URL: https://github.com/freeipa/freeipa/pull/1075 Author: felipevolpone Title: #1075: [backport][ipa-4-5] Fixing how sssd.conf is updated when promoting a client to replica Action: opened
PR body: """ When promoting a client to a replica we have to change sssd.conf, deleting _srv_ part from 'ipa_server' property and setting 'ipa_server_mode' to true. Previously, the wrong domain could be updated since the ipa_domain variable was not being used properly. https://pagure.io/freeipa/issue/7127 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1075/head:pr1075 git checkout pr1075
From 59ab4c63d4ee1f29953a12f6c0d2f49d075b993f Mon Sep 17 00:00:00 2001 From: Felipe Volpone <fbarr...@redhat.com> Date: Wed, 13 Sep 2017 09:26:41 -0300 Subject: [PATCH] Fixing how sssd.conf is updated when promoting a client to replica When promoting a client to a replica we have to change sssd.conf, deleting _srv_ part from 'ipa_server' property and setting 'ipa_server_mode' to true. Previously, the wrong domain could be updated since the ipa_domain variable was not being used properly. https://pagure.io/freeipa/issue/7127 --- ipaserver/install/server/replicainstall.py | 27 ++++++++++++--------------- ipaserver/install/server/upgrade.py | 4 ++++ 2 files changed, 16 insertions(+), 15 deletions(-) diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index ca5b7e02ac..6aa1157133 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -432,30 +432,27 @@ def promote_sssd(host_name): sssdconfig.import_config() domains = sssdconfig.list_active_domains() - ipa_domain = None - for name in domains: domain = sssdconfig.get_domain(name) try: hostname = domain.get_option('ipa_hostname') if hostname == host_name: - ipa_domain = domain + break except SSSDConfig.NoOptionError: continue - - if ipa_domain is None: - raise RuntimeError("Couldn't find IPA domain in sssd.conf") else: - domain.set_option('ipa_server', host_name) - domain.set_option('ipa_server_mode', True) - sssdconfig.save_domain(domain) - sssdconfig.write() + raise RuntimeError("Couldn't find IPA domain in sssd.conf") - sssd = services.service('sssd', api) - try: - sssd.restart() - except CalledProcessError: - root_logger.warning("SSSD service restart was unsuccessful.") + domain.set_option('ipa_server', host_name) + domain.set_option('ipa_server_mode', True) + sssdconfig.save_domain(domain) + sssdconfig.write() + + sssd = services.service('sssd', api) + try: + sssd.restart() + except CalledProcessError: + root_logger.warning("SSSD service restart was unsuccessful.") def promote_openldap_conf(hostname, master): diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index abbfa393d6..893e29b3f3 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -1817,11 +1817,15 @@ def upgrade_configuration(): cainstance.ensure_ipa_authority_entry() set_sssd_domain_option('ipa_server_mode', 'True') + set_sssd_domain_option('ipa_server', api.env.host) sssdconfig = SSSDConfig.SSSDConfig() sssdconfig.import_config() sssd_enable_service(sssdconfig, 'ifp') + sssd = services.service('sssd', api) + sssd.restart() + krb = krbinstance.KrbInstance(fstore) krb.fqdn = fqdn krb.realm = api.env.realm
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org