Fix upgrade when using DNS-less setup and pull new slapi-nis

Resolves rhbz#1573636 for nisserver underlinkage Resolves rhbz#1573671 for DNS-less setup upgrade issues
2018-05-02 10:40:46 +03:00 · 2018-05-02 10:40:46 +03:00 · 5253080d71
commit 5253080d71
parent 49a9934df0
2 changed files with 46 additions and 2 deletions
--- a/0005-Fix-upgrade-update_replica_config-in-single-master-m.patch
+++ b/0005-Fix-upgrade-update_replica_config-in-single-master-m.patch
@ -0,0 +1,38 @@
+From 7c8fd5630da2de5d3c88cd5fec7787427259f123 Mon Sep 17 00:00:00 2001
+From: Fraser Tweedale <ftweedal@redhat.com>
+Date: Mon, 16 Apr 2018 16:02:03 +1000
+Subject: [PATCH 40/92] Fix upgrade (update_replica_config) in single master
+ mode
+
+Commit afc0d4b62d043cd568ce87400f60e8fa8273495f added an upgrade
+step that add an attribute to a replica config entry.  The entry
+only exists after a replica has been added, so upgrade was broken
+for standalone server.  Catch and suppress the NotFound error.
+
+Related to: https://pagure.io/freeipa/issue/7488
+
+Reviewed-By: Christian Heimes <cheimes@redhat.com>
+---
+ ipaserver/install/server/upgrade.py | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
+index ed845027a..31c09d85d 100644
+--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
+@@ -1642,7 +1642,11 @@ def update_replica_config(db_suffix):
+         ('cn', 'replica'), ('cn', db_suffix), ('cn', 'mapping tree'),
+         ('cn', 'config')
+     )
+-    entry = api.Backend.ldap2.get_entry(dn)
+    try:
+        entry = api.Backend.ldap2.get_entry(dn)
+    except ipalib.errors.NotFound:
+        return  # entry does not exist until a replica is installed
+
+     if 'nsds5replicareleasetimeout' not in entry:
+         # See https://pagure.io/freeipa/issue/7488
+         logger.info("Adding nsds5replicaReleaseTimeout=60 to %s", dn)
+-- 
+2.14.3
+
--- a/freeipa.spec
+++ b/freeipa.spec
@ -69,7 +69,7 @@
 %global samba_build_version 2:4.2.1
 # DNSSEC AVC violation, RHBZ#1537971
 %global selinux_policy_version 3.13.1-283.24
-%global slapi_nis_version 0.56.1
+%global slapi_nis_version 0.56.2-6

 # Use python3-pyldap to be compatible with old python3-pyldap 2.x and new
 # python3-ldap 3.0. The python3-ldap package also provides python3-pyldap.
@ -100,7 +100,7 @@

 Name:           freeipa
 Version:        %{VERSION}
-Release:        6.1%{?dist}
+Release:        7%{?dist}
 Summary:        The Identity, Policy and Audit system

 Group:          System Environment/Base
@ -112,6 +112,7 @@ Patch0001:      0001-Processing-of-server-roles-should-ignore-errors.Empt.patch
 Patch0002:      0002-Update-template-directory-with-new-variables-when-up.patch
 Patch0003:      0003-upgrade-Run-configuration-upgrade-under-empty-ccache.patch
 Patch0004:      0004-use-LDAP-Whoami-command-when-creating-an-OTP-token.patch  
+Patch0005:      0005-Fix-upgrade-update_replica_config-in-single-master-m.patch

 # For the timestamp trick in patch application
 BuildRequires:  diffstat
@ -1721,6 +1722,11 @@ fi
 %endif # with_ipatests

 %changelog
+* Wed May 02 2018 Alexander Bokovoy <abokovoy@redhat.com> - 4.6.90.pre1-7
+- Fix upgrade when named.conf does not exist
+- Resolves rhbz#1573671
+- Requires newer slapi-nis to avoid hitting rhbz#1573636
+
 * Wed Mar 21 2018 Alexander Bokovoy <abokovoy@redhat.com> - 4.6.90.pre1-6.1
 - Change upgrade code to use DIR-based ccache and no kinit (#1558818)
 - Require pki-symkey until pki-core has proper dependencies