On 01/13/2016 05:59 PM, Rob Crittenden wrote:
Martin Babinsky wrote:
fixes https://fedorahosted.org/freeipa/ticket/5584

In order to ensure consistent behavior with ipa-client-install, I opted
to reuse the configure_openldap_conf() function and restoring the config
from client sysrestore before modifying it.

If you think this approach is not optimal please propose an alternative
solution.

You could also just do an action set on URI to change the value, right?
It would need a new function but it would be very small.

If you do end up keeping this I'd want a new commit message for moving
the code to include why you're moving it (to avoid the need to deference
the ticket).

rob


Here's the patch that implements the change in URI directive. Please keep in mind that we not only have to change the URI to point to ourselves, we also have to do it in a way consistent with ipa-client-install, i.e. leave a comment with new URI if it was already set by third party.

Plain 'addifnotset' directive will not do, however, because then we end up with two comments, one original, and one pointing to ourselves. Plain 'set' may rewrite the URI set by user and thus we would have to test its value anyway.

The correct handling of these cases coupled with a way IPAChangeConf is written results in a solution presented here.

The fact that it is not much shorter than configure_openldap_conf and is additionally pretty ugly (a fact at least partially caused by me not being very fluent in IPAChangeConf usage) led me to the conclusion that restoring original ldap.conf and reusing already wirrten code for reediting it anew with replica as URI is actually not that bad idea.

--
Martin^3 Babinsky
From 41d0441d19756a6809fa0c522f7c61980df127d6 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Thu, 14 Jan 2016 17:15:31 +0100
Subject: [PATCH] reset ldap.conf to point to newly installer replica after
 promotion

When promoting a client to replica reset openldap client config so that it no
longer uses remote master as default LDAP hosts but uses local connection to
replica. Also make sure that the behavior regarding editing of user-customized
config is consistent with the client installer.

https://fedorahosted.org/freeipa/ticket/5488
---
 ipaserver/install/server/replicainstall.py | 44 ++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index 7edee88e101ff59b516c97934e201bed69671cdb..f0f973160467b2c2b603302949e5c30a46d96953 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -443,6 +443,49 @@ def promote_sssd(host_name):
             root_logger.warning("SSSD service restart was unsuccessful.")
 
 
+def promote_openldap_conf(hostname, master):
+    """
+    Reset the URI directive in openldap-client configuration file to point to
+    newly promoted replica. If this directive was set by third party, then
+    replace the added comment with the one pointing to replica
+
+    :param hostname: replica FQDN
+    :param master: FQDN of remote master
+    """
+
+    ldap_conf = paths.OPENLDAP_LDAP_CONF
+
+    ldap_change_conf = ipaclient.ipachangeconf.IPAChangeConf(
+        "IPA replica installer")
+    ldap_change_conf.setOptionAssignment((" ", "\t"))
+
+    new_opts = []
+
+    with open(ldap_conf, 'r') as f:
+        old_opts = ldap_change_conf.parse(f)
+
+        for opt in old_opts:
+            if opt['type'] == 'comment' and master in opt['value']:
+                continue
+            elif (opt['type'] == 'option' and opt['name'] == 'URI' and
+                    master in opt['value']):
+                continue
+            new_opts.append(opt)
+
+    change_opts = [
+        {'action': 'addifnotset',
+         'name': 'URI',
+         'type': 'option',
+         'value': 'ldaps://' + hostname}
+    ]
+
+    try:
+        ldap_change_conf.newConf(ldap_conf, new_opts)
+        ldap_change_conf.changeConf(ldap_conf, change_opts)
+    except Exception as e:
+        root_logger.info("Failed to update {}: {}".format(ldap_conf, e))
+
+
 @common_cleanup
 def install_check(installer):
     options = installer
@@ -1373,6 +1416,7 @@ def promote(installer):
     custodia.import_dm_password(config.master_host_name)
 
     promote_sssd(config.host_name)
+    promote_openldap_conf(config.host_name, config.master_host_name)
 
     # Switch API so that it uses the new servr configuration
     server_api = create_api(mode=None)
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to