URL: https://github.com/freeipa/freeipa/pull/401
Author: MartinBasti
 Title: #401: [4.4] Wait until http principal entry is replicated to replica
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/401/head:pr401
git checkout pr401
From 045413aeec8862d9cdd0f3057671f28bb85735a1 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Wed, 18 Jan 2017 12:55:13 +0100
Subject: [PATCH 1/3] wait_for_entry: use only DN as parameter

Using the whole entry is not needed as parameter because only DN is used
and it prevents easier usage of this function

https://fedorahosted.org/freeipa/ticket/6588
---
 ipaserver/install/dogtaginstance.py | 2 +-
 ipaserver/install/replication.py    | 6 ++----
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py
index b656282..2a2ab6f 100644
--- a/ipaserver/install/dogtaginstance.py
+++ b/ipaserver/install/dogtaginstance.py
@@ -470,7 +470,7 @@ def setup_admin(self):
                                       port=389,
                                       protocol='ldap')
         master_conn.do_sasl_gssapi_bind()
-        replication.wait_for_entry(master_conn, entry)
+        replication.wait_for_entry(master_conn, entry.dn)
         del master_conn
 
     def __remove_admin_from_group(self, group):
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
index fe62626..d0e4a20 100644
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -152,7 +152,7 @@ def wait_for_task(conn, dn):
     return exit_code
 
 
-def wait_for_entry(connection, entry, timeout=7200, attr='', quiet=True):
+def wait_for_entry(connection, dn, timeout=7200, attr='', quiet=True):
     """Wait for entry and/or attr to show up"""
 
     filter = "(objectclass=*)"
@@ -162,8 +162,6 @@ def wait_for_entry(connection, entry, timeout=7200, attr='', quiet=True):
         attrlist.append(attr)
     timeout += int(time.time())
 
-    dn = entry.dn
-
     if not quiet:
         sys.stdout.write("Waiting for %s %s:%s " % (connection, dn, attr))
         sys.stdout.flush()
@@ -734,7 +732,7 @@ def setup_agreement(self, a_conn, b_hostname, port=389,
             # that we will have to set the memberof fixup task
             self.need_memberof_fixup = True
 
-        wait_for_entry(a_conn, entry)
+        wait_for_entry(a_conn, entry.dn)
 
     def needs_memberof_fixup(self):
         return self.need_memberof_fixup

From 3838aa549710f6447a9e7d62013eb6c3d88df35c Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Wed, 18 Jan 2017 13:56:24 +0100
Subject: [PATCH 2/3] Wait until HTTPS principal entry is replicated to replica

Without HTTP principal the steps later fails.

https://fedorahosted.org/freeipa/ticket/6588
---
 ipaserver/install/server/replicainstall.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index aefe158..5b613ba 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -40,7 +40,7 @@
 from ipaserver.install.installutils import (
     create_replica_config, ReplicaConfig, load_pkcs12, is_ipa_configured)
 from ipaserver.install.replication import (
-    ReplicationManager, replica_conn_check)
+    ReplicationManager, replica_conn_check, wait_for_entry)
 import SSSDConfig
 from subprocess import CalledProcessError
 from binascii import hexlify
@@ -90,6 +90,14 @@ def install_http_certs(config, fstore, remote_api):
                                         config.master_host_name,
                                         paths.IPA_KEYTAB,
                                         force_service_add=True)
+    dn = DN(
+        ('krbprincipalname', principal),
+        api.env.container_service, api.env.basedn
+    )
+    conn = ipaldap.IPAdmin(realm=config.realm_name, ldapi=True)
+    conn.do_external_bind()
+    wait_for_entry(conn, dn)
+    conn.unbind()
 
     # Obtain certificate for the HTTP service
     nssdir = certs.NSS_DIR

From 42050b4fae9326dc4b35e19428014ca82c355da8 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Wed, 18 Jan 2017 17:08:19 +0100
Subject: [PATCH 3/3] Use proper logging for error messages

https://fedorahosted.org/freeipa/ticket/6588r
---
 ipaserver/install/replication.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
index d0e4a20..5da96e7 100644
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -173,7 +173,7 @@ def wait_for_entry(connection, dn, timeout=7200, attr='', quiet=True):
         except errors.NotFound:
             pass  # no entry yet
         except Exception as e:  # badness
-            print("\nError reading entry", dn, e)
+            root_logger.error("Error reading entry %s: %s", dn, e)
             break
         if not entry:
             if not quiet:
@@ -182,11 +182,13 @@ def wait_for_entry(connection, dn, timeout=7200, attr='', quiet=True):
             time.sleep(1)
 
     if not entry and int(time.time()) > timeout:
-        print("\nwait_for_entry timeout for %s for %s" % (connection, dn))
+        root_logger.error(
+            "wait_for_entry timeout for %s for %s", connection, dn)
     elif entry and not quiet:
-        print("\nThe waited for entry is:", entry)
+        root_logger.error("The waited for entry is: %s", entry)
     elif not entry:
-        print("\nError: could not read entry %s from %s" % (dn, connection))
+        root_logger.error(
+            "Error: could not read entry %s from %s", dn, connection)
 
 
 class ReplicationManager(object):
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to