rpms/ipa
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Introduce systemd upgrade script

Browse Source 
As user has no means to recover existing FreeIPA install after
upgrading from SysV to systemd, introduce upgrade script.

The upgrade script does following:
    - restores symlinks in FreeIPA's Dogtag installation
    - converts FreeIPA directory server instances to systemd
    - converts FreeIPA directory server configuration to be compatible
      with systemd services
    - converts FreeIPA KDC configuration to be compatible
      with systemd services
    - re-enables FreeIPA

Script does nothing if FreeIPA is already active systemd service
This commit is contained in:
Alexander Bokovoy 2011-11-30 15:14:40 +02:00
parent 3bfb4b3f41
commit e95356d723
2 changed files with 93 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
freeipa-systemd-upgrade Normal file
View File

@ -0,0 +1,73 @@
#! /usr/bin/python -E
from ipaserver.install.krbinstance import update_key_val_in_file
from ipapython import ipautil, config
from ipapython import services as ipaservices
import os, platform
def convert_java_link(foo, topdir, filepaths):
cwd = os.getcwd()
os.chdir(topdir)
for filepath in filepaths:
# All this shouldn't happen because java system upgrade should properly
# move files and symlinks but if this is a broken link
if os.path.islink(filepath):
print " Checking %s ... " % (filepath),
if not os.path.exists(filepath):
rpath = os.path.realpath(filepath)
# .. and it points to jss in /usr/lib
if rpath.find('/usr/lib/') != -1 and rpath.find('jss') != -1:
base = os.path.basename(rpath)
bitness = platform.architecture()[0][:2]
# rewrite it to /usr/lib64 for x86_64 platform
if bitness == '64':
npath = "/usr/lib%s/jss/%s" % (bitness, base)
os.unlink(filepath)
os.symlink(npath, filepath)
print "%s -> %s" % (filepath, npath)
else:
print "Ok"
else:
print "Ok"
else:
print "Ok"
os.chdir(cwd)
# 0. Init config
try:
config.init_config()
except IPAConfigError, e:
# No configured IPA install, no need to upgrade anything
exit(0)
# 1. Convert broken symlinks, if any, in /var/lib/pki-ca
if os.path.exists('/var/lib/pki-ca/common/lib'):
print "Analyzing symlinks in PKI-CA install"
os.path.walk('/var/lib/pki-ca/common/lib', convert_java_link, None)
try:
print "Found IPA server for domain %s" % (config.config.default_realm)
print "Converting services setup to systemd"
# 1. Upgrade /etc/sysconfig/dirsrv for systemd
print " Upgrade /etc/sysconfig/dirsrv"
update_key_val_in_file("/etc/sysconfig/dirsrv", "KRB5_KTNAME", "/etc/dirsrv/ds.keytab")
update_key_val_in_file("/etc/sysconfig/dirsrv", "export KRB5_KTNAME", "/etc/dirsrv/ds.keytab")
# 2. Upgrade /etc/sysconfig/krb5kdc for systemd
print " Upgrade /etc/sysconfig/krb5kdc"
replacevars = {'KRB5REALM':config.config.default_realm}
appendvars = {}
ipautil.config_replace_variables("/etc/sysconfig/krb5kdc",
replacevars=replacevars, appendvars=appendvars)
ipaservices.restore_context("/etc/sysconfig/krb5kdc")
# 3. Enable DS instances:
realm = config.config.default_realm.upper().replace('.','-')
print " Re-enable Directory server instances PKI-IPA and %s " % (realm)
ipaservices.knownservices.dirsrv.enable(realm)
ipaservices.knownservices.dirsrv.enable("PKI-IPA")
# 4. Enable FreeIPA
print " Re-enable IPA service"
ipaservices.knownservices.ipa.enable()
except:
pass
finally:
print "Finished."

21
freeipa.spec
View File

@ -14,13 +14,14 @@ distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
Name: freeipa Name: freeipa
Version: 2.1.3 Version: 2.1.3
Release: 5%{?dist} Release: 6%{?dist}
Summary: The Identity, Policy and Audit system Summary: The Identity, Policy and Audit system
Group: System Environment/Base Group: System Environment/Base
License: GPLv3+ License: GPLv3+
URL: http://www.freeipa.org/ URL: http://www.freeipa.org/
Source0: freeipa-%{version}.tar.gz Source0: freeipa-%{version}.tar.gz
Source1: freeipa-systemd-upgrade
Patch0: freeipa-2.1.3-systemd.patch.gz Patch0: freeipa-2.1.3-systemd.patch.gz
Patch1: freeipa-2.1.3-wait_for_socket.patch.gz Patch1: freeipa-2.1.3-wait_for_socket.patch.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -218,6 +219,7 @@ package.
%setup -n freeipa-%{version} -q %setup -n freeipa-%{version} -q
%patch0 -p1 %patch0 -p1
%patch1 -p1 %patch1 -p1
cp %{SOURCE1} init/systemd/
%build %build
export CFLAGS="$CFLAGS %{optflags}" export CFLAGS="$CFLAGS %{optflags}"
@ -294,6 +296,8 @@ mkdir -p %{buildroot}%{_unitdir}
for i in ipa.service ipa_kpasswd.service ; do for i in ipa.service ipa_kpasswd.service ; do
install -m 644 init/systemd/$i %{buildroot}%{_unitdir}/$i install -m 644 init/systemd/$i %{buildroot}%{_unitdir}/$i
done done
mkdir -p %{buildroot}%{_libexecdir}
install -m 755 init/systemd/freeipa-systemd-upgrade %{buildroot}%{_libexecdir}/freeipa-systemd-upgrade
rm -f %{buildroot}%{_initrddir}/ipa_kpasswd rm -f %{buildroot}%{_initrddir}/ipa_kpasswd
%endif %endif
@ -316,6 +320,11 @@ rm -rf %{buildroot}
# Use systemd scheme, update systemd as service units have changed # Use systemd scheme, update systemd as service units have changed
/bin/systemctl --system daemon-reload 2>&1 || : /bin/systemctl --system daemon-reload 2>&1 || :
if [ $1 -gt 1 ] ; then if [ $1 -gt 1 ] ; then
# When upgrade is performed from SysV to systemd, ipa.service will be inactive
# due to https://bugzilla.redhat.com/show_bug.cgi?id=752846
# FreeIPA existing setup cannot be used without upgrade script
/bin/systemctl --quiet is-active ipa.service >/dev/null || \
/usr/libexec/freeipa-systemd-upgrade || :
/usr/sbin/ipa-upgradeconfig || : /usr/sbin/ipa-upgradeconfig || :
/usr/sbin/ipa-ldap-updater --upgrade >/dev/null 2>&1 || : /usr/sbin/ipa-ldap-updater --upgrade >/dev/null 2>&1 || :
fi fi
@ -403,6 +412,7 @@ fi
# Use systemd scheme # Use systemd scheme
%attr(644,root,root) %{_unitdir}/ipa.service %attr(644,root,root) %{_unitdir}/ipa.service
%attr(644,root,root) %{_unitdir}/ipa_kpasswd.service %attr(644,root,root) %{_unitdir}/ipa_kpasswd.service
%{buildroot}%{_libexecdir}/freeipa-systemd-upgrade
%dir %{python_sitelib}/ipaserver %dir %{python_sitelib}/ipaserver
%{python_sitelib}/ipaserver/* %{python_sitelib}/ipaserver/*
%dir %{_usr}/share/ipa %dir %{_usr}/share/ipa
@ -531,6 +541,15 @@ fi
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/default.conf %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/default.conf
%changelog %changelog
* Wed Nov 30 2011 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.3-6
- Introduce upgrade script to recover existing configuration after systemd migration
as user has no means to recover FreeIPA from systemd migration
- Upgrade script:
- recovers symlinks in Dogtag instance install
- recovers systemd configuration for FreeIPA's directory server instances
- recovers freeipa.service
- migrates directory server and KDC configs to use proper keytabs for systemd services
* Wed Oct 26 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.3-5 * Wed Oct 26 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.3-5
- Rebuilt for glibc bug#747377 - Rebuilt for glibc bug#747377