URL: https://github.com/freeipa/freeipa/pull/4895
Author: rcritten
Title: #4895: Simplify and make more reliable the server and client
installation checks
Action: opened
PR body:
"""
Rather than relying on file existence and whether the installer backed up files
actually set a value when the installation is complete for the client and
server and use that.
For the server this can be reliable moving forward because we can detect the
missing state and fix it on upgrades. On the client we're stuck so use it but
leave the old method as a fallback. Also remove the requirement to pass in the
filestore to the client check as that makes it more complex as a fact.
Both can be checked fairly easily with:
```
python -c 'from ipaclient.install.client import is_ipa_client_installed; print
("%s" % is_ipa_client_installed())'
python -c 'from ipaserver.install.installutils import is_ipa_configured;
print("%s" % is_ipa_configured())'
```
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/4895/head:pr4895
git checkout pr4895
From 73009702fb5af921212d4063d2c03e9e9558ebd3 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Tue, 7 Jul 2020 16:24:35 -0400
Subject: [PATCH 1/2] Simplify determining if an IPA server installation is
complete
When asking the quesiton "is my IPA server configured?" right now
we look at whether the installation backed up any files and set
any state. This isn't exactly precise.
Instead set a new state, installation, to True as soon as IPA
is restarted at the end of the installer.
On upgrades existing installations will automatically get this
state.
This relies on the fact that get_state returns None if no state
at all is set. This indicates that this "new" option isn't available
and when upgrading an existing installation we can assume the
install at least partly works.
The value is forced to False at the beginning of a fresh install
so if it fails, or is in a transient state like with an external
CA, we know that the installation is not complete.
https://pagure.io/freeipa/issue/8384
Signed-off-by: Rob Crittenden <rcrit...@redhat.com>
---
ipaserver/install/installutils.py | 22 ++--------------------
ipaserver/install/server/install.py | 6 ++++++
ipaserver/install/server/upgrade.py | 4 ++++
3 files changed, 12 insertions(+), 20 deletions(-)
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index ba98e8bed3..f19f64fbe8 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -700,28 +700,10 @@ def rmtree(path):
def is_ipa_configured():
"""
- Using the state and index install files determine if IPA is already
- configured.
+ Use the state to determine if IPA has been configured.
"""
- installed = False
-
sstore = sysrestore.StateFile(paths.SYSRESTORE)
- fstore = sysrestore.FileStore(paths.SYSRESTORE)
-
- for module in IPA_MODULES:
- if sstore.has_state(module):
- logger.debug('%s is configured', module)
- installed = True
- else:
- logger.debug('%s is not configured', module)
-
- if fstore.has_files():
- logger.debug('filestore has files')
- installed = True
- else:
- logger.debug('filestore is tracking no files')
-
- return installed
+ return sstore.get_state('installation', 'complete')
def run_script(main_function, operation_name, log_file_name=None,
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index d6513c53c8..5f63d51baa 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -795,6 +795,9 @@ def install(installer):
# failure to enable root cause investigation
installer._installation_cleanup = False
+ # Be clear that the installation process is beginning but not done
+ sstore.backup_state('installation', 'complete', False)
+
if installer.interactive:
print("")
print("The following operations may take some minutes to complete.")
@@ -998,6 +1001,8 @@ def install(installer):
bind.create_file_with_system_records()
# Everything installed properly, activate ipa service.
+ sstore.delete_state('installation', 'complete')
+ sstore.backup_state('installation', 'complete', True)
services.knownservices.ipa.enable()
print("======================================="
@@ -1201,6 +1206,7 @@ def uninstall(installer):
if fstore.has_files():
logger.error('Some files have not been restored, see '
'%s/sysrestore.index', SYSRESTORE_DIR_PATH)
+ sstore.delete_state('installation', 'complete')
has_state = False
for module in IPA_MODULES: # from installutils
if sstore.has_state(module):
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index d07d97d10a..78d3ab8d9e 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -1470,6 +1470,10 @@ def upgrade_configuration():
logger.debug('IPA version %s', version.VENDOR_VERSION)
fstore = sysrestore.FileStore(paths.SYSRESTORE)
+ sstore = sysrestore.StateFile(paths.SYSRESTORE)
+
+ if installutils.is_ipa_configured() is None:
+ sstore.backup_state('installation', 'complete', True)
fqdn = api.env.host
From 2e46e705491eae38c58aa4ae9a46d979a0000373 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Tue, 7 Jul 2020 16:56:14 -0400
Subject: [PATCH 2/2] Simplify determining if IPA client configuration is
complete
When asking the quesiton "is my IPA client configured?" right now
we look at whether the installation backed up any files and
/etc/ipa/default.conf exists.
Instead set a new state, installation, to True as soon as the
client installation finishes.
Unlike the server there is no upgrade process for clients so this
isn't going to be all that useful for quite some time unless that
changes because upgrading an existing install won't set this
to True.
https://pagure.io/freeipa/issue/8384
Signed-off-by: Rob Crittenden <rcrit...@redhat.com>
---
ipaclient/install/client.py | 18 +++++++++++++++---
ipaclient/install/ipa_epn.py | 3 +--
2 files changed, 16 insertions(+), 5 deletions(-)
diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py
index 1b8bc34329..184d2a3af2 100644
--- a/ipaclient/install/client.py
+++ b/ipaclient/install/client.py
@@ -266,13 +266,21 @@ def delete_ipa_domain():
"No access to the /etc/sssd/sssd.conf file.")
-def is_ipa_client_installed(fstore, on_master=False):
+def is_ipa_client_installed(on_master=False):
"""
Consider IPA client not installed if nothing is backed up
and default.conf file does not exist. If on_master is set to True,
the existence of default.conf file is not taken into consideration,
since it has been already created by ipa-server-install.
"""
+ fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
+ statestore = sysrestore.StateFile(paths.IPA_CLIENT_SYSRESTORE)
+
+ installed = statestore.get_state('installation', 'complete')
+ if installed is not None:
+ return installed
+
+ # Fall back to the old detection
installed = (
fstore.has_files() or (
@@ -2086,7 +2094,7 @@ def install_check(options):
tasks.check_selinux_status()
- if is_ipa_client_installed(fstore, on_master=options.on_master):
+ if is_ipa_client_installed(on_master=options.on_master):
logger.error("IPA client is already configured on this system.")
logger.info(
"If you want to reinstall the IPA client, uninstall it first "
@@ -2598,6 +2606,8 @@ def _install(options):
fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
statestore = sysrestore.StateFile(paths.IPA_CLIENT_SYSRESTORE)
+ statestore.backup_state('installation', 'complete', False)
+
if not options.on_master:
# Try removing old principals from the keytab
purge_host_keytab(cli_realm)
@@ -3181,13 +3191,15 @@ def _install(options):
configure_nisdomain(
options=options, domain=cli_domain, statestore=statestore)
+ statestore.delete_state('installation', 'complete')
+ statestore.backup_state('installation', 'complete', True)
logger.info('Client configuration complete.')
def uninstall_check(options):
fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
- if not is_ipa_client_installed(fstore):
+ if not is_ipa_client_installed():
if options.on_master:
rval = SUCCESS
else:
diff --git a/ipaclient/install/ipa_epn.py b/ipaclient/install/ipa_epn.py
index 6e1b001464..2309aa1a62 100644
--- a/ipaclient/install/ipa_epn.py
+++ b/ipaclient/install/ipa_epn.py
@@ -255,8 +255,7 @@ def setup_logging(self, log_file_mode="a"):
def run(self):
super(EPN, self).run()
- fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
- if not is_ipa_client_installed(fstore):
+ if not is_ipa_client_installed():
logger.error("IPA client is not configured on this system.")
raise admintool.ScriptError()
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
