def __restore_config(self):
port = self.restore_state('nsslapd-port')
security = self.restore_state('nsslapd-security')
global_lock = self.restore_state('nsslapd-global-backend-lock')
ldif_outfile = "%s.modified.out" % self.filename
with open(ldif_outfile, "wb") as out_file:
with open(self.filename, "rb") as in_file:
parser = installutils.ModifyLDIF(in_file, out_file)
if port is not None:
parser.replace_value("cn=config", "nsslapd-port", [port])
if security is not None:
parser.replace_value("cn=config", "nsslapd-security",
[security])
# disable global lock by default
parser.remove_value("cn=config", "nsslapd-global-backend-lock")
if global_lock is not None:
parser.add_value("cn=config",
"nsslapd-global-backend-lock",
[global_lock])
parser.parse()
shutil.copy2(ldif_outfile, self.filename)
def __update_dse_ldif(self):
"""
This method updates dse.ldif right after instance creation. This is
supposed to allow admin modify configuration of the DS which has to be
done before IPA is fully installed (for example: settings for
replication on replicas)
DS must be turned off.
"""
dse_filename = os.path.join(
paths.ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE % self.serverid,
'dse.ldif'
)
with tempfile.NamedTemporaryFile(
mode='w', delete=False) as new_dse_ldif:
temp_filename = new_dse_ldif.name
with open(dse_filename, "r") as input_file:
parser = installutils.ModifyLDIF(input_file, new_dse_ldif)
parser.replace_value(
'cn=config,cn=ldbm database,cn=plugins,cn=config',
'nsslapd-db-locks',
[b'50000']
)
if self.config_ldif:
# parse modifications from ldif file supplied by the admin
with open(self.config_ldif, "r") as config_ldif:
parser.modifications_from_ldif(config_ldif)
parser.parse()
new_dse_ldif.flush()
shutil.copy2(temp_filename, dse_filename)
try:
os.remove(temp_filename)
except OSError as e:
logger.debug("Failed to clean temporary file: %s", e)
def __disable_schema_compat(self):
ldif_outfile = "%s.modified.out" % self.filename
with open(self.filename, "r") as in_file:
parser = GetEntryFromLDIF(in_file, entries_dn=[COMPAT_DN])
parser.parse()
try:
compat_entry = parser.get_results()[COMPAT_DN]
except KeyError:
return
if not compat_entry.get('nsslapd-pluginEnabled'):
return
with open(ldif_outfile, "w") as out_file:
with open(self.filename, "r") as in_file:
parser = installutils.ModifyLDIF(in_file, out_file)
parser.remove_value(COMPAT_DN, "nsslapd-pluginEnabled")
parser.remove_value(COMPAT_DN, "nsslapd-pluginenabled")
parser.add_value(COMPAT_DN, "nsslapd-pluginEnabled",
[b"off"])
parser.parse()
shutil.copy2(ldif_outfile, self.filename)
def __restore_config(self):
port = self.restore_state('nsslapd-port')
security = self.restore_state('nsslapd-security')
global_lock = self.restore_state('nsslapd-global-backend-lock')
schema_compat_enabled = self.restore_state('schema_compat_enabled')
ldif_outfile = "%s.modified.out" % self.filename
with open(ldif_outfile, "w") as out_file:
with open(self.filename, "r") as in_file:
parser = installutils.ModifyLDIF(in_file, out_file)
if port is not None:
parser.replace_value(
"cn=config", "nsslapd-port", [port.encode('utf-8')])
if security is not None:
parser.replace_value("cn=config", "nsslapd-security",
[security.encode('utf-8')])
# disable global lock by default
parser.remove_value("cn=config", "nsslapd-global-backend-lock")
if global_lock is not None:
parser.add_value("cn=config", "nsslapd-global-backend-lock",
[global_lock.encode('utf-8')])
if schema_compat_enabled is not None:
parser.replace_value(
COMPAT_DN, "nsslapd-pluginEnabled",
[schema_compat_enabled.encode('utf-8')])
parser.parse()
shutil.copy2(ldif_outfile, self.filename)
def __enable_ds_global_write_lock(self):
ldif_outfile = "%s.modified.out" % self.filename
with open(ldif_outfile, "w") as out_file:
with open(self.filename, "r") as in_file:
parser = installutils.ModifyLDIF(in_file, out_file)
parser.replace_value("cn=config",
"nsslapd-global-backend-lock", [b"on"])
parser.parse()
shutil.copy2(ldif_outfile, self.filename)
def __disable_listeners(self):
ldif_outfile = "%s.modified.out" % self.filename
with open(ldif_outfile, "w") as out_file:
with open(self.filename, "r") as in_file:
parser = installutils.ModifyLDIF(in_file, out_file)
parser.replace_value("cn=config", "nsslapd-port", [b"0"])
parser.replace_value("cn=config", "nsslapd-security", [b"off"])
parser.remove_value("cn=config", "nsslapd-ldapientrysearchbase")
parser.parse()
shutil.copy2(ldif_outfile, self.filename)
def __restore_config(self):
# peek the values during the restoration
port = self.get_state('nsslapd-port')
security = self.get_state('nsslapd-security')
global_lock = self.get_state('nsslapd-global-backend-lock')
schema_compat_enabled = self.get_state('schema_compat_enabled')
ldif_outfile = "%s.modified.out" % self.filename
with open(ldif_outfile, "w") as out_file:
with open(self.filename, "r") as in_file:
parser = installutils.ModifyLDIF(in_file, out_file)
if port is not None:
parser.replace_value("cn=config", "nsslapd-port",
[port.encode('utf-8')])
if security is not None:
parser.replace_value("cn=config", "nsslapd-security",
[security.encode('utf-8')])
# disable global lock by default
parser.remove_value("cn=config", "nsslapd-global-backend-lock")
if global_lock is not None:
parser.add_value("cn=config",
"nsslapd-global-backend-lock",
[global_lock.encode('utf-8')])
if schema_compat_enabled is not None:
parser.replace_value(
COMPAT_DN, "nsslapd-pluginEnabled",
[schema_compat_enabled.encode('utf-8')])
parser.parse()
shutil.copy2(ldif_outfile, self.filename)
# Now the restore is really done, remove upgrade-in-progress
self.restore_state('upgrade-in-progress')
# the values are restored, remove from the state file
self.restore_state('nsslapd-port')
self.restore_state('nsslapd-security')
self.restore_state('nsslapd-global-backend-lock')
self.restore_state('schema_compat_enabled')
