On 7.12.2015 08:14, Jan Cholasta wrote:
On 6.12.2015 21:32, Martin Basti wrote:


On 04.12.2015 16:58, Simo Sorce wrote:
On Fri, 2015-12-04 at 15:39 +0100, Jan Cholasta wrote:
On 4.12.2015 15:16, Jan Cholasta wrote:
On 4.12.2015 15:12, Jan Cholasta wrote:
On 4.12.2015 11:15, Petr Vobornik wrote:
On 12/03/2015 03:11 PM, Martin Basti wrote:

On 01.12.2015 12:19, Jan Cholasta wrote:
On 23.11.2015 15:47, Simo Sorce wrote:
On Mon, 2015-11-23 at 15:37 +0100, Jan Cholasta wrote:
Ad alternative is to add the host to ipaservers before the
checks
are
done and remove it again if any of them fail.
Too error prone, I am ok with the current way in your patches
until/unless I can think of a fail safe way. :-)
Updated patches attached. Note that 520 should be applied
between 509
and 510.



Functional ACK

Simo, do you want to review the ACIs or other things it the
patches? Or
can the patches be pushed?
There were no changes in the ACIs since last time.
Actually, memberPrincipal was removed from the "IPA server hosts can
manage own Custodia secrets" ACI, as per Simo's request.

Rebased patches attached.
Note that 520 should still be applied between 509 and 510.

LGTM

ACK

Thanks.

Pushed to master: 01ddf51df76f3298499973355c5461727e46ab5b

Martin Babinsky found out that ipaservers is not created early enough when installing a replica of a 4.2 or older server which causes a crash.

The attached patch fixes that.

--
Jan Cholasta
From eb887cf4291857b5fb5ce1bd991d460e7df4990b Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jchol...@redhat.com>
Date: Wed, 9 Dec 2015 15:56:24 +0100
Subject: [PATCH] replica install: add ipaservers before the server's host
 entry is created

This prevents crash when adding the host entry to ipaservers when
installing replica of a 4.2 or older server.

https://fedorahosted.org/freeipa/ticket/3416
---
 ipaserver/install/dsinstance.py  | 4 ++++
 ipaserver/install/krbinstance.py | 5 ++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index a58b0f7..1b82e56 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -417,6 +417,10 @@ class DsInstance(service.Service):
                                    r_bindpw=self.dm_password)
         self.run_init_memberof = repl.needs_memberof_fixup()
 
+        ld = ldapupdate.LDAPUpdate(ldapi=True)
+        ld.update([os.path.join(paths.UPDATES_DIR,
+                                '20-ipaservers_hostgroup.update')])
+
         # Now that the server is up make sure all changes happen against
         # the local server (as repica pomotion does not have the DM password.
         if self.admin_conn:
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index f928e50..1a7b65a 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -122,7 +122,10 @@ class KrbInstance(service.Service):
                           ('cn', 'accounts'), self.suffix)
         hostgroup_entry = self.admin_conn.get_entry(hostgroup_dn, ['member'])
         hostgroup_entry.setdefault('member', []).append(host_dn)
-        self.admin_conn.update_entry(hostgroup_entry)
+        try:
+            self.admin_conn.update_entry(hostgroup_entry)
+        except errors.EmptyModlist:
+            pass
 
     def __common_setup(self, realm_name, host_name, domain_name, admin_password):
         self.fqdn = host_name
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to