2010-05-27 10:58:31 -05:00
|
|
|
# Authors: Rob Crittenden <rcritten@redhat.com>
|
|
|
|
#
|
|
|
|
# Copyright (C) 2010 Red Hat
|
|
|
|
# see file 'COPYING' for use and warranty information
|
|
|
|
#
|
2010-12-09 06:59:11 -06:00
|
|
|
# This program is free software; you can redistribute it and/or modify
|
|
|
|
# it under the terms of the GNU General Public License as published by
|
|
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
|
|
# (at your option) any later version.
|
2010-05-27 10:58:31 -05:00
|
|
|
#
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU General Public License
|
2010-12-09 06:59:11 -06:00
|
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
2010-05-27 10:58:31 -05:00
|
|
|
#
|
|
|
|
|
2015-04-28 03:04:31 -05:00
|
|
|
import ldif
|
2011-03-18 10:19:53 -05:00
|
|
|
import shutil
|
|
|
|
import random
|
2011-11-23 15:52:40 -06:00
|
|
|
import traceback
|
2016-10-26 07:00:29 -05:00
|
|
|
from ipalib import api
|
2014-05-29 07:47:17 -05:00
|
|
|
from ipaplatform.paths import paths
|
2015-05-25 02:01:42 -05:00
|
|
|
from ipaplatform import services
|
2015-12-16 12:04:20 -06:00
|
|
|
from ipapython.ipa_log_manager import root_logger
|
2010-05-27 10:58:31 -05:00
|
|
|
|
|
|
|
from ipaserver.install import installutils
|
2013-04-26 08:21:35 -05:00
|
|
|
from ipaserver.install import schemaupdate
|
2010-05-27 10:58:31 -05:00
|
|
|
from ipaserver.install import ldapupdate
|
|
|
|
from ipaserver.install import service
|
|
|
|
|
|
|
|
DSE = 'dse.ldif'
|
|
|
|
|
2015-04-28 03:04:31 -05:00
|
|
|
|
|
|
|
class GetEntryFromLDIF(ldif.LDIFParser):
|
|
|
|
"""
|
|
|
|
LDIF parser.
|
|
|
|
To get results, method parse() must be called first, then method
|
|
|
|
get_results() which return parsed entries
|
|
|
|
"""
|
|
|
|
def __init__(self, input_file, entries_dn=[]):
|
|
|
|
"""
|
|
|
|
Parse LDIF file.
|
|
|
|
:param input_file: an LDIF file to be parsed
|
|
|
|
:param entries_dn: list of DN which will be returned. All entries are
|
|
|
|
returned if list is empty.
|
|
|
|
"""
|
|
|
|
ldif.LDIFParser.__init__(self, input_file)
|
|
|
|
self.entries_dn = entries_dn
|
|
|
|
self.results = {}
|
|
|
|
|
|
|
|
def get_results(self):
|
|
|
|
"""
|
|
|
|
Returns results in dictionary {DN: entry, ...}
|
|
|
|
"""
|
|
|
|
return self.results
|
|
|
|
|
|
|
|
def handle(self, dn, entry):
|
|
|
|
if self.entries_dn and dn not in self.entries_dn:
|
|
|
|
return
|
|
|
|
|
|
|
|
self.results[dn] = entry
|
|
|
|
|
|
|
|
|
2010-05-27 10:58:31 -05:00
|
|
|
class IPAUpgrade(service.Service):
|
|
|
|
"""
|
|
|
|
Update the LDAP data in an instance by turning off all network
|
|
|
|
listeners and updating over ldapi. This way we know the server is
|
|
|
|
quiet.
|
|
|
|
"""
|
2015-03-17 06:23:06 -05:00
|
|
|
def __init__(self, realm_name, files=[], schema_files=[]):
|
2010-05-27 10:58:31 -05:00
|
|
|
"""
|
|
|
|
realm_name: kerberos realm name, used to determine DS instance dir
|
|
|
|
files: list of update files to process. If none use UPDATEDIR
|
|
|
|
"""
|
|
|
|
|
2011-03-18 10:19:53 -05:00
|
|
|
ext = ''
|
|
|
|
rand = random.Random()
|
2016-10-04 09:54:44 -05:00
|
|
|
for _i in range(8):
|
2011-03-18 10:19:53 -05:00
|
|
|
h = "%02x" % rand.randint(0,255)
|
|
|
|
ext += h
|
2016-11-03 10:38:06 -05:00
|
|
|
super(IPAUpgrade, self).__init__("dirsrv", realm_name=realm_name)
|
2015-04-27 07:42:31 -05:00
|
|
|
serverid = installutils.realm_to_serverid(realm_name)
|
2014-10-03 18:27:57 -05:00
|
|
|
self.filename = '%s/%s' % (paths.ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE % serverid, DSE)
|
|
|
|
self.savefilename = '%s/%s.ipa.%s' % (paths.ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE % serverid, DSE, ext)
|
2010-05-27 10:58:31 -05:00
|
|
|
self.files = files
|
|
|
|
self.modified = False
|
2012-09-13 10:43:09 -05:00
|
|
|
self.serverid = serverid
|
2013-04-26 08:21:35 -05:00
|
|
|
self.schema_files = schema_files
|
2010-05-27 10:58:31 -05:00
|
|
|
|
2015-05-21 06:25:10 -05:00
|
|
|
def __start(self):
|
2016-11-18 08:42:23 -06:00
|
|
|
srv = services.service(self.service_name, api)
|
|
|
|
srv.start(self.serverid, ldapi=True)
|
2016-10-26 07:00:29 -05:00
|
|
|
api.Backend.ldap2.connect()
|
2012-09-13 10:43:09 -05:00
|
|
|
|
|
|
|
def __stop_instance(self):
|
|
|
|
"""Stop only the main DS instance"""
|
2016-11-09 05:23:36 -06:00
|
|
|
if api.Backend.ldap2.isconnected():
|
|
|
|
api.Backend.ldap2.disconnect()
|
2012-09-13 10:43:09 -05:00
|
|
|
super(IPAUpgrade, self).stop(self.serverid)
|
2012-05-24 10:23:36 -05:00
|
|
|
|
2010-05-27 10:58:31 -05:00
|
|
|
def create_instance(self):
|
2015-05-07 04:03:27 -05:00
|
|
|
ds_running = super(IPAUpgrade, self).is_running()
|
|
|
|
if ds_running:
|
|
|
|
self.step("stopping directory server", self.__stop_instance)
|
2010-05-27 10:58:31 -05:00
|
|
|
self.step("saving configuration", self.__save_config)
|
|
|
|
self.step("disabling listeners", self.__disable_listeners)
|
2015-04-27 03:34:25 -05:00
|
|
|
self.step("enabling DS global lock", self.__enable_ds_global_write_lock)
|
2015-05-21 06:25:10 -05:00
|
|
|
self.step("starting directory server", self.__start)
|
2013-04-26 08:21:35 -05:00
|
|
|
if self.schema_files:
|
|
|
|
self.step("updating schema", self.__update_schema)
|
2010-05-27 10:58:31 -05:00
|
|
|
self.step("upgrading server", self.__upgrade)
|
2014-08-22 07:22:06 -05:00
|
|
|
|
|
|
|
self.step("stopping directory server", self.__stop_instance,
|
|
|
|
run_after_failure=True)
|
|
|
|
self.step("restoring configuration", self.__restore_config,
|
|
|
|
run_after_failure=True)
|
2015-05-07 04:03:27 -05:00
|
|
|
if ds_running:
|
2016-10-26 07:00:29 -05:00
|
|
|
self.step("starting directory server", self.__start)
|
2012-10-11 02:32:17 -05:00
|
|
|
self.start_creation(start_message="Upgrading IPA:",
|
|
|
|
show_service_name=False)
|
2010-05-27 10:58:31 -05:00
|
|
|
|
|
|
|
def __save_config(self):
|
2011-03-18 10:19:53 -05:00
|
|
|
shutil.copy2(self.filename, self.savefilename)
|
2015-04-28 03:04:31 -05:00
|
|
|
with open(self.filename, "rb") as in_file:
|
|
|
|
parser = GetEntryFromLDIF(in_file, entries_dn=["cn=config"])
|
|
|
|
parser.parse()
|
|
|
|
try:
|
|
|
|
config_entry = parser.get_results()["cn=config"]
|
|
|
|
except KeyError:
|
|
|
|
raise RuntimeError("Unable to find cn=config entry in %s" %
|
|
|
|
self.filename)
|
|
|
|
|
|
|
|
try:
|
|
|
|
port = config_entry['nsslapd-port'][0]
|
|
|
|
except KeyError:
|
|
|
|
pass
|
|
|
|
else:
|
|
|
|
self.backup_state('nsslapd-port', port)
|
2010-05-27 10:58:31 -05:00
|
|
|
|
2015-04-28 03:04:31 -05:00
|
|
|
try:
|
|
|
|
security = config_entry['nsslapd-security'][0]
|
|
|
|
except KeyError:
|
|
|
|
pass
|
|
|
|
else:
|
|
|
|
self.backup_state('nsslapd-security', security)
|
2010-05-27 10:58:31 -05:00
|
|
|
|
2015-04-27 03:34:25 -05:00
|
|
|
try:
|
|
|
|
global_lock = config_entry['nsslapd-global-backend-lock'][0]
|
|
|
|
except KeyError:
|
|
|
|
pass
|
|
|
|
else:
|
|
|
|
self.backup_state('nsslapd-global-backend-lock', global_lock)
|
|
|
|
|
|
|
|
def __enable_ds_global_write_lock(self):
|
|
|
|
ldif_outfile = "%s.modified.out" % self.filename
|
|
|
|
with open(ldif_outfile, "wb") as out_file:
|
|
|
|
with open(self.filename, "rb") as in_file:
|
2015-10-05 07:37:05 -05:00
|
|
|
parser = installutils.ModifyLDIF(in_file, out_file)
|
2015-04-27 03:34:25 -05:00
|
|
|
|
2015-10-05 07:37:05 -05:00
|
|
|
parser.replace_value(
|
|
|
|
"cn=config", "nsslapd-global-backend-lock", ["on"])
|
2015-04-27 03:34:25 -05:00
|
|
|
parser.parse()
|
|
|
|
|
|
|
|
shutil.copy2(ldif_outfile, self.filename)
|
|
|
|
|
2010-05-27 10:58:31 -05:00
|
|
|
def __restore_config(self):
|
|
|
|
port = self.restore_state('nsslapd-port')
|
|
|
|
security = self.restore_state('nsslapd-security')
|
2015-04-27 03:34:25 -05:00
|
|
|
global_lock = self.restore_state('nsslapd-global-backend-lock')
|
2010-05-27 10:58:31 -05:00
|
|
|
|
2015-04-28 03:04:31 -05:00
|
|
|
ldif_outfile = "%s.modified.out" % self.filename
|
|
|
|
with open(ldif_outfile, "wb") as out_file:
|
|
|
|
with open(self.filename, "rb") as in_file:
|
2015-10-05 07:37:05 -05:00
|
|
|
parser = installutils.ModifyLDIF(in_file, out_file)
|
2015-04-28 03:04:31 -05:00
|
|
|
|
|
|
|
if port is not None:
|
2015-10-05 07:37:05 -05:00
|
|
|
parser.replace_value("cn=config", "nsslapd-port", [port])
|
2015-04-28 03:04:31 -05:00
|
|
|
if security is not None:
|
2015-10-05 07:37:05 -05:00
|
|
|
parser.replace_value("cn=config", "nsslapd-security",
|
|
|
|
[security])
|
2015-04-28 03:04:31 -05:00
|
|
|
|
2015-04-27 03:34:25 -05:00
|
|
|
# disable global lock by default
|
|
|
|
parser.remove_value("cn=config", "nsslapd-global-backend-lock")
|
|
|
|
if global_lock is not None:
|
|
|
|
parser.add_value("cn=config", "nsslapd-global-backend-lock",
|
2015-10-05 07:37:05 -05:00
|
|
|
[global_lock])
|
2015-04-27 03:34:25 -05:00
|
|
|
|
2015-04-28 03:04:31 -05:00
|
|
|
parser.parse()
|
|
|
|
|
|
|
|
shutil.copy2(ldif_outfile, self.filename)
|
2010-05-27 10:58:31 -05:00
|
|
|
|
|
|
|
def __disable_listeners(self):
|
2015-04-28 03:04:31 -05:00
|
|
|
ldif_outfile = "%s.modified.out" % self.filename
|
|
|
|
with open(ldif_outfile, "wb") as out_file:
|
|
|
|
with open(self.filename, "rb") as in_file:
|
2015-10-05 07:37:05 -05:00
|
|
|
parser = installutils.ModifyLDIF(in_file, out_file)
|
|
|
|
parser.replace_value("cn=config", "nsslapd-port", ["0"])
|
|
|
|
parser.replace_value("cn=config", "nsslapd-security", ["off"])
|
2015-04-28 03:04:31 -05:00
|
|
|
parser.remove_value("cn=config", "nsslapd-ldapientrysearchbase")
|
|
|
|
parser.parse()
|
|
|
|
|
|
|
|
shutil.copy2(ldif_outfile, self.filename)
|
2010-05-27 10:58:31 -05:00
|
|
|
|
2013-04-26 08:21:35 -05:00
|
|
|
def __update_schema(self):
|
|
|
|
self.modified = schemaupdate.update_schema(
|
|
|
|
self.schema_files,
|
2015-03-17 06:23:06 -05:00
|
|
|
dm_password='', ldapi=True) or self.modified
|
2013-04-26 08:21:35 -05:00
|
|
|
|
2010-05-27 10:58:31 -05:00
|
|
|
def __upgrade(self):
|
2011-03-18 10:19:53 -05:00
|
|
|
try:
|
2015-03-18 09:46:00 -05:00
|
|
|
ld = ldapupdate.LDAPUpdate(dm_password='', ldapi=True)
|
2011-03-18 10:19:53 -05:00
|
|
|
if len(self.files) == 0:
|
|
|
|
self.files = ld.get_all_files(ldapupdate.UPDATES_DIR)
|
2015-03-13 08:59:26 -05:00
|
|
|
self.modified = (ld.update(self.files) or self.modified)
|
2015-05-12 06:31:57 -05:00
|
|
|
except ldapupdate.BadSyntax as e:
|
|
|
|
root_logger.error('Bad syntax in upgrade %s', e)
|
|
|
|
raise
|
|
|
|
except Exception as e:
|
2011-06-09 12:16:07 -05:00
|
|
|
# Bad things happened, return gracefully
|
2015-05-12 06:31:57 -05:00
|
|
|
root_logger.error('Upgrade failed with %s', e)
|
2011-11-23 15:52:40 -06:00
|
|
|
root_logger.debug('%s', traceback.format_exc())
|
2015-05-12 06:31:57 -05:00
|
|
|
raise RuntimeError(e)
|