ipa/freeipa-systemd-upgrade

#! /usr/bin/python -E
from ipaserver.install.krbinstance import update_key_val_in_file
from ipapython import ipautil, config
from ipapython import services as ipaservices
import os, platform

def convert_java_link(foo, topdir, filepaths):
    cwd = os.getcwd()
    os.chdir(topdir)
    for filepath in filepaths:
        # All this shouldn't happen because java system upgrade should properly
        # move files and symlinks but if this is a broken link
        if os.path.islink(filepath):
            print "    Checking %s ... " % (filepath),
            if not os.path.exists(filepath):
                rpath = os.path.realpath(filepath)
                # .. and it points to jss in /usr/lib
                if rpath.find('/usr/lib/') != -1  and rpath.find('jss') != -1:
                    base = os.path.basename(rpath)
                    bitness = platform.architecture()[0][:2]
                    # rewrite it to /usr/lib64 for x86_64 platform
                    if bitness == '64':
                        npath = "/usr/lib%s/jss/%s" % (bitness, base)
                        os.unlink(filepath)
                        os.symlink(npath, filepath)
                        print "%s -> %s" % (filepath, npath)
                    else:
                        print "Ok"
                else:
                    print "Ok"
            else:
                print "Ok"
    os.chdir(cwd)

# 0. Init config
try:
    config.init_config()
except IPAConfigError, e:
    # No configured IPA install, no need to upgrade anything
    exit(0)

# 1. Convert broken symlinks, if any, in /var/lib/pki-ca
if os.path.exists('/var/lib/pki-ca/common/lib'):
    print "Analyzing symlinks in PKI-CA install"
    os.path.walk('/var/lib/pki-ca/common/lib', convert_java_link, None)

try:
    print "Found IPA server for domain %s" % (config.config.default_realm)
    print "Converting services setup to systemd"
    # 1. Upgrade /etc/sysconfig/dirsrv for systemd
    print "    Upgrade /etc/sysconfig/dirsrv"
    update_key_val_in_file("/etc/sysconfig/dirsrv", "KRB5_KTNAME", "/etc/dirsrv/ds.keytab")
    update_key_val_in_file("/etc/sysconfig/dirsrv", "export KRB5_KTNAME", "/etc/dirsrv/ds.keytab")
    # 2. Upgrade /etc/sysconfig/krb5kdc for systemd
    print "    Upgrade /etc/sysconfig/krb5kdc"
    replacevars = {'KRB5REALM':config.config.default_realm}
    appendvars = {}
    ipautil.config_replace_variables("/etc/sysconfig/krb5kdc",
       replacevars=replacevars, appendvars=appendvars)
    ipaservices.restore_context("/etc/sysconfig/krb5kdc")
    # 3. Enable DS instances:
    realm = config.config.default_realm.upper().replace('.','-')
    print "    Re-enable Directory server instances PKI-IPA and %s " % (realm)
    ipaservices.knownservices.dirsrv.enable(realm)
    ipaservices.knownservices.dirsrv.enable("PKI-IPA")
    # 4. Enable FreeIPA
    print "    Re-enable IPA service"
    ipaservices.knownservices.ipa.enable()
except:
    pass

finally:
    print "Finished."
Introduce systemd upgrade script As user has no means to recover existing FreeIPA install after upgrading from SysV to systemd, introduce upgrade script. The upgrade script does following: - restores symlinks in FreeIPA's Dogtag installation - converts FreeIPA directory server instances to systemd - converts FreeIPA directory server configuration to be compatible with systemd services - converts FreeIPA KDC configuration to be compatible with systemd services - re-enables FreeIPA Script does nothing if FreeIPA is already active systemd service 2011-11-30 13:14:40 +00:00			`#! /usr/bin/python -E`
			`from ipaserver.install.krbinstance import update_key_val_in_file`
			`from ipapython import ipautil, config`
			`from ipapython import services as ipaservices`
			`import os, platform`

			`def convert_java_link(foo, topdir, filepaths):`
			`cwd = os.getcwd()`
			`os.chdir(topdir)`
			`for filepath in filepaths:`
			`# All this shouldn't happen because java system upgrade should properly`
			`# move files and symlinks but if this is a broken link`
			`if os.path.islink(filepath):`
			`print " Checking %s ... " % (filepath),`
			`if not os.path.exists(filepath):`
			`rpath = os.path.realpath(filepath)`
			`# .. and it points to jss in /usr/lib`
			`if rpath.find('/usr/lib/') != -1 and rpath.find('jss') != -1:`
			`base = os.path.basename(rpath)`
			`bitness = platform.architecture()[0][:2]`
			`# rewrite it to /usr/lib64 for x86_64 platform`
			`if bitness == '64':`
			`npath = "/usr/lib%s/jss/%s" % (bitness, base)`
			`os.unlink(filepath)`
			`os.symlink(npath, filepath)`
			`print "%s -> %s" % (filepath, npath)`
			`else:`
			`print "Ok"`
			`else:`
			`print "Ok"`
			`else:`
			`print "Ok"`
			`os.chdir(cwd)`

			`# 0. Init config`
			`try:`
			`config.init_config()`
			`except IPAConfigError, e:`
			`# No configured IPA install, no need to upgrade anything`
			`exit(0)`

			`# 1. Convert broken symlinks, if any, in /var/lib/pki-ca`
			`if os.path.exists('/var/lib/pki-ca/common/lib'):`
			`print "Analyzing symlinks in PKI-CA install"`
			`os.path.walk('/var/lib/pki-ca/common/lib', convert_java_link, None)`

			`try:`
			`print "Found IPA server for domain %s" % (config.config.default_realm)`
			`print "Converting services setup to systemd"`
			`# 1. Upgrade /etc/sysconfig/dirsrv for systemd`
			`print " Upgrade /etc/sysconfig/dirsrv"`
			`update_key_val_in_file("/etc/sysconfig/dirsrv", "KRB5_KTNAME", "/etc/dirsrv/ds.keytab")`
			`update_key_val_in_file("/etc/sysconfig/dirsrv", "export KRB5_KTNAME", "/etc/dirsrv/ds.keytab")`
			`# 2. Upgrade /etc/sysconfig/krb5kdc for systemd`
			`print " Upgrade /etc/sysconfig/krb5kdc"`
			`replacevars = {'KRB5REALM':config.config.default_realm}`
			`appendvars = {}`
			`ipautil.config_replace_variables("/etc/sysconfig/krb5kdc",`
			`replacevars=replacevars, appendvars=appendvars)`
			`ipaservices.restore_context("/etc/sysconfig/krb5kdc")`
			`# 3. Enable DS instances:`
			`realm = config.config.default_realm.upper().replace('.','-')`
			`print " Re-enable Directory server instances PKI-IPA and %s " % (realm)`
			`ipaservices.knownservices.dirsrv.enable(realm)`
			`ipaservices.knownservices.dirsrv.enable("PKI-IPA")`
			`# 4. Enable FreeIPA`
			`print " Re-enable IPA service"`
			`ipaservices.knownservices.ipa.enable()`
			`except:`
			`pass`

			`finally:`
			`print "Finished."`