IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

install: remove adhoc dis/connect from services

Browse Source 
Remove ldap_connect and ldap_disconnect from services. admin_conn is
just an alias to api.Backend.ldap2 and therefore the connection should
be managed elsewhere.

https://fedorahosted.org/freeipa/ticket/6461

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
Tomas Krizek 2016-10-26 17:00:12 +02:00 committed by Martin Basti
parent c51b04fae7
commit 03d113cdd7
16 changed files with 1 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ipaserver/install/adtrustinstance.py
View File

@ -282,9 +282,6 @@ class ADTRUSTInstance(service.Service):
to enable the sidgen plugin we have to reconnect to the directory
server.
"""
self.ldap_connect()
try:
dom_entry = self.admin_conn.get_entry(self.smb_dom_dn)
except errors.NotFound:
@ -777,8 +774,6 @@ class ADTRUSTInstance(service.Service):
self.__setup_sub_dict()
def find_local_id_range(self):
self.ldap_connect()
if self.admin_conn.get_entries(
DN(api.env.container_ranges, self.suffix),
ldap.SCOPE_ONELEVEL,
@ -821,9 +816,6 @@ class ADTRUSTInstance(service.Service):
self.admin_conn.add_entry(entry)
def create_instance(self):
self.ldap_connect()
self.step("stopping smbd", self.__stop)
self.step("creating samba domain object", \
self.__create_samba_domain_object)

3
ipaserver/install/bindinstance.py
View File

@ -698,9 +698,6 @@ class BindInstance(service.Service):
except Exception:
pass
# get a connection to the DS
self.ldap_connect()
for ip_address in self.ip_addresses:
if installutils.record_in_hosts(str(ip_address), self.fqdn) is None:
installutils.add_record_to_hosts(str(ip_address), self.fqdn)

14
ipaserver/install/cainstance.py
View File

@ -1192,9 +1192,6 @@ class CAInstance(DogtagInstance):
if fqdn is None:
fqdn = api.env.host
if not self.admin_conn:
self.ldap_connect()
dn = DN(('cn', 'CA'), ('cn', fqdn), ('cn', 'masters'), ('cn', 'ipa'),
('cn', 'etc'), api.env.basedn)
renewal_filter = '(ipaConfigString=caRenewalMaster)'
@ -1210,9 +1207,6 @@ class CAInstance(DogtagInstance):
if fqdn is None:
fqdn = api.env.host
if not self.admin_conn:
self.ldap_connect()
base_dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'),
api.env.basedn)
filter = '(&(cn=CA)(ipaConfigString=caRenewalMaster))'
@ -1270,9 +1264,6 @@ class CAInstance(DogtagInstance):
pki_ds_create_new_db is set to False
'''
if not self.admin_conn:
self.ldap_connect()
backend = 'ipaca'
suffix = DN(('o', 'ipaca'))
@ -1426,8 +1417,6 @@ class CAInstance(DogtagInstance):
root_logger.info('Creating principal')
installutils.kadmin_addprinc(principal)
self.suffix = ipautil.realm_to_suffix(self.realm)
if not self.admin_conn:
self.ldap_connect()
self.move_service(principal)
root_logger.info('Retrieving keytab')
@ -1460,9 +1449,6 @@ class CAInstance(DogtagInstance):
os.chown(keyfile, pent.pw_uid, pent.pw_gid)
def __add_lightweight_ca_tracking_requests(self):
if not self.admin_conn:
self.ldap_connect()
try:
lwcas = self.admin_conn.get_entries(
base_dn=api.env.basedn,

2
ipaserver/install/custodiainstance.py
View File

@ -156,8 +156,6 @@ class CustodiaInstance(SimpleServiceInstance):
# Add CA certificates
tmpdb = CertDB(self.realm, nssdir=tmpnssdir)
self.suffix = ipautil.realm_to_suffix(self.realm)
if self.admin_conn is not None:
self.ldap_disconnect()
self.import_ca_certs(tmpdb, True)
# Now that we gathered all certs, re-export

5
ipaserver/install/dns.py
View File

@ -70,19 +70,14 @@ def _disable_dnssec():
ods.uninstall() # needs keytab to flush the latest ods database
ods_exporter.uninstall()
ods.ldap_connect()
ods.ldap_disable('DNSSEC', api.env.host, api.env.basedn)
ods.ldap_remove_service_container('DNSSEC', api.env.host, api.env.basedn)
ods_exporter.ldap_connect()
ods_exporter.ldap_disable('DNSKeyExporter', api.env.host, api.env.basedn)
ods_exporter.remove_service()
ods_exporter.ldap_remove_service_container('DNSKeyExporter', api.env.host,
api.env.basedn)
ods.ldap_disconnect()
ods_exporter.ldap_disconnect()
conn = api.Backend.ldap2
dn = DN(('cn', 'DNSSEC'), ('cn', api.env.host), ('cn', 'masters'),
('cn', 'ipa'), ('cn', 'etc'), api.env.basedn)

2
ipaserver/install/dnskeysyncinstance.py
View File

@ -125,8 +125,6 @@ class DNSKeySyncInstance(service.Service):
except Exception:
pass
# get a connection to the DS
self.ldap_connect()
# checking status step must be first
self.step("checking status", self.__check_dnssec_status)
self.step("setting up bind-dyndb-ldap working directory",

8
ipaserver/install/dogtaginstance.py
View File

@ -432,10 +432,6 @@ class DogtagInstance(service.Service):
def setup_admin(self):
self.admin_user = "admin-%s" % self.fqdn
self.admin_password = binascii.hexlify(os.urandom(16))
if not self.admin_conn:
self.ldap_connect()
self.admin_dn = DN(('uid', self.admin_user),
('ou', 'people'), ('o', 'ipaca'))
@ -480,10 +476,6 @@ class DogtagInstance(service.Service):
pass
def teardown_admin(self):
if not self.admin_conn:
self.ldap_connect()
for group in self.admin_groups:
self.__remove_admin_from_group(group)
self.admin_conn.delete_entry(self.admin_dn)

20
ipaserver/install/dsinstance.py
View File

@ -428,18 +428,10 @@ class DsInstance(service.Service):
r_bindpw=self.dm_password)
self.run_init_memberof = repl.needs_memberof_fixup()
# Now that the server is up make sure all changes happen against
# the local server (as repica pomotion does not have the DM password.
if self.admin_conn:
self.ldap_disconnect()
def __configure_sasl_mappings(self):
# we need to remove any existing SASL mappings in the directory as otherwise they
# they may conflict.
if not self.admin_conn:
self.ldap_connect()
try:
res = self.admin_conn.get_entries(
DN(('cn', 'mapping'), ('cn', 'sasl'), ('cn', 'config')),
@ -1102,9 +1094,6 @@ class DsInstance(service.Service):
"""
Add sidgen plugin configuration only if it does not already exist.
"""
if not self.admin_conn:
self.ldap_connect()
dn = DN('cn=IPA SIDGEN,cn=plugins,cn=config')
try:
self.admin_conn.get_entry(dn)
@ -1123,9 +1112,6 @@ class DsInstance(service.Service):
"""
Add extdom configuration if it does not already exist.
"""
if not self.admin_conn:
self.ldap_connect()
dn = DN('cn=ipa_extdom_extop,cn=plugins,cn=config')
try:
self.admin_conn.get_entry(dn)
@ -1135,8 +1121,6 @@ class DsInstance(service.Service):
root_logger.debug("extdom plugin is already configured")
def replica_populate(self):
self.ldap_connect()
dn = DN(('cn', 'default'), ('ou', 'profile'), self.suffix)
try:
entry = self.admin_conn.get_entry(dn)
@ -1152,8 +1136,6 @@ class DsInstance(service.Service):
except ldap.TYPE_OR_VALUE_EXISTS:
pass
self.ldap_disconnect()
def find_subject_base(self):
"""
Try to find the current value of certificate subject base.
@ -1302,8 +1284,6 @@ class DsInstance(service.Service):
('cn', 'config'))
dna_config_base = DN(('cn', 'posix IDs'), dna_plugin)
if not self.admin_conn:
self.ldap_connect()
conn = self.admin_conn
# Check the plugin is enabled else it is useless to update

4
ipaserver/install/httpinstance.py
View File

@ -150,10 +150,6 @@ class HTTPInstance(service.Service):
self.ca_is_configured = ca_is_configured
self.promote = promote
# get a connection to the DS
self.ldap_connect()
self.step("setting mod_nss port to 443", self.__set_mod_nss_port)
self.step("setting mod_nss cipher suite",
self.set_mod_nss_cipher_suite)

1
ipaserver/install/kra.py
View File

@ -101,7 +101,6 @@ def uninstall(standalone):
kra = krainstance.KRAInstance(api.env.realm)
if standalone:
kra.ldap_connect()
try:
kra.admin_conn.delete_entry(DN(('cn', 'KRA'), ('cn', api.env.host),
('cn', 'masters'), ('cn', 'ipa'),

4
ipaserver/install/krainstance.py
View File

@ -318,10 +318,6 @@ class KRAInstance(DogtagInstance):
self.log.debug("Vault container already exists")
else:
self.log.error("Failed to add vault container: {0}".format(e))
finally:
# we need to disconnect from LDAP, because _ldap_mod() makes the
# connection without actually using it
self.ldap_disconnect()
def __apply_updates(self):
sub_dict = {

3
ipaserver/install/krbinstance.py
View File

@ -130,9 +130,6 @@ class KrbInstance(service.Service):
self.__setup_sub_dict()
# get a connection to the DS
self.ldap_connect()
self.backup_state("running", self.is_running())
try:
self.stop()

2
ipaserver/install/odsexporterinstance.py
View File

@ -48,8 +48,6 @@ class ODSExporterInstance(service.Service):
except Exception:
pass
# get a connection to the DS
self.ldap_connect()
# checking status step must be first
self.step("checking status", self.__check_dnssec_status)
self.step("setting up DNS Key Exporter", self.__setup_key_exporter)

5
ipaserver/install/opendnssecinstance.py
View File

@ -82,8 +82,6 @@ class OpenDNSSECInstance(service.Service):
suffix = ipautil.dn_attribute_property('_suffix')
def get_masters(self):
if not self.admin_conn:
self.ldap_connect()
return get_dnssec_key_masters(self.admin_conn)
def create_instance(self, fqdn, realm_name, generate_master_key=True,
@ -102,9 +100,6 @@ class OpenDNSSECInstance(service.Service):
except Exception:
pass
# get a connection to the DS
if not self.admin_conn:
self.ldap_connect()
# checking status must be first
self.step("checking status", self.__check_dnssec_status)
self.step("setting up configuration files", self.__setup_conf_files)

3
ipaserver/install/server/upgrade.py
View File

@ -1614,10 +1614,8 @@ def upgrade_configuration():
ds.suffix = ipautil.realm_to_suffix(api.env.realm)
ds.principal = "ldap/%s@%s" % (ds.fqdn, ds.realm)
ds.ldap_connect()
ds_enable_sidgen_extdom_plugins(ds)
ds.update_dna_shared_config()
ds.ldap_disconnect()
# Now 389-ds is available, run the remaining http tasks
if not http.is_kdcproxy_configured():
@ -1627,7 +1625,6 @@ def upgrade_configuration():
ds.start()
http.ldapi = True
http.suffix = ipautil.realm_to_suffix(api.env.realm)
http.ldap_connect()
httpinstance.create_kdcproxy_user()
http.create_kdcproxy_conf()
http.enable_kdcproxy()

46
ipaserver/install/service.py
View File

@ -30,7 +30,6 @@ from ipapython.ipa_log_manager import root_logger
from ipalib import api, errors, certstore
from ipaplatform import services
from ipaplatform.paths import paths
from ipapython.ipaldap import LDAPClient
# The service name as stored in cn=masters,cn=ipa,cn=etc. In the tuple
@ -154,22 +153,8 @@ class Service(object):
def admin_conn(self):
"""
alias for api.Backend.ldap2
:returns: None when ldap2 is not connected, ldap2 connection otherwise
"""
conn = api.Backend.ldap2
if conn.isconnected():
return conn
return None
def ldap_connect(self):
"""connect to ldap with installer's limits"""
if not self.admin_conn:
api.Backend.ldap2.connect(size_limit=LDAPClient.size_limit,
time_limit=LDAPClient.time_limit)
def ldap_disconnect(self):
"""close the api.Backend.ldap2 connection"""
api.Backend.ldap2.disconnect()
return api.Backend.ldap2
def _ldap_mod(self, ldif, sub_dict=None, raise_on_err=True,
ldap_uri=None, dm_password=None):
@ -194,8 +179,6 @@ class Service(object):
# As we always connect to the local host,
# use URI of admin connection
if not ldap_uri:
if not self.admin_conn:
self.ldap_connect()
ldap_uri = self.admin_conn.ldap_uri
args += ["-H", ldap_uri]
@ -256,9 +239,6 @@ class Service(object):
The principal needs to be fully-formed: service/host@REALM
"""
if not self.admin_conn:
self.ldap_connect()
dn = DN(('krbprincipalname', principal), ('cn', 'services'), ('cn', 'accounts'), self.suffix)
hostdn = DN(('fqdn', self.fqdn), ('cn', 'computers'), ('cn', 'accounts'), self.suffix)
entry = self.admin_conn.make_entry(
@ -279,21 +259,6 @@ class Service(object):
This server cert should be in DER format.
"""
# add_cert_to_service() is relatively rare operation
# we actually call it twice during ipa-server-install, for different
# instances: ds and cs. Unfortunately, it may happen that admin
# connection was created well before add_cert_to_service() is called
# If there are other operations in between, it will become stale and
# since we are using SimpleLDAPObject, not ReconnectLDAPObject, the
# action will fail. Thus, explicitly disconnect and connect again.
# Using ReconnectLDAPObject instead of SimpleLDAPObject was considered
# but consequences for other parts of the framework are largely
# unknown.
if self.admin_conn:
self.ldap_disconnect()
self.ldap_connect()
dn = DN(('krbprincipalname', self.principal), ('cn', 'services'),
('cn', 'accounts'), self.suffix)
entry = self.admin_conn.get_entry(dn)
@ -305,8 +270,6 @@ class Service(object):
def import_ca_certs(self, db, ca_is_configured, conn=None):
if conn is None:
if not self.admin_conn:
self.ldap_connect()
conn = self.admin_conn
try:
@ -455,8 +418,6 @@ class Service(object):
config=[]):
assert isinstance(ldap_suffix, DN)
self.disable()
if not self.admin_conn:
self.ldap_connect()
entry_name = DN(('cn', name), ('cn', fqdn), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), ldap_suffix)
@ -502,8 +463,6 @@ class Service(object):
def ldap_disable(self, name, fqdn, ldap_suffix):
assert isinstance(ldap_suffix, DN)
if not self.admin_conn:
self.ldap_connect()
entry_dn = DN(('cn', name), ('cn', fqdn), ('cn', 'masters'),
('cn', 'ipa'), ('cn', 'etc'), ldap_suffix)
@ -539,9 +498,6 @@ class Service(object):
root_logger.debug("service %s startup entry disabled", name)
def ldap_remove_service_container(self, name, fqdn, ldap_suffix):
if not self.admin_conn:
self.ldap_connect()
entry_dn = DN(('cn', name), ('cn', fqdn), ('cn', 'masters'),
('cn', 'ipa'), ('cn', 'etc'), ldap_suffix)
try: