replica install: add remote connection check over API

Add server_conncheck command which calls ipa-replica-conncheck --replica over oddjob. https://fedorahosted.org/freeipa/ticket/5497 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> Reviewed-By: Tomas Babej <tbabej@redhat.com>
2025-02-25 18:55:28 -06:00 · 2015-12-09 08:18:21 +01:00
parent 00f591d4e9
commit 8d7f67e08c
20 changed files with 299 additions and 77 deletions
--- a/install/oddjob/Makefile.am
+++ b/install/oddjob/Makefile.am
@@ -6,14 +6,17 @@ dbusconfdir = $(sysconfdir)/dbus-1/system.d

 oddjob_SCRIPTS =				\
 	com.redhat.idm.trust-fetch-domains	\
+	org.freeipa.server.conncheck		\
 	$(NULL)

 dbusconf_DATA =						\
 	etc/dbus-1/system.d/oddjob-ipa-trust.conf	\
+	etc/dbus-1/system.d/org.freeipa.server.conf	\
 	$(NULL)

 oddjobconf_DATA =					\
 	etc/oddjobd.conf.d/oddjobd-ipa-trust.conf	\
+	etc/oddjobd.conf.d/ipa-server.conf		\
 	$(NULL)


--- a/install/oddjob/etc/dbus-1/system.d/org.freeipa.server.conf
+++ b/install/oddjob/etc/dbus-1/system.d/org.freeipa.server.conf
@@ -0,0 +1,21 @@
+<!DOCTYPE busconfig PUBLIC
+ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+
+<busconfig>
+
+  <policy user="root">
+    <allow own="org.freeipa.server"/>
+
+    <allow send_destination="org.freeipa.server" send_interface="org.freeipa.server"/>
+  </policy>
+
+  <policy user="apache">
+    <allow send_destination="org.freeipa.server" send_interface="org.freeipa.server"/>
+  </policy>
+
+  <policy context="default">
+    <allow send_destination="org.freeipa.server" send_interface="org.freedesktop.DBus.Introspectable"/>
+  </policy>
+
+</busconfig>
--- a/install/oddjob/etc/oddjobd.conf.d/ipa-server.conf
+++ b/install/oddjob/etc/oddjobd.conf.d/ipa-server.conf
@@ -0,0 +1,20 @@
+<?xml version="1.0"?>
+<oddjobconfig>
+  <service name="org.freeipa.server">
+    <allow user="root"/>
+    <allow user="apache"/>
+    <object name="/">
+      <interface name="org.freeipa.server">
+        <method name="conncheck">
+          <helper exec="/usr/libexec/ipa/oddjob/org.freeipa.server.conncheck"
+                  arguments="1"
+                  prepend_user_name="no"
+                  argument_passing_method="cmdline"/>
+        </method>
+      </interface>
+      <interface name="org.freedesktop.DBus.Introspectable">
+        <allow min_uid="0" max_uid="0"/>
+      </interface>
+    </object>
+  </service>
+</oddjobconfig>
--- a/install/oddjob/org.freeipa.server.conncheck
+++ b/install/oddjob/org.freeipa.server.conncheck
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/sbin/ipa-replica-conncheck --replica "$1" 2>&1