Re: [Freeipa-devel] [PATCH 0097] fix critical error messages when adding KRA container that already exists

[Martin Babinsky]

On 11/19/2015 10:50 AM, Martin Babinsky wrote:

https://fedorahosted.org/freeipa/ticket/5346

Attaching updated patches.

--
Martin^3 Babinsky

From fa37e2514259d78d1b54c33f18fb95ec8b4a37cf Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Thu, 19 Nov 2015 10:24:40 +0100
Subject: [PATCH] suppress errors arising from adding existing LDAP entries
 during KRA install

https://fedorahosted.org/freeipa/ticket/5346
---
 ipaserver/install/krainstance.py | 12 ++++++++++--
 ipaserver/install/service.py     |  4 +++-
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py
index ed47be7374ff89e787661dc1447b9388ba0f6334..380c6ae3b18882650a2a0c1db026cfa7d299b15c 100644
--- a/ipaserver/install/krainstance.py
+++ b/ipaserver/install/krainstance.py
@@ -53,6 +53,8 @@ ADMIN_GROUPS = [
     'Security Domain Administrators'
 ]
 
+LDAPMOD_ERR_ALREADY_EXISTS = 68
+
 class KRAInstance(DogtagInstance):
     """
     We assume that the CA has already been installed, and we use the
@@ -312,8 +314,14 @@ class KRAInstance(DogtagInstance):
         conn.disconnect()
 
     def __add_vault_container(self):
-        self._ldap_mod('vault.ldif', {'SUFFIX': self.suffix})
-        self.ldap_disconnect()
+        try:
+            self._ldap_mod('vault.ldif', {'SUFFIX': self.suffix},
+                           raise_on_err=True)
+        except ipautil.CalledProcessError as e:
+            if e.returncode == LDAPMOD_ERR_ALREADY_EXISTS:
+                self.log.info("Vault container already exists")
+            else:
+                self.log.error("Failed to add vault container: {0}".format(e))
 
     def __apply_updates(self):
         sub_dict = {
diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py
index b9e68121dda6ea0b52c9ad923fcd5c72a22598a4..c856cccd03a5d7f166240ff87d9c49ef45f2a64d 100644
--- a/ipaserver/install/service.py
+++ b/ipaserver/install/service.py
@@ -184,7 +184,7 @@ class Service(object):
         self.admin_conn.unbind()
         self.admin_conn = None
 
-    def _ldap_mod(self, ldif, sub_dict=None):
+    def _ldap_mod(self, ldif, sub_dict=None, raise_on_err=False):
         pw_name = None
         fd = None
         path = ipautil.SHARE_DIR + ldif
@@ -228,6 +228,8 @@ class Service(object):
             try:
                 ipautil.run(args, nolog=nologlist)
             except ipautil.CalledProcessError as e:
+                if raise_on_err:
+                    raise
                 root_logger.critical("Failed to load %s: %s" % (ldif, str(e)))
         finally:
             if pw_name:
-- 
2.4.3


From 66236204154f968fb94615cf3c955cf88c182ff8 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Thu, 19 Nov 2015 10:24:40 +0100
Subject: [PATCH] suppress errors arising from adding existing LDAP entries
 during KRA install

https://fedorahosted.org/freeipa/ticket/5346
---
 ipaserver/install/krainstance.py | 12 ++++++++++--
 ipaserver/install/service.py     |  4 +++-
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py
index 69fe636732e6d3a8c1e0c460b641f061e519df92..e49be9f787d9d9f0e27eda0f278a23e39bef4c9b 100644
--- a/ipaserver/install/krainstance.py
+++ b/ipaserver/install/krainstance.py
@@ -47,6 +47,8 @@ from ipapython.ipa_log_manager import log_mgr
 IPA_KRA_RECORD = "ipa-kra"
 
 
+LDAPMOD_ERR_ALREADY_EXISTS = 68
+
 class KRAInstance(DogtagInstance):
     """
     We assume that the CA has already been installed, and we use the
@@ -306,8 +308,14 @@ class KRAInstance(DogtagInstance):
         conn.disconnect()
 
     def __add_vault_container(self):
-        self._ldap_mod('vault.ldif', {'SUFFIX': self.suffix})
-        self.ldap_disconnect()
+        try:
+            self._ldap_mod('vault.ldif', {'SUFFIX': self.suffix},
+                           raise_on_err=True)
+        except ipautil.CalledProcessError as e:
+            if e.returncode == LDAPMOD_ERR_ALREADY_EXISTS:
+                self.log.info("Vault container already exists")
+            else:
+                self.log.error("Failed to add vault container: {0}".format(e))
 
     def __apply_updates(self):
         sub_dict = {
diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py
index f0eaee2c99d2949ca77659bf163a22f6785d9bc5..e59e82c9fbd0c15dd97c1814a91a78612a151230 100644
--- a/ipaserver/install/service.py
+++ b/ipaserver/install/service.py
@@ -155,7 +155,7 @@ class Service(object):
         self.admin_conn.unbind()
         self.admin_conn = None
 
-    def _ldap_mod(self, ldif, sub_dict=None):
+    def _ldap_mod(self, ldif, sub_dict=None, raise_on_err=False):
         pw_name = None
         fd = None
         path = ipautil.SHARE_DIR + ldif
@@ -199,6 +199,8 @@ class Service(object):
             try:
                 ipautil.run(args, nolog=nologlist)
             except ipautil.CalledProcessError, e:
+                if raise_on_err:
+                    raise
                 root_logger.critical("Failed to load %s: %s" % (ldif, str(e)))
         finally:
             if pw_name:
-- 
2.4.3


-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code