areguera / rpms / ipa

Forked from rpms/ipa 5 years ago
Clone
86baa9
From d0327f33d3bc426db5c8dd86666e680da6a44b61 Mon Sep 17 00:00:00 2001
86baa9
From: Christian Heimes <cheimes@redhat.com>
86baa9
Date: Tue, 26 Mar 2019 13:27:35 +0100
86baa9
Subject: [PATCH] Synchronize hidden state from IPA master role
86baa9
86baa9
ipa-{adtrust|ca|dns|kra}-install on a hidden replica also installs the
86baa9
new service as hidden service.
86baa9
86baa9
Fixes: https://pagure.io/freeipa/issue/7892
86baa9
Signed-off-by: Christian Heimes <cheimes@redhat.com>
86baa9
Reviewed-By: Thomas Woerner <twoerner@redhat.com>
86baa9
Reviewed-By: Francois Cami <fcami@redhat.com>
86baa9
---
86baa9
 install/tools/ipa-adtrust-install             |  2 +-
86baa9
 install/tools/ipa-ca-install                  |  2 +-
86baa9
 ipaserver/install/ipa_kra_install.py          |  2 +-
86baa9
 ipaserver/install/service.py                  | 22 +++++++++++++++++++
86baa9
 .../test_replica_promotion.py                 |  4 +++-
86baa9
 5 files changed, 28 insertions(+), 4 deletions(-)
86baa9
86baa9
diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install
86baa9
index 9dbfadb6fae193e2f4a54b3a0e226e0a6b1fd26f..19bd21866119b4a23f5a6a02cc8ea37c8f5d36ea 100755
86baa9
--- a/install/tools/ipa-adtrust-install
86baa9
+++ b/install/tools/ipa-adtrust-install
86baa9
@@ -213,7 +213,7 @@ def main():
86baa9
     adtrust.install(True, options, fstore, api)
86baa9
 
86baa9
     # Enable configured services and update DNS SRV records
86baa9
-    service.enable_services(api.env.host)
86baa9
+    service.sync_services_state(api.env.host)
86baa9
     api.Command.dns_update_system_records()
86baa9
 
86baa9
     print("""
86baa9
diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install
86baa9
index 55182dc30e4736618f749e78db161fc7eefe37ac..dda7a0527b07695c51140c437a2699c8634f2724 100755
86baa9
--- a/install/tools/ipa-ca-install
86baa9
+++ b/install/tools/ipa-ca-install
86baa9
@@ -347,7 +347,7 @@ def main():
86baa9
     api.Backend.ldap2.connect()
86baa9
 
86baa9
     # Enable configured services and update DNS SRV records
86baa9
-    service.enable_services(api.env.host)
86baa9
+    service.sync_services_state(api.env.host)
86baa9
     api.Command.dns_update_system_records()
86baa9
     api.Backend.ldap2.disconnect()
86baa9
 
86baa9
diff --git a/ipaserver/install/ipa_kra_install.py b/ipaserver/install/ipa_kra_install.py
86baa9
index 19260ac7f23a7c6f3a6328d4f146510a186b706e..006bc92bec581e1983f11bfd75498b5484f2567a 100644
86baa9
--- a/ipaserver/install/ipa_kra_install.py
86baa9
+++ b/ipaserver/install/ipa_kra_install.py
86baa9
@@ -239,6 +239,6 @@ class KRAInstaller(KRAInstall):
86baa9
         api.Backend.ldap2.connect()
86baa9
 
86baa9
         # Enable configured services and update DNS SRV records
86baa9
-        service.enable_services(api.env.host)
86baa9
+        service.sync_services_state(api.env.host)
86baa9
         api.Command.dns_update_system_records()
86baa9
         api.Backend.ldap2.disconnect()
86baa9
diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py
86baa9
index 6d7997c559f8d748f00dd9df28371c53bc12ee21..8948f64c2ec2db4cd013699e07dd94d5dba6c043 100644
86baa9
--- a/ipaserver/install/service.py
86baa9
+++ b/ipaserver/install/service.py
86baa9
@@ -41,6 +41,7 @@ from ipaplatform.paths import paths
86baa9
 from ipaserver.masters import (
86baa9
     CONFIGURED_SERVICE, ENABLED_SERVICE, HIDDEN_SERVICE, SERVICE_LIST
86baa9
 )
86baa9
+from ipaserver.servroles import HIDDEN
86baa9
 
86baa9
 logger = logging.getLogger(__name__)
86baa9
 
86baa9
@@ -202,6 +203,27 @@ def hide_services(fqdn):
86baa9
     _set_services_state(fqdn, HIDDEN_SERVICE)
86baa9
 
86baa9
 
86baa9
+def sync_services_state(fqdn):
86baa9
+    """Synchronize services state from IPA master role state
86baa9
+
86baa9
+    Hide all services if the IPA master role state is in hidden state.
86baa9
+    Otherwise enable all services.
86baa9
+
86baa9
+    :param fqdn: hostname of server
86baa9
+    """
86baa9
+    result = api.Command.server_role_find(
86baa9
+        server_server=fqdn,
86baa9
+        role_servrole='IPA master',
86baa9
+        status=HIDDEN
86baa9
+    )
86baa9
+    if result['count']:
86baa9
+        # one hidden server role
86baa9
+        hide_services(fqdn)
86baa9
+    else:
86baa9
+        # IPA master is either enabled or configured, enable all
86baa9
+        enable_services(fqdn)
86baa9
+
86baa9
+
86baa9
 def _set_services_state(fqdn, dest_state):
86baa9
     """Change all services of a host
86baa9
 
86baa9
diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py
86baa9
index bf028bf7dc58abb6455ba1659f2d19bede69daa2..df71972a2ba3ad503011a558295bd38f587faf44 100644
86baa9
--- a/ipatests/test_integration/test_replica_promotion.py
86baa9
+++ b/ipatests/test_integration/test_replica_promotion.py
86baa9
@@ -823,9 +823,11 @@ class TestHiddenReplicaPromotion(IntegrationTest):
86baa9
         # hidden replica with CA and DNS
86baa9
         tasks.install_replica(
86baa9
             cls.master, cls.replicas[0],
86baa9
-            setup_dns=True, setup_kra=True,
86baa9
+            setup_dns=True, setup_kra=False,
86baa9
             extra_args=('--hidden-replica',)
86baa9
         )
86baa9
+        # manually install KRA to verify that hidden state is synced
86baa9
+        tasks.install_kra(cls.replicas[0])
86baa9
 
86baa9
     def _check_dnsrecords(self, hosts_expected, hosts_unexpected=()):
86baa9
         domain = DNSName(self.master.domain.name).make_absolute()
86baa9
-- 
86baa9
2.20.1
86baa9