freeipa/ipaserver/install/plugins/update_nis.py

#
# Copyright (C) 2015  FreeIPA Contributors see COPYING for license
#

from __future__ import absolute_import

import logging

from ipalib.plugable import Registry
from ipalib import errors
from ipalib import Updater
from ipaplatform.paths import paths
from ipapython.dn import DN
from ipaserver.install import sysupgrade
from ipaserver.install.ldapupdate import LDAPUpdate

logger = logging.getLogger(__name__)

register = Registry()


@register()
class update_nis_configuration(Updater):
    """Update NIS configuration

    NIS configuration can be updated only if NIS Server was configured via
    ipa-nis-manage command.
    """

    def __recover_from_missing_maps(self, ldap):
        # https://fedorahosted.org/freeipa/ticket/5507
        # if all following DNs are missing, but 'NIS Server' container exists
        # we are experiencig bug and maps should be fixed

        if sysupgrade.get_upgrade_state('nis',
                                        'done_recover_from_missing_maps'):
            # this recover must be done only once, a user may deleted some
            # maps, we do not want to restore them again
            return

        logger.debug("Recovering from missing NIS maps bug")

        suffix = "cn=NIS Server,cn=plugins,cn=config"
        domain = self.api.env.domain
        missing_dn_list = [
            DN(nis_map.format(domain=domain, suffix=suffix)) for nis_map in [
                "nis-domain={domain}+nis-map=passwd.byname,{suffix}",
                "nis-domain={domain}+nis-map=passwd.byuid,{suffix}",
                "nis-domain={domain}+nis-map=group.byname,{suffix}",
                "nis-domain={domain}+nis-map=group.bygid,{suffix}",
                "nis-domain={domain}+nis-map=netid.byname,{suffix}",
                "nis-domain={domain}+nis-map=netgroup,{suffix}",
            ]
        ]

        for dn in missing_dn_list:
            try:
                ldap.get_entry(dn, attrs_list=['cn'])
            except errors.NotFound:
                pass
            else:
                # bug is not effective, at least one of 'possible missing'
                # maps was detected
                return

        sysupgrade.set_upgrade_state('nis', 'done_recover_from_missing_maps',
                                     True)

        # bug is effective run update to recreate missing maps
        ld = LDAPUpdate(api=self.api)
        ld.update([paths.NIS_ULDIF])

    def execute(self, **options):
        ldap = self.api.Backend.ldap2
        dn = DN(('cn', 'NIS Server'), ('cn', 'plugins'), ('cn', 'config'))
        try:
            ldap.get_entry(dn, attrs_list=['cn'])
        except errors.NotFound:
            # NIS is not configured on system, do not execute update
            logger.debug("Skipping NIS update, NIS Server is not configured")

            # container does not exist, bug #5507 is not effective
            sysupgrade.set_upgrade_state(
                'nis', 'done_recover_from_missing_maps', True)
        else:
            self.__recover_from_missing_maps(ldap)

            logger.debug("Executing NIS Server update")
            ld = LDAPUpdate(api=self.api)
            ld.update([paths.NIS_UPDATE_ULDIF])

        return False, ()
Upgrade: Fix upgrade of NIS Server configuration Former upgrade file always created the NIS Server container, that caused the ipa-nis-manage did not set all required NIS maps. Default creation of container has been removed. Updating of NIS Server configuration and NIS maps is done only if the NIS Server container exists. https://fedorahosted.org/freeipa/ticket/5507 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> 2016-01-06 12:47:22 -06:00			`#`
			`# Copyright (C) 2015 FreeIPA Contributors see COPYING for license`
			`#`

Add absolute_import future imports Add absolute_import from __future__ so that pylint does not fail and to achieve python3 behavior in python2. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> 2018-04-05 02:21:16 -05:00			`from __future__ import absolute_import`

logging: remove object-specific loggers Remove all object-specific loggers, with the exception of `Plugin.log`, which is now deprecated. Replace affected logger calls with module-level logger calls. Deprecate object-specific loggers in `ipa_log_manager.get_logger`. Reviewed-By: Martin Basti <mbasti@redhat.com> 2017-05-23 11:35:57 -05:00			`import logging`

Upgrade: Fix upgrade of NIS Server configuration Former upgrade file always created the NIS Server container, that caused the ipa-nis-manage did not set all required NIS maps. Default creation of container has been removed. Updating of NIS Server configuration and NIS maps is done only if the NIS Server container exists. https://fedorahosted.org/freeipa/ticket/5507 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> 2016-01-06 12:47:22 -06:00			`from ipalib.plugable import Registry`
			`from ipalib import errors`
			`from ipalib import Updater`
			`from ipaplatform.paths import paths`
			`from ipapython.dn import DN`
			`from ipaserver.install import sysupgrade`
			`from ipaserver.install.ldapupdate import LDAPUpdate`

logging: remove object-specific loggers Remove all object-specific loggers, with the exception of `Plugin.log`, which is now deprecated. Replace affected logger calls with module-level logger calls. Deprecate object-specific loggers in `ipa_log_manager.get_logger`. Reviewed-By: Martin Basti <mbasti@redhat.com> 2017-05-23 11:35:57 -05:00			`logger = logging.getLogger(__name__)`

Upgrade: Fix upgrade of NIS Server configuration Former upgrade file always created the NIS Server container, that caused the ipa-nis-manage did not set all required NIS maps. Default creation of container has been removed. Updating of NIS Server configuration and NIS maps is done only if the NIS Server container exists. https://fedorahosted.org/freeipa/ticket/5507 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> 2016-01-06 12:47:22 -06:00			`register = Registry()`


			`@register()`
			`class update_nis_configuration(Updater):`
			`"""Update NIS configuration`

			`NIS configuration can be updated only if NIS Server was configured via`
			`ipa-nis-manage command.`
			`"""`

			`def __recover_from_missing_maps(self, ldap):`
			`# https://fedorahosted.org/freeipa/ticket/5507`
			`# if all following DNs are missing, but 'NIS Server' container exists`
			`# we are experiencig bug and maps should be fixed`

			`if sysupgrade.get_upgrade_state('nis',`
			`'done_recover_from_missing_maps'):`
			`# this recover must be done only once, a user may deleted some`
			`# maps, we do not want to restore them again`
			`return`

logging: remove object-specific loggers Remove all object-specific loggers, with the exception of `Plugin.log`, which is now deprecated. Replace affected logger calls with module-level logger calls. Deprecate object-specific loggers in `ipa_log_manager.get_logger`. Reviewed-By: Martin Basti <mbasti@redhat.com> 2017-05-23 11:35:57 -05:00			`logger.debug("Recovering from missing NIS maps bug")`
Upgrade: Fix upgrade of NIS Server configuration Former upgrade file always created the NIS Server container, that caused the ipa-nis-manage did not set all required NIS maps. Default creation of container has been removed. Updating of NIS Server configuration and NIS maps is done only if the NIS Server container exists. https://fedorahosted.org/freeipa/ticket/5507 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> 2016-01-06 12:47:22 -06:00
			`suffix = "cn=NIS Server,cn=plugins,cn=config"`
			`domain = self.api.env.domain`
			`missing_dn_list = [`
			`DN(nis_map.format(domain=domain, suffix=suffix)) for nis_map in [`
			`"nis-domain={domain}+nis-map=passwd.byname,{suffix}",`
			`"nis-domain={domain}+nis-map=passwd.byuid,{suffix}",`
			`"nis-domain={domain}+nis-map=group.byname,{suffix}",`
			`"nis-domain={domain}+nis-map=group.bygid,{suffix}",`
			`"nis-domain={domain}+nis-map=netid.byname,{suffix}",`
			`"nis-domain={domain}+nis-map=netgroup,{suffix}",`
			`]`
			`]`

			`for dn in missing_dn_list:`
			`try:`
			`ldap.get_entry(dn, attrs_list=['cn'])`
			`except errors.NotFound:`
			`pass`
			`else:`
			`# bug is not effective, at least one of 'possible missing'`
			`# maps was detected`
			`return`

			`sysupgrade.set_upgrade_state('nis', 'done_recover_from_missing_maps',`
			`True)`

			`# bug is effective run update to recreate missing maps`
Simplify LDAPUpdater - drop unused dm_password and ldapi arguments - remove online feature that was never implemented - allow passing of api object that is used to populate substitution dictionary - simplify substitution dictionary updates - remove unused instances vars Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> 2020-09-15 04:25:30 -05:00			`ld = LDAPUpdate(api=self.api)`
Upgrade: Fix upgrade of NIS Server configuration Former upgrade file always created the NIS Server container, that caused the ipa-nis-manage did not set all required NIS maps. Default creation of container has been removed. Updating of NIS Server configuration and NIS maps is done only if the NIS Server container exists. https://fedorahosted.org/freeipa/ticket/5507 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> 2016-01-06 12:47:22 -06:00			`ld.update([paths.NIS_ULDIF])`

			`def execute(self, **options):`
			`ldap = self.api.Backend.ldap2`
			`dn = DN(('cn', 'NIS Server'), ('cn', 'plugins'), ('cn', 'config'))`
			`try:`
			`ldap.get_entry(dn, attrs_list=['cn'])`
			`except errors.NotFound:`
			`# NIS is not configured on system, do not execute update`
logging: remove object-specific loggers Remove all object-specific loggers, with the exception of `Plugin.log`, which is now deprecated. Replace affected logger calls with module-level logger calls. Deprecate object-specific loggers in `ipa_log_manager.get_logger`. Reviewed-By: Martin Basti <mbasti@redhat.com> 2017-05-23 11:35:57 -05:00			`logger.debug("Skipping NIS update, NIS Server is not configured")`
Upgrade: Fix upgrade of NIS Server configuration Former upgrade file always created the NIS Server container, that caused the ipa-nis-manage did not set all required NIS maps. Default creation of container has been removed. Updating of NIS Server configuration and NIS maps is done only if the NIS Server container exists. https://fedorahosted.org/freeipa/ticket/5507 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> 2016-01-06 12:47:22 -06:00
			`# container does not exist, bug #5507 is not effective`
			`sysupgrade.set_upgrade_state(`
			`'nis', 'done_recover_from_missing_maps', True)`
			`else:`
			`self.__recover_from_missing_maps(ldap)`

logging: remove object-specific loggers Remove all object-specific loggers, with the exception of `Plugin.log`, which is now deprecated. Replace affected logger calls with module-level logger calls. Deprecate object-specific loggers in `ipa_log_manager.get_logger`. Reviewed-By: Martin Basti <mbasti@redhat.com> 2017-05-23 11:35:57 -05:00			`logger.debug("Executing NIS Server update")`
Simplify LDAPUpdater - drop unused dm_password and ldapi arguments - remove online feature that was never implemented - allow passing of api object that is used to populate substitution dictionary - simplify substitution dictionary updates - remove unused instances vars Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> 2020-09-15 04:25:30 -05:00			`ld = LDAPUpdate(api=self.api)`
Upgrade: Fix upgrade of NIS Server configuration Former upgrade file always created the NIS Server container, that caused the ipa-nis-manage did not set all required NIS maps. Default creation of container has been removed. Updating of NIS Server configuration and NIS maps is done only if the NIS Server container exists. https://fedorahosted.org/freeipa/ticket/5507 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> 2016-01-06 12:47:22 -06:00			`ld.update([paths.NIS_UPDATE_ULDIF])`

			`return False, ()`