rpms / ipa

Clone
Source Code
GIT

Blame SOURCES/0176-prevent-crash-of-CA-less-server-upgrade-due-to-absen.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client c8s-stream-DL1 c8s-stream-client c9 c9-beta
  1.   e0ab38574a8cbb215f11d3bd2e50e7de2a4aa9d8
  2.   SOURCES
  3.   0176-prevent-crash-of-CA-less-server-upgrade-due-to-absen.patch
Blob History Raw
e0ab38 
From 61f54afcde1df217fec01aa9ab38b0b9b704c501 Mon Sep 17 00:00:00 2001
e0ab38 
From: Martin Babinsky <mbabinsk@redhat.com>
e0ab38 
Date: Tue, 5 Jan 2016 13:00:24 +0100
e0ab38 
Subject: [PATCH] prevent crash of CA-less server upgrade due to absent
e0ab38 
 certmonger
e0ab38
e0ab38 
ipa-server-upgrade tests whether certmonger service is running before
e0ab38 
attempting to upgrade IPA master. This causes the upgrader to always fail when
e0ab38 
there is no CA installer and certmonger is not needed, effectively preventing
e0ab38 
CA-less IPA master to upgrade succefuly.
e0ab38
e0ab38 
This test is now skipped if CA is not enabled.
e0ab38
e0ab38 
https://fedorahosted.org/freeipa/ticket/5519
e0ab38
e0ab38 
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
e0ab38 
---
e0ab38 
 ipaserver/install/server/upgrade.py | 29 +++++++++++++++++++++++++++--
e0ab38 
 1 file changed, 27 insertions(+), 2 deletions(-)
e0ab38
e0ab38 
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
e0ab38 
index 945cb3ebd63767cb1d57083e1da7c5605ac5a2f9..616fba5c1a5b3737481aecbb09ab5344641a3b04 100644
e0ab38 
--- a/ipaserver/install/server/upgrade.py
e0ab38 
+++ b/ipaserver/install/server/upgrade.py
e0ab38 
@@ -292,6 +292,24 @@ def setup_firefox_extension(fstore):
e0ab38 
     http.setup_firefox_extension(realm, domain)
e0ab38
e0ab38
e0ab38 
+def is_ca_enabled():
e0ab38 
+    """
e0ab38 
+    check whether there is an active CA master
e0ab38 
+    :return: True if there is an active CA in topology, False otherwise
e0ab38 
+    """
e0ab38 
+    ldap2 = api.Backend.ldap2
e0ab38 
+    was_connected = ldap2.isconnected()
e0ab38 
+
e0ab38 
+    if not was_connected:
e0ab38 
+        ldap2.connect()
e0ab38 
+
e0ab38 
+    try:
e0ab38 
+        return api.Command.ca_is_enabled()['result']
e0ab38 
+    finally:
e0ab38 
+        if not was_connected:
e0ab38 
+            ldap2.disconnect()
e0ab38 
+
e0ab38 
+
e0ab38 
 def ca_configure_profiles_acl(ca):
e0ab38 
     root_logger.info('[Authorizing RA Agent to modify profiles]')
e0ab38
e0ab38 
@@ -1416,7 +1434,9 @@ def upgrade_configuration():
e0ab38 
     http = httpinstance.HTTPInstance(fstore)
e0ab38 
     http.configure_selinux_for_httpd()
e0ab38 
     http.change_mod_nss_port_from_http()
e0ab38 
-    http.configure_certmonger_renewal_guard()
e0ab38 
+
e0ab38 
+    if is_ca_enabled():
e0ab38 
+        http.configure_certmonger_renewal_guard()
e0ab38
e0ab38 
     ds.configure_dirsrv_ccache()
e0ab38
e0ab38 
@@ -1562,7 +1582,12 @@ def upgrade_check(options):
e0ab38 
         print unicode(e)
e0ab38 
         sys.exit(1)
e0ab38
e0ab38 
-    if not services.knownservices.certmonger.is_running():
e0ab38 
+    try:
e0ab38 
+        ca_is_enabled = is_ca_enabled()
e0ab38 
+    except Exception as e:
e0ab38 
+        raise RuntimeError("Cannot connect to LDAP server: {0}".format(e))
e0ab38 
+
e0ab38 
+    if not services.knownservices.certmonger.is_running() and ca_is_enabled:
e0ab38 
         raise RuntimeError('Certmonger is not running. Start certmonger and run upgrade again.')
e0ab38
e0ab38 
     if not options.skip_version_check:
e0ab38 
--
e0ab38 
2.4.3
e0ab38

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation