IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Server Upgrade: enable DS global lock during upgrade

Browse Source 
https://fedorahosted.org/freeipa/ticket/4925

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
This commit is contained in:
Martin Basti 2015-04-27 10:34:25 +02:00 committed by Petr Vobornik
parent 882ce85ad5
commit 5db962d167
3 changed files with 37 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
freeipa.spec.in
View File

@ -33,7 +33,7 @@ Source0: freeipa-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
%if ! %{ONLY_CLIENT} %if ! %{ONLY_CLIENT}
BuildRequires: 389-ds-base-devel >= 1.3.3.8 BuildRequires: 389-ds-base-devel >= 1.3.3.9
BuildRequires: svrcore-devel BuildRequires: svrcore-devel
BuildRequires: policycoreutils >= 2.1.12-5 BuildRequires: policycoreutils >= 2.1.12-5
BuildRequires: systemd-units BuildRequires: systemd-units
@ -108,7 +108,7 @@ Group: System Environment/Base
Requires: %{name}-python = %{version}-%{release} Requires: %{name}-python = %{version}-%{release}
Requires: %{name}-client = %{version}-%{release} Requires: %{name}-client = %{version}-%{release}
Requires: %{name}-admintools = %{version}-%{release} Requires: %{name}-admintools = %{version}-%{release}
Requires: 389-ds-base >= 1.3.3.8 Requires: 389-ds-base >= 1.3.3.9
Requires: openldap-clients > 2.4.35-4 Requires: openldap-clients > 2.4.35-4
Requires: nss >= 3.14.3-12.0 Requires: nss >= 3.14.3-12.0
Requires: nss-tools >= 3.14.3-12.0 Requires: nss-tools >= 3.14.3-12.0
@ -143,7 +143,7 @@ Requires: zip
Requires: policycoreutils >= 2.1.12-5 Requires: policycoreutils >= 2.1.12-5
Requires: tar Requires: tar
Requires(pre): certmonger >= 0.76.8 Requires(pre): certmonger >= 0.76.8
Requires(pre): 389-ds-base >= 1.3.3.8 Requires(pre): 389-ds-base >= 1.3.3.9
Requires: fontawesome-fonts Requires: fontawesome-fonts
Requires: open-sans-fonts Requires: open-sans-fonts
Requires: openssl Requires: openssl

7
ipaserver/install/dsinstance.py
View File

@ -36,6 +36,7 @@ import ldap
from ipaserver.install import ldapupdate from ipaserver.install import ldapupdate
from ipaserver.install import replication from ipaserver.install import replication
from ipaserver.install import sysupgrade from ipaserver.install import sysupgrade
from ipaserver.install import upgradeinstance
from ipalib import api from ipalib import api
from ipalib import certstore from ipalib import certstore
from ipalib import errors from ipalib import errors
@ -504,10 +505,8 @@ class DsInstance(service.Service):
conn.unbind() conn.unbind()
def apply_updates(self): def apply_updates(self):
ld = ldapupdate.LDAPUpdate(dm_password=self.dm_password, data_upgrade = upgradeinstance.IPAUpgrade(self.realm)
sub_dict=self.sub_dict) data_upgrade.create_instance()
files = ld.get_all_files(ldapupdate.UPDATES_DIR)
ld.update(files)
installutils.store_version() installutils.store_version()

31
ipaserver/install/upgradeinstance.py
View File

@ -25,6 +25,7 @@ import random
import traceback import traceback
from ipaplatform.paths import paths from ipaplatform.paths import paths
from ipapython.ipa_log_manager import * from ipapython.ipa_log_manager import *
from ipapython import ipaldap
from ipaserver.install import installutils from ipaserver.install import installutils
from ipaserver.install import schemaupdate from ipaserver.install import schemaupdate
@ -170,6 +171,7 @@ class IPAUpgrade(service.Service):
self.upgradefailed = False self.upgradefailed = False
self.serverid = serverid self.serverid = serverid
self.schema_files = schema_files self.schema_files = schema_files
self.realm = realm_name
def __start_nowait(self): def __start_nowait(self):
# Don't wait here because we've turned off port 389. The connection # Don't wait here because we've turned off port 389. The connection
@ -184,6 +186,7 @@ class IPAUpgrade(service.Service):
self.step("stopping directory server", self.__stop_instance) self.step("stopping directory server", self.__stop_instance)
self.step("saving configuration", self.__save_config) self.step("saving configuration", self.__save_config)
self.step("disabling listeners", self.__disable_listeners) self.step("disabling listeners", self.__disable_listeners)
self.step("enabling DS global lock", self.__enable_ds_global_write_lock)
self.step("starting directory server", self.__start_nowait) self.step("starting directory server", self.__start_nowait)
if self.schema_files: if self.schema_files:
self.step("updating schema", self.__update_schema) self.step("updating schema", self.__update_schema)
@ -223,9 +226,31 @@ class IPAUpgrade(service.Service):
else: else:
self.backup_state('nsslapd-security', security) self.backup_state('nsslapd-security', security)
try:
global_lock = config_entry['nsslapd-global-backend-lock'][0]
except KeyError:
pass
else:
self.backup_state('nsslapd-global-backend-lock', global_lock)
def __enable_ds_global_write_lock(self):
ldif_outfile = "%s.modified.out" % self.filename
with open(ldif_outfile, "wb") as out_file:
ldif_writer = ldif.LDIFWriter(out_file)
with open(self.filename, "rb") as in_file:
parser = ModifyLDIF(in_file, ldif_writer)
parser.remove_value("cn=config", "nsslapd-global-backend-lock")
parser.add_value("cn=config", "nsslapd-global-backend-lock",
"on")
parser.parse()
shutil.copy2(ldif_outfile, self.filename)
def __restore_config(self): def __restore_config(self):
port = self.restore_state('nsslapd-port') port = self.restore_state('nsslapd-port')
security = self.restore_state('nsslapd-security') security = self.restore_state('nsslapd-security')
global_lock = self.restore_state('nsslapd-global-backend-lock')
ldif_outfile = "%s.modified.out" % self.filename ldif_outfile = "%s.modified.out" % self.filename
with open(ldif_outfile, "wb") as out_file: with open(ldif_outfile, "wb") as out_file:
@ -240,6 +265,12 @@ class IPAUpgrade(service.Service):
parser.remove_value("cn=config", "nsslapd-security") parser.remove_value("cn=config", "nsslapd-security")
parser.add_value("cn=config", "nsslapd-security", security) parser.add_value("cn=config", "nsslapd-security", security)
# disable global lock by default
parser.remove_value("cn=config", "nsslapd-global-backend-lock")
if global_lock is not None:
parser.add_value("cn=config", "nsslapd-global-backend-lock",
global_lock)
parser.parse() parser.parse()
shutil.copy2(ldif_outfile, self.filename) shutil.copy2(ldif_outfile, self.filename)