Move ldap initialization before the postinstall

2024-09-03 20:06:10 +02:00 · 2020-10-11 17:05:08 +02:00 · 2020-10-11 17:05:08 +02:00 · ed35915e7f
commit ed35915e7f
parent f5ab4443ff
6 changed files with 53 additions and 13 deletions
--- a/data/hooks/conf_regen/06-slapd
+++ b/data/hooks/conf_regen/06-slapd
@ -14,6 +14,30 @@ do_init_regen() {

  systemctl daemon-reload

+  systemctl restart slapd
+
+  # Drop current existing slapd data
+
+  rm -rf /var/backups/*.ldapdb
+  rm -rf /var/backups/slapd-*
+
+debconf-set-selections << EOF
+slapd slapd/password1 password yunohost
+slapd slapd/password2 password yunohost
+slapd slapd/domain string yunohost.org
+slapd shared/organization  string yunohost.org
+slapd slapd/allow_ldap_v2 boolean false
+slapd slapd/invalid_config boolean true
+slapd slapd/backend select MDB
+slapd slapd/move_old_database boolean true
+slapd slapd/no_configuration boolean false
+slapd slapd/purge_database boolean false
+EOF
+
+  DEBIAN_FRONTEND=noninteractive dpkg-reconfigure slapd -u
+
+  # Regen conf
+
  _regenerate_slapd_conf

   # Enforce permissions
@ -21,7 +45,11 @@ do_init_regen() {
  chown -R openldap:openldap /etc/ldap/schema/
  usermod -aG ssl-cert openldap

-  service slapd restart
+  systemctl restart slapd
+
+  # (Re-)init data according to ldap_scheme.yaml
+
+  yunohost tools shell -c "from yunohost.tools import tools_ldapinit; tools_ldapinit()"
 }

 _regenerate_slapd_conf() {
@ -31,7 +59,8 @@ _regenerate_slapd_conf() {
  # so we use a temporary directory slapd_new.d
  rm -Rf /etc/ldap/slapd_new.d
  mkdir /etc/ldap/slapd_new.d
-  slapadd -n0 -l /etc/ldap/slapd.ldif -F /etc/ldap/slapd_new.d/ 2>&1
+  slapadd -n0 -l /etc/ldap/slapd.ldif -F /etc/ldap/slapd_new.d/ 2>&1 \
+      | grep -v "none elapsed\|Closing DB" || true
  # Actual validation (-Q is for quiet, -u is for dry-run)
  slaptest -Q -u -F /etc/ldap/slapd_new.d

--- a/data/hooks/conf_regen/09-nslcd
+++ b/data/hooks/conf_regen/09-nslcd
@ -2,6 +2,11 @@

 set -e

+do_init_regen() {
+  do_pre_regen ""
+  systemctl restart nslcd
+}
+
 do_pre_regen() {
  pending_dir=$1

@ -14,7 +19,7 @@ do_post_regen() {
  regen_conf_files=$1

  [[ -z "$regen_conf_files" ]] \
-    || service nslcd restart
+    || systemctl restart nslcd
 }

 FORCE=${2:-0}
@ -27,6 +32,9 @@ case "$1" in
  post)
    do_post_regen $4
    ;;
+  init)
+    do_init_regen
+    ;;
  *)
    echo "hook called with unknown argument \`$1'" >&2
    exit 1
--- a/data/hooks/conf_regen/46-nsswitch
+++ b/data/hooks/conf_regen/46-nsswitch
@ -2,6 +2,11 @@

 set -e

+do_init_regen() {
+  do_pre_regen ""
+  systemctl restart unscd
+}
+
 do_pre_regen() {
  pending_dir=$1

@ -14,7 +19,7 @@ do_post_regen() {
  regen_conf_files=$1

  [[ -z "$regen_conf_files" ]] \
-    || service unscd restart
+    || systemctl restart unscd
 }

 FORCE=${2:-0}
@ -27,6 +32,9 @@ case "$1" in
  post)
    do_post_regen $4
    ;;
+  init)
+    do_init_regen
+    ;;
  *)
    echo "hook called with unknown argument \`$1'" >&2
    exit 1
--- a/debian/postinst
+++ b/debian/postinst
@ -8,6 +8,8 @@ do_configure() {
  if [ ! -f /etc/yunohost/installed ]; then
      bash /usr/share/yunohost/hooks/conf_regen/01-yunohost init
      bash /usr/share/yunohost/hooks/conf_regen/02-ssl init
+      bash /usr/share/yunohost/hooks/conf_regen/09-nslcd init
+      bash /usr/share/yunohost/hooks/conf_regen/46-nsswitch init
      bash /usr/share/yunohost/hooks/conf_regen/06-slapd init
      bash /usr/share/yunohost/hooks/conf_regen/15-nginx init
  else
--- a/src/yunohost/init.py
+++ b/src/yunohost/init.py
@ -53,6 +53,7 @@ def check_command_is_valid_before_postinstall(args):

    allowed_if_not_postinstalled = ['tools postinstall',
                                    'tools versions',
+                                    'tools shell',
                                    'backup list',
                                    'backup restore',
                                    'log display']
--- a/src/yunohost/tools.py
+++ b/src/yunohost/tools.py
@ -59,8 +59,6 @@ def tools_versions():
 def tools_ldapinit():
    """
    YunoHost LDAP initialization
-
-
    """

    with open('/usr/share/yunohost/yunohost-config/moulinette/ldap_scheme.yml') as f:
@ -288,12 +286,6 @@ def tools_postinstall(operation_logger, domain, password, ignore_dyndns=False,
    operation_logger.start()
    logger.info(m18n.n('yunohost_installing'))

-    regen_conf(['nslcd', 'nsswitch'], force=True)
-
-    # Initialize LDAP for YunoHost
-    # TODO: Improve this part by integrate ldapinit into conf_regen hook
-    tools_ldapinit()
-
    # Create required folders
    folders_to_create = [
        '/etc/yunohost/apps',