From c8fcaa5dc792e7b87c8f21c7c322ddfabe219980 Mon Sep 17 00:00:00 2001

From: Felipe Volpone <fbarreto@redhat.com>

Date: Wed, 13 Sep 2017 09:26:41 -0300

Subject: [PATCH] Fixing how sssd.conf is updated when promoting a client to

 replica

When promoting a client to a replica we have to change sssd.conf,

deleting _srv_ part from 'ipa_server' property and setting

'ipa_server_mode' to true.

Previously, the wrong domain could be updated since the ipa_domain

variable was not being used properly.

https://pagure.io/freeipa/issue/7127

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>

Reviewed-By: Rob Crittenden <rcritten@redhat.com>

---

 ipaserver/install/server/replicainstall.py | 27 ++++++++++++---------------

 ipaserver/install/server/upgrade.py        |  4 ++++

 2 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py

index 814925de152809808f726c60ae7f35a24bc32a4a..326daf708f091d9d2c56ad399e46aef659dbba2e 100644

--- a/ipaserver/install/server/replicainstall.py

+++ b/ipaserver/install/server/replicainstall.py

@@ -432,30 +432,27 @@ def promote_sssd(host_name):

     sssdconfig.import_config()

     domains = sssdconfig.list_active_domains()

-    ipa_domain = None

-

     for name in domains:

         domain = sssdconfig.get_domain(name)

         try:

             hostname = domain.get_option('ipa_hostname')

             if hostname == host_name:

-                ipa_domain = domain

+                break

         except SSSDConfig.NoOptionError:

             continue

-

-    if ipa_domain is None:

-        raise RuntimeError("Couldn't find IPA domain in sssd.conf")

     else:

-        domain.set_option('ipa_server', host_name)

-        domain.set_option('ipa_server_mode', True)

-        sssdconfig.save_domain(domain)

-        sssdconfig.write()

+        raise RuntimeError("Couldn't find IPA domain in sssd.conf")

-        sssd = services.service('sssd', api)

-        try:

-            sssd.restart()

-        except CalledProcessError:

-            root_logger.warning("SSSD service restart was unsuccessful.")

+    domain.set_option('ipa_server', host_name)

+    domain.set_option('ipa_server_mode', True)

+    sssdconfig.save_domain(domain)

+    sssdconfig.write()

+

+    sssd = services.service('sssd', api)

+    try:

+        sssd.restart()

+    except CalledProcessError:

+        root_logger.warning("SSSD service restart was unsuccessful.")

 def promote_openldap_conf(hostname, master):

diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py

index 732776f2cf513a4bb11d8f3f0dfaac78217e460f..109e922e3a3ea25f882fdd81765788a3881e87bd 100644

--- a/ipaserver/install/server/upgrade.py

+++ b/ipaserver/install/server/upgrade.py

@@ -1816,11 +1816,15 @@ def upgrade_configuration():

         cainstance.ensure_ipa_authority_entry()

     set_sssd_domain_option('ipa_server_mode', 'True')

+    set_sssd_domain_option('ipa_server', api.env.host)

     sssdconfig = SSSDConfig.SSSDConfig()

     sssdconfig.import_config()

     sssd_enable_service(sssdconfig, 'ifp')

+    sssd = services.service('sssd', api)

+    sssd.restart()

+

     krb = krbinstance.KrbInstance(fstore)

     krb.fqdn = fqdn

     krb.realm = api.env.realm

--

2.13.5