|
 |
6d47df |
From c69875c8afdd877baf7139c0cd5241f70105cbd4 Mon Sep 17 00:00:00 2001
|
|
|
6d47df |
From: =?UTF-8?q?Fran=C3=A7ois=20Cami?= <fcami@redhat.com>
|
|
|
6d47df |
Date: Tue, 26 Feb 2019 13:59:06 +0100
|
|
|
6d47df |
Subject: [PATCH] ipa-client-automount: handle NFS configuration file changes
|
|
|
6d47df |
MIME-Version: 1.0
|
|
|
6d47df |
Content-Type: text/plain; charset=UTF-8
|
|
|
6d47df |
Content-Transfer-Encoding: 8bit
|
|
|
6d47df |
|
|
|
6d47df |
nfs-utils in Fedora 30 and later switched its configuration
|
|
|
6d47df |
file from /etc/sysconfig/nfs to /etc/nfs.conf, providing a
|
|
|
6d47df |
conversion service (nfs-convert.service) for upgrades.
|
|
|
6d47df |
However, for new installs the original configuration file
|
|
|
6d47df |
is missing. This change:
|
|
|
6d47df |
* adds a tuple-based osinfo.version_number method to handle
|
|
|
6d47df |
more kinds of OS versioning schemes
|
|
|
6d47df |
* detects RHEL and Fedora versions with the the new nfs-utils
|
|
|
6d47df |
behavior
|
|
|
6d47df |
* avoids backing up the new NFS configuration file as we do
|
|
|
6d47df |
not have to modify it.
|
|
|
6d47df |
|
|
|
6d47df |
See: https://bugzilla.redhat.com/show_bug.cgi?id=1676981
|
|
|
6d47df |
|
|
|
6d47df |
Fixes: https://pagure.io/freeipa/issue/7868
|
|
|
6d47df |
Signed-off-by: François Cami <fcami@redhat.com>
|
|
|
6d47df |
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
6d47df |
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
|
|
6d47df |
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
|
|
6d47df |
---
|
|
|
6d47df |
client/ipa-client-automount.in | 18 ++++++++++--------
|
|
|
6d47df |
ipaplatform/fedora/constants.py | 9 ++++++++-
|
|
|
6d47df |
ipaplatform/fedora/paths.py | 3 +++
|
|
|
6d47df |
ipaplatform/fedora/services.py | 2 +-
|
|
|
6d47df |
ipaplatform/osinfo.py | 9 +++++++++
|
|
|
6d47df |
ipaplatform/rhel/constants.py | 7 +++++++
|
|
|
6d47df |
ipaplatform/rhel/paths.py | 4 +++-
|
|
|
6d47df |
7 files changed, 41 insertions(+), 11 deletions(-)
|
|
|
6d47df |
|
|
|
6d47df |
diff --git a/client/ipa-client-automount.in b/client/ipa-client-automount.in
|
|
|
6d47df |
index 15926bd..f9eda9c 100755
|
|
|
6d47df |
--- a/client/ipa-client-automount.in
|
|
|
6d47df |
+++ b/client/ipa-client-automount.in
|
|
|
6d47df |
@@ -335,14 +335,16 @@ def configure_nfs(fstore, statestore):
|
|
|
6d47df |
"""
|
|
|
6d47df |
Configure secure NFS
|
|
|
6d47df |
"""
|
|
|
6d47df |
- replacevars = {
|
|
|
6d47df |
- constants.SECURE_NFS_VAR: 'yes',
|
|
|
6d47df |
- }
|
|
|
6d47df |
- ipautil.backup_config_and_replace_variables(fstore,
|
|
|
6d47df |
- paths.SYSCONFIG_NFS, replacevars=replacevars)
|
|
|
6d47df |
- tasks.restore_context(paths.SYSCONFIG_NFS)
|
|
|
6d47df |
-
|
|
|
6d47df |
- print("Configured %s" % paths.SYSCONFIG_NFS)
|
|
|
6d47df |
+ # Newer Fedora releases ship /etc/nfs.conf instead of /etc/sysconfig/nfs
|
|
|
6d47df |
+ # and do not require changes there. On these, SECURE_NFS_VAR == None
|
|
|
6d47df |
+ if constants.SECURE_NFS_VAR:
|
|
|
6d47df |
+ replacevars = {
|
|
|
6d47df |
+ constants.SECURE_NFS_VAR: 'yes',
|
|
|
6d47df |
+ }
|
|
|
6d47df |
+ ipautil.backup_config_and_replace_variables(fstore,
|
|
|
6d47df |
+ paths.SYSCONFIG_NFS, replacevars=replacevars)
|
|
|
6d47df |
+ tasks.restore_context(paths.SYSCONFIG_NFS)
|
|
|
6d47df |
+ print("Configured %s" % paths.SYSCONFIG_NFS)
|
|
|
6d47df |
|
|
|
6d47df |
# Prepare the changes
|
|
|
6d47df |
# We need to use IPAChangeConf as simple regexp substitution
|
|
|
6d47df |
diff --git a/ipaplatform/fedora/constants.py b/ipaplatform/fedora/constants.py
|
|
|
6d47df |
index d48696e..744b30a 100644
|
|
|
6d47df |
--- a/ipaplatform/fedora/constants.py
|
|
|
6d47df |
+++ b/ipaplatform/fedora/constants.py
|
|
|
6d47df |
@@ -10,6 +10,12 @@ This Fedora base platform module exports platform related constants.
|
|
|
6d47df |
from __future__ import absolute_import
|
|
|
6d47df |
|
|
|
6d47df |
from ipaplatform.redhat.constants import RedHatConstantsNamespace
|
|
|
6d47df |
+from ipaplatform.osinfo import osinfo
|
|
|
6d47df |
+
|
|
|
6d47df |
+# Fedora 28 and earlier use /etc/sysconfig/nfs
|
|
|
6d47df |
+# Fedora 30 and later use /etc/nfs.conf
|
|
|
6d47df |
+# Fedora 29 has both
|
|
|
6d47df |
+HAS_NFS_CONF = osinfo.version_number >= (30,)
|
|
|
6d47df |
|
|
|
6d47df |
|
|
|
6d47df |
class FedoraConstantsNamespace(RedHatConstantsNamespace):
|
|
|
6d47df |
@@ -22,6 +28,7 @@ class FedoraConstantsNamespace(RedHatConstantsNamespace):
|
|
|
6d47df |
# secure remote password, and DSA cert authentication.
|
|
|
6d47df |
# see https://fedoraproject.org/wiki/Changes/CryptoPolicy
|
|
|
6d47df |
TLS_HIGH_CIPHERS = "PROFILE=SYSTEM:!3DES:!PSK:!SRP:!aDSS"
|
|
|
6d47df |
-
|
|
|
6d47df |
+ if HAS_NFS_CONF:
|
|
|
6d47df |
+ SECURE_NFS_VAR = None
|
|
|
6d47df |
|
|
|
6d47df |
constants = FedoraConstantsNamespace()
|
|
|
6d47df |
diff --git a/ipaplatform/fedora/paths.py b/ipaplatform/fedora/paths.py
|
|
|
6d47df |
index a9bdedf..4e993c0 100644
|
|
|
6d47df |
--- a/ipaplatform/fedora/paths.py
|
|
|
6d47df |
+++ b/ipaplatform/fedora/paths.py
|
|
|
6d47df |
@@ -26,6 +26,7 @@ in Fedora-based systems.
|
|
|
6d47df |
from __future__ import absolute_import
|
|
|
6d47df |
|
|
|
6d47df |
from ipaplatform.redhat.paths import RedHatPathNamespace
|
|
|
6d47df |
+from ipaplatform.fedora.constants import HAS_NFS_CONF
|
|
|
6d47df |
|
|
|
6d47df |
|
|
|
6d47df |
class FedoraPathNamespace(RedHatPathNamespace):
|
|
|
6d47df |
@@ -33,6 +34,8 @@ class FedoraPathNamespace(RedHatPathNamespace):
|
|
|
6d47df |
"/etc/httpd/conf.modules.d/02-ipa-wsgi.conf"
|
|
|
6d47df |
)
|
|
|
6d47df |
NAMED_CRYPTO_POLICY_FILE = "/etc/crypto-policies/back-ends/bind.config"
|
|
|
6d47df |
+ if HAS_NFS_CONF:
|
|
|
6d47df |
+ SYSCONFIG_NFS = '/etc/nfs.conf'
|
|
|
6d47df |
|
|
|
6d47df |
|
|
|
6d47df |
paths = FedoraPathNamespace()
|
|
|
6d47df |
diff --git a/ipaplatform/fedora/services.py b/ipaplatform/fedora/services.py
|
|
|
6d47df |
index 5ff64f1..543cb1b 100644
|
|
|
6d47df |
--- a/ipaplatform/fedora/services.py
|
|
|
6d47df |
+++ b/ipaplatform/fedora/services.py
|
|
|
6d47df |
@@ -34,7 +34,7 @@ fedora_system_units = redhat_services.redhat_system_units.copy()
|
|
|
6d47df |
# Fedora 28 and earlier have fedora-domainname.service. Starting from
|
|
|
6d47df |
# Fedora 29, the service is called nis-domainname.service as defined in
|
|
|
6d47df |
# ipaplatform.redhat.services.
|
|
|
6d47df |
-HAS_FEDORA_DOMAINNAME_SERVICE = int(osinfo.version_id) <= 28
|
|
|
6d47df |
+HAS_FEDORA_DOMAINNAME_SERVICE = osinfo.version_number <= (28,)
|
|
|
6d47df |
|
|
|
6d47df |
if HAS_FEDORA_DOMAINNAME_SERVICE:
|
|
|
6d47df |
fedora_system_units['domainname'] = 'fedora-domainname.service'
|
|
|
6d47df |
diff --git a/ipaplatform/osinfo.py b/ipaplatform/osinfo.py
|
|
|
6d47df |
index a38165d..35b024e 100644
|
|
|
6d47df |
--- a/ipaplatform/osinfo.py
|
|
|
6d47df |
+++ b/ipaplatform/osinfo.py
|
|
|
6d47df |
@@ -178,6 +178,15 @@ class OSInfo(Mapping):
|
|
|
6d47df |
return self._info.get('VERSION_ID')
|
|
|
6d47df |
|
|
|
6d47df |
@property
|
|
|
6d47df |
+ def version_number(self):
|
|
|
6d47df |
+ """Version number tuple based on version_id
|
|
|
6d47df |
+ """
|
|
|
6d47df |
+ version_id = self._info.get('VERSION_ID')
|
|
|
6d47df |
+ if not version_id:
|
|
|
6d47df |
+ return ()
|
|
|
6d47df |
+ return tuple(int(p) for p in version_id.split('.'))
|
|
|
6d47df |
+
|
|
|
6d47df |
+ @property
|
|
|
6d47df |
def platform_ids(self):
|
|
|
6d47df |
"""Ordered tuple of detected platforms (including override)
|
|
|
6d47df |
"""
|
|
|
6d47df |
diff --git a/ipaplatform/rhel/constants.py b/ipaplatform/rhel/constants.py
|
|
|
6d47df |
index 72335ac..073e332 100644
|
|
|
6d47df |
--- a/ipaplatform/rhel/constants.py
|
|
|
6d47df |
+++ b/ipaplatform/rhel/constants.py
|
|
|
6d47df |
@@ -10,10 +10,17 @@ This RHEL base platform module exports platform related constants.
|
|
|
6d47df |
from __future__ import absolute_import
|
|
|
6d47df |
|
|
|
6d47df |
from ipaplatform.redhat.constants import RedHatConstantsNamespace
|
|
|
6d47df |
+from ipaplatform.osinfo import osinfo
|
|
|
6d47df |
+
|
|
|
6d47df |
+# RHEL 7 and earlier use /etc/sysconfig/nfs
|
|
|
6d47df |
+# RHEL 8 uses /etc/nfs.conf
|
|
|
6d47df |
+HAS_NFS_CONF = osinfo.version_number >= (8,)
|
|
|
6d47df |
|
|
|
6d47df |
|
|
|
6d47df |
class RHELConstantsNamespace(RedHatConstantsNamespace):
|
|
|
6d47df |
IPA_ADTRUST_PACKAGE_NAME = "ipa-server-trust-ad"
|
|
|
6d47df |
IPA_DNS_PACKAGE_NAME = "ipa-server-dns"
|
|
|
6d47df |
+ if HAS_NFS_CONF:
|
|
|
6d47df |
+ SECURE_NFS_VAR = None
|
|
|
6d47df |
|
|
|
6d47df |
constants = RHELConstantsNamespace()
|
|
|
6d47df |
diff --git a/ipaplatform/rhel/paths.py b/ipaplatform/rhel/paths.py
|
|
|
6d47df |
index d8b64ab..c081ada 100644
|
|
|
6d47df |
--- a/ipaplatform/rhel/paths.py
|
|
|
6d47df |
+++ b/ipaplatform/rhel/paths.py
|
|
|
6d47df |
@@ -26,10 +26,12 @@ in RHEL-based systems.
|
|
|
6d47df |
from __future__ import absolute_import
|
|
|
6d47df |
|
|
|
6d47df |
from ipaplatform.redhat.paths import RedHatPathNamespace
|
|
|
6d47df |
+from ipaplatform.rhel.constants import HAS_NFS_CONF
|
|
|
6d47df |
|
|
|
6d47df |
|
|
|
6d47df |
class RHELPathNamespace(RedHatPathNamespace):
|
|
|
6d47df |
- pass
|
|
|
6d47df |
+ if HAS_NFS_CONF:
|
|
|
6d47df |
+ SYSCONFIG_NFS = '/etc/nfs.conf'
|
|
|
6d47df |
|
|
|
6d47df |
|
|
|
6d47df |
paths = RHELPathNamespace()
|
|
|
6d47df |
--
|
|
|
6d47df |
2.9.3
|
|
|
6d47df |
|