Now the correct patch file instead of a vim swap file...
From 33be1f56a64e53d261a1058c4606a7e48c0aac52 Mon Sep 17 00:00:00 2001
From: Christian Heimes <chei...@redhat.com>
Date: Tue, 1 Dec 2015 15:49:53 +0100
Subject: [PATCH 25] Improve error logging for Dogtag subsystem installation

In the case of a failed installation or uninstallation of a Dogtag
subsystem, the error output of pkispawn / pkidestroyed are now shown to
the user. It makes it more obvious what went wrong and makes it easier
to debug a problem.

The error handler also attempts to get the full name of the installation
/ uninstallation log file from stdout. pkispawn and pkidestroy print the
absolute name as 'Log file: /path/to/file.log'. The user no longer has
to guess the right log file.

Example:
  [1/8]: configuring KRA instance
Failed to configure KRA instance: Command ''/usr/sbin/pkispawn' '-s'
'KRA' '-f' '/tmp/tmp1UpbwF'' returned non-zero exit status 1
pkispawn    : ERROR    ....... PKI subsystem 'KRA' for instance
'pki-tomcat' already exists!
See the installation logs and the following files/directories for more
information:
  /var/log/pki/pki-tomcat
  /var/log/pki/pki-kra-spawn.20151201151735.log
  [error] RuntimeError: KRA configuration failed.

The patch also changes a couple of modules that were using
the CalledProcessError exception object from subprocess instead of
ipautil.
---
 ipaplatform/redhat/tasks.py                |  3 +--
 ipapython/dnssec/bindmgr.py                |  1 -
 ipapython/dnssec/odsmgr.py                 |  1 -
 ipapython/ipautil.py                       | 24 +++++++++---------------
 ipaserver/install/dns.py                   |  4 +---
 ipaserver/install/dogtaginstance.py        | 28 ++++++++++++++++++----------
 ipaserver/install/opendnssecinstance.py    |  3 +--
 ipaserver/install/server/replicainstall.py |  3 +--
 8 files changed, 31 insertions(+), 36 deletions(-)

diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py
index 94d2cb4e906965a20bcfdd55f38854005091c26f..1c502a2c859b23851d3b6101fca31e6cbb75b1eb 100644
--- a/ipaplatform/redhat/tasks.py
+++ b/ipaplatform/redhat/tasks.py
@@ -31,7 +31,6 @@ import socket
 import sys
 import base64
 
-from subprocess import CalledProcessError
 from nss.error import NSPRError
 from pyasn1.error import PyAsn1Error
 from six.moves import urllib
@@ -173,7 +172,7 @@ class RedHatTaskNamespace(BaseTaskNamespace):
     def reload_systemwide_ca_store(self):
         try:
             ipautil.run([paths.UPDATE_CA_TRUST])
-        except CalledProcessError as e:
+        except ipautil.CalledProcessError as e:
             root_logger.error(
                 "Could not update systemwide CA trust database: %s", e)
             return False
diff --git a/ipapython/dnssec/bindmgr.py b/ipapython/dnssec/bindmgr.py
index 1822dacf2535e7c37062e4d639e01289edcf5074..5b1d34135e8e5bd5c135b3d204c8de76531ecd07 100644
--- a/ipapython/dnssec/bindmgr.py
+++ b/ipapython/dnssec/bindmgr.py
@@ -9,7 +9,6 @@ import os
 import logging
 import shutil
 import stat
-import subprocess
 
 from ipalib import api
 import ipalib.constants
diff --git a/ipapython/dnssec/odsmgr.py b/ipapython/dnssec/odsmgr.py
index efbe16cc6ebf050d9cf347ed97b2b2e4b37c8a6e..a36ed7224a5abeb8c1ee91cc7eb60c048c05d2ed 100644
--- a/ipapython/dnssec/odsmgr.py
+++ b/ipapython/dnssec/odsmgr.py
@@ -6,7 +6,6 @@
 import logging
 from lxml import etree
 import dns.name
-import subprocess
 
 from ipapython import ipa_log_manager, ipautil
 
diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index 4551ea5c4025223dcff5cdc8998fedeccd14c3c2..ac85cb7b90ebde6f895dc09cae485a95c1c4a28d 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -63,20 +63,14 @@ KRB5_KDC_UNREACH = 2529639068 # Cannot contact any KDC for requested realm
 KRB5KDC_ERR_SVC_UNAVAILABLE = 2529638941 # A service is not available that is
                                          # required to process the request
 
-try:
-    from subprocess import CalledProcessError
-except ImportError:
-    # Python 2.4 doesn't implement CalledProcessError
-    class CalledProcessError(Exception):
-        """This exception is raised when a process run by check_call() returns
-        a non-zero exit status. The exit status will be stored in the
-        returncode attribute."""
-        def __init__(self, returncode, cmd, output=None):
-            self.returncode = returncode
-            self.cmd = cmd
-            self.output = output
-        def __str__(self):
-            return "Command '%s' returned non-zero exit status %d" % (self.cmd, self.returncode)
+
+class CalledProcessError(subprocess.CalledProcessError):
+    """Custom CalledProcessError with error output
+    """
+    def __init__(self, returncode, cmd, output=None, erroutput=None):
+        super(CalledProcessError, self).__init__(returncode, cmd, output)
+        self.erroutput = erroutput
+
 
 def get_domain_name():
     try:
@@ -379,7 +373,7 @@ def run(args, stdin=None, raiseonerr=True,
         root_logger.debug('stderr=%s' % stderr)
 
     if p.returncode != 0 and raiseonerr:
-        raise CalledProcessError(p.returncode, arg_string, stdout)
+        raise CalledProcessError(p.returncode, arg_string, stdout, stderr)
 
     return (stdout, stderr, p.returncode)
 
diff --git a/ipaserver/install/dns.py b/ipaserver/install/dns.py
index 258bf5dbe46e2167e07a62127c7fd8fd4be23ee6..680b9b619dc39e33854c992d4ab0da19c50f9d4b 100644
--- a/ipaserver/install/dns.py
+++ b/ipaserver/install/dns.py
@@ -9,8 +9,6 @@ from __future__ import print_function
 from dns import resolver
 import sys
 
-from subprocess import CalledProcessError
-
 from ipalib import api
 from ipalib import errors
 from ipaplatform.paths import paths
@@ -203,7 +201,7 @@ def install_check(standalone, replica, options, hostname):
                 ipautil.run(cmd, env=environment,
                             runas=ods_enforcerd.get_user_name(),
                             suplementary_groups=[named.get_group_name()])
-            except CalledProcessError as e:
+            except ipautil.CalledProcessError as e:
                 root_logger.debug("%s", e)
                 raise RuntimeError("This IPA server cannot be promoted to "
                                    "DNSSEC master role because some keys were "
diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py
index aad6fbbe5b00aa9d352d87b66ee3e7f91bf1a64e..501feeb6ff19d07e3c3285b2014b875e909058bf 100644
--- a/ipaserver/install/dogtaginstance.py
+++ b/ipaserver/install/dogtaginstance.py
@@ -21,6 +21,7 @@ import base64
 import binascii
 import ldap
 import os
+import re
 import shutil
 import tempfile
 import traceback
@@ -46,6 +47,9 @@ from ipapython.ipa_log_manager import log_mgr
 
 PKI_USER = "pkiuser"
 
+# pkispawn prints the path to the log file to stdout
+LOG_FILE_RE = re.compile('^log file:\s+(.*)$', re.IGNORECASE | re.MULTILINE)
+
 
 def check_inst(subsystem):
     """
@@ -194,7 +198,8 @@ class DogtagInstance(service.Service):
         try:
             ipautil.run(args, nolog=nolog)
         except ipautil.CalledProcessError as e:
-            self.handle_setup_error(e)
+            self._handle_error("Failed to configure %s instance: %s", e)
+            raise RuntimeError("%s configuration failed." % self.subsystem)
 
     def restart_instance(self):
         try:
@@ -284,8 +289,7 @@ class DogtagInstance(service.Service):
                          "-i", 'pki-tomcat',
                          "-s", self.subsystem])
         except ipautil.CalledProcessError as e:
-            self.log.critical("failed to uninstall %s instance %s",
-                              self.subsystem, e)
+            self._handle_error("Failed to uninstall %s instance %s", e)
 
     def http_proxy(self):
         """ Update the http proxy file  """
@@ -435,14 +439,18 @@ class DogtagInstance(service.Service):
 
         return base64.b64encode(admin_cert)
 
-    def handle_setup_error(self, e):
-        self.log.critical("Failed to configure %s instance: %s"
-                          % (self.subsystem, e))
-        self.log.critical("See the installation logs and the following "
+    def _handle_error(self, msg, e):
+        self.log.critical(msg, self.subsystem, e)
+        if e.erroutput:
+            self.log.critical(e.erroutput.strip())
+        self.log.critical("See the logs and the following "
                           "files/directories for more information:")
-        self.log.critical("  %s" % paths.TOMCAT_TOPLEVEL_DIR)
-
-        raise RuntimeError("%s configuration failed." % self.subsystem)
+        self.log.critical("  %s", paths.TOMCAT_TOPLEVEL_DIR)
+        # look for 'Log file: /path/to/file' in stdout
+        if e.output:
+            match = LOG_FILE_RE.search(e.output)
+            if match is not None:
+                self.log.critical("  %s", match.group(1))
 
     def __add_admin_to_group(self, group):
         dn = DN(('cn', group), ('ou', 'groups'), ('o', 'ipaca'))
diff --git a/ipaserver/install/opendnssecinstance.py b/ipaserver/install/opendnssecinstance.py
index 4baf6b6bc3d1898aadade8c741f5105b5742d749..25141675d86423c45d78008d3bb749af7e98b3d2 100644
--- a/ipaserver/install/opendnssecinstance.py
+++ b/ipaserver/install/opendnssecinstance.py
@@ -8,7 +8,6 @@ import pwd
 import grp
 import stat
 import shutil
-from subprocess import CalledProcessError
 
 import _ipap11helper
 from ipaserver.install import service
@@ -354,7 +353,7 @@ class OpenDNSSECInstance(service.Service):
             try:
                 self.print_msg("Exporting DNSSEC data before uninstallation")
                 ipautil.run(cmd, runas=ods_enforcerd.get_user_name())
-            except CalledProcessError:
+            except ipautil.CalledProcessError:
                 root_logger.error("DNSSEC data export failed")
 
             try:
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index eac42dab2a3f94c4e9c4f0f2d0d1b84d4a1f0847..1abd2a156872530e5766324bc12e65a0288294e1 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -35,7 +35,6 @@ from ipaserver.install.installutils import ReplicaConfig
 from ipaserver.install.replication import (
     ReplicationManager, replica_conn_check)
 import SSSDConfig
-from subprocess import CalledProcessError
 from binascii import hexlify
 
 from .common import BaseServer
@@ -394,7 +393,7 @@ def promote_sssd(host_name):
         sssd = services.service('sssd')
         try:
             sssd.restart()
-        except CalledProcessError:
+        except ipautil.CalledProcessError:
             root_logger.warning("SSSD service restart was unsuccessful.")
 
 
-- 
2.4.3

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to