76 lines
2.7 KiB
Diff
76 lines
2.7 KiB
Diff
From cd81ffbd7b9657e6715e3dc1b69bd9499036675b Mon Sep 17 00:00:00 2001
|
|
From: Alexander Bokovoy <abokovoy@redhat.com>
|
|
Date: Wed, 21 Mar 2018 10:33:32 +0200
|
|
Subject: [PATCH] upgrade: Run configuration upgrade under empty ccache
|
|
collection
|
|
|
|
Use temporary empty DIR-based ccache collection to prevent upgrade
|
|
failures in case KCM: or KEYRING: ccache type is used by default in
|
|
krb5.conf and is not available. We don't need any user credentials
|
|
during upgrade procedure but kadmin.local would attempt to resolve
|
|
default ccache and if that's not available, kadmin.local will fail.
|
|
|
|
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1558818
|
|
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
|
|
---
|
|
ipaserver/install/server/upgrade.py | 29 ++++++++++++++++++++++++++++-
|
|
1 file changed, 28 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
|
|
index a38f4115c..4844350dc 100644
|
|
--- a/ipaserver/install/server/upgrade.py
|
|
+++ b/ipaserver/install/server/upgrade.py
|
|
@@ -11,6 +11,8 @@ import shutil
|
|
import pwd
|
|
import fileinput
|
|
import sys
|
|
+import tempfile
|
|
+from contextlib import contextmanager
|
|
from augeas import Augeas
|
|
import dns.exception
|
|
from ipalib import api, x509
|
|
@@ -1926,6 +1928,30 @@ def upgrade_check(options):
|
|
logger.warning("Upgrade without version check may break your system")
|
|
|
|
|
|
+@contextmanager
|
|
+def empty_ccache():
|
|
+ # Create temporary directory and use it as a DIR: ccache collection
|
|
+ # instead of whatever is a default in /etc/krb5.conf
|
|
+ #
|
|
+ # In Fedora 28 KCM: became a default credentials cache collection
|
|
+ # but if KCM daemon (part of SSSD) is not running, libkrb5 will fail
|
|
+ # to initialize. This causes kadmin.local to fail.
|
|
+ # Since we are in upgrade, we cannot kinit anyway (KDC is offline).
|
|
+ # Bug https://bugzilla.redhat.com/show_bug.cgi?id=1558818
|
|
+ kpath_dir = tempfile.mkdtemp(prefix="upgrade_ccaches", dir=paths.IPA_CCACHES)
|
|
+ kpath = "DIR:{dir}s".format(dir=kpath_dir)
|
|
+ old_path = os.getenv('KRB5CCNAME')
|
|
+ try:
|
|
+ os.environ['KRB5CCNAME'] = kpath
|
|
+ yield
|
|
+ finally:
|
|
+ if old_path:
|
|
+ os.environ['KRB5CCNAME'] = old_path
|
|
+ for f in os.listdir(kpath_dir):
|
|
+ os.remove(os.path.join(kpath_dir, f))
|
|
+ os.rmdir(kpath_dir)
|
|
+
|
|
+
|
|
def upgrade():
|
|
realm = api.env.realm
|
|
schema_files = [os.path.join(paths.USR_SHARE_IPA_DIR, f) for f
|
|
@@ -1950,7 +1976,8 @@ def upgrade():
|
|
|
|
print('Upgrading IPA services')
|
|
logger.info('Upgrading the configuration of the IPA services')
|
|
- upgrade_configuration()
|
|
+ with empty_ccache():
|
|
+ upgrade_configuration()
|
|
logger.info('The IPA services were upgraded')
|
|
|
|
# store new data version after upgrade
|
|
--
|
|
2.14.3
|
|
|