websms/freeipa
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Imported Debian patch 4.0.5-6~numeezy

Browse Source
This commit is contained in:
Alexandre Ellert
2016-02-17 15:07:45 +01:00
committed by Mario Fetka
parent c44de33144
commit 10dfc9587b
1203 changed files with 53869 additions and 241462 deletions
Download Patch File Download Diff File Expand all files Collapse all files

132
install/tools/ipa-csreplica-manage
View File

@@ -19,18 +19,16 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import print_function
import sys
import os
import krbV
from ipapython.ipa_log_manager import *
from ipaserver.install import (replication, installutils, bindinstance,
cainstance, certs)
from ipalib import api, errors
from ipalib import api, errors, util
from ipalib.constants import CACERT
from ipalib.util import has_managed_topology
from ipapython import ipautil, ipaldap, version, dogtag
from ipapython.dn import DN
@@ -107,7 +105,7 @@ def list_replicas(realm, host, replica, dirman_passwd, verbose):
except errors.NotFound:
peers[ent.single_value['cn']] = ['CA not configured', '']
except Exception as e:
except Exception, e:
sys.exit(
"Failed to get data from '%s' while trying to list replicas: %s" %
(host, e))
@@ -115,31 +113,31 @@ def list_replicas(realm, host, replica, dirman_passwd, verbose):
conn.unbind()
if not replica:
for k, p in peers.items():
print('%s: %s' % (k, p[0]))
for k, p in peers.iteritems():
print '%s: %s' % (k, p[0])
return
try:
repl = replication.get_cs_replication_manager(realm, replica, dirman_passwd)
except Exception as e:
except Exception, e:
sys.exit(str(e))
entries = repl.find_replication_agreements()
for entry in entries:
print('%s' % entry.single_value.get('nsds5replicahost'))
print '%s' % entry.single_value.get('nsds5replicahost')
if verbose:
print(" last init status: %s" % entry.single_value.get(
'nsds5replicalastinitstatus'))
print(" last init ended: %s" % str(
print " last init status: %s" % entry.single_value.get(
'nsds5replicalastinitstatus')
print " last init ended: %s" % str(
ipautil.parse_generalized_time(
entry.single_value['nsds5replicalastinitend'])))
print(" last update status: %s" % entry.single_value.get(
'nsds5replicalastupdatestatus'))
print(" last update ended: %s" % str(
entry.single_value['nsds5replicalastinitend']))
print " last update status: %s" % entry.single_value.get(
'nsds5replicalastupdatestatus')
print " last update ended: %s" % str(
ipautil.parse_generalized_time(
entry.single_value['nsds5replicalastupdateend'])))
entry.single_value['nsds5replicalastupdateend']))
def del_link(realm, replica1, replica2, dirman_passwd, force=False):
@@ -164,9 +162,9 @@ def del_link(realm, replica1, replica2, dirman_passwd, force=False):
repl1.hostnames = [replica1, replica2]
except errors.NetworkError as e:
except errors.NetworkError, e:
sys.exit("Unable to connect to %s: %s" % (replica1, e))
except Exception as e:
except Exception, e:
sys.exit("Failed to get data from '%s': %s" % (replica1, e))
try:
@@ -179,13 +177,13 @@ def del_link(realm, replica1, replica2, dirman_passwd, force=False):
# Now that we've confirmed that both hostnames are vaild, make sure
# that we aren't removing the last link from either side.
if not force and len(repl_list) <= 1:
print("Cannot remove the last replication link of '%s'" % replica2)
print("Please use the 'del' command to remove it from the domain")
print "Cannot remove the last replication link of '%s'" % replica2
print "Please use the 'del' command to remove it from the domain"
sys.exit(1)
if not force and len(repl_list1) <= 1:
print("Cannot remove the last replication link of '%s'" % replica1)
print("Please use the 'del' command to remove it from the domain")
print "Cannot remove the last replication link of '%s'" % replica1
print "Please use the 'del' command to remove it from the domain"
sys.exit(1)
# Find the DN of the replication agreement to remove
@@ -200,11 +198,11 @@ def del_link(realm, replica1, replica2, dirman_passwd, force=False):
sys.exit("'%s' has no replication agreement for '%s'" % (replica1, replica2))
except errors.NotFound:
print("'%s' has no replication agreement for '%s'" % (replica2, replica1))
print "'%s' has no replication agreement for '%s'" % (replica2, replica1)
if not force:
return
except Exception as e:
print("Failed to get data from '%s': %s" % (replica2, e))
except Exception, e:
print "Failed to get data from '%s': %s" % (replica2, e)
if not force:
sys.exit(1)
@@ -213,23 +211,23 @@ def del_link(realm, replica1, replica2, dirman_passwd, force=False):
try:
repl2.delete_agreement(replica1, replica2_dn)
repl2.delete_referral(replica1, repl1.port)
except Exception as e:
print("Unable to remove agreement on %s: %s" % (replica2, e))
except Exception, e:
print "Unable to remove agreement on %s: %s" % (replica2, e)
failed = True
if failed:
if force:
print("Forcing removal on '%s'" % replica1)
print "Forcing removal on '%s'" % replica1
else:
sys.exit(1)
if not repl2 and force:
print("Forcing removal on '%s'" % replica1)
print "Forcing removal on '%s'" % replica1
repl1.delete_agreement(replica2, replica1_dn)
repl1.delete_referral(replica2, repl2.port)
print("Deleted replication agreement from '%s' to '%s'" % (replica1, replica2))
print "Deleted replication agreement from '%s' to '%s'" % (replica1, replica2)
def del_master(realm, hostname, options):
@@ -241,7 +239,7 @@ def del_master(realm, hostname, options):
try:
thisrepl = replication.get_cs_replication_manager(realm, options.host,
options.dirman_passwd)
except Exception as e:
except Exception, e:
sys.exit("Failed to connect to server %s: %s" % (options.host, e))
# 2. Ensure we have an agreement with the master
@@ -252,12 +250,12 @@ def del_master(realm, hostname, options):
try:
delrepl = replication.get_cs_replication_manager(realm, hostname,
options.dirman_passwd)
except Exception as e:
except Exception, e:
if not options.force:
print("Unable to delete replica %s: %s" % (hostname, e))
print "Unable to delete replica %s: %s" % (hostname, e)
sys.exit(1)
else:
print("Unable to connect to replica %s, forcing removal" % hostname)
print "Unable to connect to replica %s, forcing removal" % hostname
force_del = True
# 4. Get list of agreements.
@@ -273,7 +271,7 @@ def del_master(realm, hostname, options):
for r in replica_names:
try:
del_link(realm, r, hostname, options.dirman_passwd, force=True)
except Exception as e:
except Exception, e:
sys.exit("There were issues removing a connection: %s" % e)
# 6. Pick CA renewal master
@@ -285,17 +283,19 @@ def del_master(realm, hostname, options):
try:
if bindinstance.dns_container_exists(options.host, api.env.basedn,
dm_password=options.dirman_passwd):
api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')),
bind_pw=options.dirman_passwd)
bind = bindinstance.BindInstance()
bind.remove_ipa_ca_dns_records(hostname, realm.lower())
except Exception as e:
print("Failed to cleanup %s DNS entries: %s" % (hostname, e))
print("You may need to manually remove them from the tree")
except Exception, e:
print "Failed to cleanup %s DNS entries: %s" % (hostname, e)
print "You may need to manually remove them from the tree"
def add_link(realm, replica1, replica2, dirman_passwd, options):
try:
repl2 = replication.get_cs_replication_manager(realm, replica2,
dirman_passwd)
except Exception as e:
except Exception, e:
sys.exit(str(e))
try:
conn = ipaldap.IPAdmin(replica2, 636, cacert=CACERT)
@@ -303,13 +303,13 @@ def add_link(realm, replica1, replica2, dirman_passwd, options):
dn = DN(('cn', 'CA'), ('cn', replica2), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'),
ipautil.realm_to_suffix(realm))
conn.get_entries(dn, conn.SCOPE_BASE)
conn.get_entries(dn, conn.SCOPE_ONELEVEL)
conn.unbind()
except errors.NotFound:
sys.exit('%s does not have a CA configured.' % replica2)
except errors.NetworkError as e:
except errors.NetworkError, e:
sys.exit("Unable to connect to %s: %s" % (ipautil.format_netloc(replica2, 636), str(e)))
except Exception as e:
except Exception, e:
sys.exit("Failed to get data while trying to bind to '%s': %s" % (replica1, str(e)))
try:
@@ -323,9 +323,9 @@ def add_link(realm, replica1, replica2, dirman_passwd, options):
except errors.NotFound:
sys.exit("Cannot find replica '%s'" % replica1)
except errors.NetworkError as e:
except errors.NetworkError, e:
sys.exit("Unable to connect to %s: %s" % (replica1, e))
except Exception as e:
except Exception, e:
sys.exit(
"Failed to get data from '%s' while trying to get current "
"agreements: %s" % (replica1, e))
@@ -333,7 +333,7 @@ def add_link(realm, replica1, replica2, dirman_passwd, options):
repl1.setup_replication(
replica2, repl2.port, 0, DN(('cn', 'Directory Manager')),
dirman_passwd, is_cs_replica=True, local_port=repl1.port)
print("Connected '%s' to '%s'" % (replica1, replica2))
print "Connected '%s' to '%s'" % (replica1, replica2)
def re_initialize(realm, options):
@@ -347,7 +347,7 @@ def re_initialize(realm, options):
options.dirman_passwd)
thisrepl = replication.get_cs_replication_manager(realm, thishost,
options.dirman_passwd)
except Exception as e:
except Exception, e:
sys.exit(str(e))
filter = repl.get_agreement_filter(host=thishost)
@@ -373,7 +373,7 @@ def force_sync(realm, thishost, fromhost, dirman_passwd):
repl = replication.get_cs_replication_manager(realm, fromhost,
dirman_passwd)
repl.force_sync(repl.conn, thishost)
except Exception as e:
except Exception, e:
sys.exit(str(e))
def set_renewal_master(realm, replica):
@@ -386,23 +386,10 @@ def set_renewal_master(realm, replica):
try:
ca.set_renewal_master(replica)
except Exception as e:
except Exception, e:
sys.exit("Failed to set renewal master to %s: %s" % (replica, e))
print("%s is now the renewal master" % replica)
def exit_on_managed_topology(what, hint="topologysegment"):
if hint == "topologysegment":
hinttext = ("Please use `ipa topologysegment-*` commands to manage "
"the topology.")
elif hint == "ipa-replica-manage-del":
hinttext = ("Please use the `ipa-replica-manage del` command.")
else:
assert False, "Unexpected value"
sys.exit("{0} is deprecated with managed IPA replication topology. {1}"
.format(what, hinttext))
print "%s is now the renewal master" % replica
def main():
options, args = parse_options()
@@ -420,7 +407,7 @@ def main():
api.finalize()
dirman_passwd = None
realm = api.env.realm
realm = krbV.default_context().default_realm
if options.host:
host = options.host
@@ -439,19 +426,12 @@ def main():
options.dirman_passwd = dirman_passwd
api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')),
bind_pw=options.dirman_passwd)
if args[0] == "list":
replica = None
if len(args) == 2:
replica = args[1]
list_replicas(realm, host, replica, dirman_passwd, options.verbose)
elif args[0] == "del":
if has_managed_topology(api):
exit_on_managed_topology(
"Removal of IPA CS replication agreement and replication data",
hint="ipa-replica-manage-del")
del_master(realm, args[1], options)
elif args[0] == "re-initialize":
re_initialize(realm, options)
@@ -460,8 +440,6 @@ def main():
sys.exit("force-sync requires the option --from <host name>")
force_sync(realm, host, options.fromhost, options.dirman_passwd)
elif args[0] == "connect":
if has_managed_topology(api):
exit_on_managed_topology("Creation of IPA CS replication agreement")
if len(args) == 3:
replica1 = args[1]
replica2 = args[2]
@@ -470,8 +448,6 @@ def main():
replica2 = args[1]
add_link(realm, replica1, replica2, dirman_passwd, options)
elif args[0] == "disconnect":
if has_managed_topology(api):
exit_on_managed_topology("Removal of IPA CS replication agreement")
if len(args) == 3:
replica1 = args[1]
replica2 = args[2]
@@ -489,7 +465,7 @@ try:
main()
except KeyboardInterrupt:
sys.exit(1)
except SystemExit as e:
except SystemExit, e:
sys.exit(e)
except Exception as e:
except Exception, e:
sys.exit("unexpected error: %s" % e)