On 19/09/14 14:47, Jan Cholasta wrote:
Dne 19.9.2014 v 13:33 Martin Basti napsal(a):
On 02/09/14 11:59, Martin Basti wrote:
On 02/09/14 09:10, Jan Cholasta wrote:
Hi,

Dne 1.9.2014 v 16:57 Martin Basti napsal(a):
This patch allows to disable service in LDAP to prevents service to be
started by "ipactl restart"

Required by DNSSEC

Patch attached

I don't think the extra argument in ldap_enable is necessary. It
should enable the service no matter if the entry existed before or not.

Similarly, in ldap_disable you should not raise an error when the
entry is not found, because that already makes the service disabled.

Honza

Updated patch attached



_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Please review, this should be in 4.1

--
Martin Basti

1) ipaConfigString is case-insensitive, so you need to look for the string "enabledService" in a case-insensitive way.


2) Don't say "failed to enable ..." when the service is already enabled. It is not a failure. Same for disabled.


3) Missing ipaConfigString is nothing to warn about.


4) You should log success in both ldap_enable/ldap_disable.


5) The except below update_entry should say "except errors.EmptyModlist".


Thank you,

updated patch attached

--
Martin Basti

From 89d54ab02a3a8db846cce8bbea96925dacbe3156 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Thu, 28 Aug 2014 19:27:44 +0200
Subject: [PATCH] LDAP disable service

This patch allows to disable service in LDAP (ipactl will not start it)
---
 ipaserver/install/service.py | 55 +++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 54 insertions(+), 1 deletion(-)

diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py
index 7f812a99c557ae567cd1d8a0db30eba434c507f9..b2b343c6b0a1f23ec7b369384ab4c15d29b73053 100644
--- a/ipaserver/install/service.py
+++ b/ipaserver/install/service.py
@@ -374,6 +374,30 @@ class Service(object):
             self.ldap_connect()
 
         entry_name = DN(('cn', name), ('cn', fqdn), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), ldap_suffix)
+
+        # enable disabled service
+        try:
+            entry = self.admin_conn.get_entry(entry_name, ['ipaConfigString'])
+        except errors.NotFound:
+            pass
+        else:
+            if any(u'enabledservice' == x.lower() for x in entry.get('ipaConfigString', [])):
+                root_logger.debug("service %s startup entry already enabled", name)
+                return
+
+            if 'ipaConfigString' in entry and entry['ipaConfigString'] is not None:
+                entry['ipaConfigString'].append(u'enabledService')
+            else:
+                entry['ipaConfigString'] = [u'enabledService']
+
+            try:
+                self.admin_conn.update_entry(entry)
+            except errors.EmptyModlist:
+                root_logger.debug("service %s startup entry already enabled", name)
+
+            root_logger.debug("service %s startup entry enabled", name)
+            return
+
         order = SERVICE_LIST[name][1]
         entry = self.admin_conn.make_entry(
             entry_name,
@@ -386,9 +410,38 @@ class Service(object):
         try:
             self.admin_conn.add_entry(entry)
         except (errors.DuplicateEntry), e:
-            root_logger.debug("failed to add %s Service startup entry" % name)
+            root_logger.debug("failed to add service %s startup entry", name)
             raise e
 
+    def ldap_disable(self, name, fqdn, ldap_suffix):
+        assert isinstance(ldap_suffix, DN)
+        if not self.admin_conn:
+            self.ldap_connect()
+
+        entry_name = DN(('cn', name), ('cn', fqdn), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), ldap_suffix)
+        try:
+            entry = self.admin_conn.get_entry(entry_name, ['ipaConfigString'])
+        except errors.NotFound:
+            root_logger.debug("service %s startup entry already disabled (entry not found)", name)
+            return
+
+        if not any(u'enabledservice' == x.lower() for x in entry.get('ipaConfigString', [])):
+            root_logger.debug("service %s startup entry already disabled", name)
+            return
+
+        entry['ipaConfigString'].remove(u'enabledService')
+
+        try:
+            self.admin_conn.update_entry(entry)
+        except errors.EmptyModlist:
+            pass
+        except:
+            root_logger.debug("failed to disable service %s startup entry", name)
+            raise
+
+        root_logger.debug("service %s startup entry disabled", name)
+
+
 class SimpleServiceInstance(Service):
     def create_instance(self, gensvc_name=None, fqdn=None, dm_password=None, ldap_suffix=None, realm=None):
         self.gensvc_name = gensvc_name
-- 
1.8.3.1

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to