Server Upgrade: Apply plugin updates immediately

Preparation to moving plugins executin into update files.
* remove apply_now flag
* plugins will return only (restart, modifications)

https://fedorahosted.org/freeipa/ticket/4904

Reviewed-By: David Kupka <dkupka@redhat.com>

ipaserver/install/plugins/adtrust.py

@@ -42,7 +42,7 @@ class update_default_range(PostUpdate):
             pass
         else:
             root_logger.debug("default_range: ipaDomainIDRange entry found, skip plugin")
-            return (False, False, [])
+            return False, []
 
         dn = DN(('cn', 'admins'), api.env.container_group, api.env.basedn)
         try:
@@ -50,7 +50,7 @@ class update_default_range(PostUpdate):
         except errors.NotFound:
             root_logger.error("default_range: No local ID range and no admins "
                               "group found. Cannot create default ID range")
-            return (False, False, [])
+            return False, []
 
         id_range_base_id = admins_entry['gidnumber'][0]
         id_range_name = '%s_id_range' % api.env.realm
@@ -114,7 +114,7 @@ class update_default_range(PostUpdate):
 
                 root_logger.error("default_range: %s", "\n".join(msg))
 
-        return (False, True, [update])
+        return False, [update]
 
 
 class update_default_trust_view(PostUpdate):
@@ -141,7 +141,7 @@ class update_default_trust_view(PostUpdate):
         # First, see if trusts are enabled on the server
         if not self.api.Command.adtrust_is_enabled()['result']:
             self.log.info('AD Trusts are not enabled on this server')
-            return (False, False, [])
+            return False, []
 
         # Second, make sure the Default Trust View does not exist yet
         try:
@@ -150,7 +150,7 @@ class update_default_trust_view(PostUpdate):
             pass
         else:
             self.log.info('Default Trust View already present on this server')
-            return (False, False, [])
+            return False, []
 
         # We have a server with AD trust support without Default Trust View.
         # Create the Default Trust View entry.
@@ -160,7 +160,7 @@ class update_default_trust_view(PostUpdate):
             'default': default_trust_view_entry
         }
 
-        return (False, True, [update])
+        return False, [update]
 
 api.register(update_default_range)
 api.register(update_default_trust_view)

ipaserver/install/plugins/ca_renewal_master.py

@@ -37,7 +37,7 @@ class update_ca_renewal_master(PostUpdate):
         ca = cainstance.CAInstance(self.api.env.realm, certs.NSS_DIR)
         if not ca.is_configured():
             self.debug("CA is not configured on this host")
-            return (False, False, [])
+            return False, []
 
         ldap = self.obj.backend
         base_dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'),
@@ -50,7 +50,7 @@ class update_ca_renewal_master(PostUpdate):
             pass
         else:
             self.debug("found CA renewal master %s", entries[0].dn[1].value)
-            return (False, False, [])
+            return False, []
 
         criteria = {
             'cert-database': paths.HTTPD_ALIAS_DIR,
@@ -65,20 +65,20 @@ class update_ca_renewal_master(PostUpdate):
                 self.warning(
                     "certmonger request for ipaCert is missing ca_name, "
                     "assuming local CA is renewal slave")
-                return (False, False, [])
+                return False, []
             ca_name = ca_name.strip()
 
             if ca_name == 'dogtag-ipa-renew-agent':
                 pass
             elif ca_name == 'dogtag-ipa-retrieve-agent-submit':
-                return (False, False, [])
+                return False, []
             elif ca_name == 'dogtag-ipa-ca-renew-agent':
-                return (False, False, [])
+                return False, []
             else:
                 self.warning(
                     "certmonger request for ipaCert has unknown ca_name '%s', "
                     "assuming local CA is renewal slave", ca_name)
-                return (False, False, [])
+                return False, []
         else:
             self.debug("certmonger request for ipaCert not found")
 
@@ -89,7 +89,7 @@ class update_ca_renewal_master(PostUpdate):
             if config == 'New':
                 pass
             elif config == 'Clone':
-                return (False, False, [])
+                return False, []
             else:
                 self.warning(
                     "CS.cfg has unknown subsystem.select value '%s', "
@@ -102,4 +102,4 @@ class update_ca_renewal_master(PostUpdate):
                 'updates': ['add:ipaConfigString: caRenewalMaster'],
         }
 
-        return (False, True, [update])
+        return False, [update]

ipaserver/install/plugins/dns.py

@@ -62,13 +62,13 @@ class update_dnszones(PostUpdate):
     def execute(self, **options):
         ldap = self.obj.backend
         if not dns_container_exists(ldap):
-            return (False, False, [])
+            return False, []
 
         try:
             zones = api.Command.dnszone_find(all=True)['result']
         except errors.NotFound:
             self.log.info('No DNS zone to update found')
-            return (False, False, [])
+            return False, []
 
         for zone in zones:
             update = {}
@@ -90,7 +90,7 @@ class update_dnszones(PostUpdate):
                 api.Command.dnszone_mod(zone[u'idnsname'][0].make_absolute(),
                                         **update)
 
-        return (False, False, [])
+        return False, []
 
 api.register(update_dnszones)
 
@@ -109,7 +109,7 @@ class update_dns_limits(PostUpdate):
         ldap = self.obj.backend
 
         if not dns_container_exists(ldap):
-            return (False, False, [])
+            return False, []
 
         dns_principal = 'DNS/%s@%s' % (self.env.host, self.env.realm)
         dns_service_dn = DN(('krbprincipalname', dns_principal),
@@ -121,12 +121,12 @@ class update_dns_limits(PostUpdate):
         except errors.NotFound:
             # this host may not have DNS service set
             root_logger.debug("DNS: service %s not found, no need to update limits" % dns_service_dn)
-            return (False, False, [])
+            return False, []
 
         if all(entry.get(limit.lower(), [None])[0] == self.limit_value for limit in self.limit_attributes):
             root_logger.debug("DNS: limits for service %s already set" % dns_service_dn)
             # service is already updated
-            return (False, False, [])
+            return False, []
 
         limit_updates = []
 
@@ -137,7 +137,7 @@ class update_dns_limits(PostUpdate):
         root_logger.debug("DNS: limits for service %s will be updated" % dns_service_dn)
 
 
-        return (False, True, [dnsupdate])
+        return False, [dnsupdate]
 
 api.register(update_dns_limits)
 
@@ -166,7 +166,7 @@ class update_master_to_dnsforwardzones(PostUpdate):
             container_entry = ldap.get_entry(dns_container_dn)
         except errors.NotFound:
             # DNS container not found, nothing to upgrade
-            return (False, False, [])
+            return False, []
 
         for config_option in container_entry.get("ipaConfigString", []):
             matched = re.match("^DNSVersion\s+(?P<version>\d+)$",
@@ -174,7 +174,7 @@ class update_master_to_dnsforwardzones(PostUpdate):
             if matched and int(matched.group("version")) >= 1:
                 # forwardzones already uses new semantics,
                 # no upgrade is required
-                return (False, False, [])
+                return False, []
 
         self.log.info('Updating forward zones')
         # update the DNSVersion, following upgrade can be executed only once
@@ -193,7 +193,7 @@ class update_master_to_dnsforwardzones(PostUpdate):
         else:
             if fwzones:
                 # fwzones exist, do not execute upgrade again
-                return (False, False, [])
+                return False, []
 
         zones = []
         try:
@@ -206,7 +206,7 @@ class update_master_to_dnsforwardzones(PostUpdate):
 
         if not zones:
             self.log.info('No DNS zone to update found')
-            return (False, False, [])
+            return False, []
 
         zones_to_transform = []
 
@@ -271,7 +271,7 @@ class update_master_to_dnsforwardzones(PostUpdate):
                             self.log.error('Unable to backup zone %s' %
                                            zone['idnsname'][0])
                             self.log.error(traceback.format_exc())
-                            return (False, False, [])
+                            return False, []
 
                     for privilege_dn in privileges_to_ldif:
                         try:
@@ -281,13 +281,13 @@ class update_master_to_dnsforwardzones(PostUpdate):
                             self.log.error('Unable to backup privilege %s' %
                                            privilege_dn)
                             self.log.error(traceback.format_exc())
-                            return (False, False, [])
+                            return False, []
 
                     f.close()
             except Exception:
                 self.log.error('Unable to create backup file')
                 self.log.error(traceback.format_exc())
-                return (False, False, [])
+                return False, []
 
             # update
             for zone in zones_to_transform:
@@ -352,6 +352,6 @@ class update_master_to_dnsforwardzones(PostUpdate):
                 self.log.info('Zone %s was sucessfully transformed to forward zone',
                               zone['idnsname'][0])
 
-        return (False, False, [])
+        return False, []
 
 api.register(update_master_to_dnsforwardzones)

ipaserver/install/plugins/fix_replica_agreements.py

@@ -65,7 +65,7 @@ class update_replica_attribute_lists(PreUpdate):
 
         self.log.debug("Done updating agreements")
 
-        return (False, False, [])  # No restart, no apply now, no updates
+        return False, []  # No restart, no updates
 
     def _update_attr(self, repl, replica, attribute, values, template='%s'):
         """Add or update an attribute of a replication agreement

ipaserver/install/plugins/rename_managed.py

@@ -144,7 +144,7 @@ class update_managed_post_first(PreUpdate, GenerateUpdateMixin):
         # Never need to restart with the pre-update changes
         (ignore, update_list) = self.generate_update(False)
 
-        return (False, True, update_list)
+        return False, update_list
 
 api.register(update_managed_post_first)
 
@@ -157,6 +157,6 @@ class update_managed_post(PostUpdate, GenerateUpdateMixin):
     def execute(self, **options):
         (restart, update_list) = self.generate_update(True)
 
-        return (restart, True, update_list)
+        return restart, update_list
 
 api.register(update_managed_post)

ipaserver/install/plugins/update_idranges.py

@@ -51,18 +51,18 @@ class update_idrange_type(PostUpdate):
             except errors.NotFound:
                 root_logger.debug("update_idrange_type: no ID range without "
                                   "type set found")
-                return (False, False, [])
+                return False, []
 
             except errors.ExecutionError, e:
                 root_logger.error("update_idrange_type: cannot retrieve list "
                                   "of ranges with no type set: %s", e)
-                return (False, False, [])
+                return False, []
 
             if not entries:
                 # No entry was returned, rather break than continue cycling
                 root_logger.debug("update_idrange_type: no ID range was "
                                   "returned")
-                return (False, False, [])
+                return False, []
 
             root_logger.debug("update_idrange_type: found %d "
                               "idranges to update, truncated: %s",
@@ -101,15 +101,15 @@ class update_idrange_type(PostUpdate):
                 # Exit loop to avoid infinite cycles
                 root_logger.error("update_idrange_type: error(s) "
                                   "detected during idrange type update")
-                return (False, False, [])
+                return False, []
 
             elif not truncated:
                 # All affected entries updated, exit the loop
                 root_logger.debug("update_idrange_type: all affected idranges "
                                   "were assigned types")
-                return (False, False, [])
+                return False, []
 
-        return (False, False, [])
+        return False, []
 
 
 class update_idrange_baserid(PostUpdate):
@@ -140,12 +140,12 @@ class update_idrange_baserid(PostUpdate):
         except errors.NotFound:
             root_logger.debug("update_idrange_baserid: no AD domain "
                               "range with posix attributes found")
-            return (False, False, [])
+            return False, []
 
         except errors.ExecutionError, e:
             root_logger.error("update_idrange_baserid: cannot retrieve "
                               "list of affected ranges: %s", e)
-            return (False, False, [])
+            return False, []
 
         root_logger.debug("update_idrange_baserid: found %d "
                           "idranges possible to update",
@@ -175,7 +175,7 @@ class update_idrange_baserid(PostUpdate):
             root_logger.debug("update_idrange_baserid: all affected "
                               "idranges updated")
 
-        return (False, False, [])
+        return False, []
 
 api.register(update_idrange_type)
 api.register(update_idrange_baserid)

ipaserver/install/plugins/update_managed_permissions.py

@@ -441,7 +441,7 @@ class update_managed_permissions(PostUpdate):
             else:
                 self.log.info('Obsolete permission deleted: %s', obsolete_name)
 
-        return False, False, ()
+        return False, ()
 
     def update_permission(self, ldap, obj, name, template, anonymous_read_aci):
         """Update the given permission and the corresponding ACI"""

ipaserver/install/plugins/update_pacs.py

@@ -39,7 +39,7 @@ class update_pacs(PostUpdate):
             pacs = entry.get('ipakrbauthzdata', [])
         except errors.NotFound:
             self.log.warning('Error retrieving: %s' % str(dn))
-            return (False, False, [])
+            return False, []
 
         nfs_pac_set = any(pac.startswith('nfs:') for pac in pacs)
 
@@ -52,6 +52,6 @@ class update_pacs(PostUpdate):
         else:
             self.log.debug('PAC for nfs is already set, not adding nfs:NONE.')
 
-        return (False, False, [])
+        return False, []
 
 api.register(update_pacs)

ipaserver/install/plugins/update_passsync.py

@@ -16,7 +16,7 @@ class update_passync_privilege_check(PreUpdate):
         update_done = sysupgrade.get_upgrade_state('winsync', 'passsync_privilege_updated')
         if update_done:
             root_logger.debug("PassSync privilege update pre-check not needed")
-            return False, False, []
+            return False, []
 
         root_logger.debug("Check if there is existing PassSync privilege")
 
@@ -34,7 +34,7 @@ class update_passync_privilege_check(PreUpdate):
             root_logger.debug("PassSync privilege found, skip updating PassSync")
             sysupgrade.set_upgrade_state('winsync', 'passsync_privilege_updated', True)
 
-        return False, False, []
+        return False, []
 
 api.register(update_passync_privilege_check)
 
@@ -49,7 +49,7 @@ class update_passync_privilege_update(PostUpdate):
         update_done = sysupgrade.get_upgrade_state('winsync', 'passsync_privilege_updated')
         if update_done:
             root_logger.debug("PassSync privilege update not needed")
-            return False, False, []
+            return False, []
 
         root_logger.debug("Add PassSync user as a member of PassSync privilege")
         ldap = self.obj.backend
@@ -64,7 +64,7 @@ class update_passync_privilege_update(PostUpdate):
         except errors.NotFound:
             root_logger.debug("PassSync user not found, no update needed")
             sysupgrade.set_upgrade_state('winsync', 'passsync_privilege_updated', True)
-            return False, False, []
+            return False, []
         else:
             root_logger.debug("PassSync user found, do update")
 
@@ -72,6 +72,6 @@ class update_passync_privilege_update(PostUpdate):
                   'updates': ["add:member:'%s'" % passsync_dn]}
 
         sysupgrade.set_upgrade_state('winsync', 'passsync_privilege_updated', True)
-        return (False, True, [update])
+        return False, [update]
 
 api.register(update_passync_privilege_update)

ipaserver/install/plugins/update_referint.py

@@ -35,7 +35,7 @@ class update_referint(PreUpdate):
             entry = ldap.get_entry(self.referint_dn)
         except errors.NotFound:
             root_logger.error("Referential integrity configuration not found")
-            return False, False, []
+            return False, []
 
         referint_membership_attrs = []
 
@@ -49,7 +49,7 @@ class update_referint(PreUpdate):
             entry['nsslapd-pluginArg0'] = None
         else:
             root_logger.info("Plugin already uses new style, skipping")
-            return False, False, []
+            return False, []
 
         # nsslapd-pluginArg1    -> referint-logfile
         logfile = entry.get('nsslapd-pluginArg1')
@@ -83,8 +83,8 @@ class update_referint(PreUpdate):
             ldap.update_entry(entry)
         except errors.EmptyModlist:
             root_logger.debug("No modifications required")
-            return False, False, []
+            return False, []
 
-        return False, True, []
+        return False, []
 
 api.register(update_referint)

ipaserver/install/plugins/update_services.py

@@ -51,16 +51,16 @@ class update_service_principalalias(PostUpdate):
             except errors.NotFound:
                 root_logger.debug("update_service_principalalias: no service "
                                   "to update found")
-                return (False, False, [])
+                return False, []
             except errors.ExecutionError, e:
                 root_logger.error("update_service_principalalias: cannot "
                                   "retrieve list of affected services: %s", e)
-                return (False, False, [])
+                return False, []
             if not entries:
                 # no entry was returned, rather break than continue cycling
                 root_logger.debug("update_service_principalalias: no service "
                                   "was returned")
-                return (False, False, [])
+                return False, []
             root_logger.debug("update_service_principalalias: found %d "
                               "services to update, truncated: %s",
                               len(entries), truncated)
@@ -83,12 +83,12 @@ class update_service_principalalias(PostUpdate):
                 # exit loop to avoid infinite cycles
                 root_logger.error("update_service_principalalias: error(s)"
                                   "detected during service update")
-                return (False, False, [])
+                return False, []
             elif not truncated:
                 # all affected entries updated, exit the loop
                 root_logger.debug("update_service_principalalias: all affected"
                                   " services updated")
-                return (False, False, [])
+                return False, []
-        return (False, False, [])
+        return False, []
 
 api.register(update_service_principalalias)

ipaserver/install/plugins/update_uniqueness.py

@@ -184,7 +184,7 @@ class update_uniqueness_plugins_to_new_syntax(PreUpdate):
         except errors.NotFound:
             root_logger.debug("No uniqueness plugin entries with old style "
                               "configuration found")
-            return False, False, []
+            return False, []
 
         update_list = []
         new_attributes = [
@@ -220,6 +220,6 @@ class update_uniqueness_plugins_to_new_syntax(PreUpdate):
 
             update_list.append(update)
 
-        return False, True, update_list
+        return False, update_list
 
 api.register(update_uniqueness_plugins_to_new_syntax)

ipaserver/install/plugins/updateclient.py

@@ -32,13 +32,9 @@ class updateclient(backend.Executioner):
     An update plugin can be executed before the file-based plugins or
     afterward. Each plugin returns three values:
 
-    1. restart: dirsrv needs to be restarted BEFORE this update is
+    1. restart: dirsrv will be restarted AFTER this update is
                  applied.
-    2. apply_now: when True the update is applied when the plugin
+    2. updates: A list of updates to be applied.
-                  returns. Otherwise the update is cached until all
-                  plugins of that update type are complete, then they
-                  are applied together.
-    3. updates: A list of updates to be applied.
 
     The value of an update is a dictionary with the following possible
     values:
@@ -120,18 +116,15 @@ class updateclient(backend.Executioner):
         result = []
         ld = LDAPUpdate(dm_password=dm_password, sub_dict={}, ldapi=ldapi)
         for update in self.order(updatetype):
-            (restart, apply_now, res) = self.run(update.name, **kw)
+            restart, res = self.run(update.name, **kw)
+
+            ld.update_from_dict(res)
             if restart:
                 # connection has to be closed before restart, otherwise
                 # ld instance will try to reuse old non-valid connection
                 ld.close_connection()
                 self.restart(dm_password)
 
-            if apply_now:
-                ld.update_from_dict(res)
-            elif res:
-                result.extend(res)
-
         self.destroy_context()
 
         return result

ipaserver/install/plugins/upload_cacrt.py

@@ -93,6 +93,6 @@ class update_upload_cacrt(PostUpdate):
                     entry.single_value['cACertificate;binary'] = ca_cert
                     ldap.update_entry(entry)
 
-        return (False, False, [])
+        return False, []
 
 api.register(update_upload_cacrt)