URL: https://github.com/freeipa/freeipa/pull/1664 Author: flo-renaud Title: #1664: ipa-server-install: handle error when calling kdb5_util create Action: opened
PR body: """ ipa-server-install creates the kerberos container by calling kdb5_util create -s -r $REALM -x ipa-setup-override-restrictions but does not react on failure of this command. The installer fails later when trying to create a ldap principal, and it is difficult to diagnose the root cause. The fix raises a RuntimeException when kdb5_util fails, to make sure that the installer exits immediately with a proper error message. Note: no test added because there is no easy reproducer. One would need to stop dirsrv just before calling kdb5_util to simulate a failure. https://pagure.io/freeipa/issue/7438 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1664/head:pr1664 git checkout pr1664
From 9c64e4ce1d003603b41b69ad3719e53374552e51 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud <f...@redhat.com> Date: Fri, 9 Mar 2018 11:45:57 +0100 Subject: [PATCH] ipa-server-install: handle error when calling kdb5_util create ipa-server-install creates the kerberos container by calling kdb5_util create -s -r $REALM -x ipa-setup-override-restrictions but does not react on failure of this command. The installer fails later when trying to create a ldap principal, and it is difficult to diagnose the root cause. The fix raises a RuntimeException when kdb5_util fails, to make sure that the installer exits immediately with a proper error message. Note: no test added because there is no easy reproducer. One would need to stop dirsrv just before calling kdb5_util to simulate a failure. https://pagure.io/freeipa/issue/7438 --- ipaserver/install/krbinstance.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index ee22b9e62e..034fc0b9b8 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -332,8 +332,9 @@ def __init_ipa_kdb(self): ) try: ipautil.run(args, nolog=(self.master_password,), stdin=''.join(dialogue)) - except ipautil.CalledProcessError: - print("Failed to initialize the realm container") + except ipautil.CalledProcessError as error: + logger.debug("kdb5_util failed with {}".format(error)) + raise RuntimeError("Failed to initialize kerberos container") def __configure_instance(self): self.__template_file(paths.KRB5KDC_KDC_CONF, chmod=None)
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
