rpc: specify connection options in API config

Specify RPC connection options once in API.bootstrap rather than in each invocation of rpcclient.connect. https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka <dkupka@redhat.com>
2025-02-25 18:55:28 -06:00 · 2016-05-25 12:31:03 +02:00 · 2016-05-25 12:31:03 +02:00 · 56c66f44a0
commit 56c66f44a0
parent e056b8dea2
11 changed files with 78 additions and 75 deletions
--- a/client/ipa-client-install
+++ b/client/ipa-client-install
@ -2725,62 +2725,66 @@ def install(options, env, fstore, statestore):

    # Configure ipa.conf
    if not options.on_master:
-        configure_ipa_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, hostname)
+        configure_ipa_conf(fstore, cli_basedn, cli_realm, cli_domain,
+                           cli_server, hostname)
        root_logger.info("Created /etc/ipa/default.conf")

-    api.bootstrap(context='cli_installer', debug=options.debug)
-    api.finalize()
-    if 'config_loaded' not in api.env:
-        root_logger.error("Failed to initialize IPA API.")
-        return CLIENT_INSTALL_ERROR
-
-    # Always back up sssd.conf. It gets updated by authconfig --enablekrb5.
-    fstore.backup_file(paths.SSSD_CONF)
-    if options.sssd:
-        if configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options, client_domain, hostname):
-            return CLIENT_INSTALL_ERROR
-        root_logger.info("Configured /etc/sssd/sssd.conf")
-
-    if options.on_master:
-        # If on master assume kerberos is already configured properly.
-        # Get the host TGT.
-        try:
-            ipautil.kinit_keytab(host_principal, paths.KRB5_KEYTAB,
-                                 CCACHE_FILE,
-                                 attempts=options.kinit_attempts)
-            os.environ['KRB5CCNAME'] = CCACHE_FILE
-        except gssapi.exceptions.GSSError as e:
-            root_logger.error("Failed to obtain host TGT: %s" % e)
-            return CLIENT_INSTALL_ERROR
-    else:
-        # Configure krb5.conf
-        fstore.backup_file(paths.KRB5_CONF)
-        if configure_krb5_conf(
-                cli_realm=cli_realm,
-                cli_domain=cli_domain,
-                cli_server=cli_server,
-                cli_kdc=cli_kdc,
-                dnsok=dnsok,
-                options=options,
-                filename=paths.KRB5_CONF,
-                client_domain=client_domain,
-                client_hostname=hostname):
-            return CLIENT_INSTALL_ERROR
-
-        root_logger.info(
-            "Configured /etc/krb5.conf for IPA realm %s", cli_realm)
-
-    # Clear out any current session keyring information
-    try:
-        delete_persistent_client_session_data(host_principal)
-    except ValueError:
-        pass
-
-    ca_certs = x509.load_certificate_list_from_file(CACERT)
-    ca_certs = [cert.der_data for cert in ca_certs]
-
    with certdb.NSSDatabase() as tmp_db:
+        api.bootstrap(context='cli_installer',
+                      debug=options.debug,
+                      delegate=False,
+                      nss_dir=tmp_db.secdir)
+        api.finalize()
+        if 'config_loaded' not in api.env:
+            root_logger.error("Failed to initialize IPA API.")
+            return CLIENT_INSTALL_ERROR
+
+        # Always back up sssd.conf. It gets updated by authconfig --enablekrb5.
+        fstore.backup_file(paths.SSSD_CONF)
+        if options.sssd:
+            if configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server,
+                                   options, client_domain, hostname):
+                return CLIENT_INSTALL_ERROR
+            root_logger.info("Configured /etc/sssd/sssd.conf")
+
+        if options.on_master:
+            # If on master assume kerberos is already configured properly.
+            # Get the host TGT.
+            try:
+                ipautil.kinit_keytab(host_principal, paths.KRB5_KEYTAB,
+                                     CCACHE_FILE,
+                                     attempts=options.kinit_attempts)
+                os.environ['KRB5CCNAME'] = CCACHE_FILE
+            except gssapi.exceptions.GSSError as e:
+                root_logger.error("Failed to obtain host TGT: %s" % e)
+                return CLIENT_INSTALL_ERROR
+        else:
+            # Configure krb5.conf
+            fstore.backup_file(paths.KRB5_CONF)
+            if configure_krb5_conf(
+                    cli_realm=cli_realm,
+                    cli_domain=cli_domain,
+                    cli_server=cli_server,
+                    cli_kdc=cli_kdc,
+                    dnsok=dnsok,
+                    options=options,
+                    filename=paths.KRB5_CONF,
+                    client_domain=client_domain,
+                    client_hostname=hostname):
+                return CLIENT_INSTALL_ERROR
+
+            root_logger.info(
+                "Configured /etc/krb5.conf for IPA realm %s", cli_realm)
+
+        # Clear out any current session keyring information
+        try:
+            delete_persistent_client_session_data(host_principal)
+        except ValueError:
+            pass
+
        # Add CA certs to a temporary NSS database
+        ca_certs = x509.load_certificate_list_from_file(CACERT)
+        ca_certs = [cert.der_data for cert in ca_certs]
        try:
            pwd_file = ipautil.write_tmp_file(ipautil.ipa_generate_password())
            tmp_db.create_db(pwd_file.name)
@ -2794,8 +2798,7 @@ def install(options, env, fstore, statestore):
        # Now, let's try to connect to the server's RPC interface
        connected = False
        try:
-            api.Backend.rpcclient.connect(delegate=False,
-                                          nss_dir=tmp_db.secdir)
+            api.Backend.rpcclient.connect()
            connected = True
            root_logger.debug("Try RPC connection")
            api.Backend.rpcclient.forward('ping')
@ -2806,8 +2809,7 @@ def install(options, env, fstore, statestore):
                "Cannot connect to the server due to Kerberos error: %s. "
                "Trying with delegate=True", e)
            try:
-                api.Backend.rpcclient.connect(delegate=True,
-                                              nss_dir=tmp_db.secdir)
+                api.Backend.rpcclient.connect(delegate=True)
                root_logger.debug("Try RPC connection")
                api.Backend.rpcclient.forward('ping')

--- a/install/tools/ipa-replica-conncheck
+++ b/install/tools/ipa-replica-conncheck
@ -453,8 +453,6 @@ def main():

                xmlrpc_uri = ('https://%s/ipa/xml' %
                              ipautil.format_netloc(options.master))
-                api.bootstrap(context='client', xmlrpc_uri=xmlrpc_uri)
-                api.finalize()

                if options.ca_cert_file:
                    nss_dir = None
@ -462,6 +460,10 @@ def main():
                    nss_dir = paths.IPA_NSSDB_DIR

                with certdb.NSSDatabase(nss_dir) as nss_db:
+                    api.bootstrap(context='client', xmlrpc_uri=xmlrpc_uri,
+                                  nss_dir=nss_db.secdir)
+                    api.finalize()
+
                    if options.ca_cert_file:
                        nss_dir = nss_db.secdir

@ -480,7 +482,7 @@ def main():
                        nss_dir = None

                    try:
-                        api.Backend.rpcclient.connect(nss_dir=nss_dir)
+                        api.Backend.rpcclient.connect()
                        api.Command.ping()
                    except Exception as e:
                        print_info(
--- a/ipalib/init.py
+++ b/ipalib/init.py
@ -949,7 +949,7 @@ api = create_api(mode=None)

 if os.environ.get('IPA_UNIT_TEST_MODE', None) == 'cli_test':
    from ipalib.cli import cli_plugins
-    api.bootstrap(context='cli', in_server=False, in_tree=True)
+    api.bootstrap(context='cli', in_server=False, in_tree=True, fallback=False)
    for klass in cli_plugins:
        api.add_plugin(klass)
    api.finalize()
--- a/ipalib/backend.py
+++ b/ipalib/backend.py
@ -122,8 +122,7 @@ class Executioner(Backend):
        if self.env.in_server:
            self.Backend.ldap2.connect(ccache=ccache)
        else:
-            self.Backend.rpcclient.connect(verbose=self.env.verbose,
-                fallback=self.env.fallback, delegate=self.env.delegate)
+            self.Backend.rpcclient.connect()
        if client_ip is not None:
            setattr(context, "client_ip", client_ip)

--- a/ipatests/test_cmdline/test_cli.py
+++ b/ipatests/test_cmdline/test_cli.py
@ -33,7 +33,7 @@ class TestCLIParsing(object):
    def run_command(self, command_name, **kw):
        """Run a command on the server"""
        if not api.Backend.rpcclient.isconnected():
-            api.Backend.rpcclient.connect(fallback=False)
+            api.Backend.rpcclient.connect()
        try:
            api.Command[command_name](**kw)
        except errors.NetworkError:
--- a/ipatests/test_ipalib/test_rpc.py
+++ b/ipatests/test_ipalib/test_rpc.py
@ -267,7 +267,7 @@ class test_xml_introspection(object):
    @classmethod
    def setup_class(self):
        try:
-            api.Backend.xmlclient.connect(fallback=False)
+            api.Backend.xmlclient.connect()
        except (errors.NetworkError, IOError):
            raise nose.SkipTest('%r: Server not available: %r' %
                                (__name__, api.env.xmlrpc_uri))
--- a/ipatests/test_xmlrpc/test_dns_plugin.py
+++ b/ipatests/test_xmlrpc/test_dns_plugin.py
@ -429,7 +429,7 @@ class test_dns(Declarative):
        super(test_dns, cls).setup_class()

        if not api.Backend.rpcclient.isconnected():
-            api.Backend.rpcclient.connect(fallback=False)
+            api.Backend.rpcclient.connect()

        if not have_ldap2:
            raise nose.SkipTest('server plugin not available')
@ -3163,7 +3163,7 @@ class test_root_zone(Declarative):
        super(test_root_zone, cls).setup_class()

        if not api.Backend.rpcclient.isconnected():
-            api.Backend.rpcclient.connect(fallback=False)
+            api.Backend.rpcclient.connect()

        if not have_ldap2:
            raise nose.SkipTest('server plugin not available')
@ -3246,7 +3246,7 @@ class test_forward_zones(Declarative):
        super(test_forward_zones, cls).setup_class()

        if not api.Backend.rpcclient.isconnected():
-            api.Backend.rpcclient.connect(fallback=False)
+            api.Backend.rpcclient.connect()

        if not have_ldap2:
            raise nose.SkipTest('server plugin not available')
@ -4463,7 +4463,7 @@ class test_forward_master_zones_mutual_exlusion(Declarative):
        super(test_forward_master_zones_mutual_exlusion, cls).setup_class()

        if not api.Backend.rpcclient.isconnected():
-            api.Backend.rpcclient.connect(fallback=False)
+            api.Backend.rpcclient.connect()

        if not have_ldap2:
            raise nose.SkipTest('server plugin not available')
@ -4838,7 +4838,7 @@ class test_forwardzone_delegation_warnings(Declarative):
        super(test_forwardzone_delegation_warnings, cls).setup_class()

        if not api.Backend.rpcclient.isconnected():
-            api.Backend.rpcclient.connect(fallback=False)
+            api.Backend.rpcclient.connect()

        if not have_ldap2:
            raise nose.SkipTest('server plugin not available')
@ -5349,7 +5349,7 @@ class test_dns_soa(Declarative):
        super(test_dns_soa, cls).setup_class()

        if not api.Backend.rpcclient.isconnected():
-            api.Backend.rpcclient.connect(fallback=False)
+            api.Backend.rpcclient.connect()

        if not have_ldap2:
            raise nose.SkipTest('server plugin not available')
--- a/ipatests/test_xmlrpc/test_external_members.py
+++ b/ipatests/test_xmlrpc/test_external_members.py
@ -49,7 +49,7 @@ class test_external_members(Declarative):
    def setup_class(cls):
        super(test_external_members, cls).setup_class()
        if not api.Backend.rpcclient.isconnected():
-            api.Backend.rpcclient.connect(fallback=False)
+            api.Backend.rpcclient.connect()

        trusts = api.Command['trust_find']()
        if trusts['count'] == 0:
--- a/ipatests/test_xmlrpc/test_trust_plugin.py
+++ b/ipatests/test_xmlrpc/test_trust_plugin.py
@ -51,7 +51,7 @@ class test_trustconfig(Declarative):
    def setup_class(cls):
        super(test_trustconfig, cls).setup_class()
        if not api.Backend.rpcclient.isconnected():
-            api.Backend.rpcclient.connect(fallback=False)
+            api.Backend.rpcclient.connect()
        try:
           api.Command['trustconfig_show'](trust_type=u'ad')
        except errors.NotFound:
--- a/ipatests/test_xmlrpc/test_vault_plugin.py
+++ b/ipatests/test_xmlrpc/test_vault_plugin.py
@ -131,7 +131,7 @@ class test_vault_plugin(Declarative):
    @classmethod
    def setup_class(cls):
        if not api.Backend.rpcclient.isconnected():
-            api.Backend.rpcclient.connect(fallback=False)
+            api.Backend.rpcclient.connect()

        if not api.Command.kra_is_enabled()['result']:
            raise nose.SkipTest('KRA service is not enabled')
--- a/ipatests/test_xmlrpc/xmlrpc_test.py
+++ b/ipatests/test_xmlrpc/xmlrpc_test.py
@ -111,7 +111,7 @@ def fuzzy_set_ci(s):

 try:
    if not api.Backend.rpcclient.isconnected():
-        api.Backend.rpcclient.connect(fallback=False)
+        api.Backend.rpcclient.connect()
    res = api.Command['user_show'](u'notfound')
 except errors.NetworkError:
    server_available = False
@ -186,7 +186,7 @@ class XMLRPC_test(object):
            raise nose.SkipTest('%r: Server not available: %r' %
                                (cls.__module__, api.env.xmlrpc_uri))
        if not api.Backend.rpcclient.isconnected():
-            api.Backend.rpcclient.connect(fallback=False)
+            api.Backend.rpcclient.connect()

    @classmethod
    def teardown_class(cls):