subject:"\[Freeipa\-devel\] \[PATCH\] 0079 Enable Retro Changelog and Content Synchronization DS plugins"

Re: [Freeipa-devel] [PATCH] 0079 Enable Retro Changelog and Content Synchronization DS plugins

2014-01-14 Thread Petr Spacek


On 28.11.2013 10:33, Ana Krivokapic wrote:

On 10/29/2013 06:57 PM, Ana Krivokapic wrote:

On 10/29/2013 12:46 PM, Martin Kosek wrote:

On 10/25/2013 05:03 PM, Ana Krivokapic wrote:

Hello,

This patch addresses ticket https://fedorahosted.org/freeipa/ticket/3967.


NACK. I do not think this will work well with the case when DNS is not used. As
bind-dyndb-ldap is not required component, FreeIPA could be installed on a
machine without bind installed. And in that case, /var/named/ won't be there.

I think that this directory will follow similar pattern as
%{_localstatedir}/lib/ipa/pki-ca/publish
and be just %ghost and be created in when bind-dyndb-ldap is being configured
in bindinstance.py.

Martin

Fixed, updated patch attached.


The patch needed a rebase.


There was a copypaste error in install/updates/20-syncrepl.update , attached 
patch fixes it.


I have tested the install  upgrade scenarios without and with one replica and 
it works for me, functional ACK.


Please push it to master if nobody objects against the code.

--
Petr^2 Spacek
From 55e793f79cab04b54be18a5212d98acee4dd022b Mon Sep 17 00:00:00 2001
From: Ana Krivokapic akriv...@redhat.com
Date: Fri, 25 Oct 2013 12:41:25 +0200
Subject: [PATCH] Enable Retro Changelog and Content Synchronization DS plugins

Enable Retro Changelog and Content Synchronization DS plugins which are required
for SyncRepl support.

Create a working directory /var/named/ipa required by bind-dyndb-ldap v4+.

https://fedorahosted.org/freeipa/ticket/3967
---
 freeipa.spec.in|  1 +
 install/tools/ipa-upgradeconfig|  5 -
 install/updates/20-syncrepl.update |  9 +
 install/updates/Makefile.am|  1 +
 ipaserver/install/bindinstance.py  | 13 +
 5 files changed, 28 insertions(+), 1 deletion(-)
 create mode 100644 install/updates/20-syncrepl.update

diff --git a/freeipa.spec.in b/freeipa.spec.in
index acbbcfcbeff3127aca7a178ca9410df5dabec110..81c9672352159b7ceee32624bf2b364fa299246b 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -756,6 +756,7 @@ fi
 %{_mandir}/man1/ipa-backup.1.gz
 %{_mandir}/man1/ipa-restore.1.gz
 %{_mandir}/man1/ipa-advise.1.gz
+%ghost %{_localstatedir}/named/ipa
 
 %files server-trust-ad
 %{_sbindir}/ipa-adtrust-install
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
index dec56c6635cd6439124e420e22fbb1126ec9ebd6..ed4852c0daea9b5b0efa907c325fbb138800995c 100644
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -1079,6 +1079,10 @@ def main():
 setup_firefox_extension(fstore)
 add_ca_dns_records()
 
+bind = bindinstance.BindInstance(fstore)
+if bind.is_configured():
+bind.create_dir('/var/named/ipa', 0700)
+
 # Any of the following functions returns True iff the named.conf file
 # has been altered
 named_conf_changes = (
@@ -1092,7 +1096,6 @@ def main():
 if any(named_conf_changes):
 # configuration has changed, restart the name server
 root_logger.info('Changes to named.conf have been made, restart named')
-bind = bindinstance.BindInstance(fstore)
 try:
 bind.restart()
 except ipautil.CalledProcessError, e:
diff --git a/install/updates/20-syncrepl.update b/install/updates/20-syncrepl.update
new file mode 100644
index ..c4158a1634410acd323f04f442bbbd2f69c24708
--- /dev/null
+++ b/install/updates/20-syncrepl.update
@@ -0,0 +1,9 @@
+# Enable Retro changelog
+dn: cn=Retro Changelog Plugin,cn=plugins,cn=config
+only:nsslapd-pluginEnabled: on
+add:nsslapd-attribute: nsuniqueid:targetUniqueId
+add:nsslapd-changelogmaxage: 2d
+
+# Enable SyncRepl
+dn: cn=Content Synchronization,cn=plugins,cn=config
+only:nsslapd-pluginEnabled: on
diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am
index 66f0cd57617b6902fd4a74a8e7ac986f29babf20..67c33eef5ef31efffd7d3940a45f04bbf31927e9 100644
--- a/install/updates/Makefile.am
+++ b/install/updates/Makefile.am
@@ -14,6 +14,7 @@ app_DATA =\
 	20-indices.update		\
 	20-nss_ldap.update		\
 	20-replication.update		\
+	20-syncrepl.update		\
 	20-user_private_groups.update	\
 	20-winsync_index.update		\
 	21-replicas_container.update	\
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 6d5a1d44d30c89278c24fe7ab5278355cb65b0b4..4baeb4e077c64a7abebd1c071012f6c1e02dc1ae 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -22,6 +22,7 @@ import os
 import pwd
 import netaddr
 import re
+import errno
 
 import ldap
 
@@ -509,6 +510,16 @@ class BindInstance(service.Service):
 os.close(bind_fd)
 print Sample zone file for bind has been created in +bind_name
 
+def create_dir(self, path, mode):
+try:
+os.makedirs(path, mode)
+except OSError as e:
+if e.errno != errno.EEXIST:
+raise e
+
+pent =

Re: [Freeipa-devel] [PATCH] 0079 Enable Retro Changelog and Content Synchronization DS plugins

2013-11-28 Thread Ana Krivokapic

On 10/29/2013 06:57 PM, Ana Krivokapic wrote:
 On 10/29/2013 12:46 PM, Martin Kosek wrote:
 On 10/25/2013 05:03 PM, Ana Krivokapic wrote:
 Hello,

 This patch addresses ticket https://fedorahosted.org/freeipa/ticket/3967.

 NACK. I do not think this will work well with the case when DNS is not used. 
 As
 bind-dyndb-ldap is not required component, FreeIPA could be installed on a
 machine without bind installed. And in that case, /var/named/ won't be there.

 I think that this directory will follow similar pattern as
 %{_localstatedir}/lib/ipa/pki-ca/publish
 and be just %ghost and be created in when bind-dyndb-ldap is being configured
 in bindinstance.py.

 Martin
 Fixed, updated patch attached.



 ___
 Freeipa-devel mailing list
 Freeipa-devel@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-devel

The patch needed a rebase.

-- 
Regards,

Ana Krivokapic
Associate Software Engineer
FreeIPA team
Red Hat Inc.

From 0b0b9e24afadcac34e5c02428b736b9d9b019594 Mon Sep 17 00:00:00 2001
From: Ana Krivokapic akriv...@redhat.com
Date: Fri, 25 Oct 2013 12:41:25 +0200
Subject: [PATCH] Enable Retro Changelog and Content Synchronization DS plugins

Enable Retro Changelog and Content Synchronization DS plugins which are required
for SyncRepl support.

Create a working directory /var/named/ipa required by bind-dyndb-ldap v4+.

https://fedorahosted.org/freeipa/ticket/3967
---
 freeipa.spec.in|  1 +
 install/tools/ipa-upgradeconfig|  5 -
 install/updates/20-syncrepl.update |  9 +
 install/updates/Makefile.am|  1 +
 ipaserver/install/bindinstance.py  | 13 +
 5 files changed, 28 insertions(+), 1 deletion(-)
 create mode 100644 install/updates/20-syncrepl.update

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 35b87148c1074ae7e1e8909e981d3473c4a46258..97c47983106be0a2b04a121636b628b032721427 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -745,6 +745,7 @@ fi
 %{_mandir}/man1/ipa-backup.1.gz
 %{_mandir}/man1/ipa-restore.1.gz
 %{_mandir}/man1/ipa-advise.1.gz
+%ghost %{_localstatedir}/named/ipa
 
 %files server-trust-ad
 %{_sbindir}/ipa-adtrust-install
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
index 10526f226798c78ae75972b82a2f72b200a8aacf..9b1cc91f2570c9359d14814184135d214ca73001 100644
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -1079,6 +1079,10 @@ def main():
 setup_firefox_extension(fstore)
 add_ca_dns_records()
 
+bind = bindinstance.BindInstance(fstore)
+if bind.is_configured():
+bind.create_dir('/var/named/ipa', 0700)
+
 # Any of the following functions returns True iff the named.conf file
 # has been altered
 named_conf_changes = (
@@ -1092,7 +1096,6 @@ def main():
 if any(named_conf_changes):
 # configuration has changed, restart the name server
 root_logger.info('Changes to named.conf have been made, restart named')
-bind = bindinstance.BindInstance(fstore)
 try:
 bind.restart()
 except ipautil.CalledProcessError, e:
diff --git a/install/updates/20-syncrepl.update b/install/updates/20-syncrepl.update
new file mode 100644
index ..6901370f9cb302ff2c0c8bcc3f7b51aadef83e8e
--- /dev/null
+++ b/install/updates/20-syncrepl.update
@@ -0,0 +1,9 @@
+# Enable Retro changelog
+dn: cn=Retro Changelog Plugin,cn=plugins,cn=config
+only:nsslapd-pluginEnabled: on
+add:nsslapd-attribute: nsuniqueid:targetUniqueId
+add:nsslapd-changelogmaxage: nsslapd-changelogmaxage: 2d
+
+# Enable SyncRepl
+dn: cn=Content Synchronization,cn=plugins,cn=config
+only:nsslapd-pluginEnabled: on
diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am
index 66f0cd57617b6902fd4a74a8e7ac986f29babf20..67c33eef5ef31efffd7d3940a45f04bbf31927e9 100644
--- a/install/updates/Makefile.am
+++ b/install/updates/Makefile.am
@@ -14,6 +14,7 @@ app_DATA =\
 	20-indices.update		\
 	20-nss_ldap.update		\
 	20-replication.update		\
+	20-syncrepl.update		\
 	20-user_private_groups.update	\
 	20-winsync_index.update		\
 	21-replicas_container.update	\
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 6d5a1d44d30c89278c24fe7ab5278355cb65b0b4..4baeb4e077c64a7abebd1c071012f6c1e02dc1ae 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -22,6 +22,7 @@
 import pwd
 import netaddr
 import re
+import errno
 
 import ldap
 
@@ -509,6 +510,16 @@ def create_sample_bind_zone(self):
 os.close(bind_fd)
 print Sample zone file for bind has been created in +bind_name
 
+def create_dir(self, path, mode):
+try:
+os.makedirs(path, mode)
+except OSError as e:
+if e.errno != errno.EEXIST:
+raise e
+
+pent = pwd.getpwnam(self.named_user or 'named')
+os.chown(path, pent.pw_uid, pent.pw_gid)
+

Re: [Freeipa-devel] [PATCH] 0079 Enable Retro Changelog and Content Synchronization DS plugins

2013-10-29 Thread Martin Kosek

On 10/25/2013 05:03 PM, Ana Krivokapic wrote:
 Hello,
 
 This patch addresses ticket https://fedorahosted.org/freeipa/ticket/3967.
 

NACK. I do not think this will work well with the case when DNS is not used. As
bind-dyndb-ldap is not required component, FreeIPA could be installed on a
machine without bind installed. And in that case, /var/named/ won't be there.

I think that this directory will follow similar pattern as
%{_localstatedir}/lib/ipa/pki-ca/publish
and be just %ghost and be created in when bind-dyndb-ldap is being configured
in bindinstance.py.

Martin

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 0079 Enable Retro Changelog and Content Synchronization DS plugins

2013-10-25 Thread Ana Krivokapic

Hello,

This patch addresses ticket https://fedorahosted.org/freeipa/ticket/3967.

-- 
Regards,

Ana Krivokapic
Associate Software Engineer
FreeIPA team
Red Hat Inc.

From c09bba5cc537d2925d7d6498204a403931ba908e Mon Sep 17 00:00:00 2001
From: Ana Krivokapic akriv...@redhat.com
Date: Fri, 25 Oct 2013 12:41:25 +0200
Subject: [PATCH] Enable Retro Changelog and Content Synchronization DS plugins

Enable Retro Changelog and Content Synchronization DS plugins which are required
for SyncRepl support.

Create a working directory /var/named/ipa required by bind-dyndb-ldap v4+.

https://fedorahosted.org/freeipa/ticket/3967
---
 freeipa.spec.in| 5 +
 install/updates/20-syncrepl.update | 9 +
 install/updates/Makefile.am| 1 +
 3 files changed, 15 insertions(+)
 create mode 100644 install/updates/20-syncrepl.update

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 11ae934d928370eb13f45162a13f40a9acd64b74..52f673d27e64bdfd0ab56c28a9c71adb5f4a92a9 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -383,6 +383,7 @@ rm %{buildroot}/%{_libdir}/samba/pdb/ipasam.la
 mkdir -p %{buildroot}/%{_sysconfdir}/ipa/html
 mkdir -p %{buildroot}/%{_localstatedir}/cache/ipa/sysrestore
 mkdir -p %{buildroot}/%{_localstatedir}/cache/ipa/sysupgrade
+mkdir -p %{buildroot}/%{_localstatedir}/named/ipa
 mkdir %{buildroot}%{_usr}/share/ipa/html/
 ln -s ../../../..%{_sysconfdir}/ipa/html/ffconfig.js \
 %{buildroot}%{_usr}/share/ipa/html/ffconfig.js
@@ -737,6 +738,7 @@ fi
 %{_mandir}/man1/ipa-backup.1.gz
 %{_mandir}/man1/ipa-restore.1.gz
 %{_mandir}/man1/ipa-advise.1.gz
+%attr(0700,named,named) %dir %{_localstatedir}/named/ipa
 
 %files server-trust-ad
 %{_sbindir}/ipa-adtrust-install
@@ -832,6 +834,9 @@ fi
 %endif # ONLY_CLIENT
 
 %changelog
+* Fri Oct 25 2013 Ana Krivokapic akriv...@redhat.com - 3.3.90-5
+- Create /var/named/ipa needed for SyncRepl support
+
 * Fri Oct 25 2013 Martin Kosek mko...@redhat.com - 3.3.90-4
 - Remove mod_ssl conflict, it can now live with mod_nss installed
 
diff --git a/install/updates/20-syncrepl.update b/install/updates/20-syncrepl.update
new file mode 100644
index ..6901370f9cb302ff2c0c8bcc3f7b51aadef83e8e
--- /dev/null
+++ b/install/updates/20-syncrepl.update
@@ -0,0 +1,9 @@
+# Enable Retro changelog
+dn: cn=Retro Changelog Plugin,cn=plugins,cn=config
+only:nsslapd-pluginEnabled: on
+add:nsslapd-attribute: nsuniqueid:targetUniqueId
+add:nsslapd-changelogmaxage: nsslapd-changelogmaxage: 2d
+
+# Enable SyncRepl
+dn: cn=Content Synchronization,cn=plugins,cn=config
+only:nsslapd-pluginEnabled: on
diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am
index 40c3b3c8916faa267254a29d0f458ca53201950c..09965ff9885fce93f3d15dc73b11fa210f68b163 100644
--- a/install/updates/Makefile.am
+++ b/install/updates/Makefile.am
@@ -22,6 +22,7 @@ app_DATA =\
 	20-indices.update		\
 	20-nss_ldap.update		\
 	20-replication.update		\
+	20-syncrepl.update		\
 	20-user_private_groups.update	\
 	20-winsync_index.update		\
 	21-replicas_container.update	\
-- 
1.8.3.1

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 0079 Enable Retro Changelog and Content Synchronization DS plugins

Re: [Freeipa-devel] [PATCH] 0079 Enable Retro Changelog and Content Synchronization DS plugins

Re: [Freeipa-devel] [PATCH] 0079 Enable Retro Changelog and Content Synchronization DS plugins

[Freeipa-devel] [PATCH] 0079 Enable Retro Changelog and Content Synchronization DS plugins

4 matches

Site Navigation

Mail list logo

Footer information