URL: https://github.com/freeipa/freeipa/pull/1282 Author: rcritten Title: #1282: Log contents of config files when updating/writing them Action: opened
PR body: """ This was originally going to be a PR to log the contents of default.conf for debugging purposes, mostly for replicas where in DL1 it gets written several times. Given that other config files like nsswitch.conf also use the same functions we get even more output as an extra benefit. The file sizes are currently not that big so it doesn't bloat the logs too much IMHO. One patch adds the logging and the other patch changes the server installer to use the configuration writing too rather than manually creating the file. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1282/head:pr1282 git checkout pr1282
From d1a6cd66fc507f5562753be9b2bf7dd7c8d8ac7c Mon Sep 17 00:00:00 2001 From: Rob Crittenden <rcrit...@redhat.com> Date: Thu, 9 Nov 2017 17:49:27 -0500 Subject: [PATCH 1/2] Don't manually generate default.conf in server, use IPAChangeConf Related: https://pagure.io/freeipa/issue/7218 Signed-off-by: Rob Crittenden <rcrit...@redhat.com> --- ipaserver/install/server/install.py | 53 ++++++++++++++++++++++++++----------- 1 file changed, 37 insertions(+), 16 deletions(-) diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py index fc76f540ee..4f86b5c40f 100644 --- a/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py @@ -15,6 +15,7 @@ import six +from ipaclient.install.ipachangeconf import IPAChangeConf from ipalib.install import certmonger, sysrestore from ipapython import ipautil from ipapython.ipautil import ( @@ -582,24 +583,44 @@ def install_check(installer): # Create the management framework config file and finalize api target_fname = paths.IPA_DEFAULT_CONF - fd = open(target_fname, "w") - fd.write("[global]\n") - fd.write("host=%s\n" % host_name) - fd.write("basedn=%s\n" % ipautil.realm_to_suffix(realm_name)) - fd.write("realm=%s\n" % realm_name) - fd.write("domain=%s\n" % domain_name) - fd.write("xmlrpc_uri=https://%s/ipa/xml\n"; % format_netloc(host_name)) - fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % - installutils.realm_to_serverid(realm_name)) + ipaconf = IPAChangeConf("IPA Server Install") + ipaconf.setOptionAssignment(" = ") + ipaconf.setSectionNameDelimiters(("[", "]")) + + xmlrpc_uri = 'https://{0}/ipa/xml'.format( + ipautil.format_netloc(host_name)) + ldapi_uri = 'ldapi://%2fvar%2frun%2fslapd-{0}.socket\n'.format( + installutils.realm_to_serverid(realm_name)) + + # [global] section + gopts = [ + ipaconf.setOption('host', host_name), + ipaconf.setOption('basedn', ipautil.realm_to_suffix(realm_name)), + ipaconf.setOption('realm', realm_name), + ipaconf.setOption('domain', domain_name), + ipaconf.setOption('xmlrpc_uri', xmlrpc_uri), + ipaconf.setOption('ldap_uri', ldapi_uri), + ipaconf.setOption('mode', 'production') + ] + if setup_ca: - fd.write("enable_ra=True\n") - fd.write("ra_plugin=dogtag\n") - fd.write("dogtag_version=10\n") + gopts.extend([ + ipaconf.setOption('enable_ra', 'True'), + ipaconf.setOption('ra_plugin', 'dogtag'), + ipaconf.setOption('dogtag_version', '10') + ]) else: - fd.write("enable_ra=False\n") - fd.write("ra_plugin=none\n") - fd.write("mode=production\n") - fd.close() + gopts.extend([ + ipaconf.setOption('enable_ra', 'False'), + ipaconf.setOption('ra_plugin', 'None') + ]) + + opts = [ + ipaconf.setSection('global', gopts), + {'name': 'empty', 'type': 'empty'} + ] + + ipaconf.newConf(target_fname, opts) # Must be readable for everyone os.chmod(target_fname, 0o644) From b1e8b55350517a8f2df0aa1b685d8406f1b03558 Mon Sep 17 00:00:00 2001 From: Rob Crittenden <rcrit...@redhat.com> Date: Thu, 9 Nov 2017 17:50:45 -0500 Subject: [PATCH 2/2] Log contents of files created or modified by IPAChangeConf This will show the status of the files during an installation. This is particularly important during a replica install where default.conf gets written several times. Fixes: https://pagure.io/freeipa/issue/7218 Signed-off-by: Rob Crittenden <rcrit...@redhat.com> --- ipaclient/install/ipachangeconf.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ipaclient/install/ipachangeconf.py b/ipaclient/install/ipachangeconf.py index 610cd50115..384f69038c 100644 --- a/ipaclient/install/ipachangeconf.py +++ b/ipaclient/install/ipachangeconf.py @@ -19,6 +19,7 @@ # import fcntl +import logging import os import shutil @@ -27,6 +28,8 @@ if six.PY3: unicode = str +logger = logging.getLogger(__name__) + def openLocked(filename, perms): fd = -1 try: @@ -506,6 +509,8 @@ def changeConf(self, file, newopts): f.close() except IOError: pass + logger.debug("Updating configuration file {}".format(file)) + logger.debug(output) return True def newConf(self, file, options, file_perms=0o644): @@ -541,6 +546,8 @@ def newConf(self, file, options, file_perms=0o644): f.close() except IOError: pass + logger.debug("Writing configuration file {}".format(file)) + logger.debug(output) return True @staticmethod
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
