On 02/09/14 09:10, Jan Cholasta wrote:
Hi,
Dne 1.9.2014 v 16:57 Martin Basti napsal(a):
This patch allows to disable service in LDAP to prevents service to be
started by "ipactl restart"
Required by DNSSEC
Patch attached
I don't think the extra argument in ldap_enable is necessary. It
should enable the service no matter if the entry existed before or not.
Similarly, in ldap_disable you should not raise an error when the
entry is not found, because that already makes the service disabled.
Honza
Updated patch attached
--
Martin Basti
From 43fb8d981cc02b60c76b0a7040d0232bdf2165bc Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Thu, 28 Aug 2014 19:27:44 +0200
Subject: [PATCH] LDAP disable service
This patch allows to disable service in LDAP (ipactl will not start it)
---
ipaserver/install/service.py | 49 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 49 insertions(+)
diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py
index 1f01b275135173b7d0bfdb4d56729438a0853142..370f86fe308607162e9bd8b41144e3557ab0a7ab 100644
--- a/ipaserver/install/service.py
+++ b/ipaserver/install/service.py
@@ -375,6 +375,30 @@ class Service(object):
self.ldap_connect()
entry_name = DN(('cn', name), ('cn', fqdn), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), ldap_suffix)
+
+ # enable disabled service
+ try:
+ entry = self.admin_conn.get_entry(entry_name, ['ipaConfigString'])
+ except errors.NotFound:
+ pass
+ else:
+ if 'enabledService' in entry.get('ipaConfigString', []):
+ root_logger.debug("failed to enable %s Service startup entry (already enabled)" % name)
+ return
+
+ if 'ipaConfigString' in entry and entry['ipaConfigString'] is not None:
+ entry['ipaConfigString'].append('enabledService')
+ else:
+ entry['ipaConfigString'] = ['enabledService']
+ root_logger.warning("%s Service startup entry has no 'ipaConfigString' attributes" % name)
+
+ try:
+ self.admin_conn.update_entry(entry)
+ except:
+ root_logger.debug("failed to re-enable %s Service startup entry (already enabled)" % name)
+
+ return
+
order = SERVICE_LIST[name][1]
entry = self.admin_conn.make_entry(
entry_name,
@@ -390,6 +414,31 @@ class Service(object):
root_logger.debug("failed to add %s Service startup entry" % name)
raise e
+ def ldap_disable(self, name, fqdn, ldap_suffix):
+ assert isinstance(ldap_suffix, DN)
+ if not self.admin_conn:
+ self.ldap_connect()
+
+ entry_name = DN(('cn', name), ('cn', fqdn), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), ldap_suffix)
+ try:
+ entry = self.admin_conn.get_entry(entry_name, ['ipaConfigString'])
+ except errors.NotFound:
+ root_logger.debug("failed to disable %s Service startup entry (service not found)" % name)
+ return
+
+ if 'enabledService' not in entry.get('ipaConfigString', []):
+ root_logger.debug("failed to disable %s Service startup entry (Service already disabled)" % name)
+ return
+
+ entry['ipaConfigString'].remove('enabledService')
+
+ try:
+ self.admin_conn.update_entry(entry)
+ except:
+ root_logger.debug("failed to disable %s Service startup entry" % name)
+ raise
+
+
class SimpleServiceInstance(Service):
def create_instance(self, gensvc_name=None, fqdn=None, dm_password=None, ldap_suffix=None, realm=None):
self.gensvc_name = gensvc_name
--
1.8.3.1
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
