IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Server Upgrade: Apply plugin updates immediately

Browse Source 
Preparation to moving plugins executin into update files.
* remove apply_now flag
* plugins will return only (restart, modifications)

https://fedorahosted.org/freeipa/ticket/4904

Reviewed-By: David Kupka <dkupka@redhat.com>
This commit is contained in:
Martin Basti 2015-03-17 17:56:34 +01:00 committed by Petr Vobornik
parent b4ca5c57d2
commit cc19b5a76a
14 changed files with 67 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
ipaserver/install/plugins/adtrust.py
View File

@ -42,7 +42,7 @@ class update_default_range(PostUpdate):
pass
else:
root_logger.debug("default_range: ipaDomainIDRange entry found, skip plugin")
return (False, False, [])
return False, []
dn = DN(('cn', 'admins'), api.env.container_group, api.env.basedn)
try:
@ -50,7 +50,7 @@ class update_default_range(PostUpdate):
except errors.NotFound:
root_logger.error("default_range: No local ID range and no admins "
"group found. Cannot create default ID range")
return (False, False, [])
return False, []
id_range_base_id = admins_entry['gidnumber'][0]
id_range_name = '%s_id_range' % api.env.realm
@ -114,7 +114,7 @@ class update_default_range(PostUpdate):
root_logger.error("default_range: %s", "\n".join(msg))
return (False, True, [update])
return False, [update]
class update_default_trust_view(PostUpdate):
@ -141,7 +141,7 @@ class update_default_trust_view(PostUpdate):
# First, see if trusts are enabled on the server
if not self.api.Command.adtrust_is_enabled()['result']:
self.log.info('AD Trusts are not enabled on this server')
return (False, False, [])
return False, []
# Second, make sure the Default Trust View does not exist yet
try:
@ -150,7 +150,7 @@ class update_default_trust_view(PostUpdate):
pass
else:
self.log.info('Default Trust View already present on this server')
return (False, False, [])
return False, []
# We have a server with AD trust support without Default Trust View.
# Create the Default Trust View entry.
@ -160,7 +160,7 @@ class update_default_trust_view(PostUpdate):
'default': default_trust_view_entry
}
return (False, True, [update])
return False, [update]
api.register(update_default_range)
api.register(update_default_trust_view)

16
ipaserver/install/plugins/ca_renewal_master.py
View File

@ -37,7 +37,7 @@ class update_ca_renewal_master(PostUpdate):
ca = cainstance.CAInstance(self.api.env.realm, certs.NSS_DIR)
if not ca.is_configured():
self.debug("CA is not configured on this host")
return (False, False, [])
return False, []
ldap = self.obj.backend
base_dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'),
@ -50,7 +50,7 @@ class update_ca_renewal_master(PostUpdate):
pass
else:
self.debug("found CA renewal master %s", entries[0].dn[1].value)
return (False, False, [])
return False, []
criteria = {
'cert-database': paths.HTTPD_ALIAS_DIR,
@ -65,20 +65,20 @@ class update_ca_renewal_master(PostUpdate):
self.warning(
"certmonger request for ipaCert is missing ca_name, "
"assuming local CA is renewal slave")
return (False, False, [])
return False, []
ca_name = ca_name.strip()
if ca_name == 'dogtag-ipa-renew-agent':
pass
elif ca_name == 'dogtag-ipa-retrieve-agent-submit':
return (False, False, [])
return False, []
elif ca_name == 'dogtag-ipa-ca-renew-agent':
return (False, False, [])
return False, []
else:
self.warning(
"certmonger request for ipaCert has unknown ca_name '%s', "
"assuming local CA is renewal slave", ca_name)
return (False, False, [])
return False, []
else:
self.debug("certmonger request for ipaCert not found")
@ -89,7 +89,7 @@ class update_ca_renewal_master(PostUpdate):
if config == 'New':
pass
elif config == 'Clone':
return (False, False, [])
return False, []
else:
self.warning(
"CS.cfg has unknown subsystem.select value '%s', "
@ -102,4 +102,4 @@ class update_ca_renewal_master(PostUpdate):
'updates': ['add:ipaConfigString: caRenewalMaster'],
}
return (False, True, [update])
return False, [update]

30
ipaserver/install/plugins/dns.py
View File

@ -62,13 +62,13 @@ class update_dnszones(PostUpdate):
def execute(self, **options):
ldap = self.obj.backend
if not dns_container_exists(ldap):
return (False, False, [])
return False, []
try:
zones = api.Command.dnszone_find(all=True)['result']
except errors.NotFound:
self.log.info('No DNS zone to update found')
return (False, False, [])
return False, []
for zone in zones:
update = {}
@ -90,7 +90,7 @@ class update_dnszones(PostUpdate):
api.Command.dnszone_mod(zone[u'idnsname'][0].make_absolute(),
**update)
return (False, False, [])
return False, []
api.register(update_dnszones)
@ -109,7 +109,7 @@ class update_dns_limits(PostUpdate):
ldap = self.obj.backend
if not dns_container_exists(ldap):
return (False, False, [])
return False, []
dns_principal = 'DNS/%s@%s' % (self.env.host, self.env.realm)
dns_service_dn = DN(('krbprincipalname', dns_principal),
@ -121,12 +121,12 @@ class update_dns_limits(PostUpdate):
except errors.NotFound:
# this host may not have DNS service set
root_logger.debug("DNS: service %s not found, no need to update limits" % dns_service_dn)
return (False, False, [])
return False, []
if all(entry.get(limit.lower(), [None])[0] == self.limit_value for limit in self.limit_attributes):
root_logger.debug("DNS: limits for service %s already set" % dns_service_dn)
# service is already updated
return (False, False, [])
return False, []
limit_updates = []
@ -137,7 +137,7 @@ class update_dns_limits(PostUpdate):
root_logger.debug("DNS: limits for service %s will be updated" % dns_service_dn)
return (False, True, [dnsupdate])
return False, [dnsupdate]
api.register(update_dns_limits)
@ -166,7 +166,7 @@ class update_master_to_dnsforwardzones(PostUpdate):
container_entry = ldap.get_entry(dns_container_dn)
except errors.NotFound:
# DNS container not found, nothing to upgrade
return (False, False, [])
return False, []
for config_option in container_entry.get("ipaConfigString", []):
matched = re.match("^DNSVersion\s+(?P<version>\d+)$",
@ -174,7 +174,7 @@ class update_master_to_dnsforwardzones(PostUpdate):
if matched and int(matched.group("version")) >= 1:
# forwardzones already uses new semantics,
# no upgrade is required
return (False, False, [])
return False, []
self.log.info('Updating forward zones')
# update the DNSVersion, following upgrade can be executed only once
@ -193,7 +193,7 @@ class update_master_to_dnsforwardzones(PostUpdate):
else:
if fwzones:
# fwzones exist, do not execute upgrade again
return (False, False, [])
return False, []
zones = []
try:
@ -206,7 +206,7 @@ class update_master_to_dnsforwardzones(PostUpdate):
if not zones:
self.log.info('No DNS zone to update found')
return (False, False, [])
return False, []
zones_to_transform = []
@ -271,7 +271,7 @@ class update_master_to_dnsforwardzones(PostUpdate):
self.log.error('Unable to backup zone %s' %
zone['idnsname'][0])
self.log.error(traceback.format_exc())
return (False, False, [])
return False, []
for privilege_dn in privileges_to_ldif:
try:
@ -281,13 +281,13 @@ class update_master_to_dnsforwardzones(PostUpdate):
self.log.error('Unable to backup privilege %s' %
privilege_dn)
self.log.error(traceback.format_exc())
return (False, False, [])
return False, []
f.close()
except Exception:
self.log.error('Unable to create backup file')
self.log.error(traceback.format_exc())
return (False, False, [])
return False, []
# update
for zone in zones_to_transform:
@ -352,6 +352,6 @@ class update_master_to_dnsforwardzones(PostUpdate):
self.log.info('Zone %s was sucessfully transformed to forward zone',
zone['idnsname'][0])
return (False, False, [])
return False, []
api.register(update_master_to_dnsforwardzones)

2
ipaserver/install/plugins/fix_replica_agreements.py
View File

@ -65,7 +65,7 @@ class update_replica_attribute_lists(PreUpdate):
self.log.debug("Done updating agreements")
return (False, False, []) # No restart, no apply now, no updates
return False, [] # No restart, no updates
def _update_attr(self, repl, replica, attribute, values, template='%s'):
"""Add or update an attribute of a replication agreement

4
ipaserver/install/plugins/rename_managed.py
View File

@ -144,7 +144,7 @@ class update_managed_post_first(PreUpdate, GenerateUpdateMixin):
# Never need to restart with the pre-update changes
(ignore, update_list) = self.generate_update(False)
return (False, True, update_list)
return False, update_list
api.register(update_managed_post_first)
@ -157,6 +157,6 @@ class update_managed_post(PostUpdate, GenerateUpdateMixin):
def execute(self, **options):
(restart, update_list) = self.generate_update(True)
return (restart, True, update_list)
return restart, update_list
api.register(update_managed_post)

18
ipaserver/install/plugins/update_idranges.py
View File

@ -51,18 +51,18 @@ class update_idrange_type(PostUpdate):
except errors.NotFound:
root_logger.debug("update_idrange_type: no ID range without "
"type set found")
return (False, False, [])
return False, []
except errors.ExecutionError, e:
root_logger.error("update_idrange_type: cannot retrieve list "
"of ranges with no type set: %s", e)
return (False, False, [])
return False, []
if not entries:
# No entry was returned, rather break than continue cycling
root_logger.debug("update_idrange_type: no ID range was "
"returned")
return (False, False, [])
return False, []
root_logger.debug("update_idrange_type: found %d "
"idranges to update, truncated: %s",
@ -101,15 +101,15 @@ class update_idrange_type(PostUpdate):
# Exit loop to avoid infinite cycles
root_logger.error("update_idrange_type: error(s) "
"detected during idrange type update")
return (False, False, [])
return False, []
elif not truncated:
# All affected entries updated, exit the loop
root_logger.debug("update_idrange_type: all affected idranges "
"were assigned types")
return (False, False, [])
return False, []
return (False, False, [])
return False, []
class update_idrange_baserid(PostUpdate):
@ -140,12 +140,12 @@ class update_idrange_baserid(PostUpdate):
except errors.NotFound:
root_logger.debug("update_idrange_baserid: no AD domain "
"range with posix attributes found")
return (False, False, [])
return False, []
except errors.ExecutionError, e:
root_logger.error("update_idrange_baserid: cannot retrieve "
"list of affected ranges: %s", e)
return (False, False, [])
return False, []
root_logger.debug("update_idrange_baserid: found %d "
"idranges possible to update",
@ -175,7 +175,7 @@ class update_idrange_baserid(PostUpdate):
root_logger.debug("update_idrange_baserid: all affected "
"idranges updated")
return (False, False, [])
return False, []
api.register(update_idrange_type)
api.register(update_idrange_baserid)

2
ipaserver/install/plugins/update_managed_permissions.py
View File

@ -441,7 +441,7 @@ class update_managed_permissions(PostUpdate):
else:
self.log.info('Obsolete permission deleted: %s', obsolete_name)
return False, False, ()
return False, ()
def update_permission(self, ldap, obj, name, template, anonymous_read_aci):
"""Update the given permission and the corresponding ACI"""

4
ipaserver/install/plugins/update_pacs.py
View File

@ -39,7 +39,7 @@ class update_pacs(PostUpdate):
pacs = entry.get('ipakrbauthzdata', [])
except errors.NotFound:
self.log.warning('Error retrieving: %s' % str(dn))
return (False, False, [])
return False, []
nfs_pac_set = any(pac.startswith('nfs:') for pac in pacs)
@ -52,6 +52,6 @@ class update_pacs(PostUpdate):
else:
self.log.debug('PAC for nfs is already set, not adding nfs:NONE.')
return (False, False, [])
return False, []
api.register(update_pacs)

10
ipaserver/install/plugins/update_passsync.py
View File

@ -16,7 +16,7 @@ class update_passync_privilege_check(PreUpdate):
update_done = sysupgrade.get_upgrade_state('winsync', 'passsync_privilege_updated')
if update_done:
root_logger.debug("PassSync privilege update pre-check not needed")
return False, False, []
return False, []
root_logger.debug("Check if there is existing PassSync privilege")
@ -34,7 +34,7 @@ class update_passync_privilege_check(PreUpdate):
root_logger.debug("PassSync privilege found, skip updating PassSync")
sysupgrade.set_upgrade_state('winsync', 'passsync_privilege_updated', True)
return False, False, []
return False, []
api.register(update_passync_privilege_check)
@ -49,7 +49,7 @@ class update_passync_privilege_update(PostUpdate):
update_done = sysupgrade.get_upgrade_state('winsync', 'passsync_privilege_updated')
if update_done:
root_logger.debug("PassSync privilege update not needed")
return False, False, []
return False, []
root_logger.debug("Add PassSync user as a member of PassSync privilege")
ldap = self.obj.backend
@ -64,7 +64,7 @@ class update_passync_privilege_update(PostUpdate):
except errors.NotFound:
root_logger.debug("PassSync user not found, no update needed")
sysupgrade.set_upgrade_state('winsync', 'passsync_privilege_updated', True)
return False, False, []
return False, []
else:
root_logger.debug("PassSync user found, do update")
@ -72,6 +72,6 @@ class update_passync_privilege_update(PostUpdate):
'updates': ["add:member:'%s'" % passsync_dn]}
sysupgrade.set_upgrade_state('winsync', 'passsync_privilege_updated', True)
return (False, True, [update])
return False, [update]
api.register(update_passync_privilege_update)

8
ipaserver/install/plugins/update_referint.py
View File

@ -35,7 +35,7 @@ class update_referint(PreUpdate):
entry = ldap.get_entry(self.referint_dn)
except errors.NotFound:
root_logger.error("Referential integrity configuration not found")
return False, False, []
return False, []
referint_membership_attrs = []
@ -49,7 +49,7 @@ class update_referint(PreUpdate):
entry['nsslapd-pluginArg0'] = None
else:
root_logger.info("Plugin already uses new style, skipping")
return False, False, []
return False, []
# nsslapd-pluginArg1 -> referint-logfile
logfile = entry.get('nsslapd-pluginArg1')
@ -83,8 +83,8 @@ class update_referint(PreUpdate):
ldap.update_entry(entry)
except errors.EmptyModlist:
root_logger.debug("No modifications required")
return False, False, []
return False, []
return False, True, []
return False, []
api.register(update_referint)

12
ipaserver/install/plugins/update_services.py
View File

@ -51,16 +51,16 @@ class update_service_principalalias(PostUpdate):
except errors.NotFound:
root_logger.debug("update_service_principalalias: no service "
"to update found")
return (False, False, [])
return False, []
except errors.ExecutionError, e:
root_logger.error("update_service_principalalias: cannot "
"retrieve list of affected services: %s", e)
return (False, False, [])
return False, []
if not entries:
# no entry was returned, rather break than continue cycling
root_logger.debug("update_service_principalalias: no service "
"was returned")
return (False, False, [])
return False, []
root_logger.debug("update_service_principalalias: found %d "
"services to update, truncated: %s",
len(entries), truncated)
@ -83,12 +83,12 @@ class update_service_principalalias(PostUpdate):
# exit loop to avoid infinite cycles
root_logger.error("update_service_principalalias: error(s)"
"detected during service update")
return (False, False, [])
return False, []
elif not truncated:
# all affected entries updated, exit the loop
root_logger.debug("update_service_principalalias: all affected"
" services updated")
return (False, False, [])
return (False, False, [])
return False, []
return False, []
api.register(update_service_principalalias)

4
ipaserver/install/plugins/update_uniqueness.py
View File

@ -184,7 +184,7 @@ class update_uniqueness_plugins_to_new_syntax(PreUpdate):
except errors.NotFound:
root_logger.debug("No uniqueness plugin entries with old style "
"configuration found")
return False, False, []
return False, []
update_list = []
new_attributes = [
@ -220,6 +220,6 @@ class update_uniqueness_plugins_to_new_syntax(PreUpdate):
update_list.append(update)
return False, True, update_list
return False, update_list
api.register(update_uniqueness_plugins_to_new_syntax)

17
ipaserver/install/plugins/updateclient.py
View File

@ -32,13 +32,9 @@ class updateclient(backend.Executioner):
An update plugin can be executed before the file-based plugins or
afterward. Each plugin returns three values:
1. restart: dirsrv needs to be restarted BEFORE this update is
1. restart: dirsrv will be restarted AFTER this update is
applied.
2. apply_now: when True the update is applied when the plugin
returns. Otherwise the update is cached until all
plugins of that update type are complete, then they
are applied together.
3. updates: A list of updates to be applied.
2. updates: A list of updates to be applied.
The value of an update is a dictionary with the following possible
values:
@ -120,18 +116,15 @@ class updateclient(backend.Executioner):
result = []
ld = LDAPUpdate(dm_password=dm_password, sub_dict={}, ldapi=ldapi)
for update in self.order(updatetype):
(restart, apply_now, res) = self.run(update.name, **kw)
restart, res = self.run(update.name, **kw)
ld.update_from_dict(res)
if restart:
# connection has to be closed before restart, otherwise
# ld instance will try to reuse old non-valid connection
ld.close_connection()
self.restart(dm_password)
if apply_now:
ld.update_from_dict(res)
elif res:
result.extend(res)
self.destroy_context()
return result

2
ipaserver/install/plugins/upload_cacrt.py
View File

@ -93,6 +93,6 @@ class update_upload_cacrt(PostUpdate):
entry.single_value['cACertificate;binary'] = ca_cert
ldap.update_entry(entry)
return (False, False, [])
return False, []
api.register(update_upload_cacrt)