Merged update from upstream sources

This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/freeipa.git#41b946dfeb35544f4011cf5777ba33fd98d11f72
This commit is contained in:
DistroBaker 2020-12-17 07:07:32 +00:00
parent ea9c3fc5e8
commit 7056e92461
10 changed files with 3498 additions and 1 deletions

98
.gitignore vendored Normal file
View File

@ -0,0 +1,98 @@
/freeipa-2.0.0GIT442d6ad.tar.gz
/freeipa-2.0.0.pre2.tar.gz
/freeipa-2.0.0.rc1.tar.gz
/freeipa-2.0.0.rc2.tar.gz
/freeipa-2.0.0.tar.gz
/freeipa-2.0.1.tar.gz
/freeipa-2.1.0.tar.gz
/freeipa-2.1.2.tar.gz
/freeipa-2.1.2-2.1.3.patch.gz
/freeipa-2.1.3-systemd.patch.gz
/freeipa-2.1.3.tar.gz
/freeipa-2.1.3-wait_for_socket.patch.gz
/freeipa-2.1.4.tar.gz
/freeipa-2.1.90.pre1.tar.gz
/freeipa-2.1.90.rc1.tar.gz
/freeipa-2.2.0.tar.gz
/freeipa-3.0.0.pre1.tar.gz
/freeipa-3.0.0.pre2.tar.gz
/freeipa-3.0.0.rc1.tar.gz
/freeipa-3.0.0.rc2.tar.gz
/freeipa-3.0.0.tar.gz
/freeipa-3.1.0.tar.gz
/freeipa-3.1.2.tar.gz
/freeipa-3.2.0.pre1.tar.gz
/freeipa-3.2.0.tar.gz
/freeipa-3.2.2.tar.gz
/freeipa-3.3.0.tar.gz
/freeipa-3.3.1.tar.gz
/freeipa-3.3.3.tar.gz
/freeipa-3.3.4.tar.gz
/freeipa-3.3.5.tar.gz
/freeipa-4.0.0.tar.gz
/freeipa-4.0.1.tar.gz
/freeipa-4.0.2.tar.gz
/freeipa-4.0.3.tar.gz
/freeipa-4.1.0.tar.gz
/freeipa-4.1.1.tar.gz
/freeipa-4.1.2.tar.gz
/freeipa-4.1.3.tar.gz
/freeipa-4.1.4.tar.gz
/freeipa-4.2.1.tar.gz
/freeipa-4.2.2.tar.gz
/freeipa-4.2.3.tar.gz
/freeipa-4.3.0.tar.gz
/freeipa-4.3.1.tar.gz
/freeipa-4.3.2.tar.gz
/freeipa-4.4.1.tar.gz
/freeipa-4.4.2.tar.gz
/freeipa-4.4.3.tar.gz
/freeipa-4.4.4.tar.gz
/freeipa-4.4.4.tar.gz.asc
/freeipa-4.5.1.tar.gz
/freeipa-4.5.1.tar.gz.asc
/freeipa-4.5.2.tar.gz
/freeipa-4.5.2.tar.gz.asc
/freeipa-4.5.3.tar.gz
/freeipa-4.5.3.tar.gz.asc
/freeipa-4.6.0.tar.gz
/freeipa-4.6.0.tar.gz.asc
/freeipa-4.6.1.tar.gz
/freeipa-4.6.1.tar.gz.asc
/freeipa-4.6.3.tar.gz
/freeipa-4.6.3.tar.gz.asc
/freeipa-4.6.90.pre1-1.fc29.src.rpm
/freeipa-4.6.90.pre1.tar.gz
/freeipa-4.6.90.pre1.tar.gz.asc
/freeipa-4.6.90.pre2.tar.gz
/freeipa-4.6.90.pre2.tar.gz.asc
/freeipa-4.7.0.tar.gz
/freeipa-4.7.0.tar.gz.asc
/freeipa-4.7.1.tar.gz
/freeipa-4.7.1.tar.gz.asc
/freeipa-4.7.2.tar.gz
/freeipa-4.7.2.tar.gz.asc
/freeipa-4.7.90.pre1.tar.gz
/freeipa-4.7.90.pre1.tar.gz.asc
/freeipa-4.8.0.tar.gz
/freeipa-4.8.0.tar.gz.asc
/freeipa-4.8.1.tar.gz
/freeipa-4.8.1.tar.gz.asc
/freeipa-4.8.2.tar.gz
/freeipa-4.8.2.tar.gz.asc
/freeipa-4.8.3.tar.gz
/freeipa-4.8.3.tar.gz.asc
/freeipa-4.8.4.tar.gz
/freeipa-4.8.4.tar.gz.asc
/freeipa-4.8.5.tar.gz
/freeipa-4.8.5.tar.gz.asc
/freeipa-4.8.6.tar.gz
/freeipa-4.8.6.tar.gz.asc
/freeipa-4.8.7.tar.gz
/freeipa-4.8.7.tar.gz.asc
/freeipa-4.8.9.tar.gz
/freeipa-4.8.9.tar.gz.asc
/freeipa-4.8.10.tar.gz
/freeipa-4.8.10.tar.gz.asc
/freeipa-4.9.0rc1.tar.gz
/freeipa-4.9.0rc1.tar.gz.asc

56
5212.patch Normal file
View File

@ -0,0 +1,56 @@
From 2695789db45c2e7fe92e53a49521dc22fdffe317 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Wed, 28 Oct 2020 10:34:31 -0400
Subject: [PATCH] New validation efforts in 389-ds-base require that the
backend entry for a database be created before the mapping tree entry. This
enforces that the mapping tree entry (the suffix) actually belongs to an
existing backend.
For IPA we simply need to reverse the order of the backend vs mapping tree
creation in cainstance.py -> __create_ds_db()
Fixes: https://pagure.io/freeipa/issue/8558
---
ipaserver/install/cainstance.py | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index fca829de094..1c2fab1dffb 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -1162,17 +1162,6 @@ def __create_ds_db(self):
backend = 'ipaca'
suffix = DN(('o', 'ipaca'))
- # replication
- dn = DN(('cn', str(suffix)), ('cn', 'mapping tree'), ('cn', 'config'))
- entry = api.Backend.ldap2.make_entry(
- dn,
- objectclass=["top", "extensibleObject", "nsMappingTree"],
- cn=[suffix],
- )
- entry['nsslapd-state'] = ['Backend']
- entry['nsslapd-backend'] = [backend]
- api.Backend.ldap2.add_entry(entry)
-
# database
dn = DN(('cn', 'ipaca'), ('cn', 'ldbm database'), ('cn', 'plugins'),
('cn', 'config'))
@@ -1184,6 +1173,17 @@ def __create_ds_db(self):
entry['nsslapd-suffix'] = [suffix]
api.Backend.ldap2.add_entry(entry)
+ # replication
+ dn = DN(('cn', str(suffix)), ('cn', 'mapping tree'), ('cn', 'config'))
+ entry = api.Backend.ldap2.make_entry(
+ dn,
+ objectclass=["top", "extensibleObject", "nsMappingTree"],
+ cn=[suffix],
+ )
+ entry['nsslapd-state'] = ['Backend']
+ entry['nsslapd-backend'] = [backend]
+ api.Backend.ldap2.add_entry(entry)
+
def __setup_replication(self):
repl = replication.CAReplicationManager(self.realm, self.fqdn)
repl.setup_cs_replication(self.master_host)

107
5273.patch Normal file
View File

@ -0,0 +1,107 @@
From 87813eb6404ae0aa15b95b1af788db0d37e2efa5 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Wed, 18 Nov 2020 12:35:38 +0200
Subject: [PATCH] util: Fix client-only build
Commit 26b9a697844c3bb66bdf83dad3a9738b3cb65361 did not fully fix the
client-only build as util/ipa_pwd.c unconditionally includes
pwquality.h.
Make sure we define USE_PWQUALITY in the full server configuration and
if that one is defined, include libpwquality use.
Fixes: https://pagure.io/freeipa/issue/8587
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
---
configure.ac | 4 +++-
util/Makefile.am | 10 +++++++---
util/ipa_pwd.c | 9 ++++++++-
3 files changed, 18 insertions(+), 5 deletions(-)
diff --git a/configure.ac b/configure.ac
index ef1a1c6867e..5d04d446e0a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -117,7 +117,9 @@ dnl ---------------------------------------------------------------------------
dnl - Check for pwquality library
dnl ---------------------------------------------------------------------------
AM_COND_IF([ENABLE_SERVER], [
- PKG_CHECK_MODULES([PWQUALITY], [pwquality])
+ PKG_CHECK_MODULES([PWQUALITY], [pwquality],
+ [AC_DEFINE(USE_PWQUALITY,1,[Use password quality checks])]
+ )
])
dnl ---------------------------------------------------------------------------
diff --git a/util/Makefile.am b/util/Makefile.am
index 5e21c098f14..b3803777809 100644
--- a/util/Makefile.am
+++ b/util/Makefile.am
@@ -21,7 +21,11 @@ libutil_la_SOURCES = \
libutil_la_LIBADD = $(CRYPTO_LIBS) $(KRB5_LIBS) $(LDAP_LIBS) $(PWQUALITY_LIBS)
-check_PROGRAMS = t_pwd t_policy
-TESTS = $(check_PROGRAMS)
+check_PROGRAMS = t_pwd
t_pwd_LDADD = libutil.la
-t_policy_LDADD = libutil.la
+if ENABLE_SERVER
+check_PROGRAMS += t_policy
+t_policy_LDADD = libutil.la
+endif
+
+TESTS = $(check_PROGRAMS)
diff --git a/util/ipa_pwd.c b/util/ipa_pwd.c
index dbff5ef1cba..8fa413c69cf 100644
--- a/util/ipa_pwd.c
+++ b/util/ipa_pwd.c
@@ -23,6 +23,7 @@
#ifndef _GNU_SOURCE
#define _GNU_SOURCE
#endif
+#include "config.h"
#include <stdio.h>
#include <string.h>
#include <time.h>
@@ -31,7 +32,9 @@
#include <syslog.h>
#include <unistd.h>
#include <errno.h>
+#if defined(USE_PWQUALITY)
#include <pwquality.h>
+#endif
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/sha.h>
@@ -417,11 +420,13 @@ int ipapwd_check_policy(struct ipapwd_policy *policy,
{
int pwdlen, blen;
int ret;
+#if defined(USE_PWQUALITY)
pwquality_settings_t *pwq;
int check_pwquality = 0;
- int entropy;
+ int entropy = 0;
char buf[PWQ_MAX_ERROR_MESSAGE_LEN];
void *auxerror;
+#endif
if (!policy || !password) {
return IPAPWD_POLICY_ERROR;
@@ -534,6 +539,7 @@ int ipapwd_check_policy(struct ipapwd_policy *policy,
}
}
+#if defined(USE_PWQUALITY)
/* Only call into libpwquality if at least one setting is made
* because there are a number of checks that don't have knobs
* so preserve the previous behavior.
@@ -601,6 +607,7 @@ int ipapwd_check_policy(struct ipapwd_policy *policy,
#endif
}
}
+#endif /* USE_PWQUALITY */
if (pwd_history) {
char *hash;

View File

@ -1 +0,0 @@
2014-06-04 - This package was already retired in pkgdb/blocked in koji, but no dead.package file existed. The original retirement reason is unclear.

View File

@ -0,0 +1,74 @@
From 2e4f9ef1552d1ef784bb91918aa60de0f05e453a Mon Sep 17 00:00:00 2001
From: Christian Heimes <cheimes@redhat.com>
Date: Mon, 28 Sep 2020 12:00:01 +0200
Subject: [PATCH 1/2] Ensure that resolved.conf.d is accessible
systemd-resolved runs as user systemd-resolve. Ensure that
resolved.conf.d drop-in directory is accessible when installer runs with
restricted umask. Also ensure the file and directory has correct SELinux
context.
The parent directory /etc/systemd exists on all platforms.
Fixes: https://pagure.io/freeipa/issue/8275
Signed-off-by: Christian Heimes <cheimes@redhat.com>
---
ipaplatform/base/tasks.py | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py
index a39857e869..adf320b700 100644
--- a/ipaplatform/base/tasks.py
+++ b/ipaplatform/base/tasks.py
@@ -336,7 +336,11 @@ def configure_dns_resolver(self, nameservers, searchdomains, *,
from ipaplatform.services import knownservices
confd = os.path.dirname(paths.SYSTEMD_RESOLVED_IPA_CONF)
- os.makedirs(confd, exist_ok=True)
+ if not os.path.isdir(confd):
+ os.mkdir(confd)
+ # owned by root, readable by systemd-resolve user
+ os.chmod(confd, 0o755)
+ tasks.restore_context(confd, force=True)
cfg = RESOLVE1_IPA_CONF.format(
searchdomains=" ".join(searchdomains)
@@ -345,6 +349,10 @@ def configure_dns_resolver(self, nameservers, searchdomains, *,
os.fchmod(f.fileno(), 0o644)
f.write(cfg)
+ tasks.restore_context(
+ paths.SYSTEMD_RESOLVED_IPA_CONF, force=True
+ )
+
knownservices["systemd-resolved"].reload_or_restart()
def unconfigure_dns_resolver(self, fstore=None):
From 8b193f09018c3be283e0a3ecdfd1a58d49af360a Mon Sep 17 00:00:00 2001
From: Christian Heimes <cheimes@redhat.com>
Date: Mon, 28 Sep 2020 12:29:00 +0200
Subject: [PATCH 2/2] Also backup DNS config drop-ins
/etc/NetworkManager/conf.d and /etc/systemd/resolved.conf.d drop-in
files were not backed up.
Related: https://pagure.io/freeipa/issue/8275
Signed-off-by: Christian Heimes <cheimes@redhat.com>
---
ipaserver/install/ipa_backup.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py
index 39347643d3..d472990afe 100644
--- a/ipaserver/install/ipa_backup.py
+++ b/ipaserver/install/ipa_backup.py
@@ -194,6 +194,8 @@ class Backup(admintool.AdminTool):
paths.GSSPROXY_CONF,
paths.HOSTS,
paths.SYSTEMD_PKI_TOMCAT_IPA_CONF,
+ paths.NETWORK_MANAGER_IPA_CONF,
+ paths.SYSTEMD_RESOLVED_IPA_CONF,
) + tuple(
os.path.join(paths.IPA_NSSDB_DIR, file)
for file in (certdb.NSS_DBM_FILES + certdb.NSS_SQL_FILES)

View File

@ -0,0 +1,36 @@
From 8b2002cc7e2e0400e1afa3a21963a22947c7a908 Mon Sep 17 00:00:00 2001
From: Christian Heimes <cheimes@redhat.com>
Date: Tue, 29 Sep 2020 10:39:01 +0200
Subject: [PATCH] configure_dns_resolver: call self.restore_context
Use the platform implementation of restore_context() instead of the base
implementation.
Fixes: https://pagure.io/freeipa/issue/8518
Signed-off-by: Christian Heimes <cheimes@redhat.com>
---
ipaplatform/base/tasks.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py
index adf320b700..4387e0e12f 100644
--- a/ipaplatform/base/tasks.py
+++ b/ipaplatform/base/tasks.py
@@ -340,7 +340,7 @@ def configure_dns_resolver(self, nameservers, searchdomains, *,
os.mkdir(confd)
# owned by root, readable by systemd-resolve user
os.chmod(confd, 0o755)
- tasks.restore_context(confd, force=True)
+ self.restore_context(confd, force=True)
cfg = RESOLVE1_IPA_CONF.format(
searchdomains=" ".join(searchdomains)
@@ -349,7 +349,7 @@ def configure_dns_resolver(self, nameservers, searchdomains, *,
os.fchmod(f.fileno(), 0o644)
f.write(cfg)
- tasks.restore_context(
+ self.restore_context(
paths.SYSTEMD_RESOLVED_IPA_CONF, force=True
)

View File

@ -0,0 +1,37 @@
From f9900ef2401070351353724ef92111ec541e67f0 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Sat, 26 Sep 2020 16:30:58 +0300
Subject: [PATCH] Pre-populate IP addresses for the name server upgrades
Setting up resolv.conf in BIND instance expects IP addresses of the
server to be provided. This is done wiht BindInstance.setup() method
call. However, when reusing resolver setup during upgrade BIND instance
has no IP addresses configured and fails with an assert in
tasks.configure_dns_resolver().
Pass through the server's IP addresses during upgrade.
Fixes: https://pagure.io/freeipa/issue/8518
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
---
ipaserver/install/server/upgrade.py | 3 +++
1 file changed, 3 insertions(+)
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index 332f8b251..144b340a4 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -1451,6 +1451,9 @@ def upgrade_bind(fstore):
# resolve1's stub resolver config file.
has_resolved_ipa_conf = os.path.isfile(paths.SYSTEMD_RESOLVED_IPA_CONF)
if not has_resolved_ipa_conf and detect_resolve1_resolv_conf():
+ ip_addresses = installutils.get_server_ip_address(
+ api.env.host, True, False, [])
+ bind.ip_addresses = ip_addresses
bind.setup_resolv_conf()
logger.info("Updated systemd-resolved configuration")
--
2.28.0

View File

@ -0,0 +1,282 @@
From 071e283b19e925bea596a25b4758ab2cbc657914 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 11 Aug 2020 10:47:05 -0400
Subject: [PATCH 1/3] Fall back to old server installation detection when
needed
If there is no installation section the the install pre-dated
this new method of detecting a successful installation, fall back
to that.
https://pagure.io/freeipa/issue/8458
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abbra@users.noreply.github.com>
---
ipalib/facts.py | 31 ++++++++++++++++++++++++++++-
ipaserver/install/installutils.py | 4 ----
ipaserver/install/server/install.py | 3 ++-
ipaserver/install/server/upgrade.py | 7 +++++--
4 files changed, 37 insertions(+), 8 deletions(-)
diff --git a/ipalib/facts.py b/ipalib/facts.py
index 5106fc2ac5..d78c1a2275 100644
--- a/ipalib/facts.py
+++ b/ipalib/facts.py
@@ -6,17 +6,46 @@
Facts about the installation
"""
+import logging
import os
from . import sysrestore
from ipaplatform.paths import paths
+logger = logging.getLogger(__name__)
+
+# Used to determine install status
+IPA_MODULES = [
+ 'httpd', 'kadmin', 'dirsrv', 'pki-tomcatd', 'install', 'krb5kdc', 'named']
+
def is_ipa_configured():
"""
Use the state to determine if IPA has been configured.
"""
sstore = sysrestore.StateFile(paths.SYSRESTORE)
- return sstore.get_state('installation', 'complete')
+ if sstore.has_state('installation'):
+ return sstore.get_state('installation', 'complete')
+
+ # Fall back to older method in case this is an existing installation
+
+ installed = False
+
+ fstore = sysrestore.FileStore(paths.SYSRESTORE)
+
+ for module in IPA_MODULES:
+ if sstore.has_state(module):
+ logger.debug('%s is configured', module)
+ installed = True
+ else:
+ logger.debug('%s is not configured', module)
+
+ if fstore.has_files():
+ logger.debug('filestore has files')
+ installed = True
+ else:
+ logger.debug('filestore is tracking no files')
+
+ return installed
def is_ipa_client_configured(on_master=False):
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index 583b1aca0b..13baf494cd 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -63,10 +63,6 @@
logger = logging.getLogger(__name__)
-# Used to determine install status
-IPA_MODULES = [
- 'httpd', 'kadmin', 'dirsrv', 'pki-tomcatd', 'install', 'krb5kdc', 'named']
-
class BadHostError(Exception):
pass
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index b86c3fec15..4d8e3ad78f 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -37,13 +37,14 @@
validate_domain_name,
no_matching_interface_for_ip_address_warning,
)
+from ipalib.facts import IPA_MODULES
from ipaserver.install import (
adtrust, adtrustinstance, bindinstance, ca, dns, dsinstance,
httpinstance, installutils, kra, krbinstance,
otpdinstance, custodiainstance, replication, service,
sysupgrade)
from ipaserver.install.installutils import (
- IPA_MODULES, BadHostError, get_fqdn, get_server_ip_address,
+ BadHostError, get_fqdn, get_server_ip_address,
load_pkcs12, read_password, verify_fqdn, update_hosts_file,
validate_mask)
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index f0d9b746cd..109d1e100e 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -1455,8 +1455,11 @@ def upgrade_configuration():
fstore = sysrestore.FileStore(paths.SYSRESTORE)
sstore = sysrestore.StateFile(paths.SYSRESTORE)
- if is_ipa_configured() is None:
- sstore.backup_state('installation', 'complete', True)
+ if not sstore.has_state('installation'):
+ if is_ipa_configured():
+ sstore.backup_state('installation', 'complete', True)
+ else:
+ sstore.backup_state('installation', 'complete', False)
fqdn = api.env.host
From 7d84d919a8f5767ade1dcc380ce4eebadac6a8b5 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 11 Aug 2020 11:12:55 -0400
Subject: [PATCH 2/3] Use is_ipa_configured from ipalib.facts
A couple of places still used the deprecated installutils version.
https://pagure.io/freeipa/issue/8458
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abbra@users.noreply.github.com>
---
ipaserver/install/installutils.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index 13baf494cd..a3274d5797 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -665,7 +665,7 @@ def check_server_configuration():
Most convenient use case for the function is in install tools that require
configured IPA for its function.
"""
- if not is_ipa_configured():
+ if not facts.is_ipa_configured():
raise ScriptError("IPA is not configured on this system.",
rval=SERVER_NOT_CONFIGURED)
From 36ecfdbfe4ceedcfe056816cbb22162842fae975 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 11 Aug 2020 13:55:54 -0400
Subject: [PATCH 3/3] ipatests: Add test for is_ipa_configured
Validate that is_ipa_configured() returns True when using either
the original and the new configuration methods. This will allow
older installs to successfully upgrade.
https://pagure.io/freeipa/issue/8458
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abbra@users.noreply.github.com>
---
.../test_integration/test_installation.py | 88 +++++++++++++++++++
1 file changed, 88 insertions(+)
diff --git a/ipatests/test_integration/test_installation.py b/ipatests/test_integration/test_installation.py
index fb19900838..98bdc98ab8 100644
--- a/ipatests/test_integration/test_installation.py
+++ b/ipatests/test_integration/test_installation.py
@@ -21,6 +21,7 @@
from ipalib import x509
from ipalib.constants import DOMAIN_LEVEL_0
+from ipalib.sysrestore import SYSRESTORE_STATEFILE, SYSRESTORE_INDEXFILE
from ipapython.dn import DN
from ipaplatform.constants import constants
from ipaplatform.osinfo import osinfo
@@ -357,6 +358,93 @@ def test_ipa_ca_crt_permissions(self):
assert owner == "root"
assert group == "root"
+ def test_is_ipa_configured(self):
+ """Verify that the old and new methods of is_ipa_installed works
+
+ If there is an installation section then it is the status.
+
+ If not then it will fall back to looking for configured
+ services and files and use that for determination.
+ """
+ def set_installation_state(host, state):
+ """
+ Update the complete value in the installation section
+ """
+ host.run_command(
+ ['python3', '-c',
+ 'from ipalib.install import sysrestore; '
+ 'from ipaplatform.paths import paths;'
+ 'sstore = sysrestore.StateFile(paths.SYSRESTORE); '
+ 'sstore.backup_state("installation", "complete", '
+ '{state})'.format(state=state)])
+
+ def get_installation_state(host):
+ """
+ Retrieve the installation state from new install method
+ """
+ result = host.run_command(
+ ['python3', '-c',
+ 'from ipalib.install import sysrestore; '
+ 'from ipaplatform.paths import paths;'
+ 'sstore = sysrestore.StateFile(paths.SYSRESTORE); '
+ 'print(sstore.get_state("installation", "complete"))'])
+ return result.stdout_text.strip() # a string
+
+ # This comes from freeipa.spec and is used to determine whether
+ # an upgrade is required.
+ cmd = ['python3', '-c',
+ 'import sys; from ipalib import facts; sys.exit(0 '
+ 'if facts.is_ipa_configured() else 1);']
+
+ # This will use the new method since this is a fresh install,
+ # verify that it is true.
+ self.master.run_command(cmd)
+ assert get_installation_state(self.master) == 'True'
+
+ # Set complete to False which should cause the command to fail
+ # This tests the state of a failed or in-process installation.
+ set_installation_state(self.master, False)
+ result = self.master.run_command(cmd, raiseonerr=False)
+ assert result.returncode == 1
+ set_installation_state(self.master, True)
+
+ # Tweak sysrestore.state to drop installation section
+ self.master.run_command(
+ ['sed','-i', r's/\[installation\]/\[badinstallation\]/',
+ os.path.join(paths.SYSRESTORE, SYSRESTORE_STATEFILE)])
+
+ # Re-run installation check and it should fall back to old method
+ # and be successful.
+ self.master.run_command(cmd)
+ assert get_installation_state(self.master) == 'None'
+
+ # Restore installation section.
+ self.master.run_command(
+ ['sed','-i', r's/\[badinstallation\]/\[installation\]/',
+ os.path.join(paths.SYSRESTORE, SYSRESTORE_STATEFILE)])
+
+ # Uninstall and confirm that the old method reports correctly
+ # on uninstalled servers. It will exercise the old method since
+ # there is no state.
+ tasks.uninstall_master(self.master)
+
+ # ensure there is no stale state
+ result = self.master.run_command(r'test -f {}'.format(
+ os.path.join(paths.SYSRESTORE, SYSRESTORE_STATEFILE)),
+ raiseonerr=False
+ )
+ assert result.returncode == 1
+ result = self.master.run_command(r'test -f {}'.format(
+ os.path.join(paths.SYSRESTORE, SYSRESTORE_INDEXFILE)),
+ raiseonerr=False
+ )
+ assert result.returncode == 1
+
+ # Now run is_ipa_configured() and it should be False
+ result = self.master.run_command(cmd, raiseonerr=False)
+ assert result.returncode == 1
+
+
class TestInstallWithCA_KRA1(InstallTestBase1):
@classmethod

2806
freeipa.spec Normal file

File diff suppressed because it is too large Load Diff

2
sources Normal file
View File

@ -0,0 +1,2 @@
SHA512 (freeipa-4.9.0rc1.tar.gz) = 384ac0163f3977311ef523a6ed71ac8ceb33347d44f89763583e97e8e50eed2f9ec94e32f23dc8d9514c8e7e26d03ae859d045e9a1dd17b3f0cdd0fced82d464
SHA512 (freeipa-4.9.0rc1.tar.gz.asc) = 2be55c28456c07104bb45984d2c6d804730e90172e9288b21ae45dc5542fceddbb621b96c3e3e5e2b613ebfa55c792727adfb43b349d2069d150f42067c91bf2