On 11/20/2015 10:46 AM, Martin Babinsky wrote:
On 11/20/2015 10:19 AM, Martin Babinsky wrote:
Fixes https://fedorahosted.org/freeipa/ticket/5417

Sorry forgot to add the patch.



Attaching new version of patch rebased for current master and bumping for review.

--
Martin^3 Babinsky
From 84d32dc14ae3cf486b9054c1b90a18d9ec998b5d Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Fri, 20 Nov 2015 09:57:05 +0100
Subject: [PATCH 1/2] replica promotion: modify default.conf even if DS
 configuration fails

When we promote an IPA client to replica, we need to write master-like
default.conf once we start configuring directory server instance. This way
even if DS configuration fails for some reason the server uninstall code can
work properly and clean up partially configured replica.

https://fedorahosted.org/freeipa/ticket/5417
---
 ipaserver/install/server/replicainstall.py | 51 ++++++++++++++++--------------
 1 file changed, 28 insertions(+), 23 deletions(-)

diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index 4b811105be3409e7c673fb55f96c8b3e58be63b5..e6d96bbe62c6960ebe94c529a8dac9dd0468d734 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -1001,34 +1001,39 @@ def promote(installer):
         ntp = ntpinstance.NTPInstance()
         ntp.create_instance()
 
-    # Configure dirsrv
-    ds = install_replica_ds(config, options, promote=True)
+    try:
+        # Configure dirsrv
+        ds = install_replica_ds(config, options, promote=True)
 
-    # Always try to install DNS records
-    install_dns_records(config, options, api)
+        # Always try to install DNS records
+        install_dns_records(config, options, api)
 
-    # Must install http certs before changing ipa configuration file
-    # or certmonger will fail to contact the peer master
-    install_http_certs(config, fstore)
+        # Must install http certs before changing ipa configuration file
+        # or certmonger will fail to contact the peer master
+        install_http_certs(config, fstore)
 
-    ldapi_uri = installutils.realm_to_ldapi_uri(config.realm_name)
+    finally:
+        # Create the management framework config file
+        # do this regardless of the state of DS installation. Even if it fails,
+        # we need to have master-like configuration in order to perform a
+        # successful uninstallation
+        ldapi_uri = installutils.realm_to_ldapi_uri(config.realm_name)
 
-    # Create the management framework config file
-    gopts = [
-        ipaconf.setOption('host', config.host_name),
-        ipaconf.rmOption('server'),
-        ipaconf.setOption('xmlrpc_uri',
-                          'https://%s/ipa/xml' %
-                          ipautil.format_netloc(config.host_name)),
-        ipaconf.setOption('ldap_uri', ldapi_uri),
-        ipaconf.setOption('mode', 'production'),
-        ipaconf.setOption('enable_ra', 'True'),
-        ipaconf.setOption('ra_plugin', 'dogtag'),
-        ipaconf.setOption('dogtag_version', '10')]
-    opts = [ipaconf.setSection('global', gopts)]
+        gopts = [
+            ipaconf.setOption('host', config.host_name),
+            ipaconf.rmOption('server'),
+            ipaconf.setOption('xmlrpc_uri',
+                              'https://%s/ipa/xml' %
+                              ipautil.format_netloc(config.host_name)),
+            ipaconf.setOption('ldap_uri', ldapi_uri),
+            ipaconf.setOption('mode', 'production'),
+            ipaconf.setOption('enable_ra', 'True'),
+            ipaconf.setOption('ra_plugin', 'dogtag'),
+            ipaconf.setOption('dogtag_version', '10')]
+        opts = [ipaconf.setSection('global', gopts)]
 
-    ipaconf.changeConf(target_fname, opts)
-    os.chmod(target_fname, 0o644)   # must be readable for httpd
+        ipaconf.changeConf(target_fname, opts)
+        os.chmod(target_fname, 0o644)   # must be readable for httpd
 
     custodia = custodiainstance.CustodiaInstance(config.host_name,
                                                  config.realm_name)
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to