https://fedorahosted.org/freeipa/ticket/4904
Patches attached. -- Martin Basti
From 3cf02ba87d2e64e04d1b4aaeca616d63cb2149d9 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Thu, 7 May 2015 11:03:27 +0200 Subject: [PATCH 1/5] Server Upgrade: Do not start DS if it was stopped before upgrade https://fedorahosted.org/freeipa/ticket/4904 --- ipaserver/install/upgradeinstance.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/ipaserver/install/upgradeinstance.py b/ipaserver/install/upgradeinstance.py index 1466450b257cc493c7f678b9d03a3ef4ec634b57..ad9839e6b594a64271137ca5ea0540bef4197af1 100644 --- a/ipaserver/install/upgradeinstance.py +++ b/ipaserver/install/upgradeinstance.py @@ -183,7 +183,9 @@ class IPAUpgrade(service.Service): super(IPAUpgrade, self).stop(self.serverid) def create_instance(self): - self.step("stopping directory server", self.__stop_instance) + ds_running = super(IPAUpgrade, self).is_running() + if ds_running: + self.step("stopping directory server", self.__stop_instance) self.step("saving configuration", self.__save_config) self.step("disabling listeners", self.__disable_listeners) self.step("enabling DS global lock", self.__enable_ds_global_write_lock) @@ -196,8 +198,8 @@ class IPAUpgrade(service.Service): run_after_failure=True) self.step("restoring configuration", self.__restore_config, run_after_failure=True) - self.step("starting directory server", self.start) - + if ds_running: + self.step("starting directory server", self.start) self.start_creation(start_message="Upgrading IPA:", show_service_name=False) -- 2.1.0
From c9e5f3be5b1ec6e5599851282e128a28ce0e4fff Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 12 May 2015 13:00:10 +0200 Subject: [PATCH 2/5] Server Upgrade: raise RuntimeError instead exit() Ldapupdater should not call sys.exit() in the middle of execution and should fail gracefully https://fedorahosted.org/freeipa/ticket/4904 --- ipaserver/install/ldapupdate.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py index 2ea890efc8b99fe139884811f33ece5d7dc4f949..2f5bcc748eb546b4dad7e1aeeb7a2882a40d8d35 100644 --- a/ipaserver/install/ldapupdate.py +++ b/ipaserver/install/ldapupdate.py @@ -894,7 +894,7 @@ class LDAPUpdate: data = self.read_file(f) except Exception, e: self.error("error reading update file '%s'", f) - sys.exit(e) + raise RuntimeError(e) self.parse_update_file(f, data, all_updates) self._run_updates(all_updates) -- 2.1.0
From 8729f2c382083c03bec8884ade46fa4a7888ae55 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 12 May 2015 13:07:00 +0200 Subject: [PATCH 3/5] Server Upgrade: do not allow to run upgradeinstace alone https://fedorahosted.org/freeipa/ticket/4904 --- ipaserver/install/upgradeinstance.py | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/ipaserver/install/upgradeinstance.py b/ipaserver/install/upgradeinstance.py index ad9839e6b594a64271137ca5ea0540bef4197af1..862606fdc4157b6d8bbb18cbf236adf79175b50a 100644 --- a/ipaserver/install/upgradeinstance.py +++ b/ipaserver/install/upgradeinstance.py @@ -317,21 +317,3 @@ class IPAUpgrade(service.Service): self.upgradefailed = True root_logger.error('Upgrade failed with %s' % str(e)) root_logger.debug('%s', traceback.format_exc()) - -def main(): - if os.getegid() != 0: - print "Must be root to set up server" - return 1 - - update = IPAUpgrade('EXAMPLE.COM') - update.create_instance() - - return 0 - -try: - if __name__ == "__main__": - sys.exit(main()) -except SystemExit, e: - sys.exit(e) -except KeyboardInterrupt, e: - sys.exit(1) -- 2.1.0
From 6a1a22e5a02dc6a37779198ac12053267223dd41 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 12 May 2015 13:31:57 +0200 Subject: [PATCH 4/5] Server Upgrade: handle errors better * Prevent to continue with upgrade if a fatal error happened * Use exceptions to handle failures https://fedorahosted.org/freeipa/ticket/4904 --- ipaserver/install/dsinstance.py | 6 +++++- ipaserver/install/ipa_ldap_updater.py | 16 +++++++++------- ipaserver/install/ipa_server_upgrade.py | 15 +++++++++------ ipaserver/install/upgradeinstance.py | 16 ++++++---------- 4 files changed, 29 insertions(+), 24 deletions(-) diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index e216edbfa2931c4ec301defc874ccc96b89b7c05..f1d24e49d1b184efde1c8d18ff37d0e329037ccc 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -506,7 +506,11 @@ class DsInstance(service.Service): def apply_updates(self): data_upgrade = upgradeinstance.IPAUpgrade(self.realm) - data_upgrade.create_instance() + try: + data_upgrade.create_instance() + except Exception as e: + # very fatal errors only will raise exception + raise RuntimeError("Update failed: %s" % e) installutils.store_version() diff --git a/ipaserver/install/ipa_ldap_updater.py b/ipaserver/install/ipa_ldap_updater.py index 5a0d61219820ebc680a0440b80dc355474eb16b2..40e8e7f72ff2dc837b4ae8aa4e40bb6837519e60 100644 --- a/ipaserver/install/ipa_ldap_updater.py +++ b/ipaserver/install/ipa_ldap_updater.py @@ -32,7 +32,7 @@ from ipalib import api from ipapython import ipautil, admintool from ipaplatform.paths import paths from ipaserver.install import installutils, dsinstance, schemaupdate -from ipaserver.install.ldapupdate import LDAPUpdate, UPDATES_DIR +from ipaserver.install.ldapupdate import LDAPUpdate, UPDATES_DIR, BadSyntax from ipaserver.install.upgradeinstance import IPAUpgrade @@ -108,17 +108,19 @@ class LDAPUpdater_Upgrade(LDAPUpdater): realm = krbV.default_context().default_realm upgrade = IPAUpgrade(realm, self.files, schema_files=options.schema_files) - upgrade.create_instance() - if upgrade.badsyntax: + try: + upgrade.create_instance() + except BadSyntax: raise admintool.ScriptError( 'Bad syntax detected in upgrade file(s).', 1) - elif upgrade.upgradefailed: + except RuntimeError: raise admintool.ScriptError('IPA upgrade failed.', 1) - elif upgrade.modified: - self.log.info('Update complete') else: - self.log.info('Update complete, no data were modified') + if upgrade.modified: + self.log.info('Update complete') + else: + self.log.info('Update complete, no data were modified') class LDAPUpdater_NonUpgrade(LDAPUpdater): diff --git a/ipaserver/install/ipa_server_upgrade.py b/ipaserver/install/ipa_server_upgrade.py index 148d1fe7e786b9a71c2659be02664864b463634f..7e85c0dca042614b3e591d87f8687314ae3981cb 100644 --- a/ipaserver/install/ipa_server_upgrade.py +++ b/ipaserver/install/ipa_server_upgrade.py @@ -11,6 +11,7 @@ from ipaplatform.paths import paths from ipapython import admintool, ipautil from ipaserver.install import installutils from ipaserver.install.upgradeinstance import IPAUpgrade +from ipaserver.install.ldapupdate import BadSyntax class ServerUpgrade(admintool.AdminTool): @@ -73,17 +74,19 @@ class ServerUpgrade(admintool.AdminTool): realm = krbV.default_context().default_realm data_upgrade = IPAUpgrade(realm) - data_upgrade.create_instance() - if data_upgrade.badsyntax: + try: + data_upgrade.create_instance() + except BadSyntax: raise admintool.ScriptError( 'Bad syntax detected in upgrade file(s).', 1) - elif data_upgrade.upgradefailed: + except RuntimeError: raise admintool.ScriptError('IPA upgrade failed.', 1) - elif data_upgrade.modified: - self.log.info('Data update complete') else: - self.log.info('Data update complete, no data were modified') + if data_upgrade.modified: + self.log.info('Update complete') + else: + self.log.info('Update complete, no data were modified') # store new data version after upgrade installutils.store_version() diff --git a/ipaserver/install/upgradeinstance.py b/ipaserver/install/upgradeinstance.py index 862606fdc4157b6d8bbb18cbf236adf79175b50a..2540df60f1c14b99dbd5b9cdd12d7590edc1bd32 100644 --- a/ipaserver/install/upgradeinstance.py +++ b/ipaserver/install/upgradeinstance.py @@ -167,8 +167,6 @@ class IPAUpgrade(service.Service): self.savefilename = '%s/%s.ipa.%s' % (paths.ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE % serverid, DSE, ext) self.files = files self.modified = False - self.badsyntax = False - self.upgradefailed = False self.serverid = serverid self.schema_files = schema_files self.realm = realm_name @@ -307,13 +305,11 @@ class IPAUpgrade(service.Service): if len(self.files) == 0: self.files = ld.get_all_files(ldapupdate.UPDATES_DIR) self.modified = (ld.update(self.files) or self.modified) - except ldapupdate.BadSyntax, e: - root_logger.error('Bad syntax in upgrade %s' % str(e)) - self.modified = False - self.badsyntax = True - except Exception, e: + except ldapupdate.BadSyntax as e: + root_logger.error('Bad syntax in upgrade %s', e) + raise + except Exception as e: # Bad things happened, return gracefully - self.modified = False - self.upgradefailed = True - root_logger.error('Upgrade failed with %s' % str(e)) + root_logger.error('Upgrade failed with %s', e) root_logger.debug('%s', traceback.format_exc()) + raise RuntimeError(e) -- 2.1.0
From 5bb26d7cd01882e6e35e64bb4e041a52dadbba90 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 12 May 2015 14:08:35 +0200 Subject: [PATCH 5/5] Server Upgrade: ipa-ldap-updater will not do overall upgrade ipa-ldap-updater is now just util which applies changes specified in update files or schema files. ipa-ldap-updater will not do overall server upgrade anymore, use ipa-server-upgrade instead. https://fedorahosted.org/freeipa/ticket/4904 --- install/tools/man/ipa-ldap-updater.1 | 10 ++-------- ipaserver/install/ipa_ldap_updater.py | 19 +++++++------------ 2 files changed, 9 insertions(+), 20 deletions(-) diff --git a/install/tools/man/ipa-ldap-updater.1 b/install/tools/man/ipa-ldap-updater.1 index 6d0feb4403c72aa2072da84a9134781c3b16c952..4893802c2f73af177857e61135626753289ce35f 100644 --- a/install/tools/man/ipa-ldap-updater.1 +++ b/install/tools/man/ipa-ldap-updater.1 @@ -21,11 +21,8 @@ ipa\-ldap\-updater \- Update the IPA LDAP configuration .SH "SYNOPSIS" ipa\-ldap\-updater [options] input_file(s) -ipa\-ldap\-updater [options] .SH "DESCRIPTION" -ipa\-ldap\-updater is used to apply updates to the IPA LDAP server when the IPA packages are being updated. It is not intended to be executed by end\-users. - -When run with no file arguments, ipa\-ldap\-updater will process all files with the extension .update in /usr/share/ipa/updates. +ipa\-ldap\-updater is utility which can be used to update the IPA LDAP server. An update file describes an LDAP entry and a set of operations to be performed on that entry. It can be used to add new entries or modify existing entries. @@ -81,7 +78,7 @@ This keyword is not bounded to DN, and plugin names have to be registered in API Additionally, ipa-ldap-updater can update the schema based on LDIF files. Any missing object classes and attribute types are added, and differing ones are updated to match the LDIF file. -To enable this behavior, use the \-\-schema or \-\-schema-file options. +To enable this behavior, use the \-\-schema-file options. Schema files should be in LDIF format, and may only specify attributeTypes and objectClasses attributes of cn=schema. .SH "OPTIONS" @@ -92,9 +89,6 @@ Enable debug logging when more verbose output is needed \fB\-u\fR, \fB\-\-upgrade\fR Upgrade an installed server in offline mode (implies \-\-schema) .TP -\fB\-s\fR, \fB\-\-schema\fR -Also update the LDAP schema. If no \-\-schema-file is specified, update to the built-in IPA schema. -.TP \fB\-S\fR, \fB\-\-schema\-file\fR Specify a schema file. May be used multiple times. Implies \-\-schema. .SH "EXIT STATUS" diff --git a/ipaserver/install/ipa_ldap_updater.py b/ipaserver/install/ipa_ldap_updater.py index 40e8e7f72ff2dc837b4ae8aa4e40bb6837519e60..f07eecf232916e979f7f92f0fe15e4976ad48ec6 100644 --- a/ipaserver/install/ipa_ldap_updater.py +++ b/ipaserver/install/ipa_ldap_updater.py @@ -40,7 +40,6 @@ class LDAPUpdater(admintool.AdminTool): command_name = 'ipa-ldap-updater' usage = "%prog [options] input_file(s)\n" - usage += "%prog [options]\n" @classmethod def add_options(cls, parser): @@ -48,10 +47,6 @@ class LDAPUpdater(admintool.AdminTool): parser.add_option("-u", '--upgrade', action="store_true", dest="upgrade", default=False, help="upgrade an installed server in offline mode") - parser.add_option("-s", '--schema', action="store_true", - dest="update_schema", default=False, - help="update the schema " - "(implied when no input files are given)") parser.add_option("-S", '--schema-file', action="append", dest="schema_files", help="custom schema ldif file to use (implies -s)") @@ -69,6 +64,12 @@ class LDAPUpdater(admintool.AdminTool): self.files = self.args + if not (self.files or options.schema_files): + self.log.info("To execute overall IPA upgrade please use " + "'ipa-server-upgrade' command") + raise admintool.ScriptError("No update files or schema file were " + "specified") + for filename in self.files: if not os.path.exists(filename): raise admintool.ScriptError("%s: file not found" % filename) @@ -79,12 +80,6 @@ class LDAPUpdater(admintool.AdminTool): print unicode(e) sys.exit(1) - if options.schema_files or not self.files: - options.update_schema = True - if not options.schema_files: - options.schema_files = [os.path.join(ipautil.SHARE_DIR, f) for f - in dsinstance.ALL_SCHEMA_FILES] - def setup_logging(self): super(LDAPUpdater, self).setup_logging(log_file_mode='a') @@ -132,7 +127,7 @@ class LDAPUpdater_NonUpgrade(LDAPUpdater): modified = False - if options.update_schema: + if options.schema_files: modified = schemaupdate.update_schema( options.schema_files, ldapi=True) or modified -- 2.1.0
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code