Petr Viktorin wrote:
On 04/24/2014 11:16 PM, Rob Crittenden wrote:
Jan Cholasta wrote:
On 10.4.2014 22:06, Rob Crittenden wrote:
Some in-line, a whole ton of data appended to end.
Jan Cholasta wrote:
On 7.4.2014 20:09, Rob Crittenden wrote:
Rob Crittenden wrote:
[...]
$ ipa-cacert-manage -v renew
ipa.ipaserver.install.ipa_cacert_manage.CACertManage: DEBUG: File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line
168, in
execute
self.validate_options()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ipa_cacert_manage.py",
line 62, in validate_options
super(CACertManage, self).validate_options(needs_root=True)
File "/usr/lib/python2.7/site-packages/ipapython/admintool.py",
line
189, in validate_options
raise ScriptError('Must be root to run %s' %
self.command_name, 1)
ipa.ipaserver.install.ipa_cacert_manage.CACertManage: DEBUG: The
ipa-cacert-manage command failed, exception: ScriptError: Must be
root
to run ipa-cacert-manage
ipa.ipaserver.install.ipa_cacert_manage.CACertManage: ERROR: Must be
root to run ipa-cacert-manage
That's correct, you can run it only as root, because you can't
resubmit
certmonger requests as a regular user.
Yes but one shouldn't get a traceback!
You get the traceback only in verbose mode. I did not invent this, it's
how ipapython.admintool does things.
Ok, I'll blame Petr.
In verbose mode you get all the debugging information that's written to
logs, and that includes the tracebacks. I stand by this decision.
If the command is normally so quiet that you need the -v flag for normal
operation, that's a problem. Log interesting messages at INFO.
http://www.freeipa.org/page/V3/Logging_and_output#Design
Well, it's just that the traceback is caught and handled, so it seems
odd that it is reported. Then again, this is useful for the case of too
broad an except, so as usual I have mixed feelings.
I think long-term we need to provide some mid-level solution, more info
without spamming with everything. The cacert command takes a REALLY long
time, and my twitchy fingers nearly killed it a number of times. We have
other commands that do similarly long-lived things with no feedback
(separate from things that go over the JSON/XML api).
If I can come up with any concrete ideas I'll file a ticket, but reserve
the right to whine and complain in the meantime.
rob
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
