[freeipa/f16] Introduce systemd upgrade script
abbra
abbra at fedoraproject.org
Wed Nov 30 11:03:01 UTC 2011
commit 04c165687f2c362da9e675812258a373b83ec7cd
Author: Alexander Bokovoy <abokovoy at redhat.com>
Date: Wed Nov 30 12:57:51 2011 +0200
Introduce systemd upgrade script
As user has no means to recover existing FreeIPA install after
upgrading from SysV to systemd, introduce upgrade script.
The upgrade script does following:
- restores symlinks in FreeIPA's Dogtag installation
- converts FreeIPA directory server instances to systemd
- converts FreeIPA directory server configuration to be compatible
with systemd services
- converts FreeIPA KDC configuration to be compatible
with systemd services
- re-enables FreeIPA
Script does nothing if FreeIPA is already active systemd service
freeipa-systemd-upgrade | 73 +++++++++++++++++++++++++++++++++++++++++++++++
freeipa.spec | 21 +++++++++++++-
2 files changed, 93 insertions(+), 1 deletions(-)
---
diff --git a/freeipa-systemd-upgrade b/freeipa-systemd-upgrade
new file mode 100755
index 0000000..c0b840c
--- /dev/null
+++ b/freeipa-systemd-upgrade
@@ -0,0 +1,73 @@
+#! /usr/bin/python -E
+from ipaserver.install.krbinstance import update_key_val_in_file
+from ipapython import ipautil, config
+from ipapython import services as ipaservices
+import os, platform
+
+def convert_java_link(foo, topdir, filepaths):
+ cwd = os.getcwd()
+ os.chdir(topdir)
+ for filepath in filepaths:
+ # All this shouldn't happen because java system upgrade should properly
+ # move files and symlinks but if this is a broken link
+ if os.path.islink(filepath):
+ print " Checking %s ... " % (filepath),
+ if not os.path.exists(filepath):
+ rpath = os.path.realpath(filepath)
+ # .. and it points to jss in /usr/lib
+ if rpath.find('/usr/lib/') != -1 and rpath.find('jss') != -1:
+ base = os.path.basename(rpath)
+ bitness = platform.architecture()[0][:2]
+ # rewrite it to /usr/lib64 for x86_64 platform
+ if bitness == '64':
+ npath = "/usr/lib%s/jss/%s" % (bitness, base)
+ os.unlink(filepath)
+ os.symlink(npath, filepath)
+ print "%s -> %s" % (filepath, npath)
+ else:
+ print "Ok"
+ else:
+ print "Ok"
+ else:
+ print "Ok"
+ os.chdir(cwd)
+
+# 0. Init config
+try:
+ config.init_config()
+except IPAConfigError, e:
+ # No configured IPA install, no need to upgrade anything
+ exit(0)
+
+# 1. Convert broken symlinks, if any, in /var/lib/pki-ca
+if os.path.exists('/var/lib/pki-ca/common/lib'):
+ print "Analyzing symlinks in PKI-CA install"
+ os.path.walk('/var/lib/pki-ca/common/lib', convert_java_link, None)
+
+try:
+ print "Found IPA server for domain %s" % (config.config.default_realm)
+ print "Converting services setup to systemd"
+ # 1. Upgrade /etc/sysconfig/dirsrv for systemd
+ print " Upgrade /etc/sysconfig/dirsrv"
+ update_key_val_in_file("/etc/sysconfig/dirsrv", "KRB5_KTNAME", "/etc/dirsrv/ds.keytab")
+ update_key_val_in_file("/etc/sysconfig/dirsrv", "export KRB5_KTNAME", "/etc/dirsrv/ds.keytab")
+ # 2. Upgrade /etc/sysconfig/krb5kdc for systemd
+ print " Upgrade /etc/sysconfig/krb5kdc"
+ replacevars = {'KRB5REALM':config.config.default_realm}
+ appendvars = {}
+ ipautil.config_replace_variables("/etc/sysconfig/krb5kdc",
+ replacevars=replacevars, appendvars=appendvars)
+ ipaservices.restore_context("/etc/sysconfig/krb5kdc")
+ # 3. Enable DS instances:
+ realm = config.config.default_realm.upper().replace('.','-')
+ print " Re-enable Directory server instances PKI-IPA and %s " % (realm)
+ ipaservices.knownservices.dirsrv.enable(realm)
+ ipaservices.knownservices.dirsrv.enable("PKI-IPA")
+ # 4. Enable FreeIPA
+ print " Re-enable IPA service"
+ ipaservices.knownservices.ipa.enable()
+except:
+ pass
+
+finally:
+ print "Finished."
diff --git a/freeipa.spec b/freeipa.spec
index e4dd824..cc855a6 100644
--- a/freeipa.spec
+++ b/freeipa.spec
@@ -14,13 +14,14 @@ distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
Name: freeipa
Version: 2.1.3
-Release: 5%{?dist}
+Release: 6%{?dist}
Summary: The Identity, Policy and Audit system
Group: System Environment/Base
License: GPLv3+
URL: http://www.freeipa.org/
Source0: freeipa-%{version}.tar.gz
+Source1: freeipa-systemd-upgrade
Patch0: freeipa-2.1.3-systemd.patch.gz
Patch1: freeipa-2.1.3-wait_for_socket.patch.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -218,6 +219,7 @@ package.
%setup -n freeipa-%{version} -q
%patch0 -p1
%patch1 -p1
+cp %{SOURCE1} init/systemd/
%build
export CFLAGS="$CFLAGS %{optflags}"
@@ -294,6 +296,8 @@ mkdir -p %{buildroot}%{_unitdir}
for i in ipa.service ipa_kpasswd.service ; do
install -m 644 init/systemd/$i %{buildroot}%{_unitdir}/$i
done
+mkdir -p %{buildroot}%{_libexecdir}
+install -m 755 init/systemd/freeipa-systemd-upgrade %{buildroot}%{_libexecdir}/freeipa-systemd-upgrade
rm -f %{buildroot}%{_initrddir}/ipa_kpasswd
%endif
@@ -316,6 +320,11 @@ rm -rf %{buildroot}
# Use systemd scheme, update systemd as service units have changed
/bin/systemctl --system daemon-reload 2>&1 || :
if [ $1 -gt 1 ] ; then
+ # When upgrade is performed from SysV to systemd, ipa.service will be inactive
+ # due to https://bugzilla.redhat.com/show_bug.cgi?id=752846
+ # FreeIPA existing setup cannot be used without upgrade script
+ /bin/systemctl --quiet is-active ipa.service >/dev/null || \
+ /usr/libexec/freeipa-systemd-upgrade || :
/usr/sbin/ipa-upgradeconfig || :
/usr/sbin/ipa-ldap-updater --upgrade >/dev/null 2>&1 || :
fi
@@ -403,6 +412,7 @@ fi
# Use systemd scheme
%attr(644,root,root) %{_unitdir}/ipa.service
%attr(644,root,root) %{_unitdir}/ipa_kpasswd.service
+%{buildroot}%{_libexecdir}/freeipa-systemd-upgrade
%dir %{python_sitelib}/ipaserver
%{python_sitelib}/ipaserver/*
%dir %{_usr}/share/ipa
@@ -531,6 +541,15 @@ fi
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/default.conf
%changelog
+* Wed Nov 30 2011 Alexander Bokovoy <abokovoy at redhat.com> - 2.1.3-6
+- Introduce upgrade script to recover existing configuration after systemd migration
+ as user has no means to recover FreeIPA from systemd migration
+- Upgrade script:
+ - recovers symlinks in Dogtag instance install
+ - recovers systemd configuration for FreeIPA's directory server instances
+ - recovers freeipa.service
+ - migrates directory server and KDC configs to use proper keytabs for systemd services
+
* Wed Oct 26 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.1.3-5
- Rebuilt for glibc bug#747377
More information about the scm-commits
mailing list