mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-11 00:31:56 -06:00
Synchronize hidden state from IPA master role
ipa-{adtrust|ca|dns|kra}-install on a hidden replica also installs the new service as hidden service. Fixes: https://pagure.io/freeipa/issue/7892 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Francois Cami <fcami@redhat.com> Reviewed-By: Thomas Woerner <twoerner@redhat.com>
This commit is contained in:
parent
e7e0f190bb
commit
8b1bb211c4
@ -213,7 +213,7 @@ def main():
|
||||
adtrust.install(True, options, fstore, api)
|
||||
|
||||
# Enable configured services and update DNS SRV records
|
||||
service.enable_services(api.env.host)
|
||||
service.sync_services_state(api.env.host)
|
||||
api.Command.dns_update_system_records()
|
||||
|
||||
print("""
|
||||
|
@ -306,7 +306,7 @@ def main():
|
||||
api.Backend.ldap2.connect()
|
||||
|
||||
# Enable configured services and update DNS SRV records
|
||||
service.enable_services(api.env.host)
|
||||
service.sync_services_state(api.env.host)
|
||||
api.Command.dns_update_system_records()
|
||||
api.Backend.ldap2.disconnect()
|
||||
|
||||
|
@ -220,6 +220,6 @@ class KRAInstaller(KRAInstall):
|
||||
api.Backend.ldap2.connect()
|
||||
|
||||
# Enable configured services and update DNS SRV records
|
||||
service.enable_services(api.env.host)
|
||||
service.sync_services_state(api.env.host)
|
||||
api.Command.dns_update_system_records()
|
||||
api.Backend.ldap2.disconnect()
|
||||
|
@ -41,6 +41,7 @@ from ipaplatform.paths import paths
|
||||
from ipaserver.masters import (
|
||||
CONFIGURED_SERVICE, ENABLED_SERVICE, HIDDEN_SERVICE, SERVICE_LIST
|
||||
)
|
||||
from ipaserver.servroles import HIDDEN
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
@ -202,6 +203,27 @@ def hide_services(fqdn):
|
||||
_set_services_state(fqdn, HIDDEN_SERVICE)
|
||||
|
||||
|
||||
def sync_services_state(fqdn):
|
||||
"""Synchronize services state from IPA master role state
|
||||
|
||||
Hide all services if the IPA master role state is in hidden state.
|
||||
Otherwise enable all services.
|
||||
|
||||
:param fqdn: hostname of server
|
||||
"""
|
||||
result = api.Command.server_role_find(
|
||||
server_server=fqdn,
|
||||
role_servrole='IPA master',
|
||||
status=HIDDEN
|
||||
)
|
||||
if result['count']:
|
||||
# one hidden server role
|
||||
hide_services(fqdn)
|
||||
else:
|
||||
# IPA master is either enabled or configured, enable all
|
||||
enable_services(fqdn)
|
||||
|
||||
|
||||
def _set_services_state(fqdn, dest_state):
|
||||
"""Change all services of a host
|
||||
|
||||
|
@ -740,9 +740,11 @@ class TestHiddenReplicaPromotion(IntegrationTest):
|
||||
# hidden replica with CA and DNS
|
||||
tasks.install_replica(
|
||||
cls.master, cls.replicas[0],
|
||||
setup_dns=True, setup_kra=True,
|
||||
setup_dns=True, setup_kra=False,
|
||||
extra_args=('--hidden-replica',)
|
||||
)
|
||||
# manually install KRA to verify that hidden state is synced
|
||||
tasks.install_kra(cls.replicas[0])
|
||||
|
||||
def _check_dnsrecords(self, hosts_expected, hosts_unexpected=()):
|
||||
domain = DNSName(self.master.domain.name).make_absolute()
|
||||
|
Loading…
Reference in New Issue
Block a user