On 10/22/2015 04:13 PM, Martin Basti wrote:



On 22.10.2015 10:44, Martin Babinsky wrote:
https://fedorahosted.org/freeipa/ticket/5181




Thank you for the patch.

1)
+OPTIONAL_SERVICES = {
+    'DNS',
+    'CA',
+    'KRA',
+    'ADTRUST',
+    'EXTID',
+    'DNSKeyExporter',
+    'DNSSEC',
+    'DNSKeySync',
+}

This did not scale well, maybe we should improve it to use some general
solution for whole IPA to distinct mandratory and optionl service, but I
do not know how (or if it is possible)

Yes this does not scale well. After some playing around with relocating the SERVICE_LIST object in 'ipaserver/install/service.py' I found out that more refactoring would be needed to improve the layout and availability of LDAP service names to both server and client code. I have put the list of core services to ipalib/constants.py for now, and I suggest to open a separate ticket for more general solution.

2)
+        search_filter=('(&(objectclass=ipaConfigObject)'
+                       '(ipaConfigString=enabledService))')

Common user cannot read ipaConfigString, so this will work only for
admins, I do not see any limitations of access in code for other users.


I think that you agreed with Petr^2 that this filter is OK. I left it as it is but I have rewritten it as a call to ldap.make_filter to improve readability and/or potential extensibility a bit.

3)
+        opt_components = [
+            r['cn'][0] for r in result if r['cn'][0] in OPTIONAL_SERVICES
+        ]
Probably instead of indexing, you may use result.single_value['cn']

Martin^2

Attaching updated patch.

--
Martin^3 Babinsky
From ac603af5032d479019df228b01bfe59417ffcf9a Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Thu, 22 Oct 2015 10:26:41 +0200
Subject: [PATCH] show optionally configured components in server-find/show
 command output

https://fedorahosted.org/freeipa/ticket/5181
---
 ipalib/constants.py      | 11 +++++++++++
 ipalib/plugins/server.py | 36 ++++++++++++++++++++++++++++++++++++
 2 files changed, 47 insertions(+)

diff --git a/ipalib/constants.py b/ipalib/constants.py
index b3642bc8575b7f770e1ef58c1bb8508833ecb7dc..224cb06ca5bc9bb1bac808db85f9190100dd1e55 100644
--- a/ipalib/constants.py
+++ b/ipalib/constants.py
@@ -254,3 +254,14 @@ REPL_AGMT_STRIP_ATTRS = ('modifiersName',
                          'modifyTimestamp',
                          'internalModifiersName',
                          'internalModifyTimestamp')
+
+# ldap entries in cn=masters,cn=ipa,cn=etc,$SUFFIX for core services that must
+# be running on each IPA master
+IPA_MASTER_CORE_SERVICES = {
+    'KDC',
+    'KPASSWD',
+    'MEMCACHE',
+    'HTTP',
+    'KEYS',
+    'OTPD',
+}
diff --git a/ipalib/plugins/server.py b/ipalib/plugins/server.py
index 5808c9c5ea78fce4a15cd2e49740fbe20bca8358..b960ee7592d26be13b2e2a76c19fbefc95a28df7 100644
--- a/ipalib/plugins/server.py
+++ b/ipalib/plugins/server.py
@@ -7,6 +7,7 @@ import os
 
 from ipalib import api
 from ipalib import Int, Str
+from ipalib.constants import IPA_MASTER_CORE_SERVICES
 from ipalib.plugable import Registry
 from ipalib.plugins.baseldap import *
 from ipalib.plugins import baseldap
@@ -72,8 +73,33 @@ class server(LDAPObject):
             doc=_('Maximum domain level'),
             flags={'no_create', 'no_update'},
         ),
+        Str(
+            'ipaoptionalcomponent*',
+            cli_name='component',
+            label=_('Optional components'),
+            doc=_('Optional components running on the server'),
+            flags={'no_create', 'no_update', 'no_search', 'virtual_attribute'}
+        )
     )
 
+    def get_optional_components(self, ldap, dn, entry_attrs):
+        search_filter = ldap.make_filter(
+            {'objectClass': ['ipaCOnfigObject'],
+             'ipaConfigString': ['enabledService']},
+            rules=ldap.MATCH_ALL
+        )
+
+        result = ldap.find_entries(filter=search_filter, base_dn=dn,
+                                   attrs_list=['cn'])[0]
+
+        opt_components = []
+        for r in result:
+            component_cn = r.single_value['cn']
+            if component_cn not in IPA_MASTER_CORE_SERVICES:
+                opt_components.append(component_cn)
+
+        entry_attrs['ipaoptionalcomponent'] = opt_components
+
 
 @register()
 class server_find(LDAPSearch):
@@ -84,11 +110,21 @@ class server_find(LDAPSearch):
         '%(count)d IPA servers matched', 0
     )
 
+    def post_callback(self, ldap, entries, truncated, *args, **options):
+        for entry in entries:
+            self.obj.get_optional_components(ldap, entry.dn, entry)
+
+        return super(server_find, self).post_callback(
+            ldap, entries, truncated, *args, **options)
+
 
 @register()
 class server_show(LDAPRetrieve):
     __doc__ = _('Show IPA server.')
 
+    def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
+        self.obj.get_optional_components(ldap, dn, entry_attrs)
+        return dn
 
 @register()
 class server_del(LDAPDelete):
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to