URL: https://github.com/freeipa/freeipa/pull/401 Author: MartinBasti Title: #401: [4.4] Wait until http principal entry is replicated to replica Action: synchronized
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/401/head:pr401 git checkout pr401
From 045413aeec8862d9cdd0f3057671f28bb85735a1 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Wed, 18 Jan 2017 12:55:13 +0100 Subject: [PATCH 1/2] wait_for_entry: use only DN as parameter Using the whole entry is not needed as parameter because only DN is used and it prevents easier usage of this function https://fedorahosted.org/freeipa/ticket/6588 --- ipaserver/install/dogtaginstance.py | 2 +- ipaserver/install/replication.py | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py index b656282..2a2ab6f 100644 --- a/ipaserver/install/dogtaginstance.py +++ b/ipaserver/install/dogtaginstance.py @@ -470,7 +470,7 @@ def setup_admin(self): port=389, protocol='ldap') master_conn.do_sasl_gssapi_bind() - replication.wait_for_entry(master_conn, entry) + replication.wait_for_entry(master_conn, entry.dn) del master_conn def __remove_admin_from_group(self, group): diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index fe62626..d0e4a20 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -152,7 +152,7 @@ def wait_for_task(conn, dn): return exit_code -def wait_for_entry(connection, entry, timeout=7200, attr='', quiet=True): +def wait_for_entry(connection, dn, timeout=7200, attr='', quiet=True): """Wait for entry and/or attr to show up""" filter = "(objectclass=*)" @@ -162,8 +162,6 @@ def wait_for_entry(connection, entry, timeout=7200, attr='', quiet=True): attrlist.append(attr) timeout += int(time.time()) - dn = entry.dn - if not quiet: sys.stdout.write("Waiting for %s %s:%s " % (connection, dn, attr)) sys.stdout.flush() @@ -734,7 +732,7 @@ def setup_agreement(self, a_conn, b_hostname, port=389, # that we will have to set the memberof fixup task self.need_memberof_fixup = True - wait_for_entry(a_conn, entry) + wait_for_entry(a_conn, entry.dn) def needs_memberof_fixup(self): return self.need_memberof_fixup From 01eddb7b33a7802d7949b0b5572bf2d1dda5e47b Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Wed, 18 Jan 2017 13:56:24 +0100 Subject: [PATCH 2/2] Wait until HTTPS principal entry is replicated to replica Without HTTP principal the steps later fails. https://fedorahosted.org/freeipa/ticket/6588 --- ipaserver/install/server/replicainstall.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index aefe158..9dbe4b0 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -40,7 +40,7 @@ from ipaserver.install.installutils import ( create_replica_config, ReplicaConfig, load_pkcs12, is_ipa_configured) from ipaserver.install.replication import ( - ReplicationManager, replica_conn_check) + ReplicationManager, replica_conn_check, wait_for_entry) import SSSDConfig from subprocess import CalledProcessError from binascii import hexlify @@ -90,6 +90,13 @@ def install_http_certs(config, fstore, remote_api): config.master_host_name, paths.IPA_KEYTAB, force_service_add=True) + dn = DN( + ('krbprincipalname', principal), + api.env.container_service, api.env.basedn + ) + api.Backend.ldap2.connect(ldapi=True) + wait_for_entry(api.Backend.ldap2, dn) + api.Backend.ldap2.disconnect() # Obtain certificate for the HTTP service nssdir = certs.NSS_DIR
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code