Issue 466 preparation.

david_page

23.32.2007 f59ae4ad1461ea286a28405c123f01265655f2f6

Issue 466 preparation.

As part of https://opends.dev.java.net/issues/show_bug.cgi?id=466 org.opends.admin.ads.ADSContext#registerServer will add an entry for the instance key public-key certificate under 'cn=instance keys,cn=admin data'.

Conversely, the ADSContext#unregisterServer method will deprecate the instance key public-key certificate (i.e., add ds-cfg-key-deprecation-time to the key entry under cn=instance keys,cn=admin data) associated with the server.

Adding or deprecating a instance key public-key certificate entry in ADS has side effects across the ADS domain hosts. In particular, if the instance is an ADS host, each shared secret (encryption) key is wrapped in the instance's public key certificate, so on an addition, the keys are wrapped and added to ADS, while on a certificate deprecation, the keys wrapped with that certificate are deleted.

In the current implementation of org.opends.quicksetup.installer.Installer#updateADS , if the installer detects an ADS entry for the to-be-registered server, it calls ADSContext.unregisterServer then ADSContext.registerServer.  To avoid the perturbation in the ADS-based key distribution, I have replaced the unregister-register sequence with a call to ADSContext.updateServer (which does an LDAP modify replace for the attribute values in the server attribute map). This change was accomplished by calling ADSContext.registerOrUpdateServer.

The changes also include some minor code cleanup, comments, and tidying to eliminate IDEA warnings in ADSContext.

Tests:

I have run the precommit target and done some simple tests to ensure a 1) a remote standalone instance can be promoted to an ADS during an new instance creation; 2) an instance can be created as an ADS and another new instance can be created and added to that ADS; and 3) an instance already in ADS can be destroyed (without unregistering) and recreated and re-added to the ADS (the updateServer scenario). The message for that case is now:

Aug 23, 2007 11:04:05 AM org.opends.quicksetup.installer.Installer updateADS
WARNING: Server was already registered. Updating server registration.

 opends/src/ads/org/opends/admin/ads/ADSContext.java

@@ -31,7 +31,6 @@
import java.util.HashSet;
import java.util.Map;
import java.util.HashMap;
import java.util.Iterator;
import java.util.logging.Level;
import java.util.logging.Logger;

@@ -81,8 +80,8 @@
    /**
     * Boolean syntax.
     */
    BOOLEAN;
  };
    BOOLEAN
  }

  /**
   * Enumeration containing the different server properties that are stored in
@@ -165,6 +164,7 @@
    /**
     * Private constructor.
     * @param n the name of the attribute.
     * @param s the name of the syntax.
     */
    private ServerProperty(String n,ADSPropertySyntax s)
    {
@@ -189,7 +189,7 @@
    {
      return attSyntax;
    }
  };
  }

  /** Default global admin UID. */
  public static final String GLOBAL_ADMIN_UID = "admin";
@@ -269,7 +269,7 @@
    {
      return attrName;
    }
  };
  }

  /**
   * The list of server group properties that are multivalued.
@@ -310,6 +310,7 @@
    /**
     * Private constructor.
     * @param n the name of the attribute.
     * @param s the name of the syntax.
     */
    private AdministratorProperty(String n,ADSPropertySyntax s)
    {
@@ -509,11 +510,14 @@
   * if there is no server registered associated with those properties,
   * registers it and if it is already registered, updates it.
   * @param serverProperties the server properties.
   * @return 0 if the server was registered; 1 if udpated (i.e., the server
   * entry was already in ADS).
   * @throws ADSContextException if something goes wrong.
   */
  public void registerOrUpdateServer(
  public int registerOrUpdateServer(
      Map<ServerProperty, Object> serverProperties) throws ADSContextException
  {
    int result = 0;
    try
    {
      registerServer(serverProperties);
@@ -523,12 +527,14 @@
      if (x.getError() == ADSContextException.ErrorType.ALREADY_REGISTERED)
      {
        updateServer(serverProperties, null);
        result = 1;
      }
      else
      {
        throw x;
      }
    }
    return result;
  }

  /**
@@ -1253,7 +1259,6 @@
   * Returns the attributes for some server properties.
   * @param serverProperties the server properties.
   * @return the attributes for the given server properties.
   * @throws ADSContextException if something goes wrong.
   */
  private static BasicAttributes makeAttrsFromServerProperties(
      Map<ServerProperty, Object> serverProperties)
@@ -1283,8 +1288,8 @@
  /**
   * Returns the attribute for a given server property.
   * @param property the server property.
   * @param value the value.
   * @return the attribute for a given server property.
   * @throws ADSContextException if something goes wrong.
   */
  private static Attribute makeAttrFromServerProperty(ServerProperty property,
      Object value)
@@ -1295,10 +1300,8 @@
    {
    case GROUPS:
      result = new BasicAttribute(ServerProperty.GROUPS.getAttributeName());
      Iterator groupIterator = ((Set)value).iterator();
      while (groupIterator.hasNext())
      {
        result.add(groupIterator.next());
        for (Object o : ((Set) value)) {
            result.add(o);
      }
      break;
    default:
@@ -1311,7 +1314,6 @@
   * Returns the attributes for some server group properties.
   * @param serverGroupProperties the server group properties.
   * @return the attributes for the given server group properties.
   * @throws ADSContextException if something goes wrong.
   */
  private static BasicAttributes makeAttrsFromServerGroupProperties(
      Map<ServerGroupProperty, Object> serverGroupProperties)
@@ -1335,7 +1337,6 @@
   * Returns the attributes for some server group properties.
   * @param serverGroupProperties the server group properties.
   * @return the attributes for the given server group properties.
   * @throws ADSContextException if something goes wrong.
   */
  private static BasicAttributes makeAttrsFromServerGroupProperties(
      Set<ServerGroupProperty> serverGroupProperties)
@@ -1357,8 +1358,8 @@
  /**
   * Returns the attribute for a given server group property.
   * @param property the server group property.
   * @param value the value.
   * @return the attribute for a given server group property.
   * @throws ADSContextException if something goes wrong.
   */
  private static Attribute makeAttrFromServerGroupProperty(
      ServerGroupProperty property, Object value)
@@ -1370,10 +1371,8 @@
    case MEMBERS:
      result = new BasicAttribute(
          ServerGroupProperty.MEMBERS.getAttributeName());
      Iterator memberIterator = ((Set)value).iterator();
      while (memberIterator.hasNext())
      {
        result.add(memberIterator.next());
        for (Object o : ((Set) value)) {
            result.add(o);
      }
      break;
    default:
@@ -1403,7 +1402,7 @@
        {
          continue ;
        }
        Object value = null;
        Object value;

        if (attr.size() >= 1 &&
            MULTIVALUED_SERVER_GROUP_PROPERTIES.contains(prop))
@@ -1451,7 +1450,7 @@
      {
        Attribute attr = (Attribute)ne.next();
        String attrID = attr.getID();
        Object value = null;
        Object value;

        if (attrID.endsWith(";binary"))
        {
@@ -1529,7 +1528,7 @@
      while (ne.hasMore()) {
        Attribute attr = ne.next();
        String attrID = attr.getID();
        Object value = null;
        Object value;

        if (attrID.equalsIgnoreCase("cn"))
        {
@@ -1697,13 +1696,14 @@
  //
  /**
   * Returns the LdapName object for the given dn.
   * @param dn the DN.
   * @return the LdapName object for the given dn.
   * @throws ADSContextException if a valid LdapName could not be retrieved
   * for the given dn.
   */
  private static LdapName nameFromDN(String dn) throws ADSContextException
  {
    LdapName result = null;
    LdapName result;
    try
    {
      result = new LdapName(dn);
@@ -1719,6 +1719,7 @@

  /**
   * Returns the String rdn for the given search result name.
   * @param rdnName the search result name.
   * @return the String rdn for the given search result name.
   * @throws ADSContextException if a valid String rdn could not be retrieved
   * for the given result name.
@@ -1745,6 +1746,7 @@

  /**
   * Tells whether an entry with the provided DN exists.
   * @param dn the DN to check.
   * @return <CODE>true</CODE> if the entry exists and <CODE>false</CODE> if
   * it does not.
   * @throws ADSContextException if an error occurred while checking if the
@@ -1870,7 +1872,7 @@

  /**
   * Removes the administration suffix.
   * @throws ADSContextException
   * @throws ADSContextException if something goes wrong.
   */
  private void removeAdministrationSuffix() throws ADSContextException
  {

 opends/src/quicksetup/org/opends/quicksetup/installer/Installer.java

@@ -1842,9 +1842,11 @@
              getDefaultLDAPTimeout(), null);
        }

        // Check the remote server for ADS. If it does not exist, create the
        // initial ADS there. Otherwise, create a global administrator if the
        // user requested one.
        ADSContext adsContext = new ADSContext(ctx);
        boolean hasAdminData = adsContext.hasAdminData();
        if (hasAdminData)
        if (adsContext.hasAdminData())
        {
          /* Add global administrator if the user specified one. */
          if (getUserData().mustCreateAdministrator())
@@ -1889,7 +1891,8 @@
          notifyListeners(getLineBreak());
          checkAbort();
        }
        /* Configure local server to have an ADS */

        // Create an empty ADS suffix on the local server.
        notifyListeners(getFormattedWithPoints(
            INFO_PROGRESS_CREATING_ADS.get()));
        try
@@ -1904,11 +1907,28 @@
              ApplicationReturnCode.ReturnCode.CONFIGURATION_ERROR,
              failedMsg, t);
        }
        createLocalAds(localCtx, false);

        try
        {
          ADSContext localAdsContext = new ADSContext(localCtx);
          localAdsContext.createAdministrationSuffix(null);
        }
        catch (ADSContextException ace)
        {
          throw ace;
        }
        catch (Throwable t)
        {
          throw new ApplicationException(
                  ApplicationReturnCode.ReturnCode.CONFIGURATION_ERROR,
                  getThrowableMsg(INFO_BUG_MSG.get(), t), t);
        }

        notifyListeners(getFormattedDone());
        notifyListeners(getLineBreak());
        checkAbort();

        // Configure replication on remote servers hosting ADS (I guess).
        lastLoadedCache = new TopologyCache(adsContext, getTrustManager());
        lastLoadedCache.reloadTopology();
        Set<Integer> knownServerIds = new HashSet<Integer>();
@@ -1978,28 +1998,14 @@
            }
          }
        }
        /* Register new server data. */
        try

        /* Register new server in remote ADS. */
        if(0 != adsContext.registerOrUpdateServer(getNewServerAdsProperties()))
        {
          adsContext.registerServer(getNewServerAdsProperties());
          LOG.log(Level.WARNING, "Server was already registered. Updating " +
            "server registration.");
        }
          registeredNewServerOnRemote = true;
        }
        catch (ADSContextException adse)
        {
          if (adse.getError() ==
            ADSContextException.ErrorType.ALREADY_REGISTERED)
          {
            LOG.log(Level.WARNING, "Server already registered. Unregistering "+
                "and registering server");
            /* This might occur after registering and unregistering a server */
            adsContext.unregisterServer(getNewServerAdsProperties());
            adsContext.registerServer(getNewServerAdsProperties());
          }
          else
          {
            throw adse;
          }
        }

        /* Configure replication on local server */
        helper.configureReplication(localCtx, dns, hmRepServers,
@@ -2127,7 +2133,28 @@
              ApplicationReturnCode.ReturnCode.CONFIGURATION_ERROR,
              failedMsg, t);
        }
        createLocalAds(localCtx, true);

        try
        {
          ADSContext localAdsContext = new ADSContext(localCtx);
          localAdsContext.createAdminData(null);
          localAdsContext.registerServer(getNewServerAdsProperties());
          if (getUserData().mustCreateAdministrator())
          {
            localAdsContext.createAdministrator(getAdministratorProperties());
          }
        }
        catch (ADSContextException ace)
        {
          throw ace;
        }
        catch (Throwable t)
        {
          throw new ApplicationException(
                  ApplicationReturnCode.ReturnCode.CONFIGURATION_ERROR,
                  getThrowableMsg(INFO_BUG_MSG.get(), t), t);
        }

        int replicationPort =
          getUserData().getReplicationOptions().getReplicationPort();
        Set<String> dns = new HashSet<String>();
@@ -3769,38 +3796,6 @@
    return createLdapContext(ldapUrl, dn, pwd,
        getDefaultLDAPTimeout(), null);
  }
  private void createLocalAds(InitialLdapContext ctx, boolean addData)
  throws ApplicationException, ADSContextException
  {
    try
    {
      ADSContext adsContext = new ADSContext(ctx);
      if (addData)
      {
        adsContext.createAdminData(null);
        adsContext.registerServer(getNewServerAdsProperties());
        if (getUserData().mustCreateAdministrator())
        {
          adsContext.createAdministrator(getAdministratorProperties());
        }
      }
      else
      {
        adsContext.createAdministrationSuffix(null);
      }
    }
    catch (ADSContextException ace)
    {
      throw ace;
    }
    catch (Throwable t)
    {
      throw new ApplicationException(
          ApplicationReturnCode.ReturnCode.CONFIGURATION_ERROR,
              getThrowableMsg(INFO_BUG_MSG.get(), t), t);
    }
  }


  /**
   * Gets an InitialLdapContext based on the information that appears on the