[Pki-devel] [PATCH] 0038..0041 fix upgrade issues
Fraser Tweedale
ftweedal at redhat.com
Mon Jun 15 17:04:31 UTC 2015
The attached patches fix a number of issues upgrading from 10.2.3-2
to 10.2.4-2, the most severe of which is that pki-tomcatd cannot
start after upgrade due to reference to removed class
NuxwdogPasswordStoreInitializer. These issues are blocking FreeIPA
4.2 alpha. (There might be more issues to discover, but these fixes
are all I have in me tonight.)
Depending on when we were planning to cut 10.2.5, it might be
worthwhile doing a 10.2.4-3 - but I leave it to more experienced
folk to make that call.
Thanks,
Fraser
-------------- next part --------------
From c37dafebc974324656c22857b4aba23172e47ae8 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <frase at frase.id.au>
Date: Mon, 15 Jun 2015 10:47:57 -0400
Subject: [PATCH 38/41] Invoke PKIInstance.load() during upgrade
Some upgrade servlets use attributes loaded when PKIInstance.load()
is invoked, but it may not have been; breakage ensues. Invoke it
before executing upgrade scriptlets.
---
base/server/python/pki/server/upgrade.py | 1 +
1 file changed, 1 insertion(+)
diff --git a/base/server/python/pki/server/upgrade.py b/base/server/python/pki/server/upgrade.py
index db3d968aa85e977838ebd8a13be798dc373ab172..a105dd15c348ac79085c0982b201baaae74e2c20 100644
--- a/base/server/python/pki/server/upgrade.py
+++ b/base/server/python/pki/server/upgrade.py
@@ -195,6 +195,7 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader):
self.instanceName == instanceName:
instance = pki.server.PKIInstance(instanceName)
instance.validate()
+ instance.load()
instance_list.append(instance)
if not self.instanceType or self.instanceType == 9:
--
2.1.0
-------------- next part --------------
From dc1a90097ff2a0099495d0266b3e6be82d55ae6c Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <frase at frase.id.au>
Date: Mon, 15 Jun 2015 11:22:17 -0400
Subject: [PATCH 39/41] Upgrade: check file exists before chowning
Dogtag entered a state where an upgrade script failed before it was
trying to chown a file that didn't exist. Add a check that the file
exists.
---
base/server/upgrade/10.2.3/01-FixInstanceWorkFolderOwnership | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/base/server/upgrade/10.2.3/01-FixInstanceWorkFolderOwnership b/base/server/upgrade/10.2.3/01-FixInstanceWorkFolderOwnership
index 700aaf3ce682682148ed444337b25eaac2482b0b..686853c29aaedb0ba7e70bcb880df7037d54a324 100755
--- a/base/server/upgrade/10.2.3/01-FixInstanceWorkFolderOwnership
+++ b/base/server/upgrade/10.2.3/01-FixInstanceWorkFolderOwnership
@@ -31,4 +31,5 @@ class FixInstanceWorkFolderOwnership(pki.server.upgrade.PKIServerUpgradeScriptle
def upgrade_instance(self, instance):
dir = os.path.join(instance.base_dir, 'work/Catalina/localhost/pki')
- pki.util.chown(dir, instance.uid, instance.gid)
+ if os.path.exists(dir):
+ pki.util.chown(dir, instance.uid, instance.gid)
--
2.1.0
-------------- next part --------------
From 2000bf04983fb74b3b7ee275129e908508d2d3fd Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <frase at frase.id.au>
Date: Mon, 15 Jun 2015 11:25:10 -0400
Subject: [PATCH 40/41] Upgrade: add scriptlet to fix nuxwdog listener class
---
.../upgrade/10.2.4/02-FixNuxwdogListenerClass | 36 ++++++++++++++++++++++
1 file changed, 36 insertions(+)
create mode 100755 base/server/upgrade/10.2.4/02-FixNuxwdogListenerClass
diff --git a/base/server/upgrade/10.2.4/02-FixNuxwdogListenerClass b/base/server/upgrade/10.2.4/02-FixNuxwdogListenerClass
new file mode 100755
index 0000000000000000000000000000000000000000..22096e93533fe91e63435db85980c657d998a888
--- /dev/null
+++ b/base/server/upgrade/10.2.4/02-FixNuxwdogListenerClass
@@ -0,0 +1,36 @@
+#!/usr/bin/python
+# Authors:
+# Fraser Tweedale <ftweedal at redhat.com>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2015 Red Hat, Inc.
+# All rights reserved.
+#
+
+import os
+import subprocess
+
+import pki.server.upgrade
+
+
+class FixNuxwdogListenerClass(pki.server.upgrade.PKIServerUpgradeScriptlet):
+ def __init__(self):
+ self.message = 'Fix nuxwdog listener class'
+
+ def upgrade_instance(self, instance):
+ subprocess.check_call([
+ 'sed', '-i', 's/NuxwdogPasswordStoreInitializer/PKIListener/',
+ '/etc/pki/{0}/server.xml'.format(instance.name)
+ ])
--
2.1.0
-------------- next part --------------
From 842917299f61ff7c39eb5707553d451f45a7423c Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <frase at frase.id.au>
Date: Mon, 15 Jun 2015 12:52:19 -0400
Subject: [PATCH 41/41] Update: fix CS.cfg permissions
The 10.2.3/02-FixBindPWPrompt upgrade scriptlet leaves CS.cfg owned
by root. chown CS.cfg to the instance owner.
---
base/server/upgrade/10.2.3/02-FixBindPWPrompt | 1 +
1 file changed, 1 insertion(+)
diff --git a/base/server/upgrade/10.2.3/02-FixBindPWPrompt b/base/server/upgrade/10.2.3/02-FixBindPWPrompt
index 7b99afd6f3ca0d40fcb656b8a9ea0cc47e365c61..e433c125df8cd4504888ba17957b8245c4b23124 100755
--- a/base/server/upgrade/10.2.3/02-FixBindPWPrompt
+++ b/base/server/upgrade/10.2.3/02-FixBindPWPrompt
@@ -47,3 +47,4 @@ class FixBindPWPrompt(pki.server.upgrade.PKIServerUpgradeScriptlet):
line)
sys.stdout.write(line)
+ os.chown(cs_cfg, instance.uid, instance.gid)
--
2.1.0
More information about the Pki-devel
mailing list