[Freeipa-devel] [PATCH] 0113 Remove systemd upgrade script as it is not used anymore
Alexander Bokovoy
abokovoy at redhat.com
Thu Aug 15 06:44:12 UTC 2013
Hi!
We removed SysV -> systemd upgrade script in Fedora packages as it is
not needed anymore (Fedora 16 is already EOL, Fedora 17 too) and even
creates issues by enforcing a second directory server instance for PKI
on systemd level. The latter causes things to break after upgrade.
This patch removes it from the source.
--
/ Alexander Bokovoy
-------------- next part --------------
>From 1aa8143fa2dec78141856c70828e90449aa5820d Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy at redhat.com>
Date: Thu, 15 Aug 2013 09:40:02 +0300
Subject: [PATCH 3/3] Remove systemd upgrader as it is not used anymore
---
init/systemd/freeipa-systemd-upgrade | 95 ------------------------------------
install/po/Makefile.in | 1 -
2 files changed, 96 deletions(-)
delete mode 100755 init/systemd/freeipa-systemd-upgrade
diff --git a/init/systemd/freeipa-systemd-upgrade b/init/systemd/freeipa-systemd-upgrade
deleted file mode 100755
index 7e7c202..0000000
--- a/init/systemd/freeipa-systemd-upgrade
+++ /dev/null
@@ -1,95 +0,0 @@
-#! /usr/bin/python -E
-from ipaserver.install.krbinstance import update_key_val_in_file
-from ipapython import ipautil, config
-from ipapython import services as ipaservices
-import os, platform
-
-def convert_java_link(foo, topdir, filepaths):
- cwd = os.getcwd()
- os.chdir(topdir)
- for filepath in filepaths:
- # All this shouldn't happen because java system upgrade should properly
- # move files and symlinks but if this is a broken link
- if os.path.islink(filepath):
- print " Checking %s ... " % (filepath),
- if not os.path.exists(filepath):
- rpath = os.path.realpath(filepath)
- # .. and it points to jss in /usr/lib
- if rpath.find('/usr/lib/') != -1 and rpath.find('jss') != -1:
- base = os.path.basename(rpath)
- bitness = platform.architecture()[0][:2]
- # rewrite it to /usr/lib64 for x86_64 platform
- if bitness == '64':
- npath = "/usr/lib%s/jss/%s" % (bitness, base)
- os.unlink(filepath)
- os.symlink(npath, filepath)
- print "%s -> %s" % (filepath, npath)
- else:
- print "Ok"
- else:
- print "Ok"
- else:
- print "Ok"
- os.chdir(cwd)
-
-# 0. Init config
-try:
- config.init_config()
-except config.IPAConfigError, e:
- # No configured IPA install, no need to upgrade anything
- exit(0)
-
-# 1. Convert broken symlinks, if any, in /var/lib/pki-ca
-if os.path.exists('/var/lib/pki-ca/common/lib'):
- print "Analyzing symlinks in PKI-CA install"
- os.path.walk('/var/lib/pki-ca/common/lib', convert_java_link, None)
-
-try:
- print "Found IPA server for domain %s" % (config.config.default_realm)
- # 1. Make sure Dogtag instance (if exists) has proper OIDs for IPA CA
- ipa_ca_cfg = "/var/lib/pki-ca/profiles/ca/caIPAserviceCert.cfg"
- if os.path.exists(ipa_ca_cfg):
- print "Make sure PKI-CA has Extended Key Usage OIDs for the certificates (Server and Client Authentication)",
- key = 'policyset.serverCertSet.7.default.params.exKeyUsageOIDs'
- value = '1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2'
- replacevars = {key:value}
- appendvars = {}
- old_values = ipautil.config_replace_variables(ipa_ca_cfg, replacevars=replacevars, appendvars=appendvars)
- ipaservices.restore_context(ipa_ca_cfg)
- if key in old_values and old_values[key] != value:
- print
- print " WARNING: Previously issued certificate didn't have both Server and Client Authentication usage"
- print " Old usage OID(s): %(oids)s" % (old_values[key])
- print " Please make sure to revoke old certificates and re-issue them again to add both usages when needed"
- ipaservices.service('pki-cad').restart()
- else:
- print "... ok"
- print "Converting services setup to systemd"
- # 2. Upgrade /etc/sysconfig/dirsrv for systemd
- print " Upgrade /etc/sysconfig/dirsrv"
- update_key_val_in_file("/etc/sysconfig/dirsrv", "KRB5_KTNAME", "/etc/dirsrv/ds.keytab")
- # 3. Upgrade /etc/sysconfig/krb5kdc for systemd
- print " Upgrade /etc/sysconfig/krb5kdc"
- replacevars = {'KRB5REALM':config.config.default_realm}
- appendvars = {}
- ipautil.config_replace_variables("/etc/sysconfig/krb5kdc",
- replacevars=replacevars, appendvars=appendvars)
- ipaservices.restore_context("/etc/sysconfig/krb5kdc")
- # 4. Enable DS instances:
- # when enabling DS instances we'll also do configure /etc/sysconfig/dirsrv.systemd
- # which comes with 389-ds-base-1.2.10-0.8.a7 on F-16 and later. This is handled in
- # fedora16 platform code
- realm = config.config.default_realm.upper().replace('.','-') #pylint: disable=E1103
- print " Re-enable Directory server instances PKI-IPA and %s " % (realm)
- if os.path.exists('/etc/systemd/system/dirsrv at .service'):
- os.unlink('/etc/systemd/system/dirsrv at .service')
- ipaservices.knownservices.dirsrv.enable(realm)
- ipaservices.knownservices.dirsrv.enable("PKI-IPA")
- # 4. Enable FreeIPA
- print " Re-enable IPA service"
- ipaservices.knownservices.ipa.enable()
-except:
- pass
-
-finally:
- print "Finished."
diff --git a/install/po/Makefile.in b/install/po/Makefile.in
index 7ef03c5..6dca615 100644
--- a/install/po/Makefile.in
+++ b/install/po/Makefile.in
@@ -41,7 +41,6 @@ H_FILES = $(shell cd ../..; git ls-files | grep "\.h$$" | tr '\n' ' '; cd instal
# Please keep this list sorted!
PY_EXPLICIT_FILES = \
- init/systemd/freeipa-systemd-upgrade \
install/tools/ipa-adtrust-install \
install/tools/ipa-ca-install \
install/tools/ipa-compat-manage \
--
1.8.3.1
More information about the Freeipa-devel
mailing list