On Tue, 2011-09-13 at 15:08 +0200, Martin Kosek wrote: > On Tue, 2011-09-13 at 15:11 +0300, Alexander Bokovoy wrote: > > On Thu, 08 Sep 2011, Alexander Bokovoy wrote: > > > > > On Wed, 07 Sep 2011, Stephen Gallagher wrote: > > > > > > > On Wed, 2011-09-07 at 16:15 +0300, Alexander Bokovoy wrote: > > > > > Hi! > > > > > > > > > > When modifying SSSD configuration, attempt to add new domain rather > > > > > than replacing whole configuration file. > > > > > > > > > > Only replace file in case it is impossible to parse it by current > > > > > SSSD > > > > > version. > > > > > > > > > > https://fedorahosted.org/freeipa/ticket/1750 > > > > > > > > Looks good to me. Ack. > > > Unfortunately, there is a bug in libini_config that prevents modifying > > > existing sssd configuration as it becomes unreadable by libini_config. > > > > > > https://fedorahosted.org/sssd/ticket/991 > > > > > > I would suggest to postpone this patch until libini_config bug is > > > fixed and released. > > After some research it appears there is no issue with libini_config, > > SSSD happily reads configs amended by ipa-client-install, with or > > without empty line between sections. > > > > The issue Marko was seeing in SSSD991 or FreeIPA1174 is unrelated to > > this change. It is an issue of timing -- by time we ask for 'getent > > passwd admin', SSSD might have not started its providers. We are > > trying to wait 1 second and do re-try for 5 times but some people have > > experienced delays up to 10 seconds. > > > > So this patch is unblocked. To solve delayed data initialization from > > SSSD in NSS responder we might simply increase number of tries to 10 > > in case SSSD is in use. > > > > > > That sounds good. I made few tests of this patch and I still see a > problem here. What if, for any reason, sssd.conf is not present on the > machine? IPA client installation then crashes: > > # ipa-client-install --server vm-139.idm.lab.bos.redhat.com --domain > idm.lab.bos.redhat.com > DNS domain 'idm.lab.bos.redhat.com' is not configured for automatic KDC > address lookup. > KDC address will be set to fixed value. > > Discovery was successful! > Hostname: vm-027.idm.lab.bos.redhat.com > Realm: IDM.LAB.BOS.REDHAT.COM > DNS Domain: idm.lab.bos.redhat.com > IPA Server: vm-139.idm.lab.bos.redhat.com > BaseDN: dc=idm,dc=lab,dc=bos,dc=redhat,dc=com > > > Continue to configure the system with these values? [no]: y > User authorized to enroll computers: admin > Password for ad...@idm.lab.bos.redhat.com: > > Enrolled in IPA realm IDM.LAB.BOS.REDHAT.COM > Created /etc/ipa/default.conf > Traceback (most recent call last): > File "/usr/sbin/ipa-client-install", line 1144, in <module> > sys.exit(main()) > File "/usr/sbin/ipa-client-install", line 1133, in main > rval = install(options, env, fstore, statestore) > File "/usr/sbin/ipa-client-install", line 977, in install > if configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, > options): > File "/usr/sbin/ipa-client-install", line 600, in configure_sssd_conf > sssdconfig.import_config() > File "/usr/lib/python2.7/site-packages/SSSDConfig.py", line 1207, in > import_config > fd = open(configfile, 'r') > IOError: [Errno 2] No such file or directory: '/etc/sssd/sssd.conf'
ipa-client-install should be trapping this error and calling SSSDConfig.new_config() to create a blank configuration.
Description: This is a digitally signed message part
_______________________________________________ Freeipa-devel mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-devel