From e05bdeb6cf4505ef84e485b95b37aabba625160b Mon Sep 17 00:00:00 2001 From: Tomas Krizek Date: Nov 07 2016 10:34:03 +0000 Subject: install: add restart_dirsrv for directory server restarts * Create a utility function to restart a directory server and reconnect the api.Backend.ldap2 connection. * Use restart_dirsrv instead of knownservices.dirsrv.restart to ensure api.Backend.ldap2 is reconnected. https://fedorahosted.org/freeipa/ticket/6461 Reviewed-By: Martin Basti Reviewed-By: Jan Cholasta --- diff --git a/ipaserver/install/adtrustinstance.py b/ipaserver/install/adtrustinstance.py index 1dfcf96..486e43e 100644 --- a/ipaserver/install/adtrustinstance.py +++ b/ipaserver/install/adtrustinstance.py @@ -721,7 +721,7 @@ class ADTRUSTInstance(service.Service): def __restart_dirsrv(self): try: - services.knownservices.dirsrv.restart() + installutils.restart_dirsrv() except Exception: pass diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py index def702a..cb04b0b 100644 --- a/ipaserver/install/ca.py +++ b/ipaserver/install/ca.py @@ -215,14 +215,7 @@ def install_step_1(standalone, replica_config, options): cert, nickname, trust_flags[nickname], config_ipa=True, config_compat=True) - - api.Backend.ldap2.disconnect() - - # Restart DS - services.knownservices.dirsrv.restart(serverid) - - api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')), - bind_pw=dm_password) + installutils.restart_dirsrv() # Store DS CA cert in Dogtag NSS database dogtagdb = certs.CertDB(realm_name, nssdir=paths.PKI_TOMCAT_ALIAS_DIR) diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 99d61e4..a1d44cf 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -1583,7 +1583,7 @@ def install_replica_ca(config, postinstall=False, ra_p12=None): service.print_msg("Restarting the directory and certificate servers") ca.stop('pki-tomcat') - services.knownservices.dirsrv.restart() + installutils.restart_dirsrv() ca.start('pki-tomcat') diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py index 8111f18..fb9579a 100644 --- a/ipaserver/install/installutils.py +++ b/ipaserver/install/installutils.py @@ -51,7 +51,7 @@ from ipapython.admintool import ScriptError from ipapython.ipa_log_manager import root_logger from ipalib.util import validate_hostname from ipapython import config -from ipalib import errors, x509 +from ipalib import api, errors, x509 from ipapython.dn import DN from ipaserver.install import certs, service, sysupgrade from ipaplatform import services @@ -1399,3 +1399,14 @@ def remove_ccache(ccache_path=None, run_as=None): except ipautil.CalledProcessError as e: root_logger.warning( "Failed to clear Kerberos credentials cache: {}".format(e)) + + +def restart_dirsrv(instance_name="", capture_output=True): + """ + Restart Directory server and perform ldap reconnect. + """ + api.Backend.ldap2.disconnect() + services.knownservices.dirsrv.restart(instance_name=instance_name, + capture_output=capture_output, + wait=True, ldapi=True) + api.Backend.ldap2.connect() diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py index a2210a2..f32c1e9 100644 --- a/ipaserver/install/krainstance.py +++ b/ipaserver/install/krainstance.py @@ -445,7 +445,7 @@ def install_replica_kra(config, postinstall=False): service.print_msg("Restarting the directory and KRA servers") _kra.stop('pki-tomcat') - services.knownservices.dirsrv.restart() + installutils.restart_dirsrv() _kra.start('pki-tomcat') return _kra diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py index de03856..a7605d2 100644 --- a/ipaserver/install/ldapupdate.py +++ b/ipaserver/install/ldapupdate.py @@ -40,7 +40,6 @@ from ipalib import errors from ipalib import api, create_api from ipalib import constants from ipaplatform.paths import paths -from ipaplatform import services from ipapython.dn import DN from ipapython.ipa_log_manager import log_mgr @@ -926,6 +925,5 @@ class LDAPUpdate(object): self.conn = None def restart_ds(self): - dirsrv = services.knownservices.dirsrv self.log.debug('Restarting directory server to apply updates') - dirsrv.restart(ldapi=self.ldapi) + installutils.restart_dirsrv() diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index 2131840..c3efc0a 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -35,8 +35,8 @@ from ipapython.ipa_log_manager import root_logger from ipapython import ipautil, ipaldap from ipapython.admintool import ScriptError from ipapython.dn import DN -from ipaplatform import services from ipaplatform.paths import paths +from ipaserver.install import installutils if six.PY3: unicode = str @@ -130,7 +130,7 @@ def enable_replication_version_checking(realm, dirman_passwd): conn.modify_s(entry.dn, [(ldap.MOD_REPLACE, 'nsslapd-pluginenabled', 'on')]) conn.unbind() serverid = "-".join(realm.split(".")) - services.knownservices.dirsrv.restart(instance_name=serverid) + installutils.restart_dirsrv(serverid) else: conn.unbind()