Replace wrong patch cherry-picked
This commit is contained in:
Alexander Bokovoy
parent
5253080d71
commit
6c4a1decac
@ -1,38 +0,0 @@
|
|||||||
From 7c8fd5630da2de5d3c88cd5fec7787427259f123 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Fraser Tweedale <ftweedal@redhat.com>
|
|
||||||
Date: Mon, 16 Apr 2018 16:02:03 +1000
|
|
||||||
Subject: [PATCH 40/92] Fix upgrade (update_replica_config) in single master
|
|
||||||
mode
|
|
||||||
|
|
||||||
Commit afc0d4b62d043cd568ce87400f60e8fa8273495f added an upgrade
|
|
||||||
step that add an attribute to a replica config entry. The entry
|
|
||||||
only exists after a replica has been added, so upgrade was broken
|
|
||||||
for standalone server. Catch and suppress the NotFound error.
|
|
||||||
|
|
||||||
Related to: https://pagure.io/freeipa/issue/7488
|
|
||||||
|
|
||||||
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
|
||||||
---
|
|
||||||
ipaserver/install/server/upgrade.py | 6 +++++-
|
|
||||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
|
|
||||||
index ed845027a..31c09d85d 100644
|
|
||||||
--- a/ipaserver/install/server/upgrade.py
|
|
||||||
+++ b/ipaserver/install/server/upgrade.py
|
|
||||||
@@ -1642,7 +1642,11 @@ def update_replica_config(db_suffix):
|
|
||||||
('cn', 'replica'), ('cn', db_suffix), ('cn', 'mapping tree'),
|
|
||||||
('cn', 'config')
|
|
||||||
)
|
|
||||||
- entry = api.Backend.ldap2.get_entry(dn)
|
|
||||||
+ try:
|
|
||||||
+ entry = api.Backend.ldap2.get_entry(dn)
|
|
||||||
+ except ipalib.errors.NotFound:
|
|
||||||
+ return # entry does not exist until a replica is installed
|
|
||||||
+
|
|
||||||
if 'nsds5replicareleasetimeout' not in entry:
|
|
||||||
# See https://pagure.io/freeipa/issue/7488
|
|
||||||
logger.info("Adding nsds5replicaReleaseTimeout=60 to %s", dn)
|
|
||||||
--
|
|
||||||
2.14.3
|
|
||||||
|
|
||||||
114
0005-Fix-upgrade-when-named.conf-does-not-exist.patch
Normal file
114
0005-Fix-upgrade-when-named.conf-does-not-exist.patch
Normal file
@ -0,0 +1,114 @@
|
|||||||
|
commit 421fc376ccb8668c07692d3a3394a5869dc97296
|
||||||
|
Author: Fraser Tweedale <ftweedal@redhat.com>
|
||||||
|
Date: Wed Mar 28 16:05:05 2018 +1100
|
||||||
|
|
||||||
|
Fix upgrade when named.conf does not exist
|
||||||
|
|
||||||
|
Commit aee0d2180c7119bef30ab7cafea81dc3df1170b7 adds an upgrade step
|
||||||
|
that adds system crypto policy include to named.conf. This step
|
||||||
|
omitted the named.conf existence check; upgrade fails when it does
|
||||||
|
not exist. Add the existence check.
|
||||||
|
|
||||||
|
Also update the test to add the IPA-related part of the named.conf
|
||||||
|
config, because the "existence check" actually does more than just
|
||||||
|
check that the file exists - it also check that it contains the IPA
|
||||||
|
bind-dyndb-ldap configuration section.
|
||||||
|
|
||||||
|
Part of: https://pagure.io/freeipa/issue/4853
|
||||||
|
|
||||||
|
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
||||||
|
|
||||||
|
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
|
||||||
|
index 5cf537201..cd70cc983 100644
|
||||||
|
--- a/ipaserver/install/bindinstance.py
|
||||||
|
+++ b/ipaserver/install/bindinstance.py
|
||||||
|
@@ -93,6 +93,10 @@ def create_reverse():
|
||||||
|
|
||||||
|
|
||||||
|
def named_conf_exists():
|
||||||
|
+ """
|
||||||
|
+ Checks that named.conf exists AND that it contains IPA-related config.
|
||||||
|
+
|
||||||
|
+ """
|
||||||
|
try:
|
||||||
|
with open(paths.NAMED_CONF, 'r') as named_fd:
|
||||||
|
lines = named_fd.readlines()
|
||||||
|
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
|
||||||
|
index c192f4fff..07d783445 100644
|
||||||
|
--- a/ipaserver/install/server/upgrade.py
|
||||||
|
+++ b/ipaserver/install/server/upgrade.py
|
||||||
|
@@ -905,6 +905,10 @@ def named_add_server_id():
|
||||||
|
def named_add_crypto_policy():
|
||||||
|
"""Add crypto policy include
|
||||||
|
"""
|
||||||
|
+ if not bindinstance.named_conf_exists():
|
||||||
|
+ logger.info('DNS is not configured')
|
||||||
|
+ return False
|
||||||
|
+
|
||||||
|
if sysupgrade.get_upgrade_state('named.conf', 'add_crypto_policy'):
|
||||||
|
# upgrade was done already
|
||||||
|
return False
|
||||||
|
diff --git a/ipatests/test_ipaserver/test_install/test_bindinstance.py b/ipatests/test_ipaserver/test_install/test_bindinstance.py
|
||||||
|
index 6b072ad8a..b88b93194 100644
|
||||||
|
--- a/ipatests/test_ipaserver/test_install/test_bindinstance.py
|
||||||
|
+++ b/ipatests/test_ipaserver/test_install/test_bindinstance.py
|
||||||
|
@@ -24,7 +24,6 @@ options {
|
||||||
|
include "random/file";
|
||||||
|
"""
|
||||||
|
|
||||||
|
-
|
||||||
|
EXPECTED_CONFIG = """
|
||||||
|
options {
|
||||||
|
\tdnssec-enable yes;
|
||||||
|
@@ -35,6 +34,12 @@ options {
|
||||||
|
include "random/file";
|
||||||
|
"""
|
||||||
|
|
||||||
|
+# bindinstance.named_conf_exists() looks for a section like this
|
||||||
|
+IPA_DYNDB_CONFIG = """
|
||||||
|
+dyndb "ipa" "/usr/lib/bind/ldap.so" {
|
||||||
|
+};
|
||||||
|
+"""
|
||||||
|
+
|
||||||
|
POLICY_FILE = "/etc/crypto-policies/back-ends/bind.config"
|
||||||
|
|
||||||
|
|
||||||
|
@@ -53,14 +58,16 @@ def test_add_crypto_policy(m_set, m_get, namedconf):
|
||||||
|
m_get.return_value = False
|
||||||
|
with open(namedconf, 'w') as f:
|
||||||
|
f.write(TEST_CONFIG)
|
||||||
|
+ f.write(IPA_DYNDB_CONFIG)
|
||||||
|
|
||||||
|
- named_add_crypto_policy()
|
||||||
|
+ result = named_add_crypto_policy()
|
||||||
|
+ assert result
|
||||||
|
m_get.assert_called_with('named.conf', 'add_crypto_policy')
|
||||||
|
m_set.assert_called_with('named.conf', 'add_crypto_policy', True)
|
||||||
|
|
||||||
|
with open(namedconf) as f:
|
||||||
|
content = f.read()
|
||||||
|
- assert content == EXPECTED_CONFIG
|
||||||
|
+ assert content == ''.join([EXPECTED_CONFIG, IPA_DYNDB_CONFIG])
|
||||||
|
|
||||||
|
m_get.reset_mock()
|
||||||
|
m_set.reset_mock()
|
||||||
|
@@ -69,3 +76,19 @@ def test_add_crypto_policy(m_set, m_get, namedconf):
|
||||||
|
named_add_crypto_policy()
|
||||||
|
m_get.assert_called_with('named.conf', 'add_crypto_policy')
|
||||||
|
m_set.assert_not_called()
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+@patch('ipaserver.install.sysupgrade.get_upgrade_state')
|
||||||
|
+@patch('ipaserver.install.sysupgrade.set_upgrade_state')
|
||||||
|
+def test_add_crypto_policy_no_ipa(m_set, m_get, namedconf):
|
||||||
|
+ # Test if the update step is skipped when named.conf doesn't contain
|
||||||
|
+ # IPA related settings.
|
||||||
|
+ m_get.return_value = False
|
||||||
|
+ with open(namedconf, 'w') as f:
|
||||||
|
+ f.write(TEST_CONFIG)
|
||||||
|
+
|
||||||
|
+ result = named_add_crypto_policy()
|
||||||
|
+ assert not result
|
||||||
|
+
|
||||||
|
+ m_get.assert_not_called()
|
||||||
|
+ m_set.assert_not_called()
|
||||||
@ -112,7 +112,7 @@ Patch0001: 0001-Processing-of-server-roles-should-ignore-errors.Empt.patch
|
|||||||
Patch0002: 0002-Update-template-directory-with-new-variables-when-up.patch
|
Patch0002: 0002-Update-template-directory-with-new-variables-when-up.patch
|
||||||
Patch0003: 0003-upgrade-Run-configuration-upgrade-under-empty-ccache.patch
|
Patch0003: 0003-upgrade-Run-configuration-upgrade-under-empty-ccache.patch
|
||||||
Patch0004: 0004-use-LDAP-Whoami-command-when-creating-an-OTP-token.patch
|
Patch0004: 0004-use-LDAP-Whoami-command-when-creating-an-OTP-token.patch
|
||||||
Patch0005: 0005-Fix-upgrade-update_replica_config-in-single-master-m.patch
|
Patch0005: 0005-Fix-upgrade-when-named.conf-does-not-exist.patch
|
||||||
|
|
||||||
# For the timestamp trick in patch application
|
# For the timestamp trick in patch application
|
||||||
BuildRequires: diffstat
|
BuildRequires: diffstat
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user