On 4.3.2012 02:04, Rob Crittenden wrote:
I'm not sure why this didn't always fail but in the client installer we
were creating a connection before calling kinit. I re-arranged this in
and beefed up the client logging.

While testing this I periodically ran into an NSS shutdown error where
the ping() connection hadn't closed before the host_mod to add the SSH
keys was run.

This stores dbdir in the connection so we can check to see if the same
database is being used so NSSConnection can skip the nss_init().

I tested client installs using: ipa-client-install --enable-dns-updates

This same error was reported when installing a replica with --setup-dns.


ACK, both ipa-client-install and ipa-replica-install work fine now.

However, in __nss_initialized we should check for SSLTransport instead of KerbTransport (as dbdir is set in SSLTransport) and we don't have to check for its subclasses (because isinstance checks them automatically). Also, we can make the function more readable by getting rid of the nested ifs:

+    def __nss_initialized(self, dbdir):
+        """
+        If there is another connections open it may have already
+        initialized NSS. This is likely to lead to an NSS shutdown
+        failure.  One way to mitigate this is to tell NSS to not
+        initialize if it has already been done in another open connection.
+        Returns True if another connection is using the same db.
+        """
+        for value in context.__dict__.values():
+            if not isinstance(value, Connection):
+                continue
+ if not isinstance(value.conn._ServerProxy__transport, SSLTransport):
+                continue
+            if value.conn._ServerProxy__transport.dbdir == dbdir:
+                return True
+        return False


Jan Cholasta

Freeipa-devel mailing list

Reply via email to