From 5f844ca413587e5ebb18ffa87794058f084305a2 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Wed, 13 Dec 2023 18:05:51 +0700 Subject: [PATCH] Add pki-server -db-repl-enable The pki-server -db-repl-enable has been added to enable replication on a single DS instance. This command replaces the SubsystemDBReplicationSetupCLI which enables replication both on the DS master and the replica at the same time. The test for CA cloning with replicated DS has been updated to use the new command. --- .../workflows/ca-clone-replicated-ds-test.yml | 42 ++-- base/server/python/pki/server/cli/db.py | 144 +++++++++++ .../python/pki/server/deployment/__init__.py | 24 +- base/server/python/pki/server/subsystem.py | 41 +-- .../server/cli/SubsystemDBReplicationCLI.java | 2 +- .../cli/SubsystemDBReplicationEnableCLI.java | 131 ++++++++++ .../cli/SubsystemDBReplicationSetupCLI.java | 238 ------------------ 7 files changed, 335 insertions(+), 287 deletions(-) create mode 100644 base/server/src/main/java/org/dogtagpki/server/cli/SubsystemDBReplicationEnableCLI.java delete mode 100644 base/server/src/main/java/org/dogtagpki/server/cli/SubsystemDBReplicationSetupCLI.java diff --git a/.github/workflows/ca-clone-replicated-ds-test.yml b/.github/workflows/ca-clone-replicated-ds-test.yml index fd71b254b62..f876076d2cc 100644 --- a/.github/workflows/ca-clone-replicated-ds-test.yml +++ b/.github/workflows/ca-clone-replicated-ds-test.yml @@ -151,16 +151,15 @@ jobs: - name: Enable replication on primary DS run: | - docker exec primaryds dsconf \ - -D "cn=Directory Manager" \ - -w Secret.123 \ - ldap://primaryds.example.com:3389 \ - replication enable \ - --suffix=dc=ca,dc=pki,dc=example,dc=com \ - --role=supplier \ - --replica-id=1 \ - --bind-dn="cn=Replication Manager,cn=config" \ - --bind-passwd=Secret.123 + docker exec primary pki-server ca-db-repl-enable \ + --url ldap://primaryds.example.com:3389 \ + --bind-dn "cn=Directory Manager" \ + --bind-password Secret.123 \ + --replica-bind-dn "cn=Replication Manager,cn=config" \ + --replica-bind-password Secret.123 \ + --replica-id 1 \ + --suffix dc=ca,dc=pki,dc=example,dc=com \ + -v # check replication manager docker exec primaryds ldapsearch \ @@ -186,16 +185,15 @@ jobs: - name: Enable replication on secondary DS run: | - docker exec secondaryds dsconf \ - -D "cn=Directory Manager" \ - -w Secret.123 \ - ldap://secondaryds.example.com:3389 \ - replication enable \ - --suffix=dc=ca,dc=pki,dc=example,dc=com \ - --role=supplier \ - --replica-id=2 \ - --bind-dn="cn=Replication Manager,cn=config" \ - --bind-passwd=Secret.123 + docker exec secondary pki-server ca-db-repl-enable \ + --url ldap://secondaryds.example.com:3389 \ + --bind-dn "cn=Directory Manager" \ + --bind-password Secret.123 \ + --replica-bind-dn "cn=Replication Manager,cn=config" \ + --replica-bind-password Secret.123 \ + --replica-id 2 \ + --suffix dc=ca,dc=pki,dc=example,dc=com \ + -v # check replication manager docker exec secondaryds ldapsearch \ @@ -221,7 +219,7 @@ jobs: - name: Create replication agreement on primary DS run: | - docker exec secondary pki-server ca-db-repl-agmt-add \ + docker exec primary pki-server ca-db-repl-agmt-add \ --url ldap://primaryds.example.com:3389 \ --bind-dn "cn=Directory Manager" \ --bind-password Secret.123 \ @@ -269,7 +267,7 @@ jobs: - name: Initializing replication agreement run: | - docker exec secondary pki-server ca-db-repl-agmt-init \ + docker exec primary pki-server ca-db-repl-agmt-init \ --url ldap://primaryds.example.com:3389 \ --bind-dn "cn=Directory Manager" \ --bind-password Secret.123 \ diff --git a/base/server/python/pki/server/cli/db.py b/base/server/python/pki/server/cli/db.py index 32a274dfb1c..d0432c9c941 100644 --- a/base/server/python/pki/server/cli/db.py +++ b/base/server/python/pki/server/cli/db.py @@ -1410,9 +1410,153 @@ def __init__(self, parent): subsystem=parent.parent.name.upper())) self.parent = parent + self.add_module(SubsystemDBReplicationEnableCLI(self)) self.add_module(SubsystemDBReplicationAgreementCLI(self)) +class SubsystemDBReplicationEnableCLI(pki.cli.CLI): + ''' + Enable {subsystem} database replication + ''' + + help = '''\ + Usage: pki-server {subsystem}-db-repl-enable [OPTIONS] + + -i, --instance Instance ID (default: pki-tomcat) + --url Database URL + --bind-dn Database bind DN + --bind-password Database bind password + --replica-bind-dn Replica bind DN + --replica-bind-password Replica bind password + --replica-id Replica ID + --suffix Database suffix + -v, --verbose Run in verbose mode. + --debug Run in debug mode. + --help Show help message. + ''' + + def __init__(self, parent): + super(SubsystemDBReplicationEnableCLI, self).__init__( + 'enable', + inspect.cleandoc(self.__class__.__doc__).format( + subsystem=parent.parent.parent.name.upper())) + + self.parent = parent + + def print_help(self): + print(textwrap.dedent(self.__class__.help).format( + subsystem=self.parent.parent.parent.name)) + + def execute(self, argv): + try: + opts, _ = getopt.gnu_getopt(argv, 'i:v', [ + 'instance=', + 'url=', 'bind-dn=', 'bind-password=', + 'replica-bind-dn=', 'replica-bind-password=', + 'replica-id=', 'suffix=', + 'verbose', 'debug', 'help']) + + except getopt.GetoptError as e: + logger.error(e) + self.print_help() + sys.exit(1) + + instance_name = 'pki-tomcat' + subsystem_name = self.parent.parent.parent.name + url = None + bind_dn = None + bind_password = None + replica_bind_dn = None + replica_bind_password = None + replica_id = None + suffix = None + + for o, a in opts: + if o in ('-i', '--instance'): + instance_name = a + + elif o == '--url': + url = urllib.parse.urlparse(a) + + elif o == '--bind-dn': + bind_dn = a + + elif o == '--bind-password': + bind_password = a + + elif o == '--replica-bind-dn': + replica_bind_dn = a + + elif o == '--replica-bind-password': + replica_bind_password = a + + elif o == '--replica-id': + replica_id = a + + elif o == '--suffix': + suffix = a + + elif o in ('-v', '--verbose'): + logging.getLogger().setLevel(logging.INFO) + + elif o == '--debug': + logging.getLogger().setLevel(logging.DEBUG) + + elif o == '--help': + self.print_help() + sys.exit() + + else: + logger.error('Invalid option: %s', o) + self.print_help() + sys.exit(1) + + # user must provide the replica ID is required since + # in the future the auto-generated replica ID will no + # longer be supported + + if not replica_id: + logger.error('Missing replica ID') + sys.exit(1) + + instance = pki.server.instance.PKIInstance(instance_name) + + if not instance.exists(): + logger.error('Invalid instance: %s', instance_name) + sys.exit(1) + + instance.load() + + subsystem = instance.get_subsystem(subsystem_name) + + if not subsystem: + logger.error('No %s subsystem in instance %s.', + subsystem_name.upper(), instance_name) + sys.exit(1) + + ldap_config = {} + + if url.scheme == 'ldaps': + ldap_config['ldapconn.secureConn'] = 'true' + else: + ldap_config['ldapconn.secureConn'] = 'false' + + ldap_config['ldapconn.host'] = url.hostname + ldap_config['ldapconn.port'] = str(url.port) + + ldap_config['ldapauth.authtype'] = 'BasicAuth' + ldap_config['ldapauth.bindDN'] = bind_dn + ldap_config['ldapauth.bindPassword'] = bind_password + + ldap_config['basedn'] = suffix + + subsystem.enable_replication( + ldap_config, + replica_bind_dn, + replica_bind_password, + replica_id) + + class SubsystemDBReplicationAgreementCLI(pki.cli.CLI): ''' {subsystem} replication agreement management commands diff --git a/base/server/python/pki/server/deployment/__init__.py b/base/server/python/pki/server/deployment/__init__.py index b90a8e4f209..7eb71206b33 100644 --- a/base/server/python/pki/server/deployment/__init__.py +++ b/base/server/python/pki/server/deployment/__init__.py @@ -1593,12 +1593,6 @@ def setup_database(self, subsystem, master_config): logger.info('- replication security: %s', replication_security) - subsystem.setup_replication( - master_config['Properties'], - master_replication_port=master_replication_port, - replica_replication_port=replica_replication_port, - replication_security=replication_security) - # get master database config master_ldap_config = {} @@ -1673,6 +1667,24 @@ def setup_database(self, subsystem, master_config): replica_agreement_name replica_bind_password = self.instance.get_password('replicationdb') + logger.info('Enable replication on master') + + # TODO: provide param to specify the replica ID for the master + subsystem.enable_replication( + master_ldap_config, + master_bind_dn, + master_bind_password, + None) + + logger.info('Enable replication on replica') + + # TODO: provide param to specify the replica ID for the replica + subsystem.enable_replication( + replica_ldap_config, + replica_bind_dn, + replica_bind_password, + None) + logger.info('Adding master replication agreement') logger.info('- replica URL: %s', replica_url) diff --git a/base/server/python/pki/server/subsystem.py b/base/server/python/pki/server/subsystem.py index 01c2099ae25..524df86f123 100644 --- a/base/server/python/pki/server/subsystem.py +++ b/base/server/python/pki/server/subsystem.py @@ -1296,31 +1296,33 @@ def revoke_database_access( as_current_user=as_current_user, capture_output=True) - def setup_replication( + def enable_replication( self, - master_config, - master_replication_port=None, - replica_replication_port=None, - replication_security=None): + ldap_config, + replica_bind_dn, + replica_bind_password, + replica_id): tmpdir = tempfile.mkdtemp() try: - master_config_file = os.path.join(tmpdir, 'master.conf') - pki.util.store_properties(master_config_file, master_config) - - cmd = [self.name + '-db-repl-setup'] - - if master_replication_port: - cmd.extend(['--master-replication-port', master_replication_port]) + ldap_config_file = os.path.join(tmpdir, 'ldap.conf') + pki.util.store_properties(ldap_config_file, ldap_config) + pki.util.chown(tmpdir, self.instance.uid, self.instance.gid) - if replica_replication_port: - cmd.extend(['--replica-replication-port', replica_replication_port]) + password_file = os.path.join(tmpdir, 'password.txt') + with open(password_file, 'w', encoding='utf-8') as f: + f.write(replica_bind_password) + pki.util.chown(password_file, self.instance.uid, self.instance.gid) - if replication_security: - cmd.extend(['--replication-security', replication_security]) + cmd = [ + self.name + '-db-repl-enable', + '--ldap-config', ldap_config_file, + '--replica-bind-dn', replica_bind_dn, + '--replica-bind-password-file', password_file + ] - if master_config_file: - cmd.extend(['--master-config', master_config_file]) + if replica_id: + cmd.extend(['--replica-id', replica_id]) if logger.isEnabledFor(logging.DEBUG): cmd.append('--debug') @@ -1328,8 +1330,7 @@ def setup_replication( elif logger.isEnabledFor(logging.INFO): cmd.append('--verbose') - # run as current user so it can read the input file - self.run(cmd, as_current_user=True) + self.run(cmd) finally: shutil.rmtree(tmpdir) diff --git a/base/server/src/main/java/org/dogtagpki/server/cli/SubsystemDBReplicationCLI.java b/base/server/src/main/java/org/dogtagpki/server/cli/SubsystemDBReplicationCLI.java index 7daa3220a7b..cbeedff00c0 100644 --- a/base/server/src/main/java/org/dogtagpki/server/cli/SubsystemDBReplicationCLI.java +++ b/base/server/src/main/java/org/dogtagpki/server/cli/SubsystemDBReplicationCLI.java @@ -15,7 +15,7 @@ public class SubsystemDBReplicationCLI extends CLI { public SubsystemDBReplicationCLI(CLI parent) { super("repl", parent.parent.name.toUpperCase() + " database replication management commands", parent); - addModule(new SubsystemDBReplicationSetupCLI(this)); + addModule(new SubsystemDBReplicationEnableCLI(this)); addModule(new SubsystemDBReplicationAgreementCLI(this)); } } diff --git a/base/server/src/main/java/org/dogtagpki/server/cli/SubsystemDBReplicationEnableCLI.java b/base/server/src/main/java/org/dogtagpki/server/cli/SubsystemDBReplicationEnableCLI.java new file mode 100644 index 00000000000..27448307746 --- /dev/null +++ b/base/server/src/main/java/org/dogtagpki/server/cli/SubsystemDBReplicationEnableCLI.java @@ -0,0 +1,131 @@ +// +// Copyright Red Hat, Inc. +// +// SPDX-License-Identifier: GPL-2.0-or-later +// +package org.dogtagpki.server.cli; + +import java.nio.file.Files; +import java.nio.file.Paths; + +import org.apache.commons.cli.CommandLine; +import org.dogtagpki.cli.CLI; +import org.dogtagpki.cli.CLIException; +import org.dogtagpki.util.logging.PKILogger; +import org.dogtagpki.util.logging.PKILogger.LogLevel; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.netscape.cms.servlet.csadmin.LDAPConfigurator; +import com.netscape.cmscore.apps.DatabaseConfig; +import com.netscape.cmscore.apps.EngineConfig; +import com.netscape.cmscore.base.ConfigStorage; +import com.netscape.cmscore.base.FileConfigStorage; +import com.netscape.cmscore.ldapconn.LDAPConfig; +import com.netscape.cmscore.ldapconn.LdapBoundConnFactory; +import com.netscape.cmscore.ldapconn.PKISocketConfig; + +import netscape.ldap.LDAPConnection; + +/** + * @author Endi S. Dewata + */ +public class SubsystemDBReplicationEnableCLI extends SubsystemCLI { + + public static final Logger logger = LoggerFactory.getLogger(SubsystemDBReplicationEnableCLI.class); + + public SubsystemDBReplicationEnableCLI(CLI parent) { + super("enable", "Enable " + parent.parent.parent.getName().toUpperCase() + " database replication", parent); + } + + @Override + public void createOptions() { + + options.addOption(null, "ldap-config", true, "LDAP configuration file"); + options.addOption(null, "replica-bind-dn", true, "Replica bind DN"); + options.addOption(null, "replica-bind-password-file", true, "Replica bind password file"); + options.addOption(null, "replica-id", true, "Replica ID"); + + options.addOption("v", "verbose", false, "Run in verbose mode."); + options.addOption(null, "debug", false, "Run in debug mode."); + options.addOption(null, "help", false, "Show help message."); + } + + @Override + public void execute(CommandLine cmd) throws Exception { + + if (cmd.hasOption("debug")) { + PKILogger.setLevel(LogLevel.DEBUG); + + } else if (cmd.hasOption("verbose")) { + PKILogger.setLevel(LogLevel.INFO); + } + + String ldapConfigFile = cmd.getOptionValue("ldap-config"); + + if (ldapConfigFile == null) { + throw new CLIException("Missing LDAP configuration file"); + } + + String replicaBindDN = cmd.getOptionValue("replica-bind-dn"); + String replicaBindPasswordFile = cmd.getOptionValue("replica-bind-password-file"); + + Integer replicaID = null; + if (cmd.hasOption("replica-id")) { + replicaID = Integer.valueOf(cmd.getOptionValue("replica-id")); + } + + initializeTomcatJSS(); + String subsystem = parent.parent.parent.getName(); + EngineConfig cs = getEngineConfig(subsystem); + cs.load(); + + PKISocketConfig socketConfig = cs.getSocketConfig(); + + logger.info("Loading {}", ldapConfigFile); + ConfigStorage masterConfigStorage = new FileConfigStorage(ldapConfigFile); + LDAPConfig ldapConfig = new LDAPConfig(masterConfigStorage); + ldapConfig.load(); + + String replicaBindPassword = Files.readAllLines(Paths.get(replicaBindPasswordFile)).get(0); + + LdapBoundConnFactory connFactory = new LdapBoundConnFactory("LDAPConfigurator"); + connFactory.init(socketConfig, ldapConfig); + LDAPConnection conn = connFactory.getConn(); + + DatabaseConfig dbConfig = cs.getDatabaseConfig(); + + try { + LDAPConfigurator configurator = new LDAPConfigurator(conn, ldapConfig); + + boolean autoGenerateReplicaID = false; + if (replicaID == null) { + // auto-generate replica ID if not provided + + // TODO: remove this mechanism in the future since + // it relies on range-based serial numbers which can + // be problematic + + autoGenerateReplicaID = true; + replicaID = dbConfig.getInteger("beginReplicaNumber", 1); + } + + boolean created = configurator.enableReplication( + replicaBindDN, + replicaBindPassword, + replicaID); + + if (created) { + replicaID++; + } + + if (autoGenerateReplicaID) { + dbConfig.putInteger("beginReplicaNumber", replicaID); + cs.commit(false); + } + + } finally { + if (conn != null) conn.disconnect(); + } + } +} diff --git a/base/server/src/main/java/org/dogtagpki/server/cli/SubsystemDBReplicationSetupCLI.java b/base/server/src/main/java/org/dogtagpki/server/cli/SubsystemDBReplicationSetupCLI.java deleted file mode 100644 index 96108a76589..00000000000 --- a/base/server/src/main/java/org/dogtagpki/server/cli/SubsystemDBReplicationSetupCLI.java +++ /dev/null @@ -1,238 +0,0 @@ -// -// Copyright Red Hat, Inc. -// -// SPDX-License-Identifier: GPL-2.0-or-later -// -package org.dogtagpki.server.cli; - -import org.apache.commons.cli.CommandLine; -import org.dogtagpki.cli.CLI; -import org.dogtagpki.util.logging.PKILogger; -import org.dogtagpki.util.logging.PKILogger.LogLevel; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.netscape.cms.servlet.csadmin.LDAPConfigurator; -import com.netscape.cmscore.apps.DatabaseConfig; -import com.netscape.cmscore.apps.EngineConfig; -import com.netscape.cmscore.base.ConfigStorage; -import com.netscape.cmscore.base.ConfigStore; -import com.netscape.cmscore.base.FileConfigStorage; -import com.netscape.cmscore.ldapconn.LDAPAuthenticationConfig; -import com.netscape.cmscore.ldapconn.LDAPConfig; -import com.netscape.cmscore.ldapconn.LDAPConnectionConfig; -import com.netscape.cmscore.ldapconn.LdapBoundConnFactory; -import com.netscape.cmscore.ldapconn.PKISocketConfig; -import com.netscape.cmsutil.ldap.LDAPUtil; -import com.netscape.cmsutil.password.PasswordStore; -import com.netscape.cmsutil.password.PasswordStoreConfig; - -import netscape.ldap.LDAPConnection; - -/** - * @author Endi S. Dewata - */ -public class SubsystemDBReplicationSetupCLI extends SubsystemCLI { - - public static Logger logger = LoggerFactory.getLogger(SubsystemDBReplicationSetupCLI.class); - - public SubsystemDBReplicationSetupCLI(CLI parent) { - super("setup", "Set up " + parent.parent.parent.getName().toUpperCase() + " database replication", parent); - } - - @Override - public void createOptions() { - - options.addOption(null, "master-config", true, "Master configuration file"); - options.addOption(null, "master-replication-port", true, "Master replication port"); - options.addOption(null, "replica-replication-port", true, "Replica replication port"); - options.addOption(null, "replication-security", true, "Replication security: SSL, TLS, None"); - - options.addOption("v", "verbose", false, "Run in verbose mode."); - options.addOption(null, "debug", false, "Run in debug mode."); - options.addOption(null, "help", false, "Show help message."); - } - - @Override - public void execute(CommandLine cmd) throws Exception { - - if (cmd.hasOption("debug")) { - PKILogger.setLevel(LogLevel.DEBUG); - - } else if (cmd.hasOption("verbose")) { - PKILogger.setLevel(LogLevel.INFO); - } - - String masterConfigFile = cmd.getOptionValue("master-config"); - - if (masterConfigFile == null) { - throw new Exception("Missing master configuration file"); - } - - String masterReplicationPort = cmd.getOptionValue("master-replication-port"); - String replicaReplicationPort = cmd.getOptionValue("replica-replication-port"); - String replicationSecurity = cmd.getOptionValue("replication-security"); - - initializeTomcatJSS(); - String subsystem = parent.parent.parent.getName(); - EngineConfig cs = getEngineConfig(subsystem); - cs.load(); - - logger.info("Loading {}", masterConfigFile); - ConfigStorage masterStorage = new FileConfigStorage(masterConfigFile); - ConfigStore masterConfig = new ConfigStore(masterStorage); - masterConfig.load(); - - PasswordStoreConfig psc = cs.getPasswordStoreConfig(); - PasswordStore passwordStore = PasswordStore.create(psc); - - setupReplication( - cs, - passwordStore, - masterConfig, - masterReplicationPort, - replicaReplicationPort, - replicationSecurity); - - cs.commit(false); - } - - public void setupReplication( - EngineConfig cs, - PasswordStore passwordStore, - ConfigStore masterConfig, - String masterReplicationPort, - String replicaReplicationPort, - String replicationSecurity) throws Exception { - - String hostname = cs.getHostname(); - String instanceID = cs.getInstanceID(); - - PKISocketConfig socketConfig = cs.getSocketConfig(); - - LDAPConfig ldapConfig = cs.getInternalDBConfig(); - LDAPConnectionConfig replicaConnConfig = ldapConfig.getConnectionConfig(); - String replicaPort = replicaConnConfig.getString("port", ""); - - if (replicaReplicationPort == null || replicaReplicationPort.equals("")) { - replicaReplicationPort = replicaPort; - } - - LdapBoundConnFactory ldapFactory = new LdapBoundConnFactory("LDAPConfigurator"); - ldapFactory.init(socketConfig, ldapConfig, passwordStore); - - LDAPConnection conn = ldapFactory.getConn(); - LDAPConfigurator ldapConfigurator = new LDAPConfigurator(conn, ldapConfig, instanceID); - - try { - LDAPConfig masterDBConfig = masterConfig.getSubStore("internaldb", LDAPConfig.class); - LDAPConnectionConfig masterConnConfig = masterDBConfig.getConnectionConfig(); - String masterPort = masterConnConfig.getString("port", ""); - - if (masterReplicationPort == null || masterReplicationPort.equals("")) { - masterReplicationPort = masterPort; - } - - String masterReplicationPassword = masterConfig.getString("internaldb.replication.password", ""); - String replicaReplicationPassword = passwordStore.getPassword("replicationdb", 0); - - // Set master LDAP password (if it exists) temporarily in password store - // in case it is needed for replication. Not stored in password.conf. - - LDAPAuthenticationConfig masterAuthConfig = masterDBConfig.getAuthenticationConfig(); - String masterPassword = masterAuthConfig.getString("password", ""); - - if (!masterPassword.equals("")) { - masterAuthConfig.putString("bindPWPrompt", "master_internaldb"); - passwordStore.putPassword("master_internaldb", masterPassword); - passwordStore.commit(); - } - - LdapBoundConnFactory masterFactory = new LdapBoundConnFactory("MasterLDAPConfigurator"); - masterFactory.init(socketConfig, masterDBConfig, passwordStore); - - LDAPConnection masterConn = masterFactory.getConn(); - LDAPConfigurator masterConfigurator = new LDAPConfigurator(masterConn, masterDBConfig); - - try { - String masterAgreementName = "masterAgreement1-" + hostname + "-" + instanceID; - String replicaAgreementName = "cloneAgreement1-" + hostname + "-" + instanceID; - - String masterBindUser = "Replication Manager " + masterAgreementName; - String replicaBindUser = "Replication Manager " + replicaAgreementName; - - String masterBindDN = "cn=" + LDAPUtil.escapeRDNValue(masterBindUser) + ",ou=csusers,cn=config"; - String replicaBindDN = "cn=" + LDAPUtil.escapeRDNValue(replicaBindUser) + ",ou=csusers,cn=config"; - - DatabaseConfig dbConfig = cs.getDatabaseConfig(); - int beginReplicaNumber = dbConfig.getInteger("beginReplicaNumber", 1); - int endReplicaNumber = dbConfig.getInteger("endReplicaNumber", 100); - logger.info("Current replica number range: " + beginReplicaNumber + "-" + endReplicaNumber); - - beginReplicaNumber = enableReplication( - masterConfigurator, - ldapConfigurator, - masterBindDN, - replicaBindDN, - masterReplicationPassword, - replicaReplicationPassword, - beginReplicaNumber); - - logger.info("New replica number range: " + beginReplicaNumber + "-" + endReplicaNumber); - dbConfig.putString("beginReplicaNumber", Integer.toString(beginReplicaNumber)); - - } finally { - if (masterConn != null) masterConn.disconnect(); - } - - // remove master ldap password from password.conf (if present) - - if (!masterPassword.equals("")) { - String passwordFile = cs.getPasswordFile(); - ConfigStorage storage = new FileConfigStorage(passwordFile); - ConfigStore passwords = new ConfigStore(storage); - passwords.load(); - passwords.remove("master_internaldb"); - passwords.commit(false); - } - - } finally { - if (conn != null) conn.disconnect(); - } - } - - public int enableReplication( - LDAPConfigurator masterConfigurator, - LDAPConfigurator replicaConfigurator, - String masterBindDN, - String replicaBindDN, - String masterReplicationPassword, - String replicaReplicationPassword, - int replicaID) - throws Exception { - - logger.info("Enabling replication on master"); - - boolean created = masterConfigurator.enableReplication( - masterBindDN, - masterReplicationPassword, - replicaID); - - if (created) { - replicaID++; - } - - logger.info("Enabling replication on replica"); - - created = replicaConfigurator.enableReplication( - replicaBindDN, - replicaReplicationPassword, - replicaID); - - if (created) { - replicaID++; - } - - return replicaID; - } -}