IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

install: remove adhoc api.Backend.ldap2 (dis)connect

Browse Source 
Remove adhoc connects and disconnects of api.Backend.ldap2. Connection
should be established only at the start of the script, destroyed at the
end of the script and re-established when directory server is restarted.

https://fedorahosted.org/freeipa/ticket/6461

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
Tomas Krizek 2016-10-26 16:08:43 +02:00 committed by Martin Basti
parent e05bdeb6cf
commit a77469f598
6 changed files with 1 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ipaserver/install/ca.py
View File

@ -123,16 +123,8 @@ def install_step_0(standalone, replica_config, options):
if replica_config is not None:
# Configure the CA if necessary
if standalone:
api.Backend.ldap2.disconnect()
cainstance.install_replica_ca(replica_config, standalone,
ra_p12=getattr(options, 'ra_p12', None))
if standalone and not api.Backend.ldap2.isconnected():
api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')),
bind_pw=dm_password)
ra_p12=getattr(options, 'ra_p12', None))
return
if options.external_cert_files:

22
ipaserver/install/cainstance.py
View File

@ -2040,14 +2040,6 @@ def ensure_ipa_authority_entry():
)
api.Backend.ra_lightweight_ca.override_port = None
is_already_connected = api.Backend.ldap2.isconnected()
if not is_already_connected:
try:
api.Backend.ldap2.connect(autobind=True)
except errors.PublicError as e:
root_logger.error("Cannot connect to LDAP to add CA: %s", e)
return
ensure_entry(
DN(api.env.container_ca, api.env.basedn),
objectclass=['top', 'nsContainer'],
@ -2061,20 +2053,9 @@ def ensure_ipa_authority_entry():
**attrs
)
if not is_already_connected:
api.Backend.ldap2.disconnect()
def ensure_default_caacl():
"""Add the default CA ACL if missing."""
is_already_connected = api.Backend.ldap2.isconnected()
if not is_already_connected:
try:
api.Backend.ldap2.connect(autobind=True)
except errors.PublicError as e:
root_logger.error("Cannot connect to LDAP to add CA ACLs: %s", e)
return
ensure_entry(
DN(('cn', 'ca'), api.env.basedn),
objectclass=['top', 'nsContainer'],
@ -2092,9 +2073,6 @@ def ensure_default_caacl():
api.Command.caacl_add_profile(u'hosts_services_caIPAserviceCert',
certprofile=(u'caIPAserviceCert',))
if not is_already_connected:
api.Backend.ldap2.disconnect()
def add_lightweight_ca_tracking_requests(logger, lwcas):
"""Add tracking requests for the given lightweight CAs.

6
ipaserver/install/dsinstance.py
View File

@ -1193,7 +1193,6 @@ class DsInstance(service.Service):
if ds_is_running:
try:
api.Backend.ldap2.connect(autobind=True)
ret = api.Command['config_show']()
subject_base = str(
ret['result']['ipacertificatesubjectbase'][0])
@ -1202,11 +1201,6 @@ class DsInstance(service.Service):
except errors.PublicError as e:
root_logger.error('Cannot connect to DS to find certificate '
'subject base: %s', e)
finally:
try:
api.Backend.ldap2.disconnect()
except Exception:
pass
if not subject_base:
root_logger.debug('Unable to find certificate subject base in DS')

1
ipaserver/install/server/install.py
View File

@ -856,7 +856,6 @@ def install(installer):
if setup_ca:
services.knownservices['pki_tomcatd'].restart('pki-tomcat')
api.Backend.ldap2.connect(autobind=True)
if options.setup_dns:
dns.install(False, False, options)
else:

1
ipaserver/install/server/replicainstall.py
View File

@ -866,7 +866,6 @@ def install(installer):
if config.setup_ca:
services.knownservices['pki_tomcatd'].restart('pki-tomcat')
api.Backend.ldap2.connect(autobind=True)
if options.setup_dns:
dns.install(False, True, options)
else:

33
ipaserver/install/server/upgrade.py
View File

@ -1133,14 +1133,6 @@ def add_ca_dns_records():
root_logger.info('IPA CA DNS records already processed')
return
if not api.Backend.ldap2.isconnected():
try:
api.Backend.ldap2.connect(autobind=True)
except ipalib.errors.PublicError as e:
root_logger.error(
"Cannot connect to LDAP to add DNS records: %s", e)
return
ret = api.Command['dns_is_enabled']()
if not ret['result']:
root_logger.info('DNS is not configured')
@ -1205,12 +1197,6 @@ def uninstall_dogtag_9(ds, http):
root_logger.debug('Dogtag is version 10 or above')
return
if not api.Backend.ldap2.isconnected():
try:
api.Backend.ldap2.connect(autobind=True)
except ipalib.errors.PublicError as e:
root_logger.error("Cannot connect to LDAP: %s", e)
dn = DN(('cn', 'CA'), ('cn', api.env.host), ('cn', 'masters'),
('cn', 'ipa'), ('cn', 'etc'), api.env.basedn)
try:
@ -1396,13 +1382,6 @@ def fix_trust_flags():
root_logger.info("Trust flags already processed")
return
if not api.Backend.ldap2.isconnected():
try:
api.Backend.ldap2.connect(autobind=True)
except ipalib.errors.PublicError as e:
root_logger.error("Cannot connect to LDAP: %s", e)
return
if not api.Command.ca_is_enabled()['result']:
root_logger.info("CA is not enabled")
return
@ -1423,13 +1402,6 @@ def export_kra_agent_pem():
root_logger.info("KRA agent PEM file already exported")
return
if not api.Backend.ldap2.isconnected():
try:
api.Backend.ldap2.connect(autobind=True)
except ipalib.errors.PublicError as e:
root_logger.error("Cannot connect to LDAP: %s", e)
return
if not api.Command.kra_is_enabled()['result']:
root_logger.info("KRA is not enabled")
return
@ -1629,11 +1601,6 @@ def upgrade_configuration():
ntpinstance.ntp_ldap_enable(api.env.host, api.env.basedn, api.env.realm)
# ldap2 connection is not valid after DS restart, close connection otherwise
# it will cause network errors
if api.Backend.ldap2.isconnected():
api.Backend.ldap2.disconnect()
ds.stop(ds_serverid)
fix_schema_file_syntax()
remove_ds_ra_cert(subject_base)