From 5e1ff6ef5fa35715a5b9995388c6d7b16375ac23 Mon Sep 17 00:00:00 2001
From: Christian Heimes <cheimes@redhat.com>
Date: Fri, 10 Jul 2015 18:18:29 +0200
Subject: [PATCH] Start dirsrv for kdcproxy upgrade

The kdcproxy upgrade step in ipa-server-upgrade needs a running dirsrv
instance. Under some circumstances the dirsrv isn't running. The patch
rearranges some upgrade steps and starts DS before enable_kdcproxy().

https://fedorahosted.org/freeipa/ticket/5113

Reviewed-By: Martin Basti <mbasti@redhat.com>
---
 ipaserver/install/server/upgrade.py | 35 +++++++++++++++++++----------------
 1 file changed, 19 insertions(+), 16 deletions(-)

diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index 84a5b06accb10663eaa4d995f66796366040e9c8..f295655dc2aa592e0215f15017c9b65af49eef80 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -1396,22 +1396,6 @@ def upgrade_configuration():
     http.change_mod_nss_port_from_http()
     http.configure_certmonger_renewal_guard()
 
-    if not http.is_kdcproxy_configured():
-        root_logger.info('[Enabling KDC Proxy]')
-        if http.admin_conn is None:
-            http.ldapi = True
-            http.fqdn = fqdn
-            http.realm = api.env.realm
-            http.suffix = ipautil.realm_to_suffix(api.env.realm)
-            http.ldap_connect()
-        http.create_kdcproxy_conf()
-        http.enable_kdcproxy()
-
-    http.stop()
-    update_mod_nss_protocol(http)
-    fix_trust_flags()
-    http.start()
-
     ds = dsinstance.DsInstance()
     ds.configure_dirsrv_ccache()
 
@@ -1433,6 +1417,25 @@ def upgrade_configuration():
     ds.suffix = ipautil.realm_to_suffix(api.env.realm)
     ds_enable_sidgen_extdom_plugins(ds)
 
+    # Now 389-ds is available, run the remaining http tasks
+    if not http.is_kdcproxy_configured():
+        root_logger.info('[Enabling KDC Proxy]')
+        if http.admin_conn is None:
+             # 389-ds needs to be running
+            ds.start()
+            http.ldapi = True
+            http.fqdn = fqdn
+            http.realm = api.env.realm
+            http.suffix = ipautil.realm_to_suffix(api.env.realm)
+            http.ldap_connect()
+        http.create_kdcproxy_conf()
+        http.enable_kdcproxy()
+
+    http.stop()
+    update_mod_nss_protocol(http)
+    fix_trust_flags()
+    http.start()
+
     uninstall_selfsign(ds, http)
 
     simple_service_list = (
-- 
2.1.0