590d18
From 5e1ff6ef5fa35715a5b9995388c6d7b16375ac23 Mon Sep 17 00:00:00 2001
590d18
From: Christian Heimes <cheimes@redhat.com>
590d18
Date: Fri, 10 Jul 2015 18:18:29 +0200
590d18
Subject: [PATCH] Start dirsrv for kdcproxy upgrade
590d18
590d18
The kdcproxy upgrade step in ipa-server-upgrade needs a running dirsrv
590d18
instance. Under some circumstances the dirsrv isn't running. The patch
590d18
rearranges some upgrade steps and starts DS before enable_kdcproxy().
590d18
590d18
https://fedorahosted.org/freeipa/ticket/5113
590d18
590d18
Reviewed-By: Martin Basti <mbasti@redhat.com>
590d18
---
590d18
 ipaserver/install/server/upgrade.py | 35 +++++++++++++++++++----------------
590d18
 1 file changed, 19 insertions(+), 16 deletions(-)
590d18
590d18
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
590d18
index 84a5b06accb10663eaa4d995f66796366040e9c8..f295655dc2aa592e0215f15017c9b65af49eef80 100644
590d18
--- a/ipaserver/install/server/upgrade.py
590d18
+++ b/ipaserver/install/server/upgrade.py
590d18
@@ -1396,22 +1396,6 @@ def upgrade_configuration():
590d18
     http.change_mod_nss_port_from_http()
590d18
     http.configure_certmonger_renewal_guard()
590d18
 
590d18
-    if not http.is_kdcproxy_configured():
590d18
-        root_logger.info('[Enabling KDC Proxy]')
590d18
-        if http.admin_conn is None:
590d18
-            http.ldapi = True
590d18
-            http.fqdn = fqdn
590d18
-            http.realm = api.env.realm
590d18
-            http.suffix = ipautil.realm_to_suffix(api.env.realm)
590d18
-            http.ldap_connect()
590d18
-        http.create_kdcproxy_conf()
590d18
-        http.enable_kdcproxy()
590d18
-
590d18
-    http.stop()
590d18
-    update_mod_nss_protocol(http)
590d18
-    fix_trust_flags()
590d18
-    http.start()
590d18
-
590d18
     ds = dsinstance.DsInstance()
590d18
     ds.configure_dirsrv_ccache()
590d18
 
590d18
@@ -1433,6 +1417,25 @@ def upgrade_configuration():
590d18
     ds.suffix = ipautil.realm_to_suffix(api.env.realm)
590d18
     ds_enable_sidgen_extdom_plugins(ds)
590d18
 
590d18
+    # Now 389-ds is available, run the remaining http tasks
590d18
+    if not http.is_kdcproxy_configured():
590d18
+        root_logger.info('[Enabling KDC Proxy]')
590d18
+        if http.admin_conn is None:
590d18
+             # 389-ds needs to be running
590d18
+            ds.start()
590d18
+            http.ldapi = True
590d18
+            http.fqdn = fqdn
590d18
+            http.realm = api.env.realm
590d18
+            http.suffix = ipautil.realm_to_suffix(api.env.realm)
590d18
+            http.ldap_connect()
590d18
+        http.create_kdcproxy_conf()
590d18
+        http.enable_kdcproxy()
590d18
+
590d18
+    http.stop()
590d18
+    update_mod_nss_protocol(http)
590d18
+    fix_trust_flags()
590d18
+    http.start()
590d18
+
590d18
     uninstall_selfsign(ds, http)
590d18
 
590d18
     simple_service_list = (
590d18
-- 
590d18
2.1.0
590d18