[freeipa/f16] Allow ipa-ldap-updater to wait for dirsrv service on systemd setups
abbra
abbra at fedoraproject.org
Sun Dec 11 17:42:12 UTC 2011
commit 66030a60fec8c28c9acf6aef08ca2ecec1348003
Author: Alexander Bokovoy <abokovoy at redhat.com>
Date: Sun Dec 11 19:38:03 2011 +0200
Allow ipa-ldap-updater to wait for dirsrv service on systemd setups
freeipa-2.1.4-connection-failure-recovery.patch | 95 +++++++++++++++++++++++
freeipa-2.1.4-fix-pylint-f16.patch | 88 +++++++++++++++++++++
freeipa.spec | 12 +++-
3 files changed, 194 insertions(+), 1 deletions(-)
---
diff --git a/freeipa-2.1.4-connection-failure-recovery.patch b/freeipa-2.1.4-connection-failure-recovery.patch
new file mode 100644
index 0000000..98c7d95
--- /dev/null
+++ b/freeipa-2.1.4-connection-failure-recovery.patch
@@ -0,0 +1,95 @@
+From 859d28ce9d4b0f356122b576eab397ed7a066745 Mon Sep 17 00:00:00 2001
+From: Martin Kosek <mkosek at redhat.com>
+Date: Thu, 8 Dec 2011 14:52:49 +0100
+Subject: [PATCH 4/6] Add connection failure recovery to IPAdmin
+
+Recover from connection failures in IPAdmin LDAP bind functions and
+rather try reconnect in scope of a given timeout instead of giving
+up after the first failed connection.
+
+The recovery fixes ipa-ldap-updater on F-16 which always failed
+because of a missing dirsrv socket.
+
+https://fedorahosted.org/freeipa/ticket/2175
+---
+ ipaserver/ipaldap.py | 35 +++++++++++++++++++++++++++++------
+ 1 files changed, 29 insertions(+), 6 deletions(-)
+
+diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py
+index 74cfbfda911facbf6f3bddf5972b3f035a9cfde0..1820e690b10c820efcd3217801bde6b685bbf20b 100644
+--- a/ipaserver/ipaldap.py
++++ b/ipaserver/ipaldap.py
+@@ -30,14 +30,17 @@ import cStringIO
+ import time
+ import struct
+ import ldap.sasl
++import ldapurl
+ from ldap.controls import LDAPControl,DecodeControlTuples,EncodeControlTuples
+ from ldap.ldapobject import SimpleLDAPObject
+ from ipaserver import ipautil
++from ipaserver.install import installutils
+ from ipalib import errors
+ from ipapython.ipautil import format_netloc
+
+ # Global variable to define SASL auth
+ SASL_AUTH = ldap.sasl.sasl({},'GSSAPI')
++DEFAULT_TIMEOUT = 10
+
+ class Entry:
+ """
+@@ -330,6 +333,26 @@ class IPAdmin(SimpleLDAPObject):
+ except ldap.LDAPError, e:
+ raise errors.DatabaseError(desc=desc,info=info)
+
++ def __wait_for_connection(self, timeout):
++ lurl = ldapurl.LDAPUrl(self._uri)
++ if lurl.urlscheme == 'ldapi':
++ installutils.wait_for_open_socket(lurl.hostport, timeout)
++ else:
++ (host,port) = lurl.hostport.split(':')
++ installutils.wait_for_open_ports(host, int(port), timeout)
++
++ def __bind_with_wait(self, bind_func, timeout, *args, **kwargs):
++ try:
++ bind_func(*args, **kwargs)
++ except (ldap.CONNECT_ERROR, ldap.SERVER_DOWN), e:
++ if not timeout:
++ raise e
++ try:
++ self.__wait_for_connection(timeout)
++ except:
++ raise e
++ bind_func(*args, **kwargs)
++
+ def toLDAPURL(self):
+ return "ldap://%s/" % format_netloc(self.host, self.port)
+
+@@ -346,19 +369,19 @@ class IPAdmin(SimpleLDAPObject):
+ except ldap.LDAPError, e:
+ self.__handle_errors(e, **{})
+
+- def do_simple_bind(self, binddn="cn=directory manager", bindpw=""):
++ def do_simple_bind(self, binddn="cn=directory manager", bindpw="", timeout=DEFAULT_TIMEOUT):
+ self.binddn = binddn
+ self.bindpwd = bindpw
+- self.simple_bind_s(binddn, bindpw)
++ self.__bind_with_wait(self.simple_bind_s, timeout, binddn, bindpw)
+ self.__lateinit()
+
+- def do_sasl_gssapi_bind(self):
+- self.sasl_interactive_bind_s('', SASL_AUTH)
++ def do_sasl_gssapi_bind(self, timeout=DEFAULT_TIMEOUT):
++ self.__bind_with_wait(self.sasl_interactive_bind_s, timeout, '', SASL_AUTH)
+ self.__lateinit()
+
+- def do_external_bind(self, user_name=None):
++ def do_external_bind(self, user_name=None, timeout=DEFAULT_TIMEOUT):
+ auth_tokens = ldap.sasl.external(user_name)
+- self.sasl_interactive_bind_s("", auth_tokens)
++ self.__bind_with_wait(self.sasl_interactive_bind_s, timeout, '', auth_tokens)
+ self.__lateinit()
+
+ def getEntry(self,*args):
+--
+1.7.7.4
+
diff --git a/freeipa-2.1.4-fix-pylint-f16.patch b/freeipa-2.1.4-fix-pylint-f16.patch
new file mode 100644
index 0000000..06d24c6
--- /dev/null
+++ b/freeipa-2.1.4-fix-pylint-f16.patch
@@ -0,0 +1,88 @@
+From d27b23d4315d24e62d83ddf0012b347ffad36e9c Mon Sep 17 00:00:00 2001
+From: Rob Crittenden <rcritten at redhat.com>
+Date: Thu, 8 Dec 2011 16:11:22 -0500
+Subject: [PATCH 6/6] Fix some pylint issues found in F-16
+
+* Using default_attributes rather than what would be defined in output
+ is the preferred mechanism for determining what attributes to
+ retrieve.
+
+* Replace some add_s() calls with addEntry()
+---
+ doc/examples/examples.py | 9 +++++++--
+ ipaserver/install/krbinstance.py | 4 ++--
+ ipaserver/install/service.py | 2 +-
+ 3 files changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/doc/examples/examples.py b/doc/examples/examples.py
+index a969c898bcf8a6829b83898bd2d68400ae939ff3..7053e589a1a058d7742b51cbceaf683971555621 100644
+--- a/doc/examples/examples.py
++++ b/doc/examples/examples.py
+@@ -314,6 +314,11 @@ class exuser(Object):
+ ),
+ )
+
++ # You may not want to return all attributes in the entry by default.
++ # Use default_attributes to limit the list of returned values. The
++ # caller can set all to True to return all attributes.
++ default_attributes = ['uid', 'givenname', 'sn']
++
+ # register the object, uncomment this line if you want to try it out
+ #api.register(exuser)
+
+@@ -352,7 +357,7 @@ class exuser_show(Method):
+ if options.get('all', False):
+ attrs_list = ['*']
+ else:
+- attrs_list = [p.name for p in self.output_params()]
++ attrs_list = self.obj.default_attributes
+
+ (dn, entry_attrs) = ldap.get_entry(dn, attrs_list)
+ entry_attrs['dn'] = dn
+@@ -398,7 +403,7 @@ class exuser_find(Method):
+ if options.get('all', False):
+ attrs_list = ['*']
+ else:
+- attrs_list = [p.name for p in self.output_params()]
++ attrs_list = self.obj.default_attributes
+
+ # perform the search
+ (entries, truncated) = ldap.find_entries(
+diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
+index ce70c231dfb7e7b6b59c0496721cced0d09f1604..df6fc5a6ea6fbc4d9c207122dbb3c1ce1f5b4f50 100644
+--- a/ipaserver/install/krbinstance.py
++++ b/ipaserver/install/krbinstance.py
+@@ -284,7 +284,7 @@ class KrbInstance(service.Service):
+ entry.setValues("nsSaslMapFilterTemplate", '(krbPrincipalName=\\1@\\2)')
+
+ try:
+- self.admin_conn.add_s(entry)
++ self.admin_conn.addEntry(entry)
+ except ldap.ALREADY_EXISTS:
+ logging.critical("failed to add Full Principal Sasl mapping")
+ raise e
+@@ -297,7 +297,7 @@ class KrbInstance(service.Service):
+ entry.setValues("nsSaslMapFilterTemplate", '(krbPrincipalName=&@%s)' % self.realm)
+
+ try:
+- self.admin_conn.add_s(entry)
++ self.admin_conn.addEntry(entry)
+ except ldap.ALREADY_EXISTS:
+ logging.critical("failed to add Name Only Sasl mapping")
+ raise e
+diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py
+index 2fd15d8f8010114914549871fc5d0a228561fe1c..9fcc095b64f1abc121f1960d7c7ec15dbe53821f 100644
+--- a/ipaserver/install/service.py
++++ b/ipaserver/install/service.py
+@@ -287,7 +287,7 @@ class Service(object):
+ "enabledService", "startOrder " + str(order))
+
+ try:
+- conn.add_s(entry)
++ conn.addEntry(entry)
+ except ldap.ALREADY_EXISTS, e:
+ logging.critical("failed to add %s Service startup entry" % name)
+ raise e
+--
+1.7.7.4
+
diff --git a/freeipa.spec b/freeipa.spec
index cd9f427..70a524c 100644
--- a/freeipa.spec
+++ b/freeipa.spec
@@ -14,7 +14,7 @@ distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
Name: freeipa
Version: 2.1.4
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: The Identity, Policy and Audit system
Group: System Environment/Base
@@ -22,6 +22,8 @@ License: GPLv3+
URL: http://www.freeipa.org/
Source0: freeipa-%{version}.tar.gz
Source1: freeipa-systemd-upgrade
+Patch0: freeipa-2.1.4-connection-failure-recovery.patch
+Patch1: freeipa-2.1.4-fix-pylint-f16.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
%if ! %{ONLY_CLIENT}
@@ -216,6 +218,8 @@ package.
%prep
%setup -n freeipa-%{version} -q
cp %{SOURCE1} init/systemd/
+%patch0 -p1
+%patch1 -p1
%build
export CFLAGS="$CFLAGS %{optflags}"
@@ -537,6 +541,12 @@ fi
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/default.conf
%changelog
+* Sun Dec 11 2011 Alexander Bokovoy <abokovoy at redhat.com> - 2.1.4-2
+- Allow longer dirsrv startup with systemd:
+ - IPAdmin class will wait until dirsrv instance is available up to 10 seconds
+ - Helps with restarts during upgrade for ipa-ldap-updater
+- Fix pylint warnings from F16 and Rawhide
+
* Tue Dec 6 2011 Rob Crittenden <rcritten at redhat.com> - 2.1.4-1
- Update to upstream 2.1.4 (CVE-2011-3636)
More information about the scm-commits
mailing list