Only initialize the API once in the installer

Make the ldap2 plugin schema loader ignore SERVER_DOWN errors

525303
This commit is contained in:
Rob Crittenden 2009-09-28 23:34:15 -04:00 committed by Jason Gerard DeRose
parent 38a27b1c2f
commit e4877c946f
4 changed files with 36 additions and 35 deletions

View File

@ -32,7 +32,6 @@ from ipaserver.install import bindinstance, httpinstance, ntpinstance, certs
from ipaserver import ipaldap from ipaserver import ipaldap
from ipapython import version from ipapython import version
from ipalib import api, util from ipalib import api, util
from ipalib.constants import DEFAULT_CONFIG
CACERT="/usr/share/ipa/html/ca.crt" CACERT="/usr/share/ipa/html/ca.crt"
@ -134,14 +133,6 @@ def install_ca(config):
# FIXME, need to pass along the CA plugin to use # FIXME, need to pass along the CA plugin to use
cafile = config.dir + "/ca.p12" cafile = config.dir + "/ca.p12"
# Just initialize the environment. This is so the installer can have
# access to the plugin environment
api.env._bootstrap()
default_config = dict(DEFAULT_CONFIG)
if ipautil.file_exists(cafile):
default_config['ra_plugin'] = 'dogtag'
api.env._finalize_core(**default_config)
if not ipautil.file_exists(cafile): if not ipautil.file_exists(cafile):
return None return None
@ -320,6 +311,14 @@ def main():
except ldap.INVALID_CREDENTIALS, e : except ldap.INVALID_CREDENTIALS, e :
sys.exit("\nThe password provided is incorrect for LDAP server %s" % config.master_host_name) sys.exit("\nThe password provided is incorrect for LDAP server %s" % config.master_host_name)
if ipautil.file_exists(config.dir + "/ca.p12"):
ca_type = 'dogtag'
else:
ca_type = 'selfsign'
api.bootstrap(in_server=True, ra_plugin=ca_type)
api.finalize()
# Install CA cert so that we can do SSL connections with ldap # Install CA cert so that we can do SSL connections with ldap
install_ca_cert(config) install_ca_cert(config)
@ -379,9 +378,6 @@ def main():
service.restart("krb5kdc") service.restart("krb5kdc")
if options.setup_dns: if options.setup_dns:
# First bootstrap the plug-in framework
api.bootstrap(in_server=True)
api.finalize()
api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", api.Backend.ldap2.connect(bind_dn="cn=Directory Manager",
bind_pw=config.dirman_password) bind_pw=config.dirman_password)

View File

@ -52,7 +52,6 @@ from ipaserver.install.installutils import *
from ipapython import sysrestore from ipapython import sysrestore
from ipapython.ipautil import * from ipapython.ipautil import *
from ipalib import api, util from ipalib import api, util
from ipalib.constants import DEFAULT_CONFIG
pw_name = None pw_name = None
@ -402,14 +401,6 @@ def main():
signal.signal(signal.SIGTERM, signal_handler) signal.signal(signal.SIGTERM, signal_handler)
signal.signal(signal.SIGINT, signal_handler) signal.signal(signal.SIGINT, signal_handler)
# Just initialize the environment. This is so the installer can have
# access to the plugin environment
api.env._bootstrap()
default_config = dict(DEFAULT_CONFIG)
if options.ca:
default_config['ra_plugin'] = 'dogtag'
api.env._finalize_core(**default_config)
if options.uninstall: if options.uninstall:
standard_logging_setup("/var/log/ipaserver-uninstall.log", options.debug) standard_logging_setup("/var/log/ipaserver-uninstall.log", options.debug)
else: else:
@ -419,6 +410,14 @@ def main():
global fstore global fstore
fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore') fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
if options.ca:
ca_type = 'dogtag'
else:
ca_type = 'selfsign'
api.bootstrap(in_server=True, ra_plugin=ca_type)
api.finalize()
if options.uninstall: if options.uninstall:
if not options.unattended: if not options.unattended:
print "\nThis is a NON REVERSIBLE operation and will delete all data and configuration!\n" print "\nThis is a NON REVERSIBLE operation and will delete all data and configuration!\n"
@ -712,9 +711,6 @@ def main():
bind = bindinstance.BindInstance(fstore, dm_password) bind = bindinstance.BindInstance(fstore, dm_password)
bind.setup(host_name, ip_address, realm_name, domain_name, dns_forwarders) bind.setup(host_name, ip_address, realm_name, domain_name, dns_forwarders)
if options.setup_dns: if options.setup_dns:
# First bootstrap the plug-in framework
api.bootstrap(in_server=True)
api.finalize()
api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=dm_password) api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=dm_password)
bind.create_instance() bind.create_instance()

View File

@ -60,9 +60,12 @@ class ra(rabase.rabase):
self.ipa_key_size = "2048" self.ipa_key_size = "2048"
self.ipa_certificate_nickname = "ipaCert" self.ipa_certificate_nickname = "ipaCert"
self.ca_certificate_nickname = "caCert" self.ca_certificate_nickname = "caCert"
f = open(self.pwd_file, "r") try:
self.password = f.readline().strip() f = open(self.pwd_file, "r")
f.close() self.password = f.readline().strip()
f.close()
except IOError:
self.password = ''
super(ra, self).__init__() super(ra, self).__init__()
def _request(self, url, **kw): def _request(self, url, **kw):

View File

@ -121,12 +121,15 @@ def _get_url(host, port, using_cacert=False):
# retrieves LDAP schema from server # retrieves LDAP schema from server
def _load_schema(url): def _load_schema(url):
global _schema
try: try:
conn = _ldap.initialize(url) conn = _ldap.initialize(url)
# assume anonymous access is enabled # assume anonymous access is enabled
conn.simple_bind_s('', '') conn.simple_bind_s('', '')
schema_entry = conn.search_s('cn=schema', _ldap.SCOPE_BASE)[0] schema_entry = conn.search_s('cn=schema', _ldap.SCOPE_BASE)[0]
conn.unbind_s() conn.unbind_s()
except _ldap.SERVER_DOWN:
return None
except _ldap.LDAPError, e: except _ldap.LDAPError, e:
# TODO: raise a more appropriate exception # TODO: raise a more appropriate exception
_handle_errors(e, **{}) _handle_errors(e, **{})
@ -142,8 +145,9 @@ def _load_schema(url):
_schema = _load_schema(api.env.ldap_uri) _schema = _load_schema(api.env.ldap_uri)
def _get_syntax(attr, value): def _get_syntax(attr, value):
schema = api.Backend.ldap2._schema global _schema
obj = schema.get_obj(_ldap.schema.AttributeType, attr)
obj = _schema.get_obj(_ldap.schema.AttributeType, attr)
if obj is not None: if obj is not None:
return obj.syntax return obj.syntax
else: else:
@ -176,7 +180,6 @@ class ldap2(CrudBackend, Encoder):
self.encoder_settings.decode_dict_vals_table_keygen = _get_syntax self.encoder_settings.decode_dict_vals_table_keygen = _get_syntax
self.encoder_settings.decode_postprocessor = lambda x: string.lower(x) self.encoder_settings.decode_postprocessor = lambda x: string.lower(x)
self._ldapuri = api.env.ldap_uri self._ldapuri = api.env.ldap_uri
self._schema = _schema
CrudBackend.__init__(self) CrudBackend.__init__(self)
def __del__(self): def __del__(self):
@ -204,12 +207,13 @@ class ldap2(CrudBackend, Encoder):
Extends backend.Connectible.create_connection. Extends backend.Connectible.create_connection.
""" """
global _schema
if ldapuri is not None: if ldapuri is not None:
self._ldapuri = ldapuri self._ldapuri = ldapuri
# if we don't have this server's schema cached, do it now # if we don't have this server's schema cached, do it now
if self._ldapuri != api.env.ldap_uri: if self._ldapuri != api.env.ldap_uri or _schema is None:
self._schema = _load_schema(self._ldapuri) _schema = _load_schema(self._ldapuri)
if tls_cacertfile is not None: if tls_cacertfile is not None:
_ldap.set_option(_ldap.OPT_X_TLS_CACERTFILE, tls_cacertfile) _ldap.set_option(_ldap.OPT_X_TLS_CACERTFILE, tls_cacertfile)
@ -304,9 +308,10 @@ class ldap2(CrudBackend, Encoder):
preferred_names -- list of preferred synomyms or None for defaults preferred_names -- list of preferred synomyms or None for defaults
(default None) (default None)
""" """
global _schema
if preferred_names: if preferred_names:
for n in preferred_names: for n in preferred_names:
attr = self._schema.get_obj(_ldap.schema.AttributeType, n) attr = _schema.get_obj(_ldap.schema.AttributeType, n)
synonyms = [v.lower() for v in attr.names] synonyms = [v.lower() for v in attr.names]
synonyms.remove(n) synonyms.remove(n)
for s in synonyms: for s in synonyms:
@ -315,7 +320,7 @@ class ldap2(CrudBackend, Encoder):
del entry_attrs[s] del entry_attrs[s]
else: else:
for (k, v) in entry_attrs.items(): for (k, v) in entry_attrs.items():
attr = self._schema.get_obj(_ldap.schema.AttributeType, k) attr = _schema.get_obj(_ldap.schema.AttributeType, k)
synonyms = [v.lower() for v in attr.names] synonyms = [v.lower() for v in attr.names]
preferred_name = synonyms[0] preferred_name = synonyms[0]
if k in synonyms[1:]: if k in synonyms[1:]:
@ -492,8 +497,9 @@ class ldap2(CrudBackend, Encoder):
return self.find_entries(filter, None, 'cn=etc', self.SCOPE_ONELEVEL)[0][0] return self.find_entries(filter, None, 'cn=etc', self.SCOPE_ONELEVEL)[0][0]
def get_schema(self): def get_schema(self):
global _schema
"""Returns a copy of the current LDAP schema.""" """Returns a copy of the current LDAP schema."""
return copy.deepcopy(self._schema) return copy.deepcopy(_schema)
@encode_args(1, 2) @encode_args(1, 2)
def get_effective_rights(self, dn, entry_attrs): def get_effective_rights(self, dn, entry_attrs):