|
 |
86baa9 |
From 3283ba88cdd7821a430132dec23a788ea4241f76 Mon Sep 17 00:00:00 2001
|
|
|
86baa9 |
From: Christian Heimes <cheimes@redhat.com>
|
|
|
86baa9 |
Date: Wed, 27 Mar 2019 11:03:00 +0100
|
|
|
86baa9 |
Subject: [PATCH] Use api.env.container_masters
|
|
|
86baa9 |
|
|
|
86baa9 |
Replace occurences of ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc')
|
|
|
86baa9 |
with api.env.container_masters.
|
|
|
86baa9 |
|
|
|
86baa9 |
Signed-off-by: Christian Heimes <cheimes@redhat.com>
|
|
|
86baa9 |
Reviewed-By: Thomas Woerner <twoerner@redhat.com>
|
|
|
86baa9 |
---
|
|
|
86baa9 |
ipaserver/install/bindinstance.py | 3 +--
|
|
|
86baa9 |
ipaserver/install/cainstance.py | 7 +++----
|
|
|
86baa9 |
ipaserver/install/dns.py | 4 ++--
|
|
|
86baa9 |
ipaserver/install/ipa_backup.py | 3 ++-
|
|
|
86baa9 |
ipaserver/install/ipa_restore.py | 3 ++-
|
|
|
86baa9 |
ipaserver/install/krbinstance.py | 6 +-----
|
|
|
86baa9 |
ipaserver/install/plugins/ca_renewal_master.py | 3 +--
|
|
|
86baa9 |
ipaserver/install/replication.py | 3 +--
|
|
|
86baa9 |
ipaserver/install/server/upgrade.py | 4 ++--
|
|
|
86baa9 |
ipaserver/install/service.py | 11 +++++------
|
|
|
86baa9 |
ipaserver/plugins/baseldap.py | 2 +-
|
|
|
86baa9 |
ipaserver/plugins/domainlevel.py | 13 +++----------
|
|
|
86baa9 |
12 files changed, 24 insertions(+), 38 deletions(-)
|
|
|
86baa9 |
|
|
|
86baa9 |
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
|
|
|
86baa9 |
index c175ca4f23b4f4440e1acaac2495276388daf3ae..6156ecdfbd1a62d5b1e0a26db47ef2b9a9448bc1 100644
|
|
|
86baa9 |
--- a/ipaserver/install/bindinstance.py
|
|
|
86baa9 |
+++ b/ipaserver/install/bindinstance.py
|
|
|
86baa9 |
@@ -862,8 +862,7 @@ class BindInstance(service.Service):
|
|
|
86baa9 |
|
|
|
86baa9 |
def __add_others(self):
|
|
|
86baa9 |
entries = api.Backend.ldap2.get_entries(
|
|
|
86baa9 |
- DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'),
|
|
|
86baa9 |
- self.suffix),
|
|
|
86baa9 |
+ DN(api.env.container_masters, self.suffix),
|
|
|
86baa9 |
api.Backend.ldap2.SCOPE_ONELEVEL, None, ['dn'])
|
|
|
86baa9 |
|
|
|
86baa9 |
for entry in entries:
|
|
|
86baa9 |
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
|
|
|
86baa9 |
index f424e7cd76d24a5a633a4f4babf3e112537be92c..2946b5cc2b4b8b708a060aa79d1b7ab0e7b4e651 100644
|
|
|
86baa9 |
--- a/ipaserver/install/cainstance.py
|
|
|
86baa9 |
+++ b/ipaserver/install/cainstance.py
|
|
|
86baa9 |
@@ -1173,8 +1173,8 @@ class CAInstance(DogtagInstance):
|
|
|
86baa9 |
if fqdn is None:
|
|
|
86baa9 |
fqdn = api.env.host
|
|
|
86baa9 |
|
|
|
86baa9 |
- dn = DN(('cn', 'CA'), ('cn', fqdn), ('cn', 'masters'), ('cn', 'ipa'),
|
|
|
86baa9 |
- ('cn', 'etc'), api.env.basedn)
|
|
|
86baa9 |
+ dn = DN(('cn', 'CA'), ('cn', fqdn), api.env.container_masters,
|
|
|
86baa9 |
+ api.env.basedn)
|
|
|
86baa9 |
renewal_filter = '(ipaConfigString=caRenewalMaster)'
|
|
|
86baa9 |
try:
|
|
|
86baa9 |
api.Backend.ldap2.get_entries(base_dn=dn, filter=renewal_filter,
|
|
|
86baa9 |
@@ -1188,8 +1188,7 @@ class CAInstance(DogtagInstance):
|
|
|
86baa9 |
if fqdn is None:
|
|
|
86baa9 |
fqdn = api.env.host
|
|
|
86baa9 |
|
|
|
86baa9 |
- base_dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'),
|
|
|
86baa9 |
- api.env.basedn)
|
|
|
86baa9 |
+ base_dn = DN(api.env.container_masters, api.env.basedn)
|
|
|
86baa9 |
filter = '(&(cn=CA)(ipaConfigString=caRenewalMaster))'
|
|
|
86baa9 |
try:
|
|
|
86baa9 |
entries = api.Backend.ldap2.get_entries(
|
|
|
86baa9 |
diff --git a/ipaserver/install/dns.py b/ipaserver/install/dns.py
|
|
|
86baa9 |
index b17848a80c4300ed74aedc1e29a0dedbee79e6d9..930e038e4d7629563d2cea39fe581987dd0edfef 100644
|
|
|
86baa9 |
--- a/ipaserver/install/dns.py
|
|
|
86baa9 |
+++ b/ipaserver/install/dns.py
|
|
|
86baa9 |
@@ -98,8 +98,8 @@ def _disable_dnssec():
|
|
|
86baa9 |
api.env.basedn)
|
|
|
86baa9 |
|
|
|
86baa9 |
conn = api.Backend.ldap2
|
|
|
86baa9 |
- dn = DN(('cn', 'DNSSEC'), ('cn', api.env.host), ('cn', 'masters'),
|
|
|
86baa9 |
- ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn)
|
|
|
86baa9 |
+ dn = DN(('cn', 'DNSSEC'), ('cn', api.env.host),
|
|
|
86baa9 |
+ api.env.container_masters, api.env.basedn)
|
|
|
86baa9 |
try:
|
|
|
86baa9 |
entry = conn.get_entry(dn)
|
|
|
86baa9 |
except errors.NotFound:
|
|
|
86baa9 |
diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py
|
|
|
86baa9 |
index 789955a67dfc255285a2c82d9a8060495c3469e2..cef01d30454ea1adb8bf9c68f428b9555f1b9557 100644
|
|
|
86baa9 |
--- a/ipaserver/install/ipa_backup.py
|
|
|
86baa9 |
+++ b/ipaserver/install/ipa_backup.py
|
|
|
86baa9 |
@@ -576,7 +576,8 @@ class Backup(admintool.AdminTool):
|
|
|
86baa9 |
config.set('ipa', 'ipa_version', str(version.VERSION))
|
|
|
86baa9 |
config.set('ipa', 'version', '1')
|
|
|
86baa9 |
|
|
|
86baa9 |
- dn = DN(('cn', api.env.host), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn)
|
|
|
86baa9 |
+ dn = DN(('cn', api.env.host), api.env.container_masters,
|
|
|
86baa9 |
+ api.env.basedn)
|
|
|
86baa9 |
services_cns = []
|
|
|
86baa9 |
try:
|
|
|
86baa9 |
conn = self.get_connection()
|
|
|
86baa9 |
diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py
|
|
|
86baa9 |
index 8b2f5bef7c9b1b8e2e2bae4e88850cf18b67b889..bd065a038db4d523048f0566f65458402d801e18 100644
|
|
|
86baa9 |
--- a/ipaserver/install/ipa_restore.py
|
|
|
86baa9 |
+++ b/ipaserver/install/ipa_restore.py
|
|
|
86baa9 |
@@ -507,7 +507,8 @@ class Restore(admintool.AdminTool):
|
|
|
86baa9 |
master, e)
|
|
|
86baa9 |
continue
|
|
|
86baa9 |
|
|
|
86baa9 |
- master_dn = DN(('cn', master), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn)
|
|
|
86baa9 |
+ master_dn = DN(('cn', master), api.env.container_masters,
|
|
|
86baa9 |
+ api.env.basedn)
|
|
|
86baa9 |
try:
|
|
|
86baa9 |
services = repl.conn.get_entries(master_dn,
|
|
|
86baa9 |
repl.conn.SCOPE_ONELEVEL)
|
|
|
86baa9 |
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
|
|
|
86baa9 |
index aa9243dc69674a00f2e1bcdc3e71d44ae8862fbe..319eeb82bcbe61acd70b2943982b6fec6fa33f92 100644
|
|
|
86baa9 |
--- a/ipaserver/install/krbinstance.py
|
|
|
86baa9 |
+++ b/ipaserver/install/krbinstance.py
|
|
|
86baa9 |
@@ -470,11 +470,7 @@ class KrbInstance(service.Service):
|
|
|
86baa9 |
unadvertise enabled PKINIT feature in master's KDC entry in LDAP
|
|
|
86baa9 |
"""
|
|
|
86baa9 |
ldap = api.Backend.ldap2
|
|
|
86baa9 |
- dn = DN(('cn', 'KDC'),
|
|
|
86baa9 |
- ('cn', self.fqdn),
|
|
|
86baa9 |
- ('cn', 'masters'),
|
|
|
86baa9 |
- ('cn', 'ipa'),
|
|
|
86baa9 |
- ('cn', 'etc'),
|
|
|
86baa9 |
+ dn = DN(('cn', 'KDC'), ('cn', self.fqdn), api.env.container_masters,
|
|
|
86baa9 |
self.suffix)
|
|
|
86baa9 |
|
|
|
86baa9 |
entry = ldap.get_entry(dn, ['ipaConfigString'])
|
|
|
86baa9 |
diff --git a/ipaserver/install/plugins/ca_renewal_master.py b/ipaserver/install/plugins/ca_renewal_master.py
|
|
|
86baa9 |
index 618f51244019c2a77a9d0a93437f95c037f1a728..259bd5a991d39adb9f30fe5b22e59c7eef09cfc6 100644
|
|
|
86baa9 |
--- a/ipaserver/install/plugins/ca_renewal_master.py
|
|
|
86baa9 |
+++ b/ipaserver/install/plugins/ca_renewal_master.py
|
|
|
86baa9 |
@@ -46,8 +46,7 @@ class update_ca_renewal_master(Updater):
|
|
|
86baa9 |
return False, []
|
|
|
86baa9 |
|
|
|
86baa9 |
ldap = self.api.Backend.ldap2
|
|
|
86baa9 |
- base_dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'),
|
|
|
86baa9 |
- self.api.env.basedn)
|
|
|
86baa9 |
+ base_dn = DN(self.api.env.container_masters, self.api.env.basedn)
|
|
|
86baa9 |
dn = DN(('cn', 'CA'), ('cn', self.api.env.host), base_dn)
|
|
|
86baa9 |
filter = '(&(cn=CA)(ipaConfigString=caRenewalMaster))'
|
|
|
86baa9 |
try:
|
|
|
86baa9 |
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
|
|
|
86baa9 |
index 70629b4528f033908c584bfaf0793cfa4ce259d4..8644b9ff618d28614a319d6da6a2041fea3c1c1f 100644
|
|
|
86baa9 |
--- a/ipaserver/install/replication.py
|
|
|
86baa9 |
+++ b/ipaserver/install/replication.py
|
|
|
86baa9 |
@@ -1419,8 +1419,7 @@ class ReplicationManager(object):
|
|
|
86baa9 |
|
|
|
86baa9 |
# delete master entry with all active services
|
|
|
86baa9 |
try:
|
|
|
86baa9 |
- dn = DN(('cn', replica), ('cn', 'masters'), ('cn', 'ipa'),
|
|
|
86baa9 |
- ('cn', 'etc'), self.suffix)
|
|
|
86baa9 |
+ dn = DN(('cn', replica), api.env.container_masters, self.suffix)
|
|
|
86baa9 |
entries = self.conn.get_entries(dn, ldap.SCOPE_SUBTREE)
|
|
|
86baa9 |
if entries:
|
|
|
86baa9 |
entries.sort(key=lambda x: len(x.dn), reverse=True)
|
|
|
86baa9 |
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
|
|
|
86baa9 |
index 57c70ea9250bf6fcf027665304e02cc6def8e442..f4389d37909fc0b5aed960638de67243906b634d 100644
|
|
|
86baa9 |
--- a/ipaserver/install/server/upgrade.py
|
|
|
86baa9 |
+++ b/ipaserver/install/server/upgrade.py
|
|
|
86baa9 |
@@ -1244,8 +1244,8 @@ def uninstall_dogtag_9(ds, http):
|
|
|
86baa9 |
logger.debug('Dogtag is version 10 or above')
|
|
|
86baa9 |
return
|
|
|
86baa9 |
|
|
|
86baa9 |
- dn = DN(('cn', 'CA'), ('cn', api.env.host), ('cn', 'masters'),
|
|
|
86baa9 |
- ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn)
|
|
|
86baa9 |
+ dn = DN(('cn', 'CA'), ('cn', api.env.host), api.env.container_masters,
|
|
|
86baa9 |
+ api.env.basedn)
|
|
|
86baa9 |
try:
|
|
|
86baa9 |
api.Backend.ldap2.delete_entry(dn)
|
|
|
86baa9 |
except ipalib.errors.PublicError as e:
|
|
|
86baa9 |
diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py
|
|
|
86baa9 |
index a030801175491f65dc83aa9d42afdb1dfdb65b0f..261eedc85be24478b99e5ae8886aec7bc23a80ed 100644
|
|
|
86baa9 |
--- a/ipaserver/install/service.py
|
|
|
86baa9 |
+++ b/ipaserver/install/service.py
|
|
|
86baa9 |
@@ -134,8 +134,7 @@ def set_service_entry_config(name, fqdn, config_values,
|
|
|
86baa9 |
assert isinstance(ldap_suffix, DN)
|
|
|
86baa9 |
|
|
|
86baa9 |
entry_name = DN(
|
|
|
86baa9 |
- ('cn', name), ('cn', fqdn), ('cn', 'masters'),
|
|
|
86baa9 |
- ('cn', 'ipa'), ('cn', 'etc'), ldap_suffix)
|
|
|
86baa9 |
+ ('cn', name), ('cn', fqdn), api.env.container_masters, ldap_suffix)
|
|
|
86baa9 |
|
|
|
86baa9 |
# enable disabled service
|
|
|
86baa9 |
try:
|
|
|
86baa9 |
@@ -577,8 +576,8 @@ class Service(object):
|
|
|
86baa9 |
def ldap_disable(self, name, fqdn, ldap_suffix):
|
|
|
86baa9 |
assert isinstance(ldap_suffix, DN)
|
|
|
86baa9 |
|
|
|
86baa9 |
- entry_dn = DN(('cn', name), ('cn', fqdn), ('cn', 'masters'),
|
|
|
86baa9 |
- ('cn', 'ipa'), ('cn', 'etc'), ldap_suffix)
|
|
|
86baa9 |
+ entry_dn = DN(('cn', name), ('cn', fqdn), api.env.container_masters,
|
|
|
86baa9 |
+ ldap_suffix)
|
|
|
86baa9 |
search_kw = {'ipaConfigString': ENABLED_SERVICE}
|
|
|
86baa9 |
filter = api.Backend.ldap2.make_filter(search_kw)
|
|
|
86baa9 |
try:
|
|
|
86baa9 |
@@ -611,8 +610,8 @@ class Service(object):
|
|
|
86baa9 |
logger.debug("service %s startup entry disabled", name)
|
|
|
86baa9 |
|
|
|
86baa9 |
def ldap_remove_service_container(self, name, fqdn, ldap_suffix):
|
|
|
86baa9 |
- entry_dn = DN(('cn', name), ('cn', fqdn), ('cn', 'masters'),
|
|
|
86baa9 |
- ('cn', 'ipa'), ('cn', 'etc'), ldap_suffix)
|
|
|
86baa9 |
+ entry_dn = DN(('cn', name), ('cn', fqdn),
|
|
|
86baa9 |
+ self.api.env.container_masters, ldap_suffix)
|
|
|
86baa9 |
try:
|
|
|
86baa9 |
api.Backend.ldap2.delete_entry(entry_dn)
|
|
|
86baa9 |
except errors.NotFound:
|
|
|
86baa9 |
diff --git a/ipaserver/plugins/baseldap.py b/ipaserver/plugins/baseldap.py
|
|
|
86baa9 |
index 08ddc6d10d6431f51296bca9ae28aca8fa8586b2..25449b5aec72cbdbfb57527aa834cc69291398d6 100644
|
|
|
86baa9 |
--- a/ipaserver/plugins/baseldap.py
|
|
|
86baa9 |
+++ b/ipaserver/plugins/baseldap.py
|
|
|
86baa9 |
@@ -497,7 +497,7 @@ def host_is_master(ldap, fqdn):
|
|
|
86baa9 |
|
|
|
86baa9 |
Raises an exception if a master, otherwise returns nothing.
|
|
|
86baa9 |
"""
|
|
|
86baa9 |
- master_dn = DN(('cn', fqdn), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn)
|
|
|
86baa9 |
+ master_dn = DN(('cn', fqdn), api.env.container_masters, api.env.basedn)
|
|
|
86baa9 |
try:
|
|
|
86baa9 |
ldap.get_entry(master_dn, ['objectclass'])
|
|
|
86baa9 |
raise errors.ValidationError(name='hostname', error=_('An IPA master host cannot be deleted or disabled'))
|
|
|
86baa9 |
diff --git a/ipaserver/plugins/domainlevel.py b/ipaserver/plugins/domainlevel.py
|
|
|
86baa9 |
index 306ca0a6d147b2c0dc7a91ee1aefc0e7a5c98048..0d36dc08c07612dc565417a66ab9c467eb7f0555 100644
|
|
|
86baa9 |
--- a/ipaserver/plugins/domainlevel.py
|
|
|
86baa9 |
+++ b/ipaserver/plugins/domainlevel.py
|
|
|
86baa9 |
@@ -72,25 +72,18 @@ def check_conflict_entries(ldap, api, desired_value):
|
|
|
86baa9 |
except errors.NotFound:
|
|
|
86baa9 |
pass
|
|
|
86baa9 |
|
|
|
86baa9 |
+
|
|
|
86baa9 |
def get_master_entries(ldap, api):
|
|
|
86baa9 |
"""
|
|
|
86baa9 |
Returns list of LDAPEntries representing IPA masters.
|
|
|
86baa9 |
"""
|
|
|
86baa9 |
-
|
|
|
86baa9 |
- container_masters = DN(
|
|
|
86baa9 |
- ('cn', 'masters'),
|
|
|
86baa9 |
- ('cn', 'ipa'),
|
|
|
86baa9 |
- ('cn', 'etc'),
|
|
|
86baa9 |
- api.env.basedn
|
|
|
86baa9 |
- )
|
|
|
86baa9 |
-
|
|
|
86baa9 |
+ dn = DN(api.env.container_masters, api.env.basedn)
|
|
|
86baa9 |
masters, _dummy = ldap.find_entries(
|
|
|
86baa9 |
filter="(cn=*)",
|
|
|
86baa9 |
- base_dn=container_masters,
|
|
|
86baa9 |
+ base_dn=dn,
|
|
|
86baa9 |
scope=ldap.SCOPE_ONELEVEL,
|
|
|
86baa9 |
paged_search=True, # we need to make sure to get all of them
|
|
|
86baa9 |
)
|
|
|
86baa9 |
-
|
|
|
86baa9 |
return masters
|
|
|
86baa9 |
|
|
|
86baa9 |
|
|
|
86baa9 |
--
|
|
|
86baa9 |
2.20.1
|
|
|
86baa9 |
|