From d0327f33d3bc426db5c8dd86666e680da6a44b61 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Tue, 26 Mar 2019 13:27:35 +0100 Subject: [PATCH] Synchronize hidden state from IPA master role ipa-{adtrust|ca|dns|kra}-install on a hidden replica also installs the new service as hidden service. Fixes: https://pagure.io/freeipa/issue/7892 Signed-off-by: Christian Heimes Reviewed-By: Thomas Woerner Reviewed-By: Francois Cami --- install/tools/ipa-adtrust-install | 2 +- install/tools/ipa-ca-install | 2 +- ipaserver/install/ipa_kra_install.py | 2 +- ipaserver/install/service.py | 22 +++++++++++++++++++ .../test_replica_promotion.py | 4 +++- 5 files changed, 28 insertions(+), 4 deletions(-) diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install index 9dbfadb6fae193e2f4a54b3a0e226e0a6b1fd26f..19bd21866119b4a23f5a6a02cc8ea37c8f5d36ea 100755 --- a/install/tools/ipa-adtrust-install +++ b/install/tools/ipa-adtrust-install @@ -213,7 +213,7 @@ def main(): adtrust.install(True, options, fstore, api) # Enable configured services and update DNS SRV records - service.enable_services(api.env.host) + service.sync_services_state(api.env.host) api.Command.dns_update_system_records() print(""" diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install index 55182dc30e4736618f749e78db161fc7eefe37ac..dda7a0527b07695c51140c437a2699c8634f2724 100755 --- a/install/tools/ipa-ca-install +++ b/install/tools/ipa-ca-install @@ -347,7 +347,7 @@ def main(): api.Backend.ldap2.connect() # Enable configured services and update DNS SRV records - service.enable_services(api.env.host) + service.sync_services_state(api.env.host) api.Command.dns_update_system_records() api.Backend.ldap2.disconnect() diff --git a/ipaserver/install/ipa_kra_install.py b/ipaserver/install/ipa_kra_install.py index 19260ac7f23a7c6f3a6328d4f146510a186b706e..006bc92bec581e1983f11bfd75498b5484f2567a 100644 --- a/ipaserver/install/ipa_kra_install.py +++ b/ipaserver/install/ipa_kra_install.py @@ -239,6 +239,6 @@ class KRAInstaller(KRAInstall): api.Backend.ldap2.connect() # Enable configured services and update DNS SRV records - service.enable_services(api.env.host) + service.sync_services_state(api.env.host) api.Command.dns_update_system_records() api.Backend.ldap2.disconnect() diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py index 6d7997c559f8d748f00dd9df28371c53bc12ee21..8948f64c2ec2db4cd013699e07dd94d5dba6c043 100644 --- a/ipaserver/install/service.py +++ b/ipaserver/install/service.py @@ -41,6 +41,7 @@ from ipaplatform.paths import paths from ipaserver.masters import ( CONFIGURED_SERVICE, ENABLED_SERVICE, HIDDEN_SERVICE, SERVICE_LIST ) +from ipaserver.servroles import HIDDEN logger = logging.getLogger(__name__) @@ -202,6 +203,27 @@ def hide_services(fqdn): _set_services_state(fqdn, HIDDEN_SERVICE) +def sync_services_state(fqdn): + """Synchronize services state from IPA master role state + + Hide all services if the IPA master role state is in hidden state. + Otherwise enable all services. + + :param fqdn: hostname of server + """ + result = api.Command.server_role_find( + server_server=fqdn, + role_servrole='IPA master', + status=HIDDEN + ) + if result['count']: + # one hidden server role + hide_services(fqdn) + else: + # IPA master is either enabled or configured, enable all + enable_services(fqdn) + + def _set_services_state(fqdn, dest_state): """Change all services of a host diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py index bf028bf7dc58abb6455ba1659f2d19bede69daa2..df71972a2ba3ad503011a558295bd38f587faf44 100644 --- a/ipatests/test_integration/test_replica_promotion.py +++ b/ipatests/test_integration/test_replica_promotion.py @@ -823,9 +823,11 @@ class TestHiddenReplicaPromotion(IntegrationTest): # hidden replica with CA and DNS tasks.install_replica( cls.master, cls.replicas[0], - setup_dns=True, setup_kra=True, + setup_dns=True, setup_kra=False, extra_args=('--hidden-replica',) ) + # manually install KRA to verify that hidden state is synced + tasks.install_kra(cls.replicas[0]) def _check_dnsrecords(self, hosts_expected, hosts_unexpected=()): domain = DNSName(self.master.domain.name).make_absolute() -- 2.20.1