On 20.06.2016 16:42, Jan Cholasta wrote:
On 20.6.2016 16:13, David Kupka wrote:
On 28/04/16 14:45, Jan Cholasta wrote:
Hi,

I have pushed my thin client WIP branch to GitHub:
<https://github.com/jcholast/freeipa/tree/trac-4739>.

All commits up to "ipalib: use relative imports for cross-plugin
imports" should be good for review. The rest is subject to change
(WARNING: I will force push into this branch).

Honza


Hello!

Patches:
replica install: fix thin client regression
schema: remove `no_cli` from command schema
schema: remove redundant information
schema: merge command args and options
schema: remove output_params
schema: add object class schema
permission: handle ipapermright deprecated CLI alias on the client
passwd: handle sort order of passwd argument on the client
misc: skip `count` and `total` output in env.output_for_cli
dns: do not rely on custom param fields in record attributes
automember: add object plugin for automember_rebuild
frontend: do not crash on missing output in output_for_cli
frontend: skip `value` output in output_for_cli
frontend: don't copy command arguments to output params
makeaci, makeapi: use in-server API

work for me, ACK.

Pushed to master: 8cc8b6fb1023fa4aeafac0df01cfacff4ebf537a

Note that I haven't pushed "replica install: fix thin client regression" yet, I would like Martin to review it first.

ACK

pushed to master:
* 91d6d87ca76e3aa27d5f87fd4f0b70f1d4fe4e72 replica install: fix thin client regression


Attaching the patches for reference.


Note: There is one one known issue in automember output, will be fixed
later.



From 94c27bcdeb14cd61bc5252f3071a6cea41ac3f99 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jchol...@redhat.com>
Date: Mon, 20 Jun 2016 13:50:23 +0200
Subject: [PATCH] replica install: fix thin client regression

Fix a regression introduced by commit
3157eec28ff35e3c407a9552d6b59bef9891b555.

https://fedorahosted.org/freeipa/ticket/4739
https://fedorahosted.org/freeipa/ticket/5985
---
 ipaserver/install/server/replicainstall.py | 50 +++++++++++++++++-------------
 1 file changed, 28 insertions(+), 22 deletions(-)

diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index 3801f794998d904c0790a4bd5ad643792e13c1b9..1464e26db3f456efa4a18cd1449141c2c92c9ffc 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -1310,37 +1310,44 @@ def promote(installer):
     ccache = os.environ['KRB5CCNAME']
     remote_api = installer._remote_api
     conn = remote_api.Backend.ldap2
-    try:
-        conn.connect(ccache=installer._ccache)
+    if installer._add_to_ipaservers:
+        try:
+            conn.connect(ccache=installer._ccache)
 
-        if installer._add_to_ipaservers:
             remote_api.Command['hostgroup_add_member'](
                 u'ipaservers',
                 host=[unicode(api.env.host)],
             )
+        finally:
+            if conn.isconnected():
+                conn.disconnect()
+            os.environ['KRB5CCNAME'] = ccache
 
-        # Save client file and merge in server directives
-        target_fname = paths.IPA_DEFAULT_CONF
-        fstore.backup_file(target_fname)
-        ipaconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Replica Promote")
-        ipaconf.setOptionAssignment(" = ")
-        ipaconf.setSectionNameDelimiters(("[", "]"))
+    # Save client file and merge in server directives
+    target_fname = paths.IPA_DEFAULT_CONF
+    fstore.backup_file(target_fname)
+    ipaconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Replica Promote")
+    ipaconf.setOptionAssignment(" = ")
+    ipaconf.setSectionNameDelimiters(("[", "]"))
 
-        config.promote = installer.promote
-        config.dirman_password = hexlify(ipautil.ipa_generate_password())
+    config.promote = installer.promote
+    config.dirman_password = hexlify(ipautil.ipa_generate_password())
 
-        # FIXME: allow to use passed in certs instead
-        if installer._ca_enabled:
-            configure_certmonger()
+    # FIXME: allow to use passed in certs instead
+    if installer._ca_enabled:
+        configure_certmonger()
 
-        # Create DS user/group if it doesn't exist yet
-        dsinstance.create_ds_user()
+    # Create DS user/group if it doesn't exist yet
+    dsinstance.create_ds_user()
 
-        # Configure ntpd
-        if not options.no_ntp:
-            ipaclient.ntpconf.force_ntpd(sstore)
-            ntp = ntpinstance.NTPInstance()
-            ntp.create_instance()
+    # Configure ntpd
+    if not options.no_ntp:
+        ipaclient.ntpconf.force_ntpd(sstore)
+        ntp = ntpinstance.NTPInstance()
+        ntp.create_instance()
+
+    try:
+        conn.connect(ccache=ccache)
 
         # Configure dirsrv
         ds = install_replica_ds(config, options, installer._ca_enabled,
@@ -1360,7 +1367,6 @@ def promote(installer):
     finally:
         if conn.isconnected():
             conn.disconnect()
-        os.environ['KRB5CCNAME'] = ccache
 
         # Create the management framework config file
         # do this regardless of the state of DS installation. Even if it fails,
-- 
2.5.5

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to