From 5253080d71acccd206fabf82ebb37c58a3326e6c Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Wed, 2 May 2018 10:40:46 +0300 Subject: [PATCH] Fix upgrade when using DNS-less setup and pull new slapi-nis Resolves rhbz#1573636 for nisserver underlinkage Resolves rhbz#1573671 for DNS-less setup upgrade issues --- ...te_replica_config-in-single-master-m.patch | 38 +++++++++++++++++++ freeipa.spec | 10 ++++- 2 files changed, 46 insertions(+), 2 deletions(-) create mode 100644 0005-Fix-upgrade-update_replica_config-in-single-master-m.patch diff --git a/0005-Fix-upgrade-update_replica_config-in-single-master-m.patch b/0005-Fix-upgrade-update_replica_config-in-single-master-m.patch new file mode 100644 index 0000000..7c3d6b4 --- /dev/null +++ b/0005-Fix-upgrade-update_replica_config-in-single-master-m.patch @@ -0,0 +1,38 @@ +From 7c8fd5630da2de5d3c88cd5fec7787427259f123 Mon Sep 17 00:00:00 2001 +From: Fraser Tweedale +Date: Mon, 16 Apr 2018 16:02:03 +1000 +Subject: [PATCH 40/92] Fix upgrade (update_replica_config) in single master + mode + +Commit afc0d4b62d043cd568ce87400f60e8fa8273495f added an upgrade +step that add an attribute to a replica config entry. The entry +only exists after a replica has been added, so upgrade was broken +for standalone server. Catch and suppress the NotFound error. + +Related to: https://pagure.io/freeipa/issue/7488 + +Reviewed-By: Christian Heimes +--- + ipaserver/install/server/upgrade.py | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py +index ed845027a..31c09d85d 100644 +--- a/ipaserver/install/server/upgrade.py ++++ b/ipaserver/install/server/upgrade.py +@@ -1642,7 +1642,11 @@ def update_replica_config(db_suffix): + ('cn', 'replica'), ('cn', db_suffix), ('cn', 'mapping tree'), + ('cn', 'config') + ) +- entry = api.Backend.ldap2.get_entry(dn) ++ try: ++ entry = api.Backend.ldap2.get_entry(dn) ++ except ipalib.errors.NotFound: ++ return # entry does not exist until a replica is installed ++ + if 'nsds5replicareleasetimeout' not in entry: + # See https://pagure.io/freeipa/issue/7488 + logger.info("Adding nsds5replicaReleaseTimeout=60 to %s", dn) +-- +2.14.3 + diff --git a/freeipa.spec b/freeipa.spec index 17dcc1e..705bd94 100644 --- a/freeipa.spec +++ b/freeipa.spec @@ -69,7 +69,7 @@ %global samba_build_version 2:4.2.1 # DNSSEC AVC violation, RHBZ#1537971 %global selinux_policy_version 3.13.1-283.24 -%global slapi_nis_version 0.56.1 +%global slapi_nis_version 0.56.2-6 # Use python3-pyldap to be compatible with old python3-pyldap 2.x and new # python3-ldap 3.0. The python3-ldap package also provides python3-pyldap. @@ -100,7 +100,7 @@ Name: freeipa Version: %{VERSION} -Release: 6.1%{?dist} +Release: 7%{?dist} Summary: The Identity, Policy and Audit system Group: System Environment/Base @@ -112,6 +112,7 @@ Patch0001: 0001-Processing-of-server-roles-should-ignore-errors.Empt.patch Patch0002: 0002-Update-template-directory-with-new-variables-when-up.patch Patch0003: 0003-upgrade-Run-configuration-upgrade-under-empty-ccache.patch Patch0004: 0004-use-LDAP-Whoami-command-when-creating-an-OTP-token.patch +Patch0005: 0005-Fix-upgrade-update_replica_config-in-single-master-m.patch # For the timestamp trick in patch application BuildRequires: diffstat @@ -1721,6 +1722,11 @@ fi %endif # with_ipatests %changelog +* Wed May 02 2018 Alexander Bokovoy - 4.6.90.pre1-7 +- Fix upgrade when named.conf does not exist +- Resolves rhbz#1573671 +- Requires newer slapi-nis to avoid hitting rhbz#1573636 + * Wed Mar 21 2018 Alexander Bokovoy - 4.6.90.pre1-6.1 - Change upgrade code to use DIR-based ccache and no kinit (#1558818) - Require pki-symkey until pki-core has proper dependencies