On 11/19/2015 10:50 AM, Martin Babinsky wrote:
https://fedorahosted.org/freeipa/ticket/5346
Attaching updated patches. -- Martin^3 Babinsky
From fa37e2514259d78d1b54c33f18fb95ec8b4a37cf Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Thu, 19 Nov 2015 10:24:40 +0100 Subject: [PATCH] suppress errors arising from adding existing LDAP entries during KRA install https://fedorahosted.org/freeipa/ticket/5346 --- ipaserver/install/krainstance.py | 12 ++++++++++-- ipaserver/install/service.py | 4 +++- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py index ed47be7374ff89e787661dc1447b9388ba0f6334..380c6ae3b18882650a2a0c1db026cfa7d299b15c 100644 --- a/ipaserver/install/krainstance.py +++ b/ipaserver/install/krainstance.py @@ -53,6 +53,8 @@ ADMIN_GROUPS = [ 'Security Domain Administrators' ] +LDAPMOD_ERR_ALREADY_EXISTS = 68 + class KRAInstance(DogtagInstance): """ We assume that the CA has already been installed, and we use the @@ -312,8 +314,14 @@ class KRAInstance(DogtagInstance): conn.disconnect() def __add_vault_container(self): - self._ldap_mod('vault.ldif', {'SUFFIX': self.suffix}) - self.ldap_disconnect() + try: + self._ldap_mod('vault.ldif', {'SUFFIX': self.suffix}, + raise_on_err=True) + except ipautil.CalledProcessError as e: + if e.returncode == LDAPMOD_ERR_ALREADY_EXISTS: + self.log.info("Vault container already exists") + else: + self.log.error("Failed to add vault container: {0}".format(e)) def __apply_updates(self): sub_dict = { diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py index b9e68121dda6ea0b52c9ad923fcd5c72a22598a4..c856cccd03a5d7f166240ff87d9c49ef45f2a64d 100644 --- a/ipaserver/install/service.py +++ b/ipaserver/install/service.py @@ -184,7 +184,7 @@ class Service(object): self.admin_conn.unbind() self.admin_conn = None - def _ldap_mod(self, ldif, sub_dict=None): + def _ldap_mod(self, ldif, sub_dict=None, raise_on_err=False): pw_name = None fd = None path = ipautil.SHARE_DIR + ldif @@ -228,6 +228,8 @@ class Service(object): try: ipautil.run(args, nolog=nologlist) except ipautil.CalledProcessError as e: + if raise_on_err: + raise root_logger.critical("Failed to load %s: %s" % (ldif, str(e))) finally: if pw_name: -- 2.4.3
From 66236204154f968fb94615cf3c955cf88c182ff8 Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Thu, 19 Nov 2015 10:24:40 +0100 Subject: [PATCH] suppress errors arising from adding existing LDAP entries during KRA install https://fedorahosted.org/freeipa/ticket/5346 --- ipaserver/install/krainstance.py | 12 ++++++++++-- ipaserver/install/service.py | 4 +++- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py index 69fe636732e6d3a8c1e0c460b641f061e519df92..e49be9f787d9d9f0e27eda0f278a23e39bef4c9b 100644 --- a/ipaserver/install/krainstance.py +++ b/ipaserver/install/krainstance.py @@ -47,6 +47,8 @@ from ipapython.ipa_log_manager import log_mgr IPA_KRA_RECORD = "ipa-kra" +LDAPMOD_ERR_ALREADY_EXISTS = 68 + class KRAInstance(DogtagInstance): """ We assume that the CA has already been installed, and we use the @@ -306,8 +308,14 @@ class KRAInstance(DogtagInstance): conn.disconnect() def __add_vault_container(self): - self._ldap_mod('vault.ldif', {'SUFFIX': self.suffix}) - self.ldap_disconnect() + try: + self._ldap_mod('vault.ldif', {'SUFFIX': self.suffix}, + raise_on_err=True) + except ipautil.CalledProcessError as e: + if e.returncode == LDAPMOD_ERR_ALREADY_EXISTS: + self.log.info("Vault container already exists") + else: + self.log.error("Failed to add vault container: {0}".format(e)) def __apply_updates(self): sub_dict = { diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py index f0eaee2c99d2949ca77659bf163a22f6785d9bc5..e59e82c9fbd0c15dd97c1814a91a78612a151230 100644 --- a/ipaserver/install/service.py +++ b/ipaserver/install/service.py @@ -155,7 +155,7 @@ class Service(object): self.admin_conn.unbind() self.admin_conn = None - def _ldap_mod(self, ldif, sub_dict=None): + def _ldap_mod(self, ldif, sub_dict=None, raise_on_err=False): pw_name = None fd = None path = ipautil.SHARE_DIR + ldif @@ -199,6 +199,8 @@ class Service(object): try: ipautil.run(args, nolog=nologlist) except ipautil.CalledProcessError, e: + if raise_on_err: + raise root_logger.critical("Failed to load %s: %s" % (ldif, str(e))) finally: if pw_name: -- 2.4.3
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code