|
 |
590d18 |
From 5e1ff6ef5fa35715a5b9995388c6d7b16375ac23 Mon Sep 17 00:00:00 2001
|
|
|
590d18 |
From: Christian Heimes <cheimes@redhat.com>
|
|
|
590d18 |
Date: Fri, 10 Jul 2015 18:18:29 +0200
|
|
|
590d18 |
Subject: [PATCH] Start dirsrv for kdcproxy upgrade
|
|
|
590d18 |
|
|
|
590d18 |
The kdcproxy upgrade step in ipa-server-upgrade needs a running dirsrv
|
|
|
590d18 |
instance. Under some circumstances the dirsrv isn't running. The patch
|
|
|
590d18 |
rearranges some upgrade steps and starts DS before enable_kdcproxy().
|
|
|
590d18 |
|
|
|
590d18 |
https://fedorahosted.org/freeipa/ticket/5113
|
|
|
590d18 |
|
|
|
590d18 |
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
|
|
590d18 |
---
|
|
|
590d18 |
ipaserver/install/server/upgrade.py | 35 +++++++++++++++++++----------------
|
|
|
590d18 |
1 file changed, 19 insertions(+), 16 deletions(-)
|
|
|
590d18 |
|
|
|
590d18 |
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
|
|
|
590d18 |
index 84a5b06accb10663eaa4d995f66796366040e9c8..f295655dc2aa592e0215f15017c9b65af49eef80 100644
|
|
|
590d18 |
--- a/ipaserver/install/server/upgrade.py
|
|
|
590d18 |
+++ b/ipaserver/install/server/upgrade.py
|
|
|
590d18 |
@@ -1396,22 +1396,6 @@ def upgrade_configuration():
|
|
|
590d18 |
http.change_mod_nss_port_from_http()
|
|
|
590d18 |
http.configure_certmonger_renewal_guard()
|
|
|
590d18 |
|
|
|
590d18 |
- if not http.is_kdcproxy_configured():
|
|
|
590d18 |
- root_logger.info('[Enabling KDC Proxy]')
|
|
|
590d18 |
- if http.admin_conn is None:
|
|
|
590d18 |
- http.ldapi = True
|
|
|
590d18 |
- http.fqdn = fqdn
|
|
|
590d18 |
- http.realm = api.env.realm
|
|
|
590d18 |
- http.suffix = ipautil.realm_to_suffix(api.env.realm)
|
|
|
590d18 |
- http.ldap_connect()
|
|
|
590d18 |
- http.create_kdcproxy_conf()
|
|
|
590d18 |
- http.enable_kdcproxy()
|
|
|
590d18 |
-
|
|
|
590d18 |
- http.stop()
|
|
|
590d18 |
- update_mod_nss_protocol(http)
|
|
|
590d18 |
- fix_trust_flags()
|
|
|
590d18 |
- http.start()
|
|
|
590d18 |
-
|
|
|
590d18 |
ds = dsinstance.DsInstance()
|
|
|
590d18 |
ds.configure_dirsrv_ccache()
|
|
|
590d18 |
|
|
|
590d18 |
@@ -1433,6 +1417,25 @@ def upgrade_configuration():
|
|
|
590d18 |
ds.suffix = ipautil.realm_to_suffix(api.env.realm)
|
|
|
590d18 |
ds_enable_sidgen_extdom_plugins(ds)
|
|
|
590d18 |
|
|
|
590d18 |
+ # Now 389-ds is available, run the remaining http tasks
|
|
|
590d18 |
+ if not http.is_kdcproxy_configured():
|
|
|
590d18 |
+ root_logger.info('[Enabling KDC Proxy]')
|
|
|
590d18 |
+ if http.admin_conn is None:
|
|
|
590d18 |
+ # 389-ds needs to be running
|
|
|
590d18 |
+ ds.start()
|
|
|
590d18 |
+ http.ldapi = True
|
|
|
590d18 |
+ http.fqdn = fqdn
|
|
|
590d18 |
+ http.realm = api.env.realm
|
|
|
590d18 |
+ http.suffix = ipautil.realm_to_suffix(api.env.realm)
|
|
|
590d18 |
+ http.ldap_connect()
|
|
|
590d18 |
+ http.create_kdcproxy_conf()
|
|
|
590d18 |
+ http.enable_kdcproxy()
|
|
|
590d18 |
+
|
|
|
590d18 |
+ http.stop()
|
|
|
590d18 |
+ update_mod_nss_protocol(http)
|
|
|
590d18 |
+ fix_trust_flags()
|
|
|
590d18 |
+ http.start()
|
|
|
590d18 |
+
|
|
|
590d18 |
uninstall_selfsign(ds, http)
|
|
|
590d18 |
|
|
|
590d18 |
simple_service_list = (
|
|
|
590d18 |
--
|
|
|
590d18 |
2.1.0
|
|
|
590d18 |
|