rpms/ipa
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Replace wrong patch cherry-picked

Browse Source
This commit is contained in:
Alexander Bokovoy 2018-05-02 10:59:52 +03:00
parent 5253080d71
commit 6c4a1decac
3 changed files with 115 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
0005-Fix-upgrade-update_replica_config-in-single-master-m.patch
View File

@ -1,38 +0,0 @@
From 7c8fd5630da2de5d3c88cd5fec7787427259f123 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal@redhat.com>
Date: Mon, 16 Apr 2018 16:02:03 +1000
Subject: [PATCH 40/92] Fix upgrade (update_replica_config) in single master
mode
Commit afc0d4b62d043cd568ce87400f60e8fa8273495f added an upgrade
step that add an attribute to a replica config entry. The entry
only exists after a replica has been added, so upgrade was broken
for standalone server. Catch and suppress the NotFound error.
Related to: https://pagure.io/freeipa/issue/7488
Reviewed-By: Christian Heimes <cheimes@redhat.com>
---
ipaserver/install/server/upgrade.py | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index ed845027a..31c09d85d 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -1642,7 +1642,11 @@ def update_replica_config(db_suffix):
('cn', 'replica'), ('cn', db_suffix), ('cn', 'mapping tree'),
('cn', 'config')
)
- entry = api.Backend.ldap2.get_entry(dn)
+ try:
+ entry = api.Backend.ldap2.get_entry(dn)
+ except ipalib.errors.NotFound:
+ return # entry does not exist until a replica is installed
+
if 'nsds5replicareleasetimeout' not in entry:
# See https://pagure.io/freeipa/issue/7488
logger.info("Adding nsds5replicaReleaseTimeout=60 to %s", dn)
--
2.14.3

114
0005-Fix-upgrade-when-named.conf-does-not-exist.patch Normal file
View File

@ -0,0 +1,114 @@
commit 421fc376ccb8668c07692d3a3394a5869dc97296
Author: Fraser Tweedale <ftweedal@redhat.com>
Date: Wed Mar 28 16:05:05 2018 +1100
Fix upgrade when named.conf does not exist
Commit aee0d2180c7119bef30ab7cafea81dc3df1170b7 adds an upgrade step
that adds system crypto policy include to named.conf. This step
omitted the named.conf existence check; upgrade fails when it does
not exist. Add the existence check.
Also update the test to add the IPA-related part of the named.conf
config, because the "existence check" actually does more than just
check that the file exists - it also check that it contains the IPA
bind-dyndb-ldap configuration section.
Part of: https://pagure.io/freeipa/issue/4853
Reviewed-By: Christian Heimes <cheimes@redhat.com>
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 5cf537201..cd70cc983 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -93,6 +93,10 @@ def create_reverse():
def named_conf_exists():
+ """
+ Checks that named.conf exists AND that it contains IPA-related config.
+
+ """
try:
with open(paths.NAMED_CONF, 'r') as named_fd:
lines = named_fd.readlines()
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index c192f4fff..07d783445 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -905,6 +905,10 @@ def named_add_server_id():
def named_add_crypto_policy():
"""Add crypto policy include
"""
+ if not bindinstance.named_conf_exists():
+ logger.info('DNS is not configured')
+ return False
+
if sysupgrade.get_upgrade_state('named.conf', 'add_crypto_policy'):
# upgrade was done already
return False
diff --git a/ipatests/test_ipaserver/test_install/test_bindinstance.py b/ipatests/test_ipaserver/test_install/test_bindinstance.py
index 6b072ad8a..b88b93194 100644
--- a/ipatests/test_ipaserver/test_install/test_bindinstance.py
+++ b/ipatests/test_ipaserver/test_install/test_bindinstance.py
@@ -24,7 +24,6 @@ options {
include "random/file";
"""
-
EXPECTED_CONFIG = """
options {
\tdnssec-enable yes;
@@ -35,6 +34,12 @@ options {
include "random/file";
"""
+# bindinstance.named_conf_exists() looks for a section like this
+IPA_DYNDB_CONFIG = """
+dyndb "ipa" "/usr/lib/bind/ldap.so" {
+};
+"""
+
POLICY_FILE = "/etc/crypto-policies/back-ends/bind.config"
@@ -53,14 +58,16 @@ def test_add_crypto_policy(m_set, m_get, namedconf):
m_get.return_value = False
with open(namedconf, 'w') as f:
f.write(TEST_CONFIG)
+ f.write(IPA_DYNDB_CONFIG)
- named_add_crypto_policy()
+ result = named_add_crypto_policy()
+ assert result
m_get.assert_called_with('named.conf', 'add_crypto_policy')
m_set.assert_called_with('named.conf', 'add_crypto_policy', True)
with open(namedconf) as f:
content = f.read()
- assert content == EXPECTED_CONFIG
+ assert content == ''.join([EXPECTED_CONFIG, IPA_DYNDB_CONFIG])
m_get.reset_mock()
m_set.reset_mock()
@@ -69,3 +76,19 @@ def test_add_crypto_policy(m_set, m_get, namedconf):
named_add_crypto_policy()
m_get.assert_called_with('named.conf', 'add_crypto_policy')
m_set.assert_not_called()
+
+
+@patch('ipaserver.install.sysupgrade.get_upgrade_state')
+@patch('ipaserver.install.sysupgrade.set_upgrade_state')
+def test_add_crypto_policy_no_ipa(m_set, m_get, namedconf):
+ # Test if the update step is skipped when named.conf doesn't contain
+ # IPA related settings.
+ m_get.return_value = False
+ with open(namedconf, 'w') as f:
+ f.write(TEST_CONFIG)
+
+ result = named_add_crypto_policy()
+ assert not result
+
+ m_get.assert_not_called()
+ m_set.assert_not_called()

2
freeipa.spec
View File

@ -112,7 +112,7 @@ Patch0001: 0001-Processing-of-server-roles-should-ignore-errors.Empt.patch
Patch0002: 0002-Update-template-directory-with-new-variables-when-up.patch
Patch0003: 0003-upgrade-Run-configuration-upgrade-under-empty-ccache.patch
Patch0004: 0004-use-LDAP-Whoami-command-when-creating-an-OTP-token.patch
Patch0005: 0005-Fix-upgrade-update_replica_config-in-single-master-m.patch
Patch0005: 0005-Fix-upgrade-when-named.conf-does-not-exist.patch
# For the timestamp trick in patch application
BuildRequires: diffstat