On 10/21/2015 09:27 PM, Simo Sorce wrote:
On 21/10/15 15:24, Simo Sorce wrote:
On 21/10/15 11:46, Martin Babinsky wrote:
On 10/20/2015 07:24 PM, Simo Sorce wrote:
On 20/10/15 06:32, Martin Babinsky wrote:
On 10/15/2015 08:14 PM, Simo Sorce wrote:
On 15/10/15 11:39, Martin Basti wrote:
Without this patch the ipa-ca-install is broken in current master.
Unexpected error - see /var/log/ipareplica-ca-install.log for
details:
AttributeError: Values instance has no attribute 'promote'

Should be fixed with the attached patches.



NACK, in patch 551 you add a test for non-existent CLI option into
main
method:

@@ -198,10 +251,20 @@ def main():
      if os.geteuid() != 0:
          sys.exit("\nYou must be root to run this script.\n")

-    if filename is not None:
-        install_replica(safe_options, options, filename)
-    else:
-        install_master(safe_options, options)
+    try:
+        if options.replica or filename is not None:
+            install_replica(safe_options, options, filename)
+        else:
+            install_master(safe_options, options)
+
+    finally:
+        # Clean up if we created custom credentials
+        created_ccache_file = getattr(options, 'created_ccache_file',
None)
+        if created_ccache_file is not None:
+            try:
+                os.unlink(created_ccache_file)
+            except OSError:
+                pass

I guess you wanted to add '--replica' option to the CA installer but
since it was not added to option parser the installer explodes.

# ipa-ca-install

Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

Unexpected error - see /var/log/ipareplica-ca-install.log for details:
AttributeError: Values instance has no attribute 'replica'


The attached patch should address this problem now.

Simo.


Thanks, the patch enables CA install on promoted replica.

I have one minor nitpick though:

When running ipa-ca-install on domain level 0 replica w/o replica file,
the installer issues the following error:

# ipa-ca-install
Replica file None does not exist

I guess you should separately handle the case when no replica file is
specified and issue a corresponding error message like "A replica file
is required".

Done.
Simo.

Scratch this, it contains a typo, see attached.

Simo.



Thanks, ACK for patch 551-6.

I will continue the review of patch 552 when we'll have a dogtag build with fix for https://fedorahosted.org/pki/ticket/1580 in copr repo.

--
Martin^3 Babinsky

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to