On 04/24/2015 04:15 PM, Martin Basti wrote:
On 20/04/15 12:59, Martin Babinsky wrote:
On 04/17/2015 03:56 PM, Martin Babinsky wrote:
On 03/05/2015 01:11 PM, Martin Babinsky wrote:
https://fedorahosted.org/freeipa/ticket/4900



_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


Nobody to review this?


Attaching updated patches, one for ipa-4-1 (no DogtagInstance) and one
for master.



Hello, thank for patches:

1)
why is there

+    PKI_UNINSTALL_LOG = paths.PKI_CA_UNINSTALL_LOG

I cannot find it used in patches?


Martin^2

--
Martin Basti

That was likely only my oversight. Attaching updated patches.

--
Martin^3 Babinsky
From c11aebd883bce6e506f5ecd7773bb51837be4cb2 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Fri, 17 Apr 2015 17:27:55 +0200
Subject: [PATCH] point the users to PKI-related logs when CA configuration
 fails

This patch adds an error handler which prints out the paths to logs related to
configuration and installation of Dogtag/CA in the case of failure.

https://fedorahosted.org/freeipa/ticket/4900
---
 ipapython/dogtag.py             |  4 ++++
 ipaserver/install/cainstance.py | 19 +++++++++++++++----
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py
index 675d2a77fe30b9109c17089f129b189282ffa57b..e291045a69ed765084edaef5a8ca63834068ea3f 100644
--- a/ipapython/dogtag.py
+++ b/ipapython/dogtag.py
@@ -55,7 +55,9 @@ class Dogtag10Constants(object):
     DESTROY_BINARY = paths.PKIDESTROY
 
     SERVER_ROOT = paths.VAR_LIB_PKI_DIR
+    PKI_INSTALL_LOG = paths.PKI_CA_INSTALL_LOG
     PKI_INSTANCE_NAME = 'pki-tomcat'
+    PKI_LOG_TOP_LEVEL = os.path.join(paths.VAR_LOG_PKI_DIR, PKI_INSTANCE_NAME)
     PKI_ROOT = '%s/%s' % (SERVER_ROOT, PKI_INSTANCE_NAME)
     CRL_PUBLISH_PATH = paths.PKI_CA_PUBLISH_DIR
     CS_CFG_PATH = '%s/conf/ca/CS.cfg' % PKI_ROOT
@@ -88,7 +90,9 @@ class Dogtag9Constants(object):
     DESTROY_BINARY = paths.PKISILENT
 
     SERVER_ROOT = paths.VAR_LIB
+    PKI_INSTALL_LOG = paths.PKI_CA_INSTALL_LOG
     PKI_INSTANCE_NAME = 'pki-ca'
+    PKI_LOG_TOP_LEVEL = paths.PKI_CA_LOG_DIR
     PKI_ROOT = '%s/%s' % (SERVER_ROOT, PKI_INSTANCE_NAME)
     CRL_PUBLISH_PATH = paths.PKI_CA_PUBLISH_DIR
     CS_CFG_PATH = '%s/conf/CS.cfg' % PKI_ROOT
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index cf80d17e04fc59d97ad02116ccfbd3f8bbc10823..54f2f6c53c0103786b3a866f76df8ed365f64788 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -669,8 +669,7 @@ class CAInstance(service.Service):
         try:
             ipautil.run(args, nolog=nolog)
         except ipautil.CalledProcessError, e:
-            root_logger.critical("failed to configure ca instance %s" % e)
-            raise RuntimeError('Configuration of CA failed')
+            self.handle_setup_error(e)
         finally:
             os.remove(cfg_file)
 
@@ -820,8 +819,7 @@ class CAInstance(service.Service):
 
             ipautil.run(args, env={'PKI_HOSTNAME':self.fqdn}, nolog=nolog)
         except ipautil.CalledProcessError, e:
-            root_logger.critical("failed to configure ca instance %s" % e)
-            raise RuntimeError('Configuration of CA failed')
+            self.handle_setup_error(e)
 
         if self.external == 1:
             print "The next step is to get %s signed by your CA and re-run %s as:" % (self.csr_file, sys.argv[0])
@@ -1764,6 +1762,19 @@ class CAInstance(service.Service):
             master_entry['ipaConfigString'].append('caRenewalMaster')
             self.admin_conn.update_entry(master_entry)
 
+    def handle_setup_error(self, e):
+        root_logger.critical("Failed to configure CA instance: %s"
+                          % e)
+        root_logger.critical("See the installation logs and the following "
+                          "files/directories for more information:")
+        logs = [self.dogtag_constants.PKI_INSTALL_LOG,
+                self.dogtag_constants.PKI_LOG_TOP_LEVEL]
+
+        for log in logs:
+            root_logger.critical("  %s" % log)
+
+        raise RuntimeError("CA configuration failed.")
+
 
 def replica_ca_install_check(config):
     if not config.setup_ca:
-- 
2.1.0

From 1f50525b9840de33cfd4fa0ec3ebb10c04fbf75c Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Mon, 20 Apr 2015 12:34:38 +0200
Subject: [PATCH] point the users to PKI-related logs when CA configuration
 fails

This patch adds an error handler which prints out the paths to logs related to
configuration and installation of Dogtag/CA in the case of failure.

https://fedorahosted.org/freeipa/ticket/4900
---
 ipapython/dogtag.py                 |  4 ++++
 ipaserver/install/cainstance.py     |  3 +--
 ipaserver/install/dogtaginstance.py | 17 ++++++++++++++---
 3 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py
index 3d70bccfc32901ac884f5b412866d986a4087244..c74b8736a4b15f7bf081206b52b9876a8c4928af 100644
--- a/ipapython/dogtag.py
+++ b/ipapython/dogtag.py
@@ -55,7 +55,9 @@ class Dogtag10Constants(object):
     DESTROY_BINARY = paths.PKIDESTROY
 
     SERVER_ROOT = paths.VAR_LIB_PKI_DIR
+    PKI_INSTALL_LOG = paths.PKI_CA_INSTALL_LOG
     PKI_INSTANCE_NAME = 'pki-tomcat'
+    PKI_LOG_TOP_LEVEL = os.path.join(paths.VAR_LOG_PKI_DIR, PKI_INSTANCE_NAME)
     PKI_ROOT = '%s/%s' % (SERVER_ROOT, PKI_INSTANCE_NAME)
     CRL_PUBLISH_PATH = paths.PKI_CA_PUBLISH_DIR
     CS_CFG_PATH = '%s/conf/ca/CS.cfg' % PKI_ROOT
@@ -89,7 +91,9 @@ class Dogtag9Constants(object):
     DESTROY_BINARY = paths.PKISILENT
 
     SERVER_ROOT = paths.VAR_LIB
+    PKI_INSTALL_LOG = paths.PKI_CA_INSTALL_LOG
     PKI_INSTANCE_NAME = 'pki-ca'
+    PKI_LOG_TOP_LEVEL = paths.PKI_CA_LOG_DIR
     PKI_ROOT = '%s/%s' % (SERVER_ROOT, PKI_INSTANCE_NAME)
     CRL_PUBLISH_PATH = paths.PKI_CA_PUBLISH_DIR
     CS_CFG_PATH = '%s/conf/CS.cfg' % PKI_ROOT
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 59a6b5f21fbfdbe591d308f245b72d8486376c84..8ccfd1a822fab557dc1b6bf6d0e7de3ef495efbb 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -754,8 +754,7 @@ class CAInstance(DogtagInstance):
 
             ipautil.run(args, env={'PKI_HOSTNAME':self.fqdn}, nolog=nolog)
         except ipautil.CalledProcessError, e:
-            self.log.critical("failed to configure ca instance %s", e)
-            raise RuntimeError('Configuration of CA failed')
+            self.handle_setup_error(e)
 
         if self.external == 1:
             print "The next step is to get %s signed by your CA and re-run %s as:" % (self.csr_file, sys.argv[0])
diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py
index 83ce0ca50b6965ffeb637314e42a110d40b2b74c..98929b8640fc91f1c520ddc4c21630464779f2df 100644
--- a/ipaserver/install/dogtaginstance.py
+++ b/ipaserver/install/dogtaginstance.py
@@ -176,9 +176,7 @@ class DogtagInstance(service.Service):
         try:
             ipautil.run(args, nolog=nolog)
         except ipautil.CalledProcessError, e:
-            self.log.critical("failed to configure %s instance %s",
-                              subsystem, e)
-            raise RuntimeError('Configuration of %s failed' % subsystem)
+            self.handle_setup_error(e)
 
     def enable(self):
         self.backup_state("enabled", self.is_enabled())
@@ -438,3 +436,16 @@ class DogtagInstance(service.Service):
                 conn.unbind()
 
         return base64.b64encode(admin_cert)
+
+    def handle_setup_error(self, e):
+        self.log.critical("Failed to configure %s instance: %s"
+                          % (self.subsystem, e))
+        self.log.critical("See the installation logs and the following "
+                          "files/directories for more information:")
+        logs = [self.dogtag_constants.PKI_INSTALL_LOG,
+                self.dogtag_constants.PKI_LOG_TOP_LEVEL]
+
+        for log in logs:
+            self.log.critical("  %s" % log)
+
+        raise RuntimeError("%s configuration failed." % self.subsystem)
-- 
2.1.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to