URL: https://github.com/freeipa/freeipa/pull/5577 Author: flo-renaud Title: #5577: [Backport][ipa-4-9] Reduce confusing output when CA fails to deploy Action: opened
PR body: """ This PR was opened automatically because PR #5542 was pushed to master and backport to ipa-4-9 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5577/head:pr5577 git checkout pr5577
From 0e7e014e1dd8bf2818b9c8d101361fbb9dfc760d Mon Sep 17 00:00:00 2001 From: Rob Crittenden <rcrit...@redhat.com> Date: Thu, 11 Feb 2021 16:46:25 -0500 Subject: [PATCH 1/2] Suppress error message if the CRL directory doesn't exist If the CA fails to deploy then the CRL directory will not exist but will report an error that it has failed to be removed. There is no need to try to navigate a directory if it doesn't exist. Related: https://pagure.io/freeipa/issue/8565 Signed-off-by: Rob Crittenden <rcrit...@redhat.com> --- ipaserver/install/cainstance.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 0ee647fd57f..cd21c80eb85 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -231,6 +231,9 @@ def get_crl_files(path=None): if path is None: path = paths.PKI_CA_PUBLISH_DIR + if not os.path.exists(path): + return + files = os.listdir(path) for f in files: if f == "MasterCRL.bin": From e74e4aca83c9fd0ed6b36cde373e6e10cb35f239 Mon Sep 17 00:00:00 2001 From: Rob Crittenden <rcrit...@redhat.com> Date: Thu, 11 Feb 2021 16:51:10 -0500 Subject: [PATCH 2/2] Don't double-report any errors from pki-spawn failures The output from pki-spawn is already displayed to the user as well as a short traceback so re-displaying the CalledProcess error provides no value and only provokes confusion, particularly because it is condensed and includes embedded newlines. Re-raise the exception from None so that the traceback is removed and while there is still an immense traceback from the admintool class it is significantly shorter than before and removes: "During handling of the above exception, another exception occurred" The handling is in fact expected. This changes the user-facing installer output from: [1/28]: configuring certificate server instance Failed to configure CA instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmpr5x2l0gm', '--debug'] returned non-zero exit status 1: 'INFO: Connecting to LDAP server at ldap://ipa.example.test:389\nINFO: Connecting to LDAP server at ldap://ipa.example.test:389\nDEBUG: Installing Maven dependencies: False\nERROR: KeyError: \'CA\'\n File "/usr/lib/python3.9/site-packages/pki/server/pkispawn.py", line 575, in main\n raise KeyError(\'CA\')\n\n') See the installation logs and the following files/directories for more information: /var/log/pki/pki-tomcat [error] RuntimeError: CA configuration failed. CA configuration failed. The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information to [1/28]: configuring certificate server instance Failed to configure CA instance See the installation logs and the following files/directories for more information: /var/log/pki/pki-tomcat [error] RuntimeError: CA configuration failed. CA configuration failed. The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information The output is similarly reduced in the installer log. There is no reason to acknowledge that a CalledProcessError was raised since the output is already available and it's just an intermediary. Hopefully this will encourage users to focus on the logs rather than the malformed traceback. https://pagure.io/freeipa/issue/8565 Signed-off-by: Rob Crittenden <rcrit...@redhat.com> --- ipaserver/install/dogtaginstance.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py index 1169c448ff4..eb2d83181d9 100644 --- a/ipaserver/install/dogtaginstance.py +++ b/ipaserver/install/dogtaginstance.py @@ -520,13 +520,15 @@ def get_admin_cert(self): return admin_cert def handle_setup_error(self, e): - logger.critical("Failed to configure %s instance: %s", - self.subsystem, e) + logger.critical("Failed to configure %s instance", + self.subsystem) logger.critical("See the installation logs and the following " "files/directories for more information:") logger.critical(" %s", paths.TOMCAT_TOPLEVEL_DIR) - raise RuntimeError("%s configuration failed." % self.subsystem) + raise RuntimeError( + "%s configuration failed." % self.subsystem + ) from None def add_ipaca_aci(self): """Add ACI to allow ipaca users to read their own group information
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
