rpms/ipa
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix patch 0004 with correct data.

Browse Source 
Related: RHBZ#2216551

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
This commit is contained in:
Rafael Guterres Jeffman 2023-07-17 14:38:45 -03:00
parent 9570499a0c
commit 046e99f183
2 changed files with 176 additions and 432 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

602
0004-Upgrade-fix-replica-agreement_rhbz#2216551.patch
View File

@ -1,434 +1,171 @@
<!DOCTYPE html>
<html lang='en'>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<title>Commit - freeipa - d29b47512a39ada02fb371521994576cd9815a6c - Pagure.io</title>
<link rel="shortcut icon" type="image/vnd.microsoft.icon"
href="/theme/static/favicon.ico?version=5.13.3"/>
<link href="/theme/static/fedora-bootstrap-1.3.0/fedora-bootstrap.min.css?version=5.13.3"
type="text/css" rel="stylesheet" />
<link href="/theme/static/fonts/fonts.css?version=5.13.3"
rel="stylesheet" type="text/css" />
<link href="/theme/static/fonts/hack_fonts/css/hack-extended.min.css?version=5.13.3"
type="text/css" rel="stylesheet" />
<link href="/theme/static/theme.css?version=5.13.3"
type="text/css" rel="stylesheet" />
<link type="text/css" rel="stylesheet" nonce="qdLhc1wjRNfkrQnukB32BzvfC" href="/static/vendor/font-awesome/font-awesome.css?version=5.13.3"/>
<link type="text/css" rel="stylesheet" nonce="qdLhc1wjRNfkrQnukB32BzvfC" href="/static/pagure.css?version=5.13.3"/>
<link rel="stylesheet" nonce="qdLhc1wjRNfkrQnukB32BzvfC" href="/static/vendor/highlight.js/styles/github.css?version=5.13.3"/>
<link rel="stylesheet" nonce="qdLhc1wjRNfkrQnukB32BzvfC" href="/static/vendor/diff2html/diff2html.css?version=5.13.3"/>
</head>
<body id="home">
<!-- start masthead -->
<nav class="navbar navbar-light masthead p-0 navbar-expand">
<div class="container">
<a href="/" class="navbar-brand">
<img height="40" src="/theme/static/pagure-logo.png?version=5.13.3"
alt="pagure Logo" id="pagureLogo"/>
</a>
<ul class="navbar-nav ml-auto">
<li class="nav-item">
<a class="btn btn-primary" href="/login/?next=https://pagure.io/freeipa/c/d29b47512a39ada02fb371521994576cd9815a6c">Log In</a>
</li>
</ul>
</div>
</nav>
<!-- close masthead-->
<div class="bodycontent">
<div class="bg-light border border-bottom pt-3">
<div class="container">
<div class="row mb-3">
<div class="col-6">
<div class="row">
<div class="col-auto pr-0">
<h3>
<i class="fa fa-calendar-o fa-rotate-270 text-muted"></i></h3>
</div>
<div class="col-auto pl-2">
<h3 class="mb-0">
<a href="/freeipa"><strong>freeipa</strong></a>
</h3>
</div>
</div>
</div>
<div class="col-6 text-right">
<div class="btn-group">
<div class="btn-group">
<a href="#"
class="btn btn-sm dropdown-toggle btn-outline-primary"
data-toggle="dropdown" id="watch-button">
<i class="fa fa-clone fa-fw"></i>
<span>Clone</span>
</a>
<div class="dropdown-menu dropdown-menu-right">
<div class="m-3" id="source-dropdown">
<div>
<h5><strong>Source Code</strong></h5>
<div class="form-group">
<div class="input-group input-group-sm">
<div class="input-group-prepend"><span class="input-group-text">GIT</span></div>
<input class="form-control bg-white select-on-focus" type="text" value="https://pagure.io/freeipa.git" readonly>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<ul class="nav nav-tabs nav-small border-bottom-0">
<li class="nav-item mr-2 text-dark">
<a class="nav-link active" href="/freeipa">
<i class="fa fa-code fa-fw text-muted"></i>
<span class="d-none d-md-inline">Source</span>
</a>
</li>
<li class="nav-item mr-2 text-dark">
<a class="nav-link" href="/freeipa/issues">
<i class="fa fa-fw text-muted fa-exclamation-circle"></i>
<span class="d-none d-md-inline">Issues&nbsp;</span>
<span class="badge badge-secondary py-0 d-none d-md-inline">
986
</span>
</a>
</li>
<li class="nav-item mr-2 text-dark">
<a class="nav-link" href="/freeipa/roadmap"
class="btn btn-outline-dark btn-sm">
<i class="fa fa-fw text-muted fa-map-signs"></i>
<span class="d-none d-md-inline">Roadmap&nbsp;</span>
</a>
</li>
<li class="nav-item mr-2 text-dark">
<a class="nav-link" href="/freeipa/stats">
<i class="fa fa-line-chart fa-fw text-muted"></i>
<span class="d-none d-md-inline">Stats</span>
</a>
</li>
</ul>
</div>
</div>
<div class="container pt-5 repo-body-container">
<div class="row">
<div class="col">
<nav class="nav nav-tabs nav-sidetabs flex-column">
<a class=
"nav-link nowrap
"
href="/freeipa">
<i class="fa fa-home text-muted fa-fw"></i>&nbsp;<span class="d-none d-md-inline">Overview</span>
</a>
<a class=
"nav-link nowrap
"
href="/freeipa/tree">
<i class="fa fa-file-code-o text-muted fa-fw"></i>&nbsp;Files
</a>
<a class=
"nav-link nowrap
active"
href="/freeipa/commits">
<i class="fa fa-list-alt text-muted fa-fw" data-glyph="spreadsheet"></i>&nbsp;Commits
</a>
<a class=
"nav-link nowrap
"
href="/freeipa/branches">
<i class="fa fa-random text-muted fa-fw"></i>&nbsp;Branches
</a>
<a class=
"nav-link nowrap
"
href="/freeipa/forks">
<i class="fa fa-code-fork text-muted fa-fw"></i>&nbsp;Forks
</a>
<a class=
"nav-link nowrap
"
href="/freeipa/releases">
<i class="fa fa-tags text-muted fa-fw"></i>&nbsp;Releases
</a>
</nav> </div>
<div class="col-10">
<div class="d-flex">
<div>
<h4 class="font-weight-bold">
<span title="d29b47512a39ada02fb371521994576cd9815a6c"><code class="text-white bg-primary">d29b475</code></span>
<span>Upgrade: fix replica agreement</span>
</h4>
<h5 class="text-muted pt-1 mb-0">
Authored and Committed by <img class="avatar circle lazyload" src="https://seccdn.libravatar.org/avatar/1e52aaae9646f0f890f5f6c771cd060c66898d5fdf78e8a6021eb2b75e27ffe2?s=16&d=retro"/> <a title='Florence Blanc-Renaud' href='/user/frenaud' >frenaud</a>
<span title="2023-06-22 15:49:40 UTC" data-toggle="tooltip">7 days ago</span>
</h5>
</div>
<div class="ml-auto">
<div class="btn-group">
<a class="btn btn-outline-primary btn-sm" href="/freeipa/raw/d29b47512a39ada02fb371521994576cd9815a6c" title="View as raw">raw</a>
<a class="btn btn-outline-primary btn-sm" href="/freeipa/c/d29b47512a39ada02fb371521994576cd9815a6c.patch">patch</a>
<a class="btn btn-outline-primary btn-sm" href="/freeipa/tree/d29b47512a39ada02fb371521994576cd9815a6c">tree</a>
<a class="btn btn-outline-primary btn-sm" title=356ec5cbfe0876686239f938bdf54892dc30571e href="/freeipa/c/356ec5cbfe0876686239f938bdf54892dc30571e">parent</a>
</div>
</div>
</div>
<div class="card border-0 mb-3">
<div class="card-header border-0 bg-white font-weight-bold p-0">
<a href="#commit-overview-collapse" data-toggle="collapse" data-target="#commit-overview-collapse">1 file changed.</a>
<span class="text-success">38 lines added</span>.
<span class="text-danger">42 lines removed</span>.
</div>
<div class="card-body p-0 collapse" id="commit-overview-collapse">
<div class="list-group ">
<a href="#_1" class="list-group-item list-group-item-action">
<div class="d-flex">
<div class="font-weight-bold">
ipaserver/install/plugins/fix_replica_agreements.py
</div>
<div class="ml-auto font-weight-bold">
<span class="font-weight-bold btn btn-sm btn-outline-secondary border-0 disabled opacity-100">file modified</span>
<div class="btn-group">
<span class="font-weight-bold btn btn-sm btn-success disabled opacity-100">+38</span>
<span class="font-weight-bold btn btn-sm btn-danger disabled opacity-100">-42</span>
</div>
</div>
</div>
</a> </div>
</div>
</div>
<div class="m-y-1">
<pre class="commit_message_body">
Upgrade: fix replica agreement
The upgrade checks the replication agreements to ensure that
some attributes are excluded from replication. The agreements
are stored in entries like
cn=serverToreplica,cn=replica,cn=_suffix_,cn=mapping tree,cn=config
but those entries are managed by the replication topology plugin
and should not be updated directly. The consequence is that the update
of the attributes fails and ipa-server-update prints an error message:
Error caught updating nsDS5ReplicatedAttributeList: Server is unwilling
to perform: Entry and attributes are managed by topology <a href="http://plugin.No" rel="nofollow">plugin.No</a> direct
modifications allowed.
Error caught updating nsDS5ReplicatedAttributeListTotal: Server is
unwilling to perform: Entry and attributes are managed by topology
<a href="http://plugin.No" rel="nofollow">plugin.No</a> direct modifications allowed.
The upgrade continues but the replication is not excluding
passwordgraceusertime.
Instead of editing the agreements, perform the modifications on
the topology segments.
Fixes: <a href="https://pagure.io/freeipa/issue/9385" rel="nofollow">https://pagure.io/freeipa/issue/9385</a>
Signed-off-by: Florence Blanc-Renaud &lt;flo@redhat.com&gt;
Reviewed-By: Rob Crittenden &lt;rcritten@redhat.com&gt;
</pre>
</div>
<section class="commit_diff">
<div class="card mt-3" id="_1">
<div class="card-header">
<div class="d-flex align-items-center">
<div>
<a class="font-weight-bold ml-2" href="/freeipa/blob/d29b47512a39ada02fb371521994576cd9815a6c/f/ipaserver/install/plugins/fix_replica_agreements.py"
title="View file as of d29b475">ipaserver/install/plugins/fix_replica_agreements.py</a>
</div>
<div class="d-flex align-items-center ml-auto">
<div class="btn btn-outline-secondary disabled opacity-100 border-0 font-weight-bold">file modified</div>
<div class="btn-group">
<span class="btn btn-success btn-sm font-weight-bold disabled opacity-100">+38</span>
<span class="btn btn-danger btn-sm font-weight-bold disabled opacity-100">-42</span>
</div>
<a class="btn btn-outline-primary btn-sm ml-2" href="/freeipa/blob/d29b47512a39ada02fb371521994576cd9815a6c/f/ipaserver/install/plugins/fix_replica_agreements.py"
title="View file as of d29b475">
<i class="fa fa-file-code-o fa-fw"></i>
</a>
<a href="diff2html_1" class="btn btn-sm btn-outline-primary diffcollapse ml-2" data-toggle="collapse" data-target="#diff2html_1">
<i class="fa fa-fw fa-caret-up"></i>
</a>
</div></div>
</div>
<div class="diff2html-output collapse show" data-diffno="1" id="diff2html_1"></div>
</div>
</section>
</div>
</div>
</div>
</div>
<div class="footer pt-4 text-white">
<div class="container">
<div class="d-flex align-items-center">
<div>
<div>Powered by <a href="https://pagure.io/pagure" class="notblue">Pagure</a> 5.13.3</div>
<div>
<a href="https://docs.pagure.org/pagure/usage/index.html" class="notblue">Documentation</a> &bull;
<a href="https://pagure.io/pagure/new_issue" class="notblue">File an Issue</a> &bull;
<a href="/about">About</a> &bull;
<a href="/ssh_info" class="notblue">SSH Hostkey/Fingerprint</a>
</div>
</div>
<div class="ml-auto text-right">
<div>&copy; Red Hat, Inc. and others.</div>
</div>
</div>
</div>
</div>
<script type="text/javascript" nonce="qdLhc1wjRNfkrQnukB32BzvfC" src="/static/vendor/jquery/jquery.min.js?version=5.13.3"></script>
<script src="/static/vendor/bootstrap/bootstrap.bundle.min.js?version=5.13.3"></script>
<script type="text/javascript" nonce="qdLhc1wjRNfkrQnukB32BzvfC">
$('[data-toggle="tooltip"]').tooltip({placement : 'bottom'});
$(".cancel_btn").click(function() {
history.back();
});
</script>
<script type="text/javascript" nonce="qdLhc1wjRNfkrQnukB32BzvfC" src="/static/vendor/lazyload/lazyload.min.js?version=5.13.3"></script>
<script type="text/javascript" nonce="qdLhc1wjRNfkrQnukB32BzvfC">
window.addEventListener("load", function(event) {
lazyload();
});
</script>
<script type="text/javascript" nonce="qdLhc1wjRNfkrQnukB32BzvfC">
$("#giturl-toggle").on('click', function(event){
event.stopPropagation();
$("#giturl-more").toggle();
$("#giturl-toggle").hide();
})
$(".fork_project_btn").click(function() {
$('#fork_project').submit();
});
$(".select-on-focus").on("focus", function() {
$(this).select();
});
</script>
<script type="text/javascript" nonce="qdLhc1wjRNfkrQnukB32BzvfC" src="/static/vendor/diff2html/diff2html.min.js?version=5.13.3"></script>
<script type="text/javascript" nonce="qdLhc1wjRNfkrQnukB32BzvfC" src="/static/vendor/highlight.js/highlight.pack.js?version=5.13.3"></script>
<script type="text/javascript" nonce="qdLhc1wjRNfkrQnukB32BzvfC" src="/static/vendor/highlight.js/spec.js?version=5.13.3"></script>
<script type="text/javascript" nonce="qdLhc1wjRNfkrQnukB32BzvfC" src="/static/vendor/diff2html/diff2html-ui.min.js?version=5.13.3"></script>
<script type="text/javascript" nonce="qdLhc1wjRNfkrQnukB32BzvfC">
$(document).ready(function() {
$(".diffcollapse").click(function(e){
$(this).find("i").toggleClass("fa-caret-down fa-caret-up")
});
});
$(function(){
$('#diff_list_link').click(function(){
$('#diff_list').toggle();
});
});
$.ajax({
url: '/freeipa/c/d29b47512a39ada02fb371521994576cd9815a6c.diff?js=True' ,
type: 'GET',
dataType: 'json',
success: function(res) {
$(".diff2html-output").each(function(){
var diffString = res[$(this).attr("data-diffno")];
var diff2htmlUi = new Diff2HtmlUI({diff: diffString});
diff2htmlUi.draw('#diff2html_'+$(this).attr("data-diffno"), {inputFormat: 'diff'});
diff2htmlUi.highlightCode('#diff2html_'+$(this).attr("data-diffno"));
});
}
});
$.ajax({
url: '/pv/branches/commit/' ,
type: 'POST',
data: {
repo: "freeipa",
repouser: "",
namespace: "",
commit_id: "d29b47512a39ada02fb371521994576cd9815a6c",
csrf_token: "IjBlMjNjZTVhYTU0ZTdiNDg1ODAyM2E4YjRmM2NmZjBhZjkwZTM0ZjQi.F394iA.hp0mU_A319AwGFwaTxBoPMzh1VQ",
},
dataType: 'json',
success: function(res) {
if (res.branches.length == 0){
return;
}
var _br = '';
for (var i = 0; i < res.branches.length; ++i) {
if (_br.length > 0){
_br += ', ';
}
_br += res.branches[i]
}
var el = $('#diff-file-1');
if (!el){
return;
}
el.before(
'<div class=""><i class="fa fa-code-fork"></i> '
+ _br + '</div>');
}
});
</script>
</body>
</html>From 93d97b59600c15e5028ee39b0e98450544165158 Mon Sep 17 00:00:00 2001
From d29b47512a39ada02fb371521994576cd9815a6c Mon Sep 17 00:00:00 2001
From: Florence Blanc-Renaud <flo@redhat.com>
Date: Jun 22 2023 15:49:40 +0000
Subject: Integration tests: add a test to ipa-server-upgrade
Date: Mon, 19 Jun 2023 10:36:29 +0200
Subject: [PATCH] Upgrade: fix replica agreement
The upgrade checks the replication agreements to ensure that
some attributes are excluded from replication. The agreements
are stored in entries like
cn=serverToreplica,cn=replica,cn=_suffix_,cn=mapping tree,cn=config
but those entries are managed by the replication topology plugin
and should not be updated directly. The consequence is that the update
of the attributes fails and ipa-server-update prints an error message:
Error caught updating nsDS5ReplicatedAttributeList: Server is unwilling
to perform: Entry and attributes are managed by topology plugin.No direct
modifications allowed.
Error caught updating nsDS5ReplicatedAttributeListTotal: Server is
unwilling to perform: Entry and attributes are managed by topology
plugin.No direct modifications allowed.
The upgrade continues but the replication is not excluding
passwordgraceusertime.
Instead of editing the agreements, perform the modifications on
the topology segments.
Fixes: https://pagure.io/freeipa/issue/9385
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
---
.../install/plugins/fix_replica_agreements.py | 80 +++++++++----------
1 file changed, 38 insertions(+), 42 deletions(-)
diff --git a/ipaserver/install/plugins/fix_replica_agreements.py b/ipaserver/install/plugins/fix_replica_agreements.py
index c0cdd3eb1..d963753d0 100644
--- a/ipaserver/install/plugins/fix_replica_agreements.py
+++ b/ipaserver/install/plugins/fix_replica_agreements.py
@@ -22,6 +22,7 @@ import logging
from ipaserver.install import replication
from ipalib import Registry
from ipalib import Updater
+from ipalib import errors
logger = logging.getLogger(__name__)
@@ -41,35 +42,42 @@ class update_replica_attribute_lists(Updater):
def execute(self, **options):
# We need an LDAPClient connection to the backend
logger.debug("Start replication agreement exclude list update task")
- conn = self.api.Backend.ldap2
- repl = replication.ReplicationManager(self.api.env.realm,
- self.api.env.host,
- None, conn=conn)
-
- # We need to update only IPA replica agreements, not winsync
- ipa_replicas = repl.find_ipa_replication_agreements()
-
- logger.debug("Found %d agreement(s)", len(ipa_replicas))
-
- for replica in ipa_replicas:
- for desc in replica.get('description', []):
- logger.debug('%s', desc)
-
- self._update_attr(repl, replica,
- 'nsDS5ReplicatedAttributeList',
- replication.EXCLUDES, template=EXCLUDE_TEMPLATE)
- self._update_attr(repl, replica,
- 'nsDS5ReplicatedAttributeListTotal',
- replication.TOTAL_EXCLUDES, template=EXCLUDE_TEMPLATE)
- self._update_attr(repl, replica,
- 'nsds5ReplicaStripAttrs', replication.STRIP_ATTRS)
+ # Find suffixes
+ suffixes = self.api.Command.topologysuffix_find()['result']
+ for suffix in suffixes:
+ suffix_name = suffix['cn'][0]
+ # Find segments
+ sgmts = self.api.Command.topologysegment_find(
+ suffix_name, all=True)['result']
+ for segment in sgmts:
+ updates = {}
+ updates = self._update_attr(
+ segment, updates,
+ 'nsds5replicatedattributelist',
+ replication.EXCLUDES, template=EXCLUDE_TEMPLATE)
+ updates = self._update_attr(
+ segment, updates,
+ 'nsds5replicatedattributelisttotal',
+ replication.TOTAL_EXCLUDES, template=EXCLUDE_TEMPLATE)
+ updates = self._update_attr(
+ segment, updates,
+ 'nsds5replicastripattrs', replication.STRIP_ATTRS)
+ if updates:
+ try:
+ self.api.Command.topologysegment_mod(
+ suffix_name, segment['cn'][0],
+ **updates)
+ except errors.EmptyModlist:
+ # No update done
+ logger.debug("No update required for the segment %s",
+ segment['cn'][0])
logger.debug("Done updating agreements")
return False, [] # No restart, no updates
- def _update_attr(self, repl, replica, attribute, values, template='%s'):
+ def _update_attr(self, segment, updates, attribute, values, template='%s'):
"""Add or update an attribute of a replication agreement
If the attribute doesn't already exist, it is added and set to
@@ -77,27 +85,21 @@ class update_replica_attribute_lists(Updater):
If the attribute does exist, `values` missing from it are just
appended to the end, also space-separated.
- :param repl: Replication manager
- :param replica: Replica agreement
+ :param: updates: dict containing the updates
+ :param segment: dict containing segment information
:param attribute: Attribute to add or update
:param values: List of values the attribute should hold
:param template: Template to use when adding attribute
"""
- attrlist = replica.single_value.get(attribute)
+ attrlist = segment.get(attribute)
if attrlist is None:
logger.debug("Adding %s", attribute)
# Need to add it altogether
- replica[attribute] = [template % " ".join(values)]
-
- try:
- repl.conn.update_entry(replica)
- logger.debug("Updated")
- except Exception as e:
- logger.error("Error caught updating replica: %s", str(e))
+ updates[attribute] = template % " ".join(values)
else:
- attrlist_normalized = attrlist.lower().split()
+ attrlist_normalized = attrlist[0].lower().split()
missing = [a for a in values
if a.lower() not in attrlist_normalized]
@@ -105,14 +107,8 @@ class update_replica_attribute_lists(Updater):
logger.debug("%s needs updating (missing: %s)", attribute,
', '.join(missing))
- replica[attribute] = [
- '%s %s' % (attrlist, ' '.join(missing))]
+ updates[attribute] = '%s %s' % (attrlist[0], ' '.join(missing))
- try:
- repl.conn.update_entry(replica)
- logger.debug("Updated %s", attribute)
- except Exception as e:
- logger.error("Error caught updating %s: %s",
- attribute, str(e))
else:
logger.debug("%s: No update necessary", attribute)
+ return updates
--
2.41.0
From 93d97b59600c15e5028ee39b0e98450544165158 Mon Sep 17 00:00:00 2001
From: Florence Blanc-Renaud <flo@redhat.com>
Date: Mon, 19 Jun 2023 10:36:59 +0200
Subject: [PATCH] Integration tests: add a test to ipa-server-upgrade
Add an integration test ensuring that the upgrade
properly updates the attributes to be excluded from
@ -437,11 +174,12 @@ replication.
Related: https://pagure.io/freeipa/issue/9385
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
---
.../test_simple_replication.py | 30 +++++++++++++++++++
1 file changed, 30 insertions(+)
diff --git a/ipatests/test_integration/test_simple_replication.py b/ipatests/test_integration/test_simple_replication.py
index 17092a4..d1e65ef 100644
index 17092a499..d1e65ef7c 100644
--- a/ipatests/test_integration/test_simple_replication.py
+++ b/ipatests/test_integration/test_simple_replication.py
@@ -23,8 +23,10 @@ import pytest
@ -490,4 +228,6 @@ index 17092a4..d1e65ef 100644
def test_replica_removal(self):
"""Test replica removal"""
result = self.master.run_command(['ipa-replica-manage', 'list'])
--
2.41.0

6
ipa.spec
View File

@ -189,7 +189,7 @@
Name: %{package_name}
Version: %{IPA_VERSION}
Release: 4%{?rc_version:.%rc_version}%{?dist}
Release: 5%{?rc_version:.%rc_version}%{?dist}
Summary: The Identity, Policy and Audit system
License: GPLv3+
@ -1729,6 +1729,10 @@ fi
%endif
%changelog
* Mon Jul 17 2023 Rafael Jeffman <rjeffman@redhat.com> - 4.9.12-5
- Upgrade: fix replica agreement, fix backported patch
Related: RHBZ#2216551
* Fri Jun 30 2023 Rafael Jeffman <rjeffman@redhat.com> - 4.9.12-4
- kdb: Use-krb5_pac_full_sign_compat() when available
Resolves: RHBZ#2176406