def rpc_client(api):
"""
Context manager for JSON RPC client.
:param api: api to initiate the RPC client
"""
client = rpc.jsonclient(api)
client.finalize()
client.connect()
try:
yield client
finally:
client.disconnect()
def rpc_client(api):
"""
Context manager for JSON RPC client.
:param api: api to initiate the RPC client
"""
client = rpc.jsonclient(api)
client.finalize()
client.connect()
try:
yield client
finally:
client.disconnect()
def add_new_adtrust_agents(api, options):
"""
Find out IPA masters which are not part of the cn=adtrust agents
and propose them to be added to the list
:param api: API instance
:param options: parsed CLI options
"""
potential_agents_cns = retrieve_potential_adtrust_agents(api)
if potential_agents_cns:
print("")
print("WARNING: %d IPA masters are not yet able to serve "
"information about users from trusted forests."
% len(potential_agents_cns))
print("Installer can add them to the list of IPA masters "
"allowed to access information about trusts.")
print("If you choose to do so, you also need to restart "
"LDAP service on those masters.")
print("Refer to ipa-adtrust-install(1) man page for details.")
print("")
if options.unattended:
print("Unattended mode was selected, installer will NOT "
"add other IPA masters to the list of allowed to")
print("access information about trusted forests!")
return
new_agents = []
for name in sorted(potential_agents_cns):
if ipautil.user_input(
"IPA master [%s]?" % (name),
default=False,
allow_empty=False):
new_agents.append(name)
if new_agents:
add_hosts_to_adtrust_agents(api, new_agents)
# The method trust_enable_agent was added on API version 2.236
# Specifically request this version in the remote call
kwargs = {u'version': u'2.236',
u'enable_compat': options.enable_compat}
failed_agents = []
for agent in new_agents:
# Try to run the ipa-trust-enable-agent script on the agent
# If the agent is too old and does not support this,
# print a msg
logger.info("Execute trust_enable_agent on remote server %s",
agent)
client = None
try:
xmlrpc_uri = 'https://{}/ipa/xml'.format(
ipautil.format_netloc(agent))
remote_api = create_api(mode=None)
remote_api.bootstrap(context='installer',
confdir=paths.ETC_IPA,
xmlrpc_uri=xmlrpc_uri,
fallback=False)
client = rpc.jsonclient(remote_api)
client.finalize()
client.connect()
result = client.forward(
u'trust_enable_agent',
ipautil.fsdecode(agent),
**kwargs)
except errors.CommandError as e:
logger.debug(
"Remote server %s does not support agent enablement "
"over RPC: %s", agent, e)
failed_agents.append(agent)
except (errors.PublicError, ConnectionRefusedError) as e:
logger.debug(
"Remote call to trust_enable_agent failed on server %s: "
"%s", agent, e)
failed_agents.append(agent)
else:
for message in result.get('messages'):
logger.debug('%s', message['message'])
if not int(result['result']):
logger.debug(
"ipa-trust-enable-agent returned non-zero exit code "
" on server %s", agent)
failed_agents.append(agent)
finally:
if client and client.isconnected():
client.disconnect()
# if enablement failed on some agents, print a WARNING:
if failed_agents:
if options.enable_compat:
print("""
WARNING: you MUST manually enable the Schema compatibility Plugin and """)
print("""
WARNING: you MUST restart (both "ipactl restart" and "systemctl restart sssd")
the following IPA masters in order to activate them to serve information about
users from trusted forests:
""")
for x in failed_agents:
print(x)