From ddbca1cde6e1f1f0a362506527322383c4dd5685 Mon Sep 17 00:00:00 2001 From: Matthieu Patou Date: Tue, 6 Mar 2012 21:44:45 -0800 Subject: s4-upgradeprovision: Add options to do a DB backup only and not to fix acls in sysvol --- source4/scripting/bin/upgradeprovision | 43 ++++++++++++++++++++-------------- 1 file changed, 26 insertions(+), 17 deletions(-) diff --git a/source4/scripting/bin/upgradeprovision b/source4/scripting/bin/upgradeprovision index 7003717b4e..4986f8ad0c 100755 --- a/source4/scripting/bin/upgradeprovision +++ b/source4/scripting/bin/upgradeprovision @@ -161,8 +161,12 @@ parser.add_option("--debugall", action="store_true", help="Print all available information (very verbose)") parser.add_option("--resetfileacl", action="store_true", help="Force a reset on filesystem acls in sysvol / netlogon share") +parser.add_option("--nontaclfix", action="store_true", + help="In full upgrade mode do not try to upgrade sysvol / netlogon acls") parser.add_option("--fixntacl", action="store_true", help="Only fix NT ACLs in sysvol / netlogon share") +parser.add_option("--db_backup_only", action="store_true", + help="Do the backup of the database in the provision, skip the sysvol / netlogon shares") parser.add_option("--full", action="store_true", help="Perform full upgrade of the samdb (schema, configuration, new objects, ...") @@ -1464,14 +1468,15 @@ def update_samdb(ref_samdb, samdb, names, provisionUSNs, schema, prereloadfunc): return 0 -def backup_provision(paths, dir): +def backup_provision(paths, dir, only_db): """This function backup the provision files so that a rollback is possible :param paths: Paths to different objects :param dir: Directory where to store the backup + :param only_db: Skip sysvol for users with big sysvol """ - if paths.sysvol: + if paths.sysvol and not only_db: copytree_with_xattrs(paths.sysvol, os.path.join(dir, "sysvol")) shutil.copy2(paths.samdb, dir) shutil.copy2(paths.secrets, dir) @@ -1649,6 +1654,9 @@ def sync_calculated_attributes(samdb, names): if __name__ == '__main__': global defSDmodified defSDmodified = False + + if opts.nontaclfix and opts.fixntacl: + message(SIMPLE, "nontaclfix and fixntacl are mutally exclusive") # From here start the big steps of the program # 1) First get files paths paths = get_paths(param, smbconf=smbconf) @@ -1662,7 +1670,7 @@ if __name__ == '__main__': ldbs = get_ldbs(paths, creds, session, lp) backupdir = tempfile.mkdtemp(dir=paths.private_dir, prefix="backupprovision") - backup_provision(paths, backupdir) + backup_provision(paths, backupdir, opts.db_backup_only) try: ldbs.startTransactions() @@ -1889,20 +1897,21 @@ if __name__ == '__main__': update_provision_usn(ldbs.sam, minUSN, maxUSN, names.invocation) if opts.full and (names.policyid is None or names.policyid_dc is None): update_policyids(names, ldbs.sam) - if opts.full or opts.resetfileacl or opts.fixntacl: - try: - update_gpo(paths, ldbs.sam, names, lp, message, 1) - except ProvisioningError, e: - message(ERROR, "The policy for domain controller is missing. " - "You should restart upgradeprovision with --full") - except IOError, e: - message(ERROR, "Setting ACL not supported on your filesystem") - else: - try: - update_gpo(paths, ldbs.sam, names, lp, message, 0) - except ProvisioningError, e: - message(ERROR, "The policy for domain controller is missing. " - "You should restart upgradeprovision with --full") + if opts.nontaclfix: + if opts.full or opts.resetfileacl or opts.fixntacl: + try: + update_gpo(paths, ldbs.sam, names, lp, message, 1) + except ProvisioningError, e: + message(ERROR, "The policy for domain controller is missing. " + "You should restart upgradeprovision with --full") + except IOError, e: + message(ERROR, "Setting ACL not supported on your filesystem") + else: + try: + update_gpo(paths, ldbs.sam, names, lp, message, 0) + except ProvisioningError, e: + message(ERROR, "The policy for domain controller is missing. " + "You should restart upgradeprovision with --full") if not opts.fixntacl: ldbs.groupedCommit() new_ldbs.groupedCommit() -- cgit