websms/freeipa
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Imported Upstream version 4.0.5

Browse Source
This commit is contained in:
Mario Fetka
2021-07-25 07:50:50 +02:00
parent 8ff3be4216
commit 3bfaa6e020
2049 changed files with 317193 additions and 1632423 deletions
Download Patch File Download Diff File Expand all files Collapse all files

239
install/tools/ipactl
View File

@@ -18,8 +18,6 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import print_function
import sys
import os
import json
@@ -27,24 +25,17 @@ import json
import ldapurl
from ipaserver.install import service, installutils
from ipaserver.install.dsinstance import config_dirname
from ipaserver.install.dsinstance import config_dirname, realm_to_serverid
from ipaserver.install.installutils import is_ipa_configured, ScriptError
from ipalib import api, errors
from ipapython.ipaldap import LDAPClient
from ipapython.ipaldap import IPAdmin
from ipapython.ipautil import wait_for_open_ports, wait_for_open_socket
from ipapython.ipautil import run
from ipapython import config
from ipapython import config, dogtag
from ipaplatform.tasks import tasks
from ipapython.dn import DN
from ipaplatform import services
from ipaplatform.paths import paths
MSG_HINT_IGNORE_SERVICE_FAILURE = (
"Hint: You can use --ignore-service-failure option for forced start in "
"case that a non-critical service failed"
)
class IpactlError(ScriptError):
pass
@@ -54,19 +45,6 @@ def check_IPA_configuration():
raise IpactlError("IPA is not configured " +
"(see man pages of ipa-server-install for help)", 6)
def deduplicate(lst):
"""Remove duplicates and preserve order.
Returns copy of list with preserved order and removed duplicates.
"""
new_lst = []
s = set(lst)
for i in lst:
if i in s:
s.remove(i)
new_lst.append(i)
return new_lst
def is_dirsrv_debugging_enabled():
"""
Check the 389-ds instance to see if debugging is enabled.
@@ -75,7 +53,7 @@ def is_dirsrv_debugging_enabled():
returns True or False
"""
debugging = False
serverid = installutils.realm_to_serverid(api.env.realm)
serverid = realm_to_serverid(api.env.realm)
dselist = [config_dirname(serverid)]
for dse in dselist:
try:
@@ -86,7 +64,7 @@ def is_dirsrv_debugging_enabled():
fd.close()
for line in lines:
if line.lower().startswith('nsslapd-errorlog-level'):
_option, value = line.split(':')
(option, value) = line.split(':')
if int(value) > 0:
debugging = True
@@ -99,7 +77,7 @@ def get_capture_output(service, debug):
tons and tons of information.
"""
if service == 'dirsrv' and not debug and is_dirsrv_debugging_enabled():
print(' debugging enabled, suppressing output.')
print ' debugging enabled, suppressing output.'
return True
else:
return False
@@ -112,54 +90,17 @@ def parse_options():
parser.add_option("-d", "--debug", action="store_true", dest="debug",
help="Display debugging information")
parser.add_option("-f", "--force", action="store_true", dest="force",
help="Force IPA to start. Combine options "
"--skip-version-check and --ignore-service-failures")
parser.add_option("--ignore-service-failures", action="store_true",
dest="ignore_service_failures",
help="If any service start fails, do not rollback the "
"services, continue with the operation")
parser.add_option("--skip-version-check", action="store_true",
dest="skip_version_check", default=False,
help="skip version check")
help="If any service start fails, do not rollback the"
+ " services, continue with the operation")
options, args = parser.parse_args()
safe_options = parser.get_safe_opts(options)
if options.force:
options.ignore_service_failures = True
options.skip_version_check = True
return safe_options, options, args
def emit_err(err):
sys.stderr.write(err + '\n')
def version_check():
try:
installutils.check_version()
except (installutils.UpgradeMissingVersionError,
installutils.UpgradeDataOlderVersionError) as exc:
emit_err("IPA version error: %s" % exc)
except installutils.UpgradeVersionError as e:
emit_err("IPA version error: %s" % e)
else:
return
emit_err("Automatically running upgrade, for details see {}".format(
paths.IPAUPGRADE_LOG))
emit_err("Be patient, this may take a few minutes.")
# Fork out to call ipa-server-upgrade so that logging is sane.
result = run([paths.IPA_SERVER_UPGRADE], raiseonerr=False,
capture_error=True)
if result.returncode != 0:
emit_err("Automatic upgrade failed: %s" % result.error_output)
emit_err("See the upgrade log for more details and/or run {} again".
format(paths.IPA_SERVER_UPGRADE))
raise IpactlError("Aborting ipactl")
def get_config(dirsrv):
base = DN(('cn', api.env.host), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn)
srcfilter = '(ipaConfigString=enabledService)'
@@ -178,14 +119,16 @@ def get_config(dirsrv):
else:
(host, port) = lurl.hostport.split(':')
wait_for_open_ports(host, [int(port)], timeout=api.env.startup_timeout)
con = LDAPClient(api.env.ldap_uri)
con.external_bind()
res = con.get_entries(
base,
con = IPAdmin(ldap_uri=api.env.ldap_uri)
con.do_external_bind()
res, truncated = con.find_entries(
filter=srcfilter,
attrs_list=attrs,
base_dn=base,
scope=con.SCOPE_SUBTREE,
time_limit=10)
if truncated:
raise errors.LimitsExceeded()
except errors.NetworkError:
# LSB status code 3: program is not running
raise IpactlError("Failed to get list of services to probe status:\n" +
@@ -196,7 +139,7 @@ def get_config(dirsrv):
attrs = ['cn']
try:
entries = con.get_entries(dn, con.SCOPE_ONELEVEL, attrs_list=attrs)
except Exception as e:
except Exception, e:
masters_list.append("No master found because of error: %s" % str(e))
else:
for master_entry in entries:
@@ -207,7 +150,7 @@ def get_config(dirsrv):
raise IpactlError("Failed to get list of services to probe status!\n"
"Configured hostname '%s' does not match any master server in LDAP:\n%s"
% (api.env.host, masters))
except Exception as e:
except Exception, e:
raise IpactlError("Unknown error when retrieving list of services from LDAP: " + str(e))
svc_list = []
@@ -236,7 +179,7 @@ def get_config_from_file():
try:
f = open(tasks.get_svc_list_file(), 'r')
svc_list = json.load(f)
except Exception as e:
except Exception, e:
raise IpactlError("Unknown error when retrieving list of services from file: " + str(e))
# the framework can start/stop a number of related services we are not
@@ -249,7 +192,7 @@ def get_config_from_file():
def_svc_list.append([s[1], s[0]])
ordered_list = []
for _order, svc in sorted(def_svc_list):
for (order, svc) in sorted(def_svc_list):
if svc in svc_list:
ordered_list.append(svc)
@@ -258,7 +201,7 @@ def get_config_from_file():
def stop_services(svc_list):
for svc in svc_list:
svc_off = services.service(svc, api=api)
svc_off = services.service(svc)
try:
svc_off.stop(capture_output=False)
except Exception:
@@ -274,11 +217,6 @@ def stop_dirsrv(dirsrv):
def ipa_start(options):
if not options.skip_version_check:
version_check()
else:
print("Skipping version check")
if os.path.isfile(tasks.get_svc_list_file()):
emit_err("Existing service file detected!")
emit_err("Assuming stale, cleaning and proceeding")
@@ -291,23 +229,24 @@ def ipa_start(options):
dirsrv = services.knownservices.dirsrv
try:
print("Starting Directory Service")
print "Starting Directory Service"
dirsrv.start(capture_output=get_capture_output('dirsrv', options.debug))
except Exception as e:
except Exception, e:
raise IpactlError("Failed to start Directory Service: " + str(e))
ldap_list = []
try:
svc_list = get_config(dirsrv)
except Exception as e:
except Exception, e:
emit_err("Failed to read data from service file: " + str(e))
emit_err("Shutting down")
if not options.ignore_service_failures:
if not options.force:
stop_dirsrv(dirsrv)
if isinstance(e, IpactlError):
# do not display any other error message
raise IpactlError(rval=e.rval) # pylint: disable=no-member
raise IpactlError(rval=e.rval)
else:
raise IpactlError()
@@ -315,17 +254,15 @@ def ipa_start(options):
# no service to start
return
svc_list = deduplicate(svc_list)
for svc in svc_list:
svchandle = services.service(svc, api=api)
svchandle = services.service(svc)
try:
print("Starting %s Service" % svc)
print "Starting %s Service" % svc
svchandle.start(capture_output=get_capture_output(svc, options.debug))
except Exception:
emit_err("Failed to start %s Service" % svc)
# if ignore_service_failures is specified, skip rollback and
# continue with the next service
if options.ignore_service_failures:
#if force start specified, skip rollback and continue with the next service
if options.force:
emit_err("Forced start, ignoring %s Service, continuing normal operation" % svc)
continue
@@ -333,20 +270,19 @@ def ipa_start(options):
stop_services(svc_list)
stop_dirsrv(dirsrv)
emit_err(MSG_HINT_IGNORE_SERVICE_FAILURE)
raise IpactlError("Aborting ipactl")
def ipa_stop(options):
dirsrv = services.knownservices.dirsrv
try:
svc_list = get_config_from_file()
except Exception as e:
except Exception, e:
# Issue reading the file ? Let's try to get data from LDAP as a
# fallback
try:
dirsrv.start(capture_output=False)
svc_list = get_config(dirsrv)
except Exception as e:
except Exception, e:
emit_err("Failed to read data from Directory Service: " + str(e))
emit_err("Shutting down")
try:
@@ -355,21 +291,20 @@ def ipa_stop(options):
finally:
raise IpactlError()
svc_list = deduplicate(svc_list)
for svc in reversed(svc_list):
svchandle = services.service(svc, api=api)
try:
print("Stopping %s Service" % svc)
svchandle.stop(capture_output=False)
except Exception:
emit_err("Failed to stop %s Service" % svc)
try:
print("Stopping Directory Service")
print "Stopping Directory Service"
dirsrv.stop(capture_output=False)
except Exception:
except:
raise IpactlError("Failed to stop Directory Service")
for svc in reversed(svc_list):
svchandle = services.service(svc)
try:
print "Stopping %s Service" % svc
svchandle.stop(capture_output=False)
except:
emit_err("Failed to stop %s Service" % svc)
# remove file with list of started services
try:
os.unlink(paths.SVC_LIST_FILE)
@@ -378,50 +313,36 @@ def ipa_stop(options):
def ipa_restart(options):
if not options.skip_version_check:
try:
version_check()
except Exception as e:
try:
ipa_stop(options)
except Exception:
# We don't care about errors that happened while stopping.
# We need to raise the upgrade error.
pass
raise e
else:
print("Skipping version check")
dirsrv = services.knownservices.dirsrv
new_svc_list = []
dirsrv_restart = True
if not dirsrv.is_running():
try:
print("Starting Directory Service")
print "Starting Directory Service"
dirsrv.start(capture_output=get_capture_output('dirsrv', options.debug))
dirsrv_restart = False
except Exception as e:
except Exception, e:
raise IpactlError("Failed to start Directory Service: " + str(e))
try:
new_svc_list = get_config(dirsrv)
except Exception as e:
except Exception, e:
emit_err("Failed to read data from Directory Service: " + str(e))
emit_err("Shutting down")
try:
dirsrv.stop(capture_output=False)
except Exception:
except:
pass
if isinstance(e, IpactlError):
# do not display any other error message
raise IpactlError(rval=e.rval) # pylint: disable=no-member
raise IpactlError(rval=e.rval)
else:
raise IpactlError()
old_svc_list = []
try:
old_svc_list = get_config_from_file()
except Exception as e:
except Exception, e:
emit_err("Failed to get service list from file: " + str(e))
# fallback to what's in LDAP
old_svc_list = new_svc_list
@@ -442,24 +363,23 @@ def ipa_restart(options):
if len(old_svc_list) != 0:
# we need to definitely stop some services
old_svc_list = deduplicate(old_svc_list)
for svc in reversed(old_svc_list):
svchandle = services.service(svc, api=api)
svchandle = services.service(svc)
try:
print("Stopping %s Service" % svc)
print "Stopping %s Service" % svc
svchandle.stop(capture_output=False)
except Exception:
except:
emit_err("Failed to stop %s Service" % svc)
try:
if dirsrv_restart:
print("Restarting Directory Service")
print "Restarting Directory Service"
dirsrv.restart(capture_output=get_capture_output('dirsrv', options.debug))
except Exception as e:
except Exception, e:
emit_err("Failed to restart Directory Service: " + str(e))
emit_err("Shutting down")
if not options.ignore_service_failures:
if not options.force:
stop_services(reversed(svc_list))
stop_dirsrv(dirsrv)
@@ -467,17 +387,16 @@ def ipa_restart(options):
if len(svc_list) != 0:
# there are services to restart
svc_list = deduplicate(svc_list)
for svc in svc_list:
svchandle = services.service(svc, api=api)
svchandle = services.service(svc)
try:
print("Restarting %s Service" % svc)
print "Restarting %s Service" % svc
svchandle.restart(capture_output=get_capture_output(svc, options.debug))
except Exception:
emit_err("Failed to restart %s Service" % svc)
# if ignore_service_failures is specified,
# skip rollback and continue with the next service
if options.ignore_service_failures:
#if force start specified, skip rollback and continue with the next service
if options.force:
emit_err("Forced restart, ignoring %s Service, continuing normal operation" % svc)
continue
@@ -485,22 +404,19 @@ def ipa_restart(options):
stop_services(svc_list)
stop_dirsrv(dirsrv)
emit_err(MSG_HINT_IGNORE_SERVICE_FAILURE)
raise IpactlError("Aborting ipactl")
if len(new_svc_list) != 0:
# we still need to start some services
new_svc_list = deduplicate(new_svc_list)
for svc in new_svc_list:
svchandle = services.service(svc, api=api)
svchandle = services.service(svc)
try:
print("Starting %s Service" % svc)
print "Starting %s Service" % svc
svchandle.start(capture_output=get_capture_output(svc, options.debug))
except Exception:
emit_err("Failed to start %s Service" % svc)
# if ignore_service_failures is specified, skip rollback and
# continue with the next service
if options.ignore_service_failures:
#if force start specified, skip rollback and continue with the next service
if options.force:
emit_err("Forced start, ignoring %s Service, continuing normal operation" % svc)
continue
@@ -508,7 +424,6 @@ def ipa_restart(options):
stop_services(svc_list)
stop_dirsrv(dirsrv)
emit_err(MSG_HINT_IGNORE_SERVICE_FAILURE)
raise IpactlError("Aborting ipactl")
def ipa_status(options):
@@ -519,38 +434,37 @@ def ipa_status(options):
svc_list = get_config(dirsrv)
else:
svc_list = get_config_from_file()
except IpactlError as e:
except IpactlError, e:
if os.path.exists(tasks.get_svc_list_file()):
raise e
else:
svc_list = []
except Exception as e:
except Exception, e:
raise IpactlError("Failed to get list of services to probe status: " + str(e))
dirsrv = services.knownservices.dirsrv
try:
if dirsrv.is_running():
print("Directory Service: RUNNING")
print "Directory Service: RUNNING"
else:
print("Directory Service: STOPPED")
print "Directory Service: STOPPED"
if len(svc_list) == 0:
print(("Directory Service must be running in order to " +
"obtain status of other services"))
print ("Directory Service must be running in order to " +
"obtain status of other services")
except:
raise IpactlError("Failed to get Directory Service status")
if len(svc_list) == 0:
return
svc_list = deduplicate(svc_list)
for svc in svc_list:
svchandle = services.service(svc, api=api)
svchandle = services.service(svc)
try:
if svchandle.is_running():
print("%s Service: RUNNING" % svc)
print "%s Service: RUNNING" % svc
else:
print("%s Service: STOPPED" % svc)
except Exception:
print "%s Service: STOPPED" % svc
except:
emit_err("Failed to get %s Service status" % svc)
def main():
@@ -558,7 +472,7 @@ def main():
# LSB status code 4: user had insufficient privilege
raise IpactlError("You must be root to run ipactl.", 4)
_safe_options, options, args = parse_options()
safe_options, options, args = parse_options()
if len(args) != 1:
# LSB status code 2: invalid or excess argument(s)
@@ -569,7 +483,7 @@ def main():
# check if IPA is configured at all
try:
check_IPA_configuration()
except IpactlError as e:
except IpactlError, e:
if args[0].lower() == "status":
# Different LSB return code for status command:
# 4 - program or service status is unknown
@@ -580,10 +494,7 @@ def main():
else:
raise e
api.bootstrap(in_server=True,
context='ipactl',
confdir=paths.ETC_IPA,
debug=options.debug)
api.bootstrap(context='ipactl', debug=options.debug)
api.finalize()
if '.' not in api.env.host: