[Freeipa-devel] [PATCH] Changes to use a single database for dogtag and IPA
Petr Viktorin
pviktori at redhat.com
Fri Oct 5 09:57:21 UTC 2012
On 10/04/2012 10:04 PM, Ade Lee wrote:
> Attached is a patch to handle the ipa-replica-conncheck issue. It
> should be applied on top of your patch.
>
> Essentially, the fix is as follows:
> A. If the DS_PORT = 7389, then we pass --check-ca in the
> ipa-replica-conncheck to be executed on the master.
> a1. If the master is ipa 2.x, this will prompt a check for port 7389.
> a2. If the master is ipa 3, this will default to dogtag_ds_port of 7389.
>
> B. Else if DS_PORT = 389, then we pass nothing to the
> ipa-replica-conncheck to be executed on the master. This is because we
> will be checking 389 in any case for the IPA DS check.
>
> Ade
The code works, I got past the connection check, and now I'm getting the
same internal server error with a clone from IPA 2.2 as with a clone
from "3.0 upgraded from 2.2" (unknown object class "request").
However, since with this patch IPA will depend on Dogtag 10,
install_constants.DS_PORT will always be 389, so case A will never
happen. I think the two if-blocks that add the --check-ca can be dropped
entirely.
Assuming that even a clone from an old instance will use the single DB,
conncheck's --dogtag-master-ds-port option is redundant: iff the server
supports it, it uses port 389 which doesn't need re-checking.
>
> 0001-Allow-ipa-replica-conncheck-to-work-with-2.2-instanc.patch
>
>
> From a9cd4cb15e6c230e5690f3fa919fda9c5728ee10 Mon Sep 17 00:00:00 2001
> From: Ade Lee<alee at redhat.com>
> Date: Thu, 4 Oct 2012 15:55:29 -0400
> Subject: [PATCH] Allow ipa-replica-conncheck to work with 2.2 instances
>
> ---
> install/tools/ipa-replica-conncheck | 15 +++++++--------
> 1 file changed, 7 insertions(+), 8 deletions(-)
>
> diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck
> index c9fb816be43d873a6ca79396e77270fd0d10aa12..498ef49e84e1dc8325b6fc2d850c8bffb9297e69 100755
> --- a/install/tools/ipa-replica-conncheck
> +++ b/install/tools/ipa-replica-conncheck
> @@ -282,7 +282,11 @@ def main():
>
> required_ports = BASE_PORTS
> if options.check_ca:
> - ca_port = CheckedPort(int(options.dogtag_master_ds_port), SOCK_STREAM,
> + port_val = 7389
> + if options.dogtag_master_ds_port:
> + port_val = int(options.dogtag_master_ds_port)
> +
> + ca_port = CheckedPort(port_val, SOCK_STREAM,
> "PKI-CA: Directory Service port")
> required_ports.extend([ca_port])
>
> @@ -359,11 +363,8 @@ def main():
> raise RuntimeError("Could not get ticket for master server: %s" % stderr)
>
> remote_check_opts = ['--replica %s' % options.hostname]
> - if options.check_ca:
> + if options.check_ca and dogtag.install_constants.DS_PORT == 7389:
> remote_check_opts.append('--check-ca')
> - remote_check_opts.extend(["--dogtag-master-ds-port",
> - str(dogtag.install_constants.DS_PORT)])
> -
>
> print_info("Execute check on remote master")
>
> @@ -387,10 +388,8 @@ def main():
> print_info("Please run the following command on remote master:")
>
> remote_check_opts = ['--replica %s' % options.hostname]
> - if options.check_ca:
> + if options.check_ca and dogtag.install_constants.DS_PORT == 7389:
> remote_check_opts.append('--check-ca')
> - remote_check_opts.extend(["--dogtag-master-ds-port",
> - str(dogtag.install_constants.DS_PORT)])
>
> print_info("/usr/sbin/ipa-replica-conncheck " + " ".join(remote_check_opts))
> time.sleep(3600)
> -- 1.7.12
>
--
Petr³
More information about the Freeipa-devel
mailing list