Make the memberof task a public function.

This is used when a new replica is created as well as whenever a replica
is re-initialized from another master.

In order for this to work when not creating an instance the __init__
function needs to be able to determine the suffix and the dm_password
is needed.

I've also added the time to the RDN of the member task to ensure
uniqueness.

438222

ipa-server/ipa-install/ipa-replica-install

@@ -104,6 +104,8 @@ def install_ds(config):
     ds = dsinstance.DsInstance()
     ds.create_instance(config.ds_user, config.realm_name, config.host_name, config.domain_name, config.dirman_password, pkcs12_info)
 
+    return ds
+
 def install_krb(config):
     krb = krbinstance.KrbInstance()
     ldappwd_filename = config.dir + "/ldappwd"
@@ -134,7 +136,7 @@ def install_http(config):
 
 def main():
     options, filename = parse_options()
-    installutils.standard_logging_setup("ipareplica-install.log", options.debug)
+    installutils.standard_logging_setup("/var/log/ipareplica-install.log", options.debug)
 
     top_dir, dir = expand_info(filename)
 
@@ -180,7 +182,7 @@ def main():
         ntp.create_instance()
 
     # Configure dirsrv
-    install_ds(config)
+    ds = install_ds(config)
 
     repl = replication.ReplicationManager(config.host_name, config.dirman_password)
     if repl is None:
@@ -208,6 +210,9 @@ def main():
         print "Configuration of client side components failed!"
         print "ipa-client-install returned: " + str(e)
         raise RuntimeError("Failed to configure the client")
+
+    ds.init_memberof()
+
 try:
     if not os.geteuid()==0:
         sys.exit("\nYou must be root to run this script.\n")

ipa-server/ipa-install/ipa-replica-manage

@@ -78,7 +78,7 @@ def del_master(replman, hostname):
 def add_master(replman, hostname):
     replman.setup_replication(hostname, get_realm_name())
 
-def init_master(replman, hostname):
+def init_master(replman, dirman_passwd, hostname):
     filter = "(&(nsDS5ReplicaHost=%s)(objectclass=nsds5ReplicationAgreement))" % hostname
     entry = replman.conn.search_s("cn=config", ldap.SCOPE_SUBTREE, filter)
     if len(entry) == 0:
@@ -87,6 +87,8 @@ def init_master(replman, hostname):
     if len(entry) > 1:
         logging.error("Found multiple agreements for %s. Only initializing the first one returned: %s" % (hostname, entry[0].dn))
     replman.initialize_replication(entry[0].dn, replman.conn)
+    ds = dsinstance.DsInstance(realm_name = get_realm_name(), dm_password = dirman_passwd)
+    ds.init_memberof()
 
 def synch_master(replman, hostname):
     filter = "(&(nsDS5ReplicaHost=%s)(objectclass=nsds5ReplicationAgreement))" % hostname
@@ -130,7 +132,7 @@ def main():
         if len(args) != 2:
             print "hostname of supplier to initialize from is required."
             sys.exit(1)
-        init_master(r, args[1])
+        init_master(r, dirman_passwd, args[1])
     elif args[0] == "synch":
         if len(args) != 2:
             print "must provide hostname of supplier to synchronize with"

ipa-server/ipa-install/share/memberof-task.ldif

@@ -1,7 +1,8 @@
-dn: cn=IPA install, cn=memberof task, cn=tasks, cn=config
+dn: cn=IPA install $TIME, cn=memberof task, cn=tasks, cn=config
 changetype: add
 objectClass: top
 objectClass: extensibleObject
 cn: IPA install
 basedn: $SUFFIX
 filter: (objectclass=*)
+ttl: 10

ipa-server/ipaserver/dsinstance.py

@@ -25,6 +25,7 @@ import glob
 import sys
 import os
 import re
+import time
 
 from ipa import ipautil
 
@@ -110,16 +111,21 @@ info: IPA V1.0
 """
 
 class DsInstance(service.Service):
-    def __init__(self):
+    def __init__(self, realm_name=None, domain_name=None, dm_password=None):
         service.Service.__init__(self, "dirsrv")
-        self.serverid = None
+        self.realm_name = realm_name
-        self.realm_name = None
+        self.dm_password = dm_password
-        self.suffix = None
-        self.host_name = None
-        self.dm_password = None
         self.sub_dict = None
-        self.domain = None
+        self.domain = domain_name
+        self.serverid = None
+        self.host_name = None
         self.pkcs12_info = None
+        self.ds_user = None
+        if realm_name:
+            self.suffix = realm_to_suffix(self.realm_name)
+            self.__setup_sub_dict()
+        else:
+            self.suffix = None
 
     def create_instance(self, ds_user, realm_name, host_name, domain_name, dm_password, pkcs12_info=None):
         self.ds_user = ds_user
@@ -149,7 +155,7 @@ class DsInstance(service.Service):
         self.step("adding master entry as first master",
                   self.__add_master_entry_first_master)
         self.step("initializing group membership",
-                  self.__init_memberof)
+                  self.init_memberof)
 
         self.step("configuring directory to start on boot", self.__enable)
 
@@ -164,7 +170,8 @@ class DsInstance(service.Service):
         self.sub_dict = dict(FQHN=self.host_name, SERVERID=self.serverid,
                              PASSWORD=self.dm_password, SUFFIX=self.suffix.lower(),
                              REALM=self.realm_name, USER=self.ds_user,
-                             SERVER_ROOT=server_root, DOMAIN=self.domain)
+                             SERVER_ROOT=server_root, DOMAIN=self.domain,
+                             TIME=int(time.time()))
 
     def __create_ds_user(self):
         user_exists = True
@@ -262,7 +269,7 @@ class DsInstance(service.Service):
     def __add_memberof_module(self):
         self.__ldap_mod("memberof-conf.ldif")
 
-    def __init_memberof(self):
+    def init_memberof(self):
         self.__ldap_mod("memberof-task.ldif", self.sub_dict)
 
     def __add_referint_module(self):