rpms / ipa

Clone
Source Code
GIT

Blame SOURCES/0113-Refresh-Dogtag-RestClient.ca_host-property.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client c8s-stream-DL1 c8s-stream-client c9 c9-beta
  1.   ac7d03c67af81669700da761908f3f0de3d23372
  2.   SOURCES
  3.   0113-Refresh-Dogtag-RestClient.ca_host-property.patch
Blob History Raw
ac7d03 
From 103d784865c4ebab9085e8edda34f9cb47d70150 Mon Sep 17 00:00:00 2001
ac7d03 
From: Stanislav Laznicka <slaznick@redhat.com>
ac7d03 
Date: Thu, 27 Apr 2017 12:51:30 +0200
ac7d03 
Subject: [PATCH] Refresh Dogtag RestClient.ca_host property
ac7d03
ac7d03 
Refresh the ca_host property of the Dogtag's RestClient class when
ac7d03 
it's requested as a context manager.
ac7d03
ac7d03 
This solves the problem which would occur on DL0 when installing
ac7d03 
CA which needs to perform a set of steps against itself accessing
ac7d03 
8443 port. This port should however only be available locally so
ac7d03 
trying to connect to remote master would fail. We need to make
ac7d03 
sure the right CA host is accessed.
ac7d03
ac7d03 
https://pagure.io/freeipa/issue/6878
ac7d03
ac7d03 
Reviewed-By: Martin Basti <mbasti@redhat.com>
ac7d03 
Reviewed-By: Christian Heimes <cheimes@redhat.com>
ac7d03 
---
ac7d03 
 ipaserver/install/cainstance.py |  5 ++---
ac7d03 
 ipaserver/plugins/dogtag.py     | 30 ++++++++++++++++++------------
ac7d03 
 2 files changed, 20 insertions(+), 15 deletions(-)
ac7d03
ac7d03 
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
ac7d03 
index 84d60bfddc0fb968f31706e54e36557e9543846e..d72feb884964ecf49fe0166cbfeb3cb2c10737fe 100644
ac7d03 
--- a/ipaserver/install/cainstance.py
ac7d03 
+++ b/ipaserver/install/cainstance.py
ac7d03 
@@ -425,6 +425,8 @@ class CAInstance(DogtagInstance):
ac7d03 
                 self.step("Configure HTTP to proxy connections",
ac7d03 
                           self.http_proxy)
ac7d03 
                 self.step("restarting certificate server", self.restart_instance)
ac7d03 
+                self.step("updating IPA configuration", update_ipa_conf)
ac7d03 
+                self.step("enabling CA instance", self.__enable_instance)
ac7d03 
                 if not promote:
ac7d03 
                     self.step("migrating certificate profiles to LDAP",
ac7d03 
                               migrate_profiles_to_ldap)
ac7d03 
@@ -432,9 +434,6 @@ class CAInstance(DogtagInstance):
ac7d03 
                               import_included_profiles)
ac7d03 
                     self.step("adding default CA ACL", ensure_default_caacl)
ac7d03 
                     self.step("adding 'ipa' CA entry", ensure_ipa_authority_entry)
ac7d03 
-                self.step("updating IPA configuration", update_ipa_conf)
ac7d03 
-
ac7d03 
-                self.step("enabling CA instance", self.__enable_instance)
ac7d03
ac7d03 
                 self.step("configuring certmonger renewal for lightweight CAs",
ac7d03 
                           self.__add_lightweight_ca_tracking_requests)
ac7d03 
diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py
ac7d03 
index 3997531032746a22243a4219250af4172e9ae5b3..bddaab58a546196958811f10bb4d049db4aea524 100644
ac7d03 
--- a/ipaserver/plugins/dogtag.py
ac7d03 
+++ b/ipaserver/plugins/dogtag.py
ac7d03 
@@ -1202,7 +1202,6 @@ import os
ac7d03 
 import random
ac7d03 
 from ipaserver.plugins import rabase
ac7d03 
 from ipalib.constants import TYPE_ERROR
ac7d03 
-from ipalib.util import cachedproperty
ac7d03 
 from ipalib import _
ac7d03 
 from ipaplatform.paths import paths
ac7d03
ac7d03 
@@ -1250,34 +1249,41 @@ class RestClient(Backend):
ac7d03 
             self.client_keyfile = paths.RA_AGENT_KEY
ac7d03 
         super(RestClient, self).__init__(api)
ac7d03
ac7d03 
+        self._ca_host = None
ac7d03 
         # session cookie
ac7d03 
         self.override_port = None
ac7d03 
         self.cookie = None
ac7d03
ac7d03 
-    @cachedproperty
ac7d03 
+    @property
ac7d03 
     def ca_host(self):
ac7d03 
         """
ac7d03 
-        :return:   host
ac7d03 
-                   as str
ac7d03 
+        :returns: FQDN of a host hopefully providing a CA service
ac7d03
ac7d03 
-        Select our CA host.
ac7d03 
+        Select our CA host, cache it for the first time.
ac7d03 
         """
ac7d03 
+        if self._ca_host is not None:
ac7d03 
+            return self._ca_host
ac7d03 
+
ac7d03 
         ldap2 = self.api.Backend.ldap2
ac7d03 
         if host_has_service(api.env.ca_host, ldap2, "CA"):
ac7d03 
-            return api.env.ca_host
ac7d03 
-        if api.env.host != api.env.ca_host:
ac7d03 
+            object.__setattr__(self, '_ca_host', api.env.ca_host)
ac7d03 
+        elif api.env.host != api.env.ca_host:
ac7d03 
             if host_has_service(api.env.host, ldap2, "CA"):
ac7d03 
-                return api.env.host
ac7d03 
-        host = select_any_master(ldap2)
ac7d03 
-        if host:
ac7d03 
-            return host
ac7d03 
+                object.__setattr__(self, '_ca_host', api.env.host)
ac7d03 
         else:
ac7d03 
-            return api.env.ca_host
ac7d03 
+            object.__setattr__(self, '_ca_host', select_any_master(ldap2))
ac7d03 
+        if self._ca_host is None:
ac7d03 
+            object.__setattr__(self, '_ca_host', api.env.ca_host)
ac7d03 
+        return self._ca_host
ac7d03
ac7d03 
     def __enter__(self):
ac7d03 
         """Log into the REST API"""
ac7d03 
         if self.cookie is not None:
ac7d03 
             return
ac7d03 
+
ac7d03 
+        # Refresh the ca_host property
ac7d03 
+        object.__setattr__(self, '_ca_host', None)
ac7d03 
+
ac7d03 
         status, resp_headers, _resp_body = dogtag.https_request(
ac7d03 
             self.ca_host, self.override_port or self.env.ca_agent_port,
ac7d03 
             url='/ca/rest/account/login',
ac7d03 
--
ac7d03 
2.12.2
ac7d03

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation