Re: [Freeipa-devel] [PATCH] 0016 Setup and restore ntp configuration on the
On Wed, 2011-10-05 at 11:27 +0200, Jan Cholasta wrote: > On 5.10.2011 10:38, Alexander Bokovoy wrote: > > On Tue, 04 Oct 2011, Alexander Bokovoy wrote: > >> Reproduced. This happens when the package freeipa-client is upgraded > >> after client is enrolled with previous version -- in such case there > >> is no backup state and therefore we can't restore. > > Also add fstore to /etc/sysconfig/ntpd to really backup it. > > > > ACK. > > Honza > Pushed to master, ipa-2-1. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0016 Setup and restore ntp configuration on the
On 5.10.2011 10:38, Alexander Bokovoy wrote: On Tue, 04 Oct 2011, Alexander Bokovoy wrote: Reproduced. This happens when the package freeipa-client is upgraded after client is enrolled with previous version -- in such case there is no backup state and therefore we can't restore. Also add fstore to /etc/sysconfig/ntpd to really backup it. ACK. Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0016 Setup and restore ntp configuration on the
On Tue, 04 Oct 2011, Alexander Bokovoy wrote: > Reproduced. This happens when the package freeipa-client is upgraded > after client is enrolled with previous version -- in such case there > is no backup state and therefore we can't restore. Also add fstore to /etc/sysconfig/ntpd to really backup it. -- / Alexander Bokovoy >From 0aab495a8175b25ebd48e30715527fcf6737b22b Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Tue, 4 Oct 2011 13:56:12 +0300 Subject: [PATCH] Setup and restore ntp configuration on the client side properly When setting up the client-side NTP configuration, make sure that /etc/ntp/step-tickers point to IPA NTP server as well. When restoring the client during ipa-client-install --uninstall, make sure NTP configuration is fully restored and NTP service is disabled if it was disabled before the installation. https://fedorahosted.org/freeipa/ticket/1770 --- ipa-client/ipa-install/ipa-client-install | 26 ++- ipa-client/ipaclient/ntpconf.py | 52 2 files changed, 62 insertions(+), 16 deletions(-) diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 76f7f1913c804053edb8b90979286a0592fa5737..b8d4867ab3df119132b7d9da35803e50bbd4ea51 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -320,6 +320,30 @@ def uninstall(options, env, quiet=False): # this is optional service, just log logging.info("%s daemon is not installed, skip configuration" % (nslcd.service_name)) +ntp_configured = statestore.has_state('ntp') +if ntp_configured: +ntp_enabled = statestore.restore_state('ntp', 'enabled') +ntp_step_tickers = statestore.restore_state('ntp', 'step-tickers') + +try: +# Restore might fail due to file missing in backup +# the reason for it might be that freeipa-client was updated +# to this version but not unenrolled/enrolled again +# In such case it is OK to fail +restored = fstore.restore_file("/etc/ntp.conf") +restored |= fstore.restore_file("/etc/sysconfig/ntpd") +if ntp_step_tickers: + restored |= fstore.restore_file("/etc/ntp/step-tickers") +except: +pass + +if not ntp_enabled: + ipaservices.knownservices.ntpd.stop() + ipaservices.knownservices.ntpd.disable() +else: + if restored: + ipaservices.knownservices.ntpd.restart() + if not options.unattended: emit_quiet(quiet, "The original nsswitch.conf configuration has been restored.") emit_quiet(quiet, "You may need to restart services or reboot the machine.") @@ -1102,7 +1126,7 @@ def install(options, env, fstore, statestore): ntp_server = options.ntp_server else: ntp_server = cli_server -ipaclient.ntpconf.config_ntp(ntp_server, fstore) +ipaclient.ntpconf.config_ntp(ntp_server, fstore, statestore) print "NTP enabled" print "Client configuration complete." diff --git a/ipa-client/ipaclient/ntpconf.py b/ipa-client/ipaclient/ntpconf.py index 3042005f41ea3ed6c8fee739b9cf2b833a8d6d59..8e151089c81fe761dc57fc6e8fb7ff5ba30b98fa 100644 --- a/ipa-client/ipaclient/ntpconf.py +++ b/ipa-client/ipaclient/ntpconf.py @@ -20,6 +20,7 @@ from ipapython import ipautil from ipapython import services as ipaservices import shutil +import os ntp_conf = """# Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. @@ -80,30 +81,51 @@ SYNC_HWCLOCK=yes # Additional options for ntpdate NTPDATE_OPTIONS="" """ +ntp_step_tickers = """# Use IPA-provided NTP server for initial time +$SERVER +""" +def __backup_config(path, fstore = None): +if fstore: +fstore.backup_file(path) +else: +shutil.copy(path, "%s.ipasave" % (path)) -def config_ntp(server_fqdn, fstore = None): +def __write_config(path, content): +fd = open(path, "w") +fd.write(content) +fd.close() + +def config_ntp(server_fqdn, fstore = None, sysstore = None): +path_step_tickers = "/etc/ntp/step-tickers" +path_ntp_conf = "/etc/ntp.conf" +path_ntp_sysconfig = "/etc/sysconfig/ntpd" sub_dict = { } sub_dict["SERVER"] = server_fqdn nc = ipautil.template_str(ntp_conf, sub_dict) +config_step_tickers = False -if fstore: -fstore.backup_file("/etc/ntp.conf") -else: -shutil.copy("/etc/ntp.conf", "/etc/ntp.conf.ipasave") -fd = open("/etc/ntp.conf", "w") -fd.write(nc) -fd.close() +if os.path.exists(path_step_tickers): +config_step_tickers = True +ns = ipautil.template_str(ntp_step_tickers, sub_dict) +__backup_config(path_step_tickers, fstore) +__write_config(path_step_tickers, ns) +ipaservices.restore_context(
Re: [Freeipa-devel] [PATCH] 0016 Setup and restore ntp configuration on the
On Tue, 04 Oct 2011, Jan Cholasta wrote: > Now ipa-client-install --uninstall fails with: > > Traceback (most recent call last): > File "/usr/sbin/ipa-client-install", line 1165, in > sys.exit(main()) > File "/usr/sbin/ipa-client-install", line 1147, in main > return uninstall(options, env) > File "/usr/sbin/ipa-client-install", line 339, in uninstall > restored = fstore.restore_file("/etc/ntp.conf") > File "/usr/lib/python2.7/site-packages/ipapython/sysrestore.py", > line 158, in restore_file > raise ValueError("No such file name in the index") > ValueError: No such file name in the index Reproduced. This happens when the package freeipa-client is upgraded after client is enrolled with previous version -- in such case there is no backup state and therefore we can't restore. Attached patch should fix it -- as we can ignore absent backup. -- / Alexander Bokovoy >From a37e9ff4a35c4c9784bf6a174ca8a4da37a43f51 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Tue, 4 Oct 2011 13:56:12 +0300 Subject: [PATCH] Setup and restore ntp configuration on the client side properly When setting up the client-side NTP configuration, make sure that /etc/ntp/step-tickers point to IPA NTP server as well. When restoring the client during ipa-client-install --uninstall, make sure NTP configuration is fully restored and NTP service is disabled if it was disabled before the installation. https://fedorahosted.org/freeipa/ticket/1770 --- ipa-client/ipa-install/ipa-client-install | 26 ++- ipa-client/ipaclient/ntpconf.py | 52 2 files changed, 62 insertions(+), 16 deletions(-) diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 76f7f1913c804053edb8b90979286a0592fa5737..b8d4867ab3df119132b7d9da35803e50bbd4ea51 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -320,6 +320,30 @@ def uninstall(options, env, quiet=False): # this is optional service, just log logging.info("%s daemon is not installed, skip configuration" % (nslcd.service_name)) +ntp_configured = statestore.has_state('ntp') +if ntp_configured: +ntp_enabled = statestore.restore_state('ntp', 'enabled') +ntp_step_tickers = statestore.restore_state('ntp', 'step-tickers') + +try: +# Restore might fail due to file missing in backup +# the reason for it might be that freeipa-client was updated +# to this version but not unenrolled/enrolled again +# In such case it is OK to fail +restored = fstore.restore_file("/etc/ntp.conf") +restored |= fstore.restore_file("/etc/sysconfig/ntpd") +if ntp_step_tickers: + restored |= fstore.restore_file("/etc/ntp/step-tickers") +except: +pass + +if not ntp_enabled: + ipaservices.knownservices.ntpd.stop() + ipaservices.knownservices.ntpd.disable() +else: + if restored: + ipaservices.knownservices.ntpd.restart() + if not options.unattended: emit_quiet(quiet, "The original nsswitch.conf configuration has been restored.") emit_quiet(quiet, "You may need to restart services or reboot the machine.") @@ -1102,7 +1126,7 @@ def install(options, env, fstore, statestore): ntp_server = options.ntp_server else: ntp_server = cli_server -ipaclient.ntpconf.config_ntp(ntp_server, fstore) +ipaclient.ntpconf.config_ntp(ntp_server, fstore, statestore) print "NTP enabled" print "Client configuration complete." diff --git a/ipa-client/ipaclient/ntpconf.py b/ipa-client/ipaclient/ntpconf.py index 3042005f41ea3ed6c8fee739b9cf2b833a8d6d59..cf203b90490f8268553229730cc2966d2c14f292 100644 --- a/ipa-client/ipaclient/ntpconf.py +++ b/ipa-client/ipaclient/ntpconf.py @@ -20,6 +20,7 @@ from ipapython import ipautil from ipapython import services as ipaservices import shutil +import os ntp_conf = """# Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. @@ -80,30 +81,51 @@ SYNC_HWCLOCK=yes # Additional options for ntpdate NTPDATE_OPTIONS="" """ +ntp_step_tickers = """# Use IPA-provided NTP server for initial time +$SERVER +""" +def __backup_config(path, fstore = None): +if fstore: +fstore.backup_file(path) +else: +shutil.copy(path, "%s.ipasave" % (path)) -def config_ntp(server_fqdn, fstore = None): +def __write_config(path, content): +fd = open(path, "w") +fd.write(content) +fd.close() + +def config_ntp(server_fqdn, fstore = None, sysstore = None): +path_step_tickers = "/etc/ntp/step-tickers" +path_ntp_conf = "/etc/ntp.conf" +path_ntp_sysconfig = "/etc/sysconfig/ntpd" sub_dict = { } sub_dict["SERVER"] = server_fqdn
Re: [Freeipa-devel] [PATCH] 0016 Setup and restore ntp configuration on the
On 4.10.2011 20:53, Alexander Bokovoy wrote: On Tue, 04 Oct 2011, Jan Cholasta wrote: On 4.10.2011 13:00, Alexander Bokovoy wrote: client Reply-To: Hi, attached patch addresses ticket #1770. ipa-client-install fails with: Traceback (most recent call last): File "/usr/sbin/ipa-client-install", line 1165, in sys.exit(main()) File "/usr/sbin/ipa-client-install", line 1154, in main rval = install(options, env, fstore, statestore) File "/usr/sbin/ipa-client-install", line 1122, in install ipaclient.ntpconf.config_ntp(ntp_server, fstore, statestore) File "/usr/lib/python2.7/site-packages/ipaclient/ntpconf.py", line 118, in config_ntp sysstore.backup_state(module, "enabled", ipaservices.knownservices.ntp.enabled()) File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 167, in __getattr__ raise AttributeError('no magic attribute %r' % name) AttributeError: no magic attribute 'ntp' Mea culpa. :( Fixed patch attached. Now ipa-client-install --uninstall fails with: Traceback (most recent call last): File "/usr/sbin/ipa-client-install", line 1165, in sys.exit(main()) File "/usr/sbin/ipa-client-install", line 1147, in main return uninstall(options, env) File "/usr/sbin/ipa-client-install", line 339, in uninstall restored = fstore.restore_file("/etc/ntp.conf") File "/usr/lib/python2.7/site-packages/ipapython/sysrestore.py", line 158, in restore_file raise ValueError("No such file name in the index") ValueError: No such file name in the index Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0016 Setup and restore ntp configuration on the
On Tue, 04 Oct 2011, Jan Cholasta wrote: > On 4.10.2011 13:00, Alexander Bokovoy wrote: > >client > >Reply-To: > > > >Hi, > > > >attached patch addresses ticket #1770. > > > > ipa-client-install fails with: > > Traceback (most recent call last): > File "/usr/sbin/ipa-client-install", line 1165, in > sys.exit(main()) > File "/usr/sbin/ipa-client-install", line 1154, in main > rval = install(options, env, fstore, statestore) > File "/usr/sbin/ipa-client-install", line 1122, in install > ipaclient.ntpconf.config_ntp(ntp_server, fstore, statestore) > File "/usr/lib/python2.7/site-packages/ipaclient/ntpconf.py", line > 118, in config_ntp > sysstore.backup_state(module, "enabled", > ipaservices.knownservices.ntp.enabled()) > File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line > 167, in __getattr__ > raise AttributeError('no magic attribute %r' % name) > AttributeError: no magic attribute 'ntp' Mea culpa. :( Fixed patch attached. -- / Alexander Bokovoy >From 2de0c707424e735faf03fb786b98cbb3e3ee55da Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Tue, 4 Oct 2011 13:56:12 +0300 Subject: [PATCH] Setup and restore ntp configuration on the client side properly When setting up the client-side NTP configuration, make sure that /etc/ntp/step-tickers point to IPA NTP server as well. When restoring the client during ipa-client-install --uninstall, make sure NTP configuration is fully restored and NTP service is disabled if it was disabled before the installation. https://fedorahosted.org/freeipa/ticket/1770 --- ipa-client/ipa-install/ipa-client-install | 19 ++- ipa-client/ipaclient/ntpconf.py | 52 2 files changed, 55 insertions(+), 16 deletions(-) diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 76f7f1913c804053edb8b90979286a0592fa5737..4b6520f2c7ad67442f57a5d98d691912555c2c3c 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -331,6 +331,23 @@ def uninstall(options, env, quiet=False): emit_quiet(quiet, "Reboot command failed to exceute. " + str(e)) return CLIENT_UNINSTALL_ERROR +ntp_configured = statestore.has_state('ntp') +if ntp_configured: +ntp_enabled = statestore.restore_state('ntp', 'enabled') +ntp_step_tickers = statestore.restore_state('ntp', 'step-tickers') + +restored = fstore.restore_file("/etc/ntp.conf") +restored |= fstore.restore_file("/etc/sysconfig/ntpd") +if ntp_step_tickers: + restored |= fstore.restore_file("/etc/ntp/step-tickers") + +if not ntp_enabled: + ipaservices.knownservices.ntpd.stop() + ipaservices.knownservices.ntpd.disable() +else: + if restored: + ipaservices.knownservices.ntpd.restart() + # Remove the IPA configuration file try: os.remove("/etc/ipa/default.conf") @@ -1102,7 +1119,7 @@ def install(options, env, fstore, statestore): ntp_server = options.ntp_server else: ntp_server = cli_server -ipaclient.ntpconf.config_ntp(ntp_server, fstore) +ipaclient.ntpconf.config_ntp(ntp_server, fstore, statestore) print "NTP enabled" print "Client configuration complete." diff --git a/ipa-client/ipaclient/ntpconf.py b/ipa-client/ipaclient/ntpconf.py index 3042005f41ea3ed6c8fee739b9cf2b833a8d6d59..cf203b90490f8268553229730cc2966d2c14f292 100644 --- a/ipa-client/ipaclient/ntpconf.py +++ b/ipa-client/ipaclient/ntpconf.py @@ -20,6 +20,7 @@ from ipapython import ipautil from ipapython import services as ipaservices import shutil +import os ntp_conf = """# Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. @@ -80,30 +81,51 @@ SYNC_HWCLOCK=yes # Additional options for ntpdate NTPDATE_OPTIONS="" """ +ntp_step_tickers = """# Use IPA-provided NTP server for initial time +$SERVER +""" +def __backup_config(path, fstore = None): +if fstore: +fstore.backup_file(path) +else: +shutil.copy(path, "%s.ipasave" % (path)) -def config_ntp(server_fqdn, fstore = None): +def __write_config(path, content): +fd = open(path, "w") +fd.write(content) +fd.close() + +def config_ntp(server_fqdn, fstore = None, sysstore = None): +path_step_tickers = "/etc/ntp/step-tickers" +path_ntp_conf = "/etc/ntp.conf" +path_ntp_sysconfig = "/etc/sysconfig/ntpd" sub_dict = { } sub_dict["SERVER"] = server_fqdn nc = ipautil.template_str(ntp_conf, sub_dict) +config_step_tickers = False -if fstore: -fstore.backup_file("/etc/ntp.conf") -else: -shutil.copy("/etc/ntp.conf", "/etc/ntp.conf.ipasave") -fd = open("/etc/ntp.conf", "w") -fd.write(nc) -fd.close() +if os.path.exists(path_step_
Re: [Freeipa-devel] [PATCH] 0016 Setup and restore ntp configuration on the
On 4.10.2011 13:00, Alexander Bokovoy wrote: client Reply-To: Hi, attached patch addresses ticket #1770. ipa-client-install fails with: Traceback (most recent call last): File "/usr/sbin/ipa-client-install", line 1165, in sys.exit(main()) File "/usr/sbin/ipa-client-install", line 1154, in main rval = install(options, env, fstore, statestore) File "/usr/sbin/ipa-client-install", line 1122, in install ipaclient.ntpconf.config_ntp(ntp_server, fstore, statestore) File "/usr/lib/python2.7/site-packages/ipaclient/ntpconf.py", line 118, in config_ntp sysstore.backup_state(module, "enabled", ipaservices.knownservices.ntp.enabled()) File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 167, in __getattr__ raise AttributeError('no magic attribute %r' % name) AttributeError: no magic attribute 'ntp' Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel