Only initialize the API once in the installer

Make the ldap2 plugin schema loader ignore SERVER_DOWN errors 525303
2024-12-23 07:33:27 -06:00 · 2009-09-28 23:34:15 -04:00 · 2009-09-28 23:34:15 -04:00 · e4877c946f
commit e4877c946f
parent 38a27b1c2f
4 changed files with 36 additions and 35 deletions
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@ -32,7 +32,6 @@ from ipaserver.install import bindinstance, httpinstance, ntpinstance, certs
 from ipaserver import ipaldap
 from ipapython import version
 from ipalib import api, util
-from ipalib.constants import DEFAULT_CONFIG

 CACERT="/usr/share/ipa/html/ca.crt"

@ -134,14 +133,6 @@ def install_ca(config):
    # FIXME, need to pass along the CA plugin to use
    cafile = config.dir + "/ca.p12"

-    # Just initialize the environment. This is so the installer can have
-    # access to the plugin environment
-    api.env._bootstrap()
-    default_config = dict(DEFAULT_CONFIG)
-    if ipautil.file_exists(cafile):
-        default_config['ra_plugin'] = 'dogtag'
-    api.env._finalize_core(**default_config)
-
    if not ipautil.file_exists(cafile):
        return None

@ -320,6 +311,14 @@ def main():
    except ldap.INVALID_CREDENTIALS, e :
        sys.exit("\nThe password provided is incorrect for LDAP server %s" % config.master_host_name)

+    if ipautil.file_exists(config.dir + "/ca.p12"):
+        ca_type = 'dogtag'
+    else:
+        ca_type = 'selfsign'
+
+    api.bootstrap(in_server=True, ra_plugin=ca_type)
+    api.finalize()
+
    # Install CA cert so that we can do SSL connections with ldap
    install_ca_cert(config)

@ -379,9 +378,6 @@ def main():
    service.restart("krb5kdc")

    if options.setup_dns:
-        # First bootstrap the plug-in framework
-        api.bootstrap(in_server=True)
-        api.finalize()
        api.Backend.ldap2.connect(bind_dn="cn=Directory Manager",
                                  bind_pw=config.dirman_password)

--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@ -52,7 +52,6 @@ from ipaserver.install.installutils import *
 from ipapython import sysrestore
 from ipapython.ipautil import *
 from ipalib import api, util
-from ipalib.constants import DEFAULT_CONFIG

 pw_name = None

@ -402,14 +401,6 @@ def main():
    signal.signal(signal.SIGTERM, signal_handler)
    signal.signal(signal.SIGINT, signal_handler)

-    # Just initialize the environment. This is so the installer can have
-    # access to the plugin environment
-    api.env._bootstrap()
-    default_config = dict(DEFAULT_CONFIG)
-    if options.ca:
-        default_config['ra_plugin'] = 'dogtag'
-    api.env._finalize_core(**default_config)
-
    if options.uninstall:
        standard_logging_setup("/var/log/ipaserver-uninstall.log", options.debug)
    else:
@ -419,6 +410,14 @@ def main():
    global fstore
    fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')

+    if options.ca:
+        ca_type = 'dogtag'
+    else:
+        ca_type = 'selfsign'
+
+    api.bootstrap(in_server=True, ra_plugin=ca_type)
+    api.finalize()
+
    if options.uninstall:
        if not options.unattended:
            print "\nThis is a NON REVERSIBLE operation and will delete all data and configuration!\n"
@ -712,9 +711,6 @@ def main():
    bind = bindinstance.BindInstance(fstore, dm_password)
    bind.setup(host_name, ip_address, realm_name, domain_name, dns_forwarders)
    if options.setup_dns:
-        # First bootstrap the plug-in framework
-        api.bootstrap(in_server=True)
-        api.finalize()
        api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=dm_password)

        bind.create_instance()
--- a/ipaserver/plugins/dogtag.py
+++ b/ipaserver/plugins/dogtag.py
@ -60,9 +60,12 @@ class ra(rabase.rabase):
        self.ipa_key_size = "2048"
        self.ipa_certificate_nickname = "ipaCert"
        self.ca_certificate_nickname = "caCert"
-        f = open(self.pwd_file, "r")
-        self.password = f.readline().strip()
-        f.close()
+        try:
+            f = open(self.pwd_file, "r")
+            self.password = f.readline().strip()
+            f.close()
+        except IOError:
+            self.password = ''
        super(ra, self).__init__()

    def _request(self, url, **kw):
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@ -121,12 +121,15 @@ def _get_url(host, port, using_cacert=False):

 # retrieves LDAP schema from server
 def _load_schema(url):
+    global _schema
    try:
        conn = _ldap.initialize(url)
        # assume anonymous access is enabled
        conn.simple_bind_s('', '')
        schema_entry = conn.search_s('cn=schema', _ldap.SCOPE_BASE)[0]
        conn.unbind_s()
+    except _ldap.SERVER_DOWN:
+        return None
    except _ldap.LDAPError, e:
        # TODO: raise a more appropriate exception
        _handle_errors(e, **{})
@ -142,8 +145,9 @@ def _load_schema(url):
 _schema = _load_schema(api.env.ldap_uri)

 def _get_syntax(attr, value):
-    schema = api.Backend.ldap2._schema
-    obj = schema.get_obj(_ldap.schema.AttributeType, attr)
+    global _schema
+
+    obj = _schema.get_obj(_ldap.schema.AttributeType, attr)
    if obj is not None:
        return obj.syntax
    else:
@ -176,7 +180,6 @@ class ldap2(CrudBackend, Encoder):
        self.encoder_settings.decode_dict_vals_table_keygen = _get_syntax
        self.encoder_settings.decode_postprocessor = lambda x: string.lower(x)
        self._ldapuri = api.env.ldap_uri
-        self._schema = _schema
        CrudBackend.__init__(self)

    def __del__(self):
@ -204,12 +207,13 @@ class ldap2(CrudBackend, Encoder):

        Extends backend.Connectible.create_connection.
        """
+        global _schema
        if ldapuri is not None:
            self._ldapuri = ldapuri

        # if we don't have this server's schema cached, do it now
-        if self._ldapuri != api.env.ldap_uri:
-            self._schema = _load_schema(self._ldapuri)
+        if self._ldapuri != api.env.ldap_uri or _schema is None:
+            _schema = _load_schema(self._ldapuri)

        if tls_cacertfile is not None:
            _ldap.set_option(_ldap.OPT_X_TLS_CACERTFILE, tls_cacertfile)
@ -304,9 +308,10 @@ class ldap2(CrudBackend, Encoder):
        preferred_names -- list of preferred synomyms or None for defaults
                           (default None)
        """
+        global _schema
        if preferred_names:
            for n in preferred_names:
-                attr = self._schema.get_obj(_ldap.schema.AttributeType, n)
+                attr = _schema.get_obj(_ldap.schema.AttributeType, n)
                synonyms = [v.lower() for v in attr.names]
                synonyms.remove(n)
                for s in synonyms:
@ -315,7 +320,7 @@ class ldap2(CrudBackend, Encoder):
                        del entry_attrs[s]
        else:
            for (k, v) in entry_attrs.items():
-                attr = self._schema.get_obj(_ldap.schema.AttributeType, k)
+                attr = _schema.get_obj(_ldap.schema.AttributeType, k)
                synonyms = [v.lower() for v in attr.names]
                preferred_name = synonyms[0]
                if k in synonyms[1:]:
@ -492,8 +497,9 @@ class ldap2(CrudBackend, Encoder):
        return self.find_entries(filter, None, 'cn=etc', self.SCOPE_ONELEVEL)[0][0]

    def get_schema(self):
+        global _schema
        """Returns a copy of the current LDAP schema."""
-        return copy.deepcopy(self._schema)
+        return copy.deepcopy(_schema)

    @encode_args(1, 2)
    def get_effective_rights(self, dn, entry_attrs):