diff options
| author | Martin Babinsky <mbabinsk@redhat.com> | 2015-11-20 09:57:05 +0100 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2015-11-27 10:32:04 +0100 |
| commit | 7978c214731edfa4e05d64ffd2079d327e7b34d4 (patch) | |
| tree | 35e055eb870724a327b05ecfc0318300afe8671c /ipaserver | |
| parent | b6c893aae63b6b77871c775d062a5c7e1c470ad9 (diff) | |
| download | freeipa-7978c214731edfa4e05d64ffd2079d327e7b34d4.tar.gz freeipa-7978c214731edfa4e05d64ffd2079d327e7b34d4.tar.xz freeipa-7978c214731edfa4e05d64ffd2079d327e7b34d4.zip | |
replica promotion: modify default.conf even if DS configuration fails
When we promote an IPA client to replica, we need to write master-like
default.conf once we start configuring directory server instance. This way
even if DS configuration fails for some reason the server uninstall code can
work properly and clean up partially configured replica.
https://fedorahosted.org/freeipa/ticket/5417
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/install/server/replicainstall.py | 55 |
1 files changed, 30 insertions, 25 deletions
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 4b811105b..e6d96bbe6 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -1001,34 +1001,39 @@ def promote(installer): ntp = ntpinstance.NTPInstance() ntp.create_instance() - # Configure dirsrv - ds = install_replica_ds(config, options, promote=True) - - # Always try to install DNS records - install_dns_records(config, options, api) + try: + # Configure dirsrv + ds = install_replica_ds(config, options, promote=True) - # Must install http certs before changing ipa configuration file - # or certmonger will fail to contact the peer master - install_http_certs(config, fstore) + # Always try to install DNS records + install_dns_records(config, options, api) - ldapi_uri = installutils.realm_to_ldapi_uri(config.realm_name) + # Must install http certs before changing ipa configuration file + # or certmonger will fail to contact the peer master + install_http_certs(config, fstore) - # Create the management framework config file - gopts = [ - ipaconf.setOption('host', config.host_name), - ipaconf.rmOption('server'), - ipaconf.setOption('xmlrpc_uri', - 'https://%s/ipa/xml' % - ipautil.format_netloc(config.host_name)), - ipaconf.setOption('ldap_uri', ldapi_uri), - ipaconf.setOption('mode', 'production'), - ipaconf.setOption('enable_ra', 'True'), - ipaconf.setOption('ra_plugin', 'dogtag'), - ipaconf.setOption('dogtag_version', '10')] - opts = [ipaconf.setSection('global', gopts)] - - ipaconf.changeConf(target_fname, opts) - os.chmod(target_fname, 0o644) # must be readable for httpd + finally: + # Create the management framework config file + # do this regardless of the state of DS installation. Even if it fails, + # we need to have master-like configuration in order to perform a + # successful uninstallation + ldapi_uri = installutils.realm_to_ldapi_uri(config.realm_name) + + gopts = [ + ipaconf.setOption('host', config.host_name), + ipaconf.rmOption('server'), + ipaconf.setOption('xmlrpc_uri', + 'https://%s/ipa/xml' % + ipautil.format_netloc(config.host_name)), + ipaconf.setOption('ldap_uri', ldapi_uri), + ipaconf.setOption('mode', 'production'), + ipaconf.setOption('enable_ra', 'True'), + ipaconf.setOption('ra_plugin', 'dogtag'), + ipaconf.setOption('dogtag_version', '10')] + opts = [ipaconf.setSection('global', gopts)] + + ipaconf.changeConf(target_fname, opts) + os.chmod(target_fname, 0o644) # must be readable for httpd custodia = custodiainstance.CustodiaInstance(config.host_name, config.realm_name) |