                if global_lock is not None:
+                    parser.add_value("cn=config", "nsslapd-global-backend-lock",
+                                     global_lock)
+
                 parser.parse()
 
         shutil.copy2(ldif_outfile, self.filename)
author	Martin Basti <mbasti@redhat.com>	2015-04-27 10:34:25 +0200
committer	Petr Vobornik <pvoborni@redhat.com>	2015-05-05 11:56:49 +0200
commit	5db962d167c77388d6b80fd22d69a1ca475f03cc (patch)
tree	8a56877af678c9f98f2569b39c623f075490d66b /ipaserver
parent	882ce85ad566a1f426398ce346829b1a4dcb5422 (diff)
download	freeipa-5db962d167c77388d6b80fd22d69a1ca475f03cc.tar.gz freeipa-5db962d167c77388d6b80fd22d69a1ca475f03cc.tar.xz freeipa-5db962d167c77388d6b80fd22d69a1ca475f03cc.zip