URL: https://github.com/freeipa/freeipa/pull/752 Author: tomaskrizek Title: #752: upgrade: add missing DN suffix when enabling KDC proxy Action: opened
PR body: """ This issue prevented from upgrading from IPA 4.1. I also discovered a missing python dependency when I was running the ipa-server-upgrade manually. For packagers: the Python version that has the required symbols in CentOS is 2.7.5-24 https://pagure.io/freeipa/issue/6920 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/752/head:pr752 git checkout pr752
From cb3052b148ebab0898bc7597d1c3bdb354733d86 Mon Sep 17 00:00:00 2001 From: Tomas Krizek <tkri...@redhat.com> Date: Tue, 2 May 2017 18:32:34 +0200 Subject: [PATCH 1/3] python2-ipalib: add missing python dependency Commit dfd560a190cb2ab13f34ed9e21c5fb5c6e793f18 started to use ssl symbols like ssl.OP_NO_SSLv2 that were introduced in Python 2.7.9. Related https://pagure.io/freeipa/issue/6920 --- freeipa.spec.in | 1 + 1 file changed, 1 insertion(+) diff --git a/freeipa.spec.in b/freeipa.spec.in index ee9a36b..56c3f27 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -643,6 +643,7 @@ Requires: python-gssapi >= 1.2.0 Requires: gnupg Requires: keyutils Requires: pyOpenSSL +Requires: python >= 2.7.9 Requires: python-cryptography >= 1.6 Requires: python-netaddr >= %{python_netaddr_version} Requires: python-libipa_hbac From 213e25135f92d8d088e48e9cf4c5c29bd558c52d Mon Sep 17 00:00:00 2001 From: Tomas Krizek <tkri...@redhat.com> Date: Tue, 2 May 2017 18:42:13 +0200 Subject: [PATCH 2/3] installer service: fix typo in service entry The typo would result in incorrect resolution of existing keys and their existence wasn't properly logged as intended. Related https://pagure.io/freeipa/issue/6920 --- ipaserver/install/service.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py index 6b5e69c..1aa49ed 100644 --- a/ipaserver/install/service.py +++ b/ipaserver/install/service.py @@ -181,7 +181,7 @@ def set_service_entry_config(name, fqdn, config_values, except errors.NotFound: pass else: - existing_values = entry.get('ipaConnfigString', []) + existing_values = entry.get('ipaConfigString', []) for value in config_values: if case_insensitive_attr_has_value(existing_values, value): root_logger.debug( From 74ef58e75cae5beb2dd8786c01e4a04f2fe8f5f6 Mon Sep 17 00:00:00 2001 From: Tomas Krizek <tkri...@redhat.com> Date: Tue, 2 May 2017 19:26:04 +0200 Subject: [PATCH 3/3] upgrade: add missing suffix to http instance During an upgrade, http.suffix is used to identify ldap entry when configuring kdc proxy. When the suffix is missing, the script crashed when enabling KDC proxy, because it used invalid DN. Fixes https://pagure.io/freeipa/issue/6920 --- ipaserver/install/server/upgrade.py | 1 + 1 file changed, 1 insertion(+) diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index 0f27428..dddec41 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -1630,6 +1630,7 @@ def upgrade_configuration(): http = httpinstance.HTTPInstance(fstore) http.fqdn = fqdn http.realm = api.env.realm + http.suffix = ipautil.realm_to_suffix(api.env.realm) http.configure_selinux_for_httpd() http.change_mod_nss_port_from_http()
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code