[PATCH] make samba-tool aware of all 7 fsmo roles
Rowland Penny
repenny241155 at gmail.com
Wed May 20 05:21:23 MDT 2015
On 20/05/15 08:11, Stefan (metze) Metzmacher wrote:
> Hi Rowland,
>
>> It will via 'samba-tool fsmo show' display the 7 roles, the well known 5
>> and the 2 dns ones
>> It will transfer any or all of the roles (it actually seizes the 2 dns
>> roles, this seems to be the only way to do it)
>> it will seize all of the roles.
> Thank you very much for working on this!
>
> This should be able to fix https://bugzilla.samba.org/show_bug.cgi?id=10734
>
>> From b1d6a6de51666b40a794512ed7e6e495a2aca319 Mon Sep 17 00:00:00 2001
>> From: Rowland Penny <repenny241155 at gmail.com>
>> Date: Tue, 19 May 2015 17:02:02 +0100
>> Subject: [PATCH 2/2] make samba-tool aware of all 7 fsmo roles Signed-off-by:
>> Rowland Penny <repenny241155 at gmail.com>
> Can you change the commit message to this:
>
> samba-tool: make 'samba-tool fsmo *' aware of all 7 fsmo roles
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=10734
>
> Signed-off-by: Rowland Penny <repenny241155 at gmail.com>
Hi Stefan,
Done
>
>> ---
>> python/samba/netcmd/fsmo.py | 58 +++++++++++++++++++++++++++++++++++++++----
>> 1 file changed, 53 insertions(+), 5 deletions(-)
>>
>> diff --git a/python/samba/netcmd/fsmo.py b/python/samba/netcmd/fsmo.py
>> index 1bc4a96..326d9ce 100644
>> --- a/python/samba/netcmd/fsmo.py
>> +++ b/python/samba/netcmd/fsmo.py
>> @@ -50,6 +50,7 @@ def transfer_role(outf, role, samdb):
>> m["becomeDomainMaster"]= ldb.MessageElement(
>> "1", ldb.FLAG_MOD_REPLACE,
>> "becomeDomainMaster")
>> + samdb.modify(m)
>> elif role == "infrastructure":
>> m["becomeInfrastructureMaster"]= ldb.MessageElement(
>> "1", ldb.FLAG_MOD_REPLACE,
> Why this hunk? samdb.modify(m) is called further down.
>
> This seems to revert the patch from
> https://bugzilla.samba.org/show_bug.cgi?id=10924
OOPS, missed that bug report (and the line that shouldn't be there), I
was also working from an earlier version of fsmo.py and just cut &
pasted the entire file over the original, won't do that again.
>
>> @@ -58,6 +59,26 @@ def transfer_role(outf, role, samdb):
>> m["becomeSchemaMaster"]= ldb.MessageElement(
>> "1", ldb.FLAG_MOD_REPLACE,
>> "becomeSchemaMaster")
>> + elif role == "domaindns":
>> + # this would work in the same way as the infrastructure role if the schema allowed it
>> + # but it doesn't, so will have to sieze
> Can you explain this a bit?
> What is this different (in detail)?
To tranfer the main 5 roles, you just create an attribute called
'become****' containing '1' in the DN that you want to transfer i.e.
create 'becomeRidMaster: 1' to transfer the RIDMaster role. There isn't
a 'become****' attribute for the two dns roles (or at least I cannot
find them and believe me, I tried), so it seems the only way to change
them is to seize them.
>
>> + domain_dn = samdb.domain_dn()
>> + domaindns_dn = "CN=Infrastructure,DC=DomainDnsZones," + domain_dn
> As the dns zones are optional, we should check they exist and give
> a proper error/warning message if we don't find them.
>
> That applies also to the other hunks below.
Hopefully the changes I have made will cover what you asked for.
>
>> + m.dn = ldb.Dn(samdb, domaindns_dn)
>> + dro = samdb.get_dsServiceName()
>> + m["fSMORoleOwner"]= ldb.MessageElement(
>> + "%s" % dro, ldb.FLAG_MOD_REPLACE,
>> + "fSMORoleOwner")
>> + elif role == "forestdns":
>> + # this would work in the same way as the infrastructure role if the schema allowed it
>> + # but it doesn't, so will have to sieze
>> + domain_dn = samdb.domain_dn()
>> + forestdns_dn = "CN=Infrastructure,DC=ForestDnsZones," + domain_dn
>> + m.dn = ldb.Dn(samdb, forestdns_dn)
>> + fro = samdb.get_dsServiceName()
>> + m["fSMORoleOwner"]= ldb.MessageElement(
>> + "%s" % fro, ldb.FLAG_MOD_REPLACE,
>> + "fSMORoleOwner")
>> else:
>> raise CommandError("Invalid FSMO role.")
>> try:
>> @@ -66,7 +87,6 @@ def transfer_role(outf, role, samdb):
>> raise CommandError("Failed to initiate transfer of '%s' role: %s" % (role, msg))
>> outf.write("FSMO transfer of '%s' role successful\n" % role)
>>
>> -
>> class cmd_fsmo_seize(Command):
>> """Seize the role."""
> I think we should leave the empty line above...
Line left in :-)
see latest attached patch
Rowland
>> @@ -82,13 +102,15 @@ class cmd_fsmo_seize(Command):
>> Option("-H", "--URL", help="LDB URL for database or target server", type=str,
>> metavar="URL", dest="H"),
>> Option("--force", help="Force seizing of the role without attempting to transfer first.", action="store_true"),
>> - Option("--role", type="choice", choices=["rid", "pdc", "infrastructure","schema","naming","all"],
>> + Option("--role", type="choice", choices=["rid", "pdc", "infrastructure","schema","naming","domaindns","forestdns","all"],
>> help="""The FSMO role to seize or transfer.\n
>> rid=RidAllocationMasterRole\n
>> schema=SchemaMasterRole\n
>> pdc=PdcEmulationMasterRole\n
>> naming=DomainNamingMasterRole\n
>> infrastructure=InfrastructureMasterRole\n
>> +domaindns=DomainDnsZonesMasterRole\n
>> +forestdns=ForestDnsZonesMasterRole\n
>> all=all of the above"""),
>> ]
>>
>> @@ -104,6 +126,8 @@ all=all of the above"""),
>> self.naming_dn = "CN=Partitions,%s" % samdb.get_config_basedn()
>> self.schema_dn = str(samdb.get_schema_basedn())
>> self.rid_dn = "CN=RID Manager$,CN=System," + domain_dn
>> + self.domaindns_dn = "CN=Infrastructure,DC=DomainDnsZones," + domain_dn
>> + self.forestdns_dn = "CN=Infrastructure,DC=ForestDnsZones," + domain_dn
>>
>> m = ldb.Message()
>> if role == "rid":
>> @@ -116,6 +140,10 @@ all=all of the above"""),
>> m.dn = ldb.Dn(samdb, self.infrastructure_dn)
>> elif role == "schema":
>> m.dn = ldb.Dn(samdb, self.schema_dn)
>> + elif role == "domaindns":
>> + m.dn = ldb.Dn(samdb, self.domaindns_dn)
>> + elif role == "forestdns":
>> + m.dn = ldb.Dn(samdb, self.forestdns_dn)
>> else:
>> raise CommandError("Invalid FSMO role.")
>> #first try to transfer to avoid problem if the owner is still active
>> @@ -155,6 +183,8 @@ all=all of the above"""),
>> self.seize_role("naming", samdb, force)
>> self.seize_role("infrastructure", samdb, force)
>> self.seize_role("schema", samdb, force)
>> + self.seize_role("domaindns", samdb, force)
>> + self.seize_role("forestdns", samdb, force)
>> else:
>> self.seize_role(role, samdb, force)
>>
>> @@ -189,6 +219,8 @@ class cmd_fsmo_show(Command):
>> self.naming_dn = "CN=Partitions,%s" % samdb.get_config_basedn()
>> self.schema_dn = samdb.get_schema_basedn()
>> self.rid_dn = "CN=RID Manager$,CN=System," + domain_dn
>> + self.domaindns_dn = "CN=Infrastructure,DC=DomainDnsZones," + domain_dn
>> + self.forestdns_dn = "CN=Infrastructure,DC=ForestDnsZones," + domain_dn
>>
>> res = samdb.search(self.infrastructure_dn,
>> scope=ldb.SCOPE_BASE, attrs=["fSMORoleOwner"])
>> @@ -215,12 +247,23 @@ class cmd_fsmo_show(Command):
>> assert len(res) == 1
>> self.ridMaster = res[0]["fSMORoleOwner"][0]
>>
>> + res = samdb.search(self.domaindns_dn,
>> + scope=ldb.SCOPE_BASE, attrs=["fSMORoleOwner"])
>> + assert len(res) == 1
>> + self.domaindnszonesMaster = res[0]["fSMORoleOwner"][0]
>> +
>> + res = samdb.search(self.forestdns_dn,
>> + scope=ldb.SCOPE_BASE, attrs=["fSMORoleOwner"])
>> + assert len(res) == 1
>> + self.forestdnszonesMaster = res[0]["fSMORoleOwner"][0]
>> +
>> + self.message("SchemaMasterRole owner: " + self.schemaMaster)
>> self.message("InfrastructureMasterRole owner: " + self.infrastructureMaster)
>> self.message("RidAllocationMasterRole owner: " + self.ridMaster)
>> self.message("PdcEmulationMasterRole owner: " + self.pdcEmulator)
>> self.message("DomainNamingMasterRole owner: " + self.namingMaster)
>> - self.message("SchemaMasterRole owner: " + self.schemaMaster)
>> -
>> + self.message("DomainDnsZonesMasterRole owner: " + self.domaindnszonesMaster)
>> + self.message("ForestDnsZonesMasterRole owner: " + self.forestdnszonesMaster)
>>
>> class cmd_fsmo_transfer(Command):
>> """Transfer the role."""
>> @@ -236,13 +279,15 @@ class cmd_fsmo_transfer(Command):
>> takes_options = [
>> Option("-H", "--URL", help="LDB URL for database or target server", type=str,
>> metavar="URL", dest="H"),
>> - Option("--role", type="choice", choices=["rid", "pdc", "infrastructure","schema","naming","all"],
>> + Option("--role", type="choice", choices=["rid","pdc","infrastructure","schema","naming","domaindns","forestdns","all"],
>> help="""The FSMO role to seize or transfer.\n
>> rid=RidAllocationMasterRole\n
>> schema=SchemaMasterRole\n
>> pdc=PdcEmulationMasterRole\n
>> naming=DomainNamingMasterRole\n
>> infrastructure=InfrastructureMasterRole\n
>> +domaindns=DomainDnsZonesMasterRole\n
>> +forestdns=ForestDnsZonesMasterRole\n
>> all=all of the above"""),
>> ]
>>
>> @@ -263,6 +308,8 @@ all=all of the above"""),
>> transfer_role(self.outf, "naming", samdb)
>> transfer_role(self.outf, "infrastructure", samdb)
>> transfer_role(self.outf, "schema", samdb)
>> + transfer_role(self.outf, "domaindns", samdb)
>> + transfer_role(self.outf, "forestdns", samdb)
>> else:
>> transfer_role(self.outf, role, samdb)
>>
>> @@ -274,3 +321,4 @@ class cmd_fsmo(SuperCommand):
>> subcommands["seize"] = cmd_fsmo_seize()
>> subcommands["show"] = cmd_fsmo_show()
>> subcommands["transfer"] = cmd_fsmo_transfer()
>> +
> This extra line is also not needed...
>
> Thanks!
> metze
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-samba-tool-make-samba-tool-fsmo-aware-of-all-7-fsmo-.patch
Type: text/x-diff
Size: 7114 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150520/a0250844/attachment.patch>
More information about the samba-technical
mailing list