On Tue, 2011-09-13 at 16:22 +0300, Alexander Bokovoy wrote: > On Tue, 13 Sep 2011, Martin Kosek wrote: > > > So this patch is unblocked. To solve delayed data initialization from > > > SSSD in NSS responder we might simply increase number of tries to 10 > > > in case SSSD is in use. > > That sounds good. I made few tests of this patch and I still see a > > problem here. What if, for any reason, sssd.conf is not present on the > > machine? IPA client installation then crashes: > > > > # ipa-client-install --server vm-139.idm.lab.bos.redhat.com --domain > > idm.lab.bos.redhat.com > > DNS domain 'idm.lab.bos.redhat.com' is not configured for automatic KDC > > address lookup. > > KDC address will be set to fixed value. > > > > Discovery was successful! > > Hostname: vm-027.idm.lab.bos.redhat.com > > Realm: IDM.LAB.BOS.REDHAT.COM > > DNS Domain: idm.lab.bos.redhat.com > > IPA Server: vm-139.idm.lab.bos.redhat.com > > BaseDN: dc=idm,dc=lab,dc=bos,dc=redhat,dc=com > > > > > > Continue to configure the system with these values? [no]: y > > User authorized to enroll computers: admin > > Password for ad...@idm.lab.bos.redhat.com: > > > > Enrolled in IPA realm IDM.LAB.BOS.REDHAT.COM > > Created /etc/ipa/default.conf > > Traceback (most recent call last): > > File "/usr/sbin/ipa-client-install", line 1144, in <module> > > sys.exit(main()) > > File "/usr/sbin/ipa-client-install", line 1133, in main > > rval = install(options, env, fstore, statestore) > > File "/usr/sbin/ipa-client-install", line 977, in install > > if configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, > > options): > > File "/usr/sbin/ipa-client-install", line 600, in configure_sssd_conf > > sssdconfig.import_config() > > File "/usr/lib/python2.7/site-packages/SSSDConfig.py", line 1207, in > > import_config > > fd = open(configfile, 'r') > > IOError: [Errno 2] No such file or directory: '/etc/sssd/sssd.conf' > Right, we need to fallback to new sssd.conf in case of any exception, > not only for ParsingError. > > Attached.
Looks promising. I have a suggestion - I think it would make sense logging the thrown exception. We would then be able to easily investigate potential user logs and explain why we generated a brand new sssd.conf. Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel