On 11/20/2015 10:19 AM, Martin Babinsky wrote:
Fixes https://fedorahosted.org/freeipa/ticket/5417

Sorry forgot to add the patch.

--
Martin^3 Babinsky
From f6235e6b1bcb2dfe08b0d92a9f0b834d45801ab9 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Fri, 20 Nov 2015 09:57:05 +0100
Subject: [PATCH] replica promotion: modify default.conf even if DS
 configuration fails

When we promote an IPA client to replica, we need to write master-like
default.conf once we start configuring directory server instance. This way
even if DS configuration fails for some reason the server uninstall code can
work properly and clean up partially configured replica.

https://fedorahosted.org/freeipa/ticket/5417
---
 ipaserver/install/server/replicainstall.py | 53 ++++++++++++++++--------------
 1 file changed, 29 insertions(+), 24 deletions(-)

diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index 5ce9eb7092b5349cc9db13b465b3d5b033538ab6..c8d951f373518b6c06b96cb56fcf2acbb57cca73 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -1006,35 +1006,40 @@ def promote(installer):
         ntp = ntpinstance.NTPInstance()
         ntp.create_instance()
 
-    # Configure dirsrv
-    ds = install_replica_ds(config, options, promote=True)
+    try:
+        # Configure dirsrv
+        ds = install_replica_ds(config, options, promote=True)
 
-    # Always try to install DNS records
-    install_dns_records(config, options, api)
+        # Always try to install DNS records
+        install_dns_records(config, options, api)
 
-    # Must install http certs before changing ipa configuration file
-    # or certmonger will fail to contact the peer master
-    install_http_certs(config, fstore)
+        # Must install http certs before changing ipa configuration file
+        # or certmonger will fail to contact the peer master
+        install_http_certs(config, fstore)
 
-    ldapi_uri = installutils.realm_to_ldapi_uri(config.realm_name)
+    finally:
+        # Create the management framework config file
+        # do this regardless of the state of DS installation. Even if it fails,
+        # we need to have master-like configuration in order to perform a
+        # successful uninstallation
+        ldapi_uri = installutils.realm_to_ldapi_uri(config.realm_name)
 
-    # Create the management framework config file
-    gopts = [
-        ipaconf.setOption('host', config.host_name),
-        ipaconf.rmOption('server'),
-        ipaconf.setOption('xmlrpc_uri',
-                          'https://%s/ipa/xml' %
-                          ipautil.format_netloc(config.host_name)),
-        ipaconf.setOption('ldap_uri', ldapi_uri),
-        ipaconf.setOption('mode', 'production'),
-        ipaconf.setOption('enable_ra', 'True'),
-        ipaconf.setOption('ra_plugin', 'dogtag'),
-        ipaconf.setOption('dogtag_version',
-                          dogtag.install_constants.DOGTAG_VERSION)]
-    opts = [ipaconf.setSection('global', gopts)]
+        gopts = [
+            ipaconf.setOption('host', config.host_name),
+            ipaconf.rmOption('server'),
+            ipaconf.setOption('xmlrpc_uri',
+                              'https://%s/ipa/xml' %
+                              ipautil.format_netloc(config.host_name)),
+            ipaconf.setOption('ldap_uri', ldapi_uri),
+            ipaconf.setOption('mode', 'production'),
+            ipaconf.setOption('enable_ra', 'True'),
+            ipaconf.setOption('ra_plugin', 'dogtag'),
+            ipaconf.setOption('dogtag_version',
+                              dogtag.install_constants.DOGTAG_VERSION)]
+        opts = [ipaconf.setSection('global', gopts)]
 
-    ipaconf.changeConf(target_fname, opts)
-    os.chmod(target_fname, 0o644)   # must be readable for httpd
+        ipaconf.changeConf(target_fname, opts)
+        os.chmod(target_fname, 0o644)   # must be readable for httpd
 
     custodia = custodiainstance.CustodiaInstance(config.host_name,
                                                  config.realm_name)
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to