URL: https://github.com/freeipa/freeipa/pull/135
Author: mbasti-rh
 Title: #135: Pylint: remove unused variables from install modules and scripts
Action: opened

PR body:
"""
Would be nice to merge this patch before refactoring of installers starts
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/135/head:pr135
git checkout pr135
From 8b1601e2d53b82463ba69e219006ef0841c2c0ce Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Fri, 29 Apr 2016 17:02:21 +0200
Subject: [PATCH 1/5] Put information from optparse to log

Invalid  option values has been parsed by optparse and the printed to
stderr, but this information was missing in log file what makes harder
to guess what is wrong from logs.

https://fedorahosted.org/freeipa/ticket/5865
---
 ipapython/install/cli.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/ipapython/install/cli.py b/ipapython/install/cli.py
index 39c4c44..7535cd4 100644
--- a/ipapython/install/cli.py
+++ b/ipapython/install/cli.py
@@ -9,10 +9,12 @@
 import collections
 import optparse
 import signal
+import traceback
 
 import six
 
 from ipapython import admintool, ipa_log_manager
+from ipapython.ipa_log_manager import root_logger
 from ipapython.ipautil import CheckedIPAddress, private_ccache
 
 from . import core, common
@@ -164,8 +166,10 @@ def _option_callback(cls, option, opt_str, value, parser, knob_cls):
         try:
             value = cls._parse_knob(knob_cls, old_value, value)
         except ValueError as e:
-            raise optparse.OptionValueError(
-                "option {0}: {1}".format(opt_str, e))
+            root_logger.debug(traceback.format_exc())
+            errmsg = "option {0}: {1}".format(opt_str, e)
+            root_logger.debug(errmsg)
+            raise optparse.OptionValueError(errmsg)
 
         setattr(parser.values, option.dest, value)
 

From a46ca2780152b4d0aed753955ef614ed8e577b57 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Mon, 6 Jun 2016 12:12:45 +0200
Subject: [PATCH 2/5] Py3: Fix unicode/str error in LDAP*ReverseMember

There was incorrectly used str() instead of unicode() function in py2, which causes
errors in py3.

https://fedorahosted.org/freeipa/ticket/5923
---
 ipaserver/plugins/baseldap.py | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/ipaserver/plugins/baseldap.py b/ipaserver/plugins/baseldap.py
index fe47cbe..f56767f 100644
--- a/ipaserver/plugins/baseldap.py
+++ b/ipaserver/plugins/baseldap.py
@@ -2153,9 +2153,11 @@ def execute(self, *keys, **options):
                     else:
                         failed['member'][self.reverse_attr].append((attr, result['failed']['member'][self.member_attr][0][1]))
                 except errors.NotFound as e:
-                    msg = str(e)
-                    (attr, msg) = msg.split(':', 1)
-                    failed['member'][self.reverse_attr].append((attr, unicode(msg.strip())))
+                    msg = unicode(e)
+                    msg = msg.split(':', 1)[1]
+                    failed['member'][self.reverse_attr].append(
+                        (attr, msg.strip())
+                    )
 
             except errors.PublicError as e:
                 failed['member'][self.reverse_attr].append((attr, unicode(e)))
@@ -2252,9 +2254,11 @@ def execute(self, *keys, **options):
                     else:
                         failed['member'][self.reverse_attr].append((attr, result['failed']['member'][self.member_attr][0][1]))
                 except errors.NotFound as e:
-                    msg = str(e)
-                    (attr, msg) = msg.split(':', 1)
-                    failed['member'][self.reverse_attr].append((attr, unicode(msg.strip())))
+                    msg = unicode(e)
+                    msg = msg.split(':', 1)[1]
+                    failed['member'][self.reverse_attr].append(
+                        (attr, msg.strip())
+                    )
 
             except errors.PublicError as e:
                 failed['member'][self.reverse_attr].append((attr, unicode(e)))

From 16fdae56c03a1e8df90e79828a9548a0239c0707 Mon Sep 17 00:00:00 2001
From: Tomas Krizek <tkri...@redhat.com>
Date: Tue, 27 Sep 2016 17:23:17 +0200
Subject: [PATCH 3/5] ipa: allow relative paths for config file

Remove unnecessary check for absolute file paths for config file.

https://fedorahosted.org/freeipa/ticket/6114
---
 ipalib/config.py | 15 +--------------
 1 file changed, 1 insertion(+), 14 deletions(-)

diff --git a/ipalib/config.py b/ipalib/config.py
index eb6c3ae..a273e3d 100644
--- a/ipalib/config.py
+++ b/ipalib/config.py
@@ -352,23 +352,10 @@ def _merge_from_file(self, config_file):
         containing first the number of variables that were actually set, and
         second the total number of variables found in ``config_file``.
 
-        This method will raise a ``ValueError`` if ``config_file`` is not an
-        absolute path.  For example:
-
-        >>> env = Env()
-        >>> env._merge_from_file('my/config.conf')
-        Traceback (most recent call last):
-          ...
-        ValueError: config_file must be an absolute path; got 'my/config.conf'
-
         Also see `Env._merge()`.
 
-        :param config_file: Absolute path of the configuration file to load.
+        :param config_file: Path of the configuration file to load.
         """
-        if path.abspath(config_file) != config_file:
-            raise ValueError(
-                'config_file must be an absolute path; got %r' % config_file
-            )
         if not path.isfile(config_file):
             return
         parser = RawConfigParser()

From 13ab67594518b1229dd06011c2b73a2ce4996019 Mon Sep 17 00:00:00 2001
From: Tomas Krizek <tkri...@redhat.com>
Date: Tue, 27 Sep 2016 17:23:38 +0200
Subject: [PATCH 4/5] ipa: check if provided config file exists

Add a parser check to verify config file supplied to the ipa
command exists. Previously, invalid file paths would not results
in any error and would just silently proceed with default config.

https://fedorahosted.org/freeipa/ticket/6114
---
 ipalib/plugable.py | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/ipalib/plugable.py b/ipalib/plugable.py
index af35f5b..28c4042 100644
--- a/ipalib/plugable.py
+++ b/ipalib/plugable.py
@@ -44,6 +44,7 @@
 from ipalib.util import classproperty
 from ipalib.base import ReadOnly, lock, islocked
 from ipalib.constants import DEFAULT_CONFIG
+from ipapython import ipautil
 from ipapython.ipa_log_manager import (
     log_mgr,
     LOGGING_FORMAT_FILE,
@@ -494,6 +495,13 @@ def build_global_parser(self, parser=None, context=None):
         """
         Add global options to an optparse.OptionParser instance.
         """
+        def config_file_callback(option, opt, value, parser):
+            if not ipautil.file_exists(value):
+                raise optparse.OptionValueError(
+                    _("%s: file not found") % value)
+
+            parser.values.conf = value
+
         if parser is None:
             parser = optparse.OptionParser(
                 add_help_option=False,
@@ -517,8 +525,9 @@ def build_global_parser(self, parser=None, context=None):
         parser.add_option('-e', dest='env', metavar='KEY=VAL', action='append',
             help='Set environment variable KEY to VAL',
         )
-        parser.add_option('-c', dest='conf', metavar='FILE',
-            help='Load configuration from FILE',
+        parser.add_option('-c', dest='conf', metavar='FILE', action='callback',
+            callback=config_file_callback, type='string',
+            help='Load configuration from FILE.',
         )
         parser.add_option('-d', '--debug', action='store_true',
             help='Produce full debuging output',

From 7c8e0bc6fa1f8e8c80ee8212ddd8bb576e104165 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Tue, 4 Oct 2016 16:54:44 +0200
Subject: [PATCH 5/5] Pylint: remove unused variables from installers and
 scripts

---
 client/ipa-client-automount                        | 12 +++----
 client/ipa-client-install                          | 17 ++++------
 daemons/dnssec/ipa-ods-exporter                    |  6 ++--
 .../certmonger/dogtag-ipa-ca-renew-agent-submit    | 10 +++---
 install/tools/ipa-adtrust-install                  | 17 +++++-----
 install/tools/ipa-replica-manage                   | 16 ++++-----
 install/tools/ipactl                               | 10 ++----
 ipaclient/ipachangeconf.py                         | 12 ++-----
 ipaclient/ipadiscovery.py                          |  4 ---
 ipapython/install/core.py                          | 12 +++----
 ipaserver/install/bindinstance.py                  |  9 +++--
 ipaserver/install/ca.py                            |  6 +---
 ipaserver/install/cainstance.py                    |  7 +---
 ipaserver/install/certs.py                         | 14 ++++----
 ipaserver/install/dns.py                           | 14 +-------
 ipaserver/install/dnskeysyncinstance.py            | 13 ++------
 ipaserver/install/dogtaginstance.py                |  5 +--
 ipaserver/install/dsinstance.py                    | 17 ++++------
 ipaserver/install/ipa_backup.py                    |  5 ---
 ipaserver/install/ipa_cacert_manage.py             |  3 --
 ipaserver/install/ipa_replica_prepare.py           | 15 +++------
 ipaserver/install/ipa_restore.py                   |  4 ---
 ipaserver/install/ipa_winsync_migrate.py           | 11 +++----
 ipaserver/install/opendnssecinstance.py            |  8 -----
 ipaserver/install/plugins/rename_managed.py        | 11 +++----
 ipaserver/install/replication.py                   | 28 ++++++++--------
 ipaserver/install/server/install.py                | 12 ++-----
 ipaserver/install/server/replicainstall.py         | 38 +++++++++-------------
 ipaserver/install/server/upgrade.py                |  5 ---
 ipaserver/install/upgradeinstance.py               |  4 +--
 30 files changed, 111 insertions(+), 234 deletions(-)

diff --git a/client/ipa-client-automount b/client/ipa-client-automount
index 91bdc88..88adb0a 100755
--- a/client/ipa-client-automount
+++ b/client/ipa-client-automount
@@ -45,8 +45,6 @@ from ipaplatform.tasks import tasks
 from ipaplatform import services
 from ipaplatform.paths import paths
 
-# pylint: disable=unused-variable
-
 def parse_options():
     usage = "%prog [options]\n"
     parser = OptionParser(usage=usage)
@@ -81,7 +79,7 @@ def wait_for_sssd():
         try:
             ipautil.run(["getent", "passwd", "admin@%s" % api.env.realm])
             found = True
-        except Exception as e:
+        except Exception:
             time.sleep(1)
             n = n + 1
 
@@ -180,7 +178,7 @@ def configure_autofs_sssd(fstore, statestore, autodiscover, options):
         if provider == "ipa":
             domain.add_provider('ipa', 'autofs')
             try:
-                location = domain.get_option('ipa_automount_location')
+                domain.get_option('ipa_automount_location')
                 sys.exit('An automount location is already configured')
             except SSSDConfig.NoOptionError:
                 domain.set_option('ipa_automount_location', options.location)
@@ -373,7 +371,7 @@ def main():
     if not fstore.has_files() and not os.path.exists(paths.IPA_DEFAULT_CONF):
         sys.exit('IPA client is not configured on this system.\n')
 
-    options, args = parse_options()
+    options, _args = parse_options()
 
     standard_logging_setup(
         paths.IPACLIENT_INSTALL_LOG, verbose=False, debug=options.debug,
@@ -400,7 +398,6 @@ def main():
         sys.exit('automount is already configured on this system.\n')
 
     autodiscover = False
-    servers = []
     ds = ipadiscovery.IPADiscovery()
     if not options.server:
         print("Searching for IPA server...")
@@ -437,7 +434,6 @@ def main():
         print("IPA server: DNS discovery")
         root_logger.debug('Configuring to use DNS discovery')
 
-    search_base = str(DN(('cn', options.location), api.env.container_automount, api.env.basedn))
     print("Location: %s" % options.location)
     root_logger.debug('Using automount location %s' % options.location)
 
@@ -457,7 +453,7 @@ def main():
             sys.exit('Cannot connect to the server due to ' + str(e))
         try:
             # Use the RPC directly so older servers are supported
-            result = api.Backend.rpcclient.forward(
+            api.Backend.rpcclient.forward(
                 'automountlocation_show',
                 ipautil.fsdecode(options.location),
                 version=u'2.0',
diff --git a/client/ipa-client-install b/client/ipa-client-install
index d38eaf9..da7d6b3 100755
--- a/client/ipa-client-install
+++ b/client/ipa-client-install
@@ -72,8 +72,6 @@ error was:
 """ % e, file=sys.stderr)
     sys.exit(1)
 
-# pylint: disable=unused-variable
-
 SUCCESS = 0
 CLIENT_INSTALL_ERROR = 1
 CLIENT_NOT_CONFIGURED = 2
@@ -97,7 +95,7 @@ def parse_options():
         initialized = nss.nss_is_initialized()
         try:
             cert = x509.load_certificate_from_file(value)
-        except Exception as e:
+        except Exception:
             raise OptionValueError("%s option '%s' is not a valid certificate file" % (opt, value))
         else:
             del(cert)
@@ -230,7 +228,7 @@ def parse_options():
                                           "be run with --unattended option")
     parser.add_option_group(uninstall_group)
 
-    options, args = parser.parse_args()
+    options, _args = parser.parse_args()
     safe_opts = parser.get_safe_opts(options)
 
     if (options.server and not options.domain):
@@ -383,7 +381,6 @@ def nssldap_exists():
 # helper function for uninstall
 # deletes IPA domain from sssd.conf
 def delete_ipa_domain():
-    sssd = services.service('sssd')
     try:
         sssdconfig = SSSDConfig.SSSDConfig()
         sssdconfig.import_config()
@@ -1509,7 +1506,7 @@ def configure_nisdomain(options, domain):
         try:
             result = ipautil.run([paths.BIN_NISDOMAINNAME],
                                  capture_output=True)
-        except CalledProcessError as e:
+        except CalledProcessError:
             pass
         else:
             nis_domain_name = result.output
@@ -1748,7 +1745,7 @@ def verify_dns_update(fqdn, ips):
 def get_server_connection_interface(server):
     # connect to IPA server, get all ip addresses of inteface used to connect
     for res in socket.getaddrinfo(server, 389, socket.AF_UNSPEC, socket.SOCK_STREAM):
-        (af, socktype, proto, canonname, sa) = res
+        af, socktype, proto, _canonname, sa = res
         try:
             s = socket.socket(af, socktype, proto)
         except socket.error as e:
@@ -1923,7 +1920,7 @@ def get_ca_certs_from_file(url):
     root_logger.debug("trying to retrieve CA cert from file %s", filename)
     try:
         certs = x509.load_certificate_list_from_file(filename)
-    except Exception as e:
+    except Exception:
         raise errors.NoCertificateError(entry=filename)
 
     return certs
@@ -1944,7 +1941,7 @@ def get_ca_certs_from_http(url, warn=True):
     try:
 
         result = run([paths.BIN_CURL, "-o", "-", url], capture_output=True)
-    except CalledProcessError as e:
+    except CalledProcessError:
         raise errors.NoCertificateError(entry=url)
     stdout = result.output
 
@@ -2981,7 +2978,7 @@ def install(options, env, fstore, statestore):
     if nslcd.is_installed():
         save_state(nslcd)
 
-    retcode, conf, filename = (0, None, None)
+    retcode, conf = (0, None)
 
     if not options.no_ac:
         # Modify nsswitch/pam stack
diff --git a/daemons/dnssec/ipa-ods-exporter b/daemons/dnssec/ipa-ods-exporter
index bb208d2..6633249 100755
--- a/daemons/dnssec/ipa-ods-exporter
+++ b/daemons/dnssec/ipa-ods-exporter
@@ -41,8 +41,6 @@ from ipapython.dnssec.abshsm import sync_pkcs11_metadata, wrappingmech_name2id
 from ipapython.dnssec.ldapkeydb import LdapKeyDB
 from ipapython.dnssec.localhsm import LocalHSM
 
-# pylint: disable=unused-variable
-
 DAEMONNAME = 'ipa-ods-exporter'
 PRINCIPAL = None  # not initialized yet
 WORKDIR = os.path.join(paths.VAR_OPENDNSSEC_DIR ,'tmp')
@@ -446,13 +444,13 @@ def receive_systemd_command(log):
         raise KeyError('Exactly one socket is expected.')
 
     sck = socket.fromfd(fds[0], socket.AF_UNIX, socket.SOCK_STREAM)
-    rlist, wlist, xlist = select.select([sck], [], [], 0)
+    rlist, _wlist, _xlist = select.select([sck], [], [], 0)
     if not rlist:
         log.critical('socket activation did not return socket with a command')
         sys.exit(0)
 
     log.debug('accepting new connection')
-    conn, addr = sck.accept()
+    conn, _addr = sck.accept()
     log.debug('accepted new connection %s', repr(conn))
 
     # this implements cmdhandler_handle_cmd() logic
diff --git a/install/certmonger/dogtag-ipa-ca-renew-agent-submit b/install/certmonger/dogtag-ipa-ca-renew-agent-submit
index 329daa0..967ce6e 100755
--- a/install/certmonger/dogtag-ipa-ca-renew-agent-submit
+++ b/install/certmonger/dogtag-ipa-ca-renew-agent-submit
@@ -44,8 +44,6 @@ from ipaplatform.paths import paths
 from ipaserver.plugins.ldap2 import ldap2
 from ipaserver.install import cainstance, certs
 
-# pylint: disable=unused-variable
-
 # This is a certmonger CA helper script for IPA CA subsystem cert renewal. See
 # https://git.fedorahosted.org/cgit/certmonger.git/tree/doc/submit.txt for more
 # info on certmonger CA helper scripts.
@@ -194,7 +192,7 @@ def request_cert():
 
     rc = result.returncode
     if rc == WAIT_WITH_DELAY:
-        delay, sep, cookie = stdout.partition('\n')
+        delay, _sep, cookie = stdout.partition('\n')
         return (rc, delay, cookie)
     else:
         return (rc, stdout)
@@ -282,7 +280,7 @@ def request_and_store_cert():
         if not cookie:
             return (UNCONFIGURED, "Cookie not provided")
 
-        state, sep, cookie = cookie.partition(':')
+        state, _sep, cookie = cookie.partition(':')
         if state not in ('request', 'store'):
             return (UNCONFIGURED,
                     "Invalid cookie: %r" % os.environ['CERTMONGER_CA_COOKIE'])
@@ -306,7 +304,7 @@ def request_and_store_cert():
             cert = result[1]
             cookie = None
     else:
-        cert, sep, cookie = cookie.partition(':')
+        cert, _sep, cookie = cookie.partition(':')
 
     if cookie is None:
         os.environ['CERTMONGER_OPERATION'] = 'SUBMIT'
@@ -438,7 +436,7 @@ def renew_ca_cert():
         if not cookie:
             return (UNCONFIGURED, "Cookie not provided")
 
-        state, sep, cookie = cookie.partition(':')
+        state, _sep, cookie = cookie.partition(':')
         if state not in ('retrieve', 'request'):
             return (UNCONFIGURED,
                     "Invalid cookie: %r" % os.environ['CERTMONGER_CA_COOKIE'])
diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install
index 13c62aa..378627d 100755
--- a/install/tools/ipa-adtrust-install
+++ b/install/tools/ipa-adtrust-install
@@ -45,8 +45,6 @@ from ipaplatform.paths import paths
 from ipapython.ipa_log_manager import root_logger, standard_logging_setup
 from ipapython.dn import DN
 
-# pylint: disable=unused-variable
-
 if six.PY3:
     unicode = str
 
@@ -87,7 +85,7 @@ def parse_options():
                       dest="enable_compat", default=False, action="store_true",
                       help="Enable support for trusted domains for old clients")
 
-    options, args = parser.parse_args()
+    options, _args = parser.parse_args()
     safe_options = parser.get_safe_opts(options)
 
     return safe_options, options
@@ -215,7 +213,7 @@ def set_and_check_netbios_name(netbios_name, unattended):
 def ensure_admin_kinit(admin_name, admin_password):
     try:
         ipautil.run(['kinit', admin_name], stdin=admin_password+'\n')
-    except ipautil.CalledProcessError as e:
+    except ipautil.CalledProcessError:
         print("There was error to automatically re-kinit your admin user ticket.")
         return False
     return True
@@ -357,8 +355,8 @@ def main():
         try:
             root_logger.debug("Searching for objects with missing SID with "
                 "filter=%s, base_dn=%s", filter, base_dn)
-            (entries, truncated) = api.Backend.ldap2.find_entries(filter=filter,
-                base_dn=base_dn, attrs_list=[''])
+            entries, _truncated = api.Backend.ldap2.find_entries(
+                filter=filter, base_dn=base_dn, attrs_list=[''])
         except errors.NotFound:
             # All objects have SIDs assigned
             pass
@@ -413,7 +411,7 @@ def main():
         try:
             # Search only masters which have support for domain levels
             # because only these masters will have SSSD recent enough to support AD trust agents
-            (entries_m, truncated) = smb.admin_conn.find_entries(
+            entries_m, _truncated = smb.admin_conn.find_entries(
                 filter="(&(objectclass=ipaSupportedDomainLevelConfig)(ipaMaxDomainLevel=*)(ipaMinDomainLevel=*))",
                 base_dn=masters_dn, attrs_list=['cn'], scope=ldap.SCOPE_ONELEVEL)
         except errors.NotFound:
@@ -423,8 +421,9 @@ def main():
            print(unicode(e))
 
         try:
-           (entries_a, truncated) = smb.admin_conn.find_entries(filter="",
-               base_dn=agents_dn, attrs_list=['member'], scope=ldap.SCOPE_BASE)
+           entries_a, _truncated = smb.admin_conn.find_entries(
+               filter="", base_dn=agents_dn, attrs_list=['member'],
+               scope=ldap.SCOPE_BASE)
         except errors.NotFound:
             pass
         except (errors.DatabaseError, errors.NetworkError) as e:
diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage
index 6152898..d9dee9c 100755
--- a/install/tools/ipa-replica-manage
+++ b/install/tools/ipa-replica-manage
@@ -45,8 +45,6 @@ from ipaclient import ipadiscovery
 from six.moves.xmlrpc_client import MAXINT
 from ipaplatform.paths import paths
 
-# pylint: disable=unused-variable
-
 # dict of command name and tuples of min/max num of args needed
 commands = {
     "list":(0, 1, "[master fqdn]", ""),
@@ -142,7 +140,7 @@ def test_connection(realm, host, nolookup=False):
         if not nolookup:
             enforce_host_existence(host)
         replman = replication.ReplicationManager(realm, host, None)
-        ents = replman.find_replication_agreements()
+        replman.find_replication_agreements()
         del replman
         return True
     except errors.ACIError:
@@ -216,7 +214,7 @@ def list_replicas(realm, host, replica, dirman_passwd, verbose, nolookup=False):
         if winsync_peer:
             repl = replication.ReplicationManager(realm, winsync_peer,
                                                   dirman_passwd)
-            cn, dn = repl.agreement_dn(replica)
+            _cn, dn = repl.agreement_dn(replica)
             entries = repl.conn.get_entries(
                 dn, conn.SCOPE_BASE,
                 "(objectclass=nsDSWindowsReplicationAgreement)")
@@ -308,7 +306,7 @@ def del_link(realm, replica1, replica2, dirman_passwd, force=False):
         try:
             repl2.set_readonly(readonly=True)
             repl2.force_sync(repl2.conn, replica1)
-            cn, dn = repl2.agreement_dn(repl1.conn.host)
+            _cn, dn = repl2.agreement_dn(repl1.conn.host)
             repl2.wait_for_repl_update(repl2.conn, dn, 30)
             (range_start, range_max) = repl2.get_DNA_range(repl2.conn.host)
             (next_start, next_max) = repl2.get_DNA_next_range(repl2.conn.host)
@@ -391,7 +389,9 @@ def get_ruv(realm, host, dirman_passwd, nolookup=False, ca=False):
             data = re.match('\{replica (\d+) (ldap://.*:\d+)\}(\s+\w+\s+\w*){0,1}', ruv)
             if data:
                 rid = data.group(1)
-                (scheme, netloc, path, params, query, fragment) = urlparse(data.group(2))
+                (
+                    _scheme, netloc, _path, _params, _query, _fragment
+                ) = urlparse(data.group(2))
                 servers.append((netloc, rid))
             else:
                 print("unable to decode: %s" % ruv)
@@ -1323,7 +1323,7 @@ def store_DNA_range(repl, range_start, range_max, deleted_master, realm,
         except Exception as e:
             print("Connection failed: %s" % e)
             continue
-        (next_start, next_max) = repl2.get_DNA_next_range(candidate)
+        next_start, _next_max = repl2.get_DNA_next_range(candidate)
         if next_start is None:
             try:
                 return repl2.save_DNA_next_range(range_start, range_max)
@@ -1359,7 +1359,7 @@ def set_DNA_range(hostname, range, realm, dirman_passwd, next_range=False,
         """
         try:
             (dna_next, dna_max) = range.split('-', 1)
-        except ValueError as e:
+        except ValueError:
             return "Invalid range, must be the form x-y"
 
         try:
diff --git a/install/tools/ipactl b/install/tools/ipactl
index d229738..42bd73e 100755
--- a/install/tools/ipactl
+++ b/install/tools/ipactl
@@ -39,9 +39,6 @@ from ipapython.dn import DN
 from ipaplatform import services
 from ipaplatform.paths import paths
 
-# pylint: disable=unused-variable
-
-
 MSG_HINT_IGNORE_SERVICE_FAILURE = (
     "Hint: You can use --ignore-service-failure option for forced start in "
     "case that a non-critical service failed"
@@ -89,7 +86,7 @@ def is_dirsrv_debugging_enabled():
         fd.close()
         for line in lines:
             if line.lower().startswith('nsslapd-errorlog-level'):
-                (option, value) = line.split(':')
+                _option, value = line.split(':')
                 if int(value) > 0:
                     debugging = True
 
@@ -239,7 +236,7 @@ def get_config_from_file():
         def_svc_list.append([s[1], s[0]])
 
     ordered_list = []
-    for (order, svc) in sorted(def_svc_list):
+    for _order, svc in sorted(def_svc_list):
         if svc in svc_list:
             ordered_list.append(svc)
 
@@ -286,7 +283,6 @@ def ipa_start(options):
     except Exception as e:
         raise IpactlError("Failed to start Directory Service: " + str(e))
 
-    ldap_list = []
     try:
         svc_list = get_config(dirsrv)
     except Exception as e:
@@ -540,7 +536,7 @@ def main():
         # LSB status code 4: user had insufficient privilege
         raise IpactlError("You must be root to run ipactl.", 4)
 
-    safe_options, options, args = parse_options()
+    _safe_options, options, args = parse_options()
 
     if len(args) != 1:
         # LSB status code 2: invalid or excess argument(s)
diff --git a/ipaclient/ipachangeconf.py b/ipaclient/ipachangeconf.py
index b6cbc9b..b7d8ffc 100644
--- a/ipaclient/ipachangeconf.py
+++ b/ipaclient/ipachangeconf.py
@@ -24,8 +24,6 @@
 
 import six
 
-# pylint: disable=unused-variable
-
 if six.PY3:
     unicode = str
 
@@ -303,7 +301,7 @@ def mergeOld(self, oldopts, newopts):
 
         for o in oldopts:
             if o['type'] == "section" or o['type'] == "subsection":
-                (num, no) = self.findOpts(newopts, o['type'], o['name'])
+                _num, no = self.findOpts(newopts, o['type'], o['name'])
                 if not no:
                     opts.append(o)
                     continue
@@ -327,7 +325,7 @@ def mergeOld(self, oldopts, newopts):
                 continue
 
             if o['type'] == "option":
-                (num, no) = self.findOpts(newopts, 'option', o['name'], True)
+                _num, no = self.findOpts(newopts, 'option', o['name'], True)
                 if not no:
                     opts.append(o)
                     continue
@@ -482,9 +480,6 @@ def parse(self, f):
     #     [{'name': 'foo', 'value': 'bar', 'action': 'set/comment'}]
     # section is a section name like 'global'
     def changeConf(self, file, newopts):
-        autosection = False
-        savedsection = None
-        done = False
         output = ""
         f = None
         try:
@@ -517,9 +512,6 @@ def changeConf(self, file, newopts):
     # options is a set of dictionaries in the form:
     #     [{'name': 'foo', 'value': 'bar', 'action': 'set/comment'}]
     def newConf(self, file, options):
-        autosection = False
-        savedsection = None
-        done = False
         output = ""
         f = None
         try:
diff --git a/ipaclient/ipadiscovery.py b/ipaclient/ipadiscovery.py
index e051bc7..2075c33 100644
--- a/ipaclient/ipadiscovery.py
+++ b/ipaclient/ipadiscovery.py
@@ -30,8 +30,6 @@
 from ipapython.ipautil import valid_ip, realm_to_suffix
 from ipapython.dn import DN
 
-# pylint: disable=unused-variable
-
 NOT_FQDN = -1
 NO_LDAP_SERVER = -2
 REALM_NOT_FOUND = -3
@@ -376,8 +374,6 @@ def ipacheckldap(self, thost, trealm, ca_cert_path=None):
 
         lrealms = []
 
-        i = 0
-
         #now verify the server is really an IPA server
         try:
             root_logger.debug("Init LDAP connection to: %s", thost)
diff --git a/ipapython/install/core.py b/ipapython/install/core.py
index 98ee588..e94c0f2 100644
--- a/ipapython/install/core.py
+++ b/ipapython/install/core.py
@@ -19,8 +19,6 @@
 from . import util
 from .util import from_
 
-# pylint: disable=unused-variable
-
 __all__ = ['InvalidStateError', 'KnobValueError', 'Property', 'Knob',
            'Configurable', 'Group', 'Component', 'Composite']
 
@@ -207,7 +205,7 @@ def properties(cls):
 
             result = sorted(result, key=lambda r: r[0])
 
-            for order, owner_cls, name in result:
+            for _order, owner_cls, name in result:
                 yield owner_cls, name
 
     @classmethod
@@ -316,7 +314,7 @@ def validate(self):
         Run the validation part of the configurable.
         """
 
-        for nothing in self._validator():
+        for _nothing in self._validator():
             pass
 
     def _validator(self):
@@ -333,7 +331,7 @@ def execute(self):
         Run the execution part of the configurable.
         """
 
-        for nothing in self._executor():
+        for _nothing in self._executor():
             pass
 
     def _executor(self):
@@ -541,7 +539,7 @@ def components(cls):
 
             result = sorted(result, key=lambda r: r[0])
 
-            for order, owner_cls, name in result:
+            for _order, owner_cls, name in result:
                 yield owner_cls, name
 
     def __getattr__(self, name):
@@ -565,7 +563,7 @@ def _reset(self):
         super(Composite, self)._reset()
 
     def _get_components(self):
-        for owner_cls, name in self.components():
+        for _owner_cls, name in self.components():
             yield getattr(self, name)
 
     def _configure(self):
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index a04822e..350cb3c 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -60,8 +60,6 @@
                          UnresolvableRecordError)
 from ipalib.constants import CACERT
 
-# pylint: disable=unused-variable
-
 if six.PY3:
     unicode = str
 
@@ -289,7 +287,7 @@ def find_reverse_zone(ip_address, api=api):
     while len(zone) > 0:
         if dns_zone_exists(zone, api):
             return zone
-        foo, bar, zone = zone.partition('.')
+        zone = zone.partition('.')[2]
 
     return None
 
@@ -866,7 +864,7 @@ def __add_master_records(self, fqdn, addrs):
         for addr in addrs:
             try:
                 add_fwd_rr(zone, host, addr, self.api)
-            except errors.NotFound as e:
+            except errors.NotFound:
                 pass
 
             reverse_zone = find_reverse_zone(addr, self.api)
@@ -1107,7 +1105,8 @@ def remove_server_ns_records(self, fqdn):
         attributes = ['idnsname', 'objectclass']
         dn = DN(self.api.env.container_dns, self.api.env.basedn)
 
-        entries, truncated = ldap.find_entries(attr_filter, attributes, base_dn=dn)
+        entries, _truncated = ldap.find_entries(
+            attr_filter, attributes, base_dn=dn)
 
         # remove records
         if entries:
diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py
index b23ccfd..dadc34e 100644
--- a/ipaserver/install/ca.py
+++ b/ipaserver/install/ca.py
@@ -15,8 +15,6 @@
 from ipapython.dn import DN
 from ipapython.ipa_log_manager import root_logger
 
-# pylint: disable=unused-variable
-
 external_cert_file = None
 external_ca_file = None
 
@@ -94,7 +92,7 @@ def install_check(standalone, replica_config, options):
         dsdb = certs.CertDB(realm_name, nssdir=dirname, subject_base=subject_base)
 
         for db in (cadb, dsdb):
-            for nickname, trust_flags in db.list_certs():
+            for nickname, _trust_flags in db.list_certs():
                 if nickname in (certdb.get_ca_nickname(realm_name),
                                 'ipaCert',
                                 'Signing-Cert'):
@@ -121,7 +119,6 @@ def install(standalone, replica_config, options):
 
 def install_step_0(standalone, replica_config, options):
     realm_name = options.realm_name
-    domain_name = options.domain_name
     dm_password = options.dm_password
     host_name = options.host_name
     subject_base = options.subject
@@ -170,7 +167,6 @@ def install_step_0(standalone, replica_config, options):
 
 def install_step_1(standalone, replica_config, options):
     realm_name = options.realm_name
-    domain_name = options.domain_name
     dm_password = options.dm_password
     host_name = options.host_name
     subject_base = options.subject
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index dea1110..d352a1d 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -81,8 +81,6 @@
 except ImportError:
     import http.client as httplib
 
-# pylint: disable=unused-variable
-
 # We need to reset the template because the CA uses the regular boot
 # information
 INF_TEMPLATE = """
@@ -1625,9 +1623,6 @@ def __update_entry_from_cert(make_filter, make_entry, dercert):
     """
 
     base_dn = DN(('o', 'ipaca'))
-    serial_number = x509.get_serial_number(dercert, datatype=x509.DER)
-    subject = x509.get_subject(dercert, datatype=x509.DER)
-    issuer = x509.get_issuer(dercert, datatype=x509.DER)
 
     attempts = 0
     server_id = installutils.realm_to_serverid(api.env.realm)
@@ -1909,7 +1904,7 @@ def repair_profile_caIPAserviceCert():
     with api.Backend.ra_certprofile as profile_api:
         try:
             cur_config = profile_api.read_profile(profile_id).splitlines()
-        except errors.RemoteRetrieveError as e:
+        except errors.RemoteRetrieveError:
             # no profile there to check/repair
             api.Backend.ra_certprofile.override_port = None
             return
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index b55bb6c..31fd36c 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -45,8 +45,6 @@
 from ipaplatform.constants import constants
 from ipaplatform.paths import paths
 
-# pylint: disable=unused-variable
-
 # Apache needs access to this database so we need to create it
 # where apache can reach
 NSS_DIR = paths.HTTPD_ALIAS_DIR
@@ -260,7 +258,7 @@ def load_cacert(self, cacert_fname, trust_flags):
         while True:
             try:
                 (cert, st) = find_cert_from_txt(certs, st)
-                (rdn, subject_dn) = get_cert_nickname(cert)
+                _rdn, subject_dn = get_cert_nickname(cert)
                 if subject_dn == ca_dn:
                     nick = get_ca_nickname(self.realm)
                 else:
@@ -283,7 +281,7 @@ def get_cert_from_db(self, nickname, pem=True):
             if pem:
                 return cert
             else:
-                (cert, start) = find_cert_from_txt(cert, start=0)
+                cert, _start = find_cert_from_txt(cert, start=0)
                 cert = x509.strip_header(cert)
                 dercert = base64.b64decode(cert)
                 return dercert
@@ -405,7 +403,7 @@ def issue_server_cert(self, certreq_fname, cert_fname):
         result = dogtag.https_request(
             self.host_name, 8443, "/ca/ee/ca/profileSubmitSSLClient",
             self.secdir, password, "ipaCert", **params)
-        http_status, http_headers, http_body = result
+        http_status, _http_headers, http_body = result
         root_logger.debug("CA answer: %s", http_body)
 
         if http_status != 200:
@@ -459,7 +457,7 @@ def issue_signing_cert(self, certreq_fname, cert_fname):
         result = dogtag.https_request(
             self.host_name, 8443, "/ca/ee/ca/profileSubmitSSLClient",
             self.secdir, password, "ipaCert", **params)
-        http_status, http_headers, http_body = result
+        http_status, _http_headers, http_body = result
         if http_status != 200:
             raise RuntimeError("Unable to submit cert request")
 
@@ -571,11 +569,11 @@ def create_from_cacert(self, cacert_fname, passwd=None):
             newca = f.readlines()
             f.close()
             newca = "".join(newca)
-            (newca, st) = find_cert_from_txt(newca)
+            newca, _st = find_cert_from_txt(newca)
 
             cacert = self.get_cert_from_db(self.cacert_name)
             if cacert != '':
-                (cacert, st) = find_cert_from_txt(cacert)
+                cacert, _st = find_cert_from_txt(cacert)
 
             if newca == cacert:
                 return
diff --git a/ipaserver/install/dns.py b/ipaserver/install/dns.py
index efff82a..c16b963 100644
--- a/ipaserver/install/dns.py
+++ b/ipaserver/install/dns.py
@@ -30,12 +30,9 @@
 from ipaserver.install.installutils import update_hosts_file
 from ipaserver.install import bindinstance
 from ipaserver.install import dnskeysyncinstance
-from ipaserver.install import ntpinstance
 from ipaserver.install import odsexporterinstance
 from ipaserver.install import opendnssecinstance
 
-# pylint: disable=unused-variable
-
 ip_addresses = []
 reverse_zones = []
 
@@ -45,7 +42,7 @@ def _find_dnssec_enabled_zones(conn):
     dnssec_enabled_filter = conn.make_filter(search_kw)
     dn = DN('cn=dns', api.env.basedn)
     try:
-        entries, truncated = conn.find_entries(
+        entries, _truncated = conn.find_entries(
             base_dn=dn, filter=dnssec_enabled_filter, attrs_list=['idnsname'])
     except errors.NotFound:
         return []
@@ -222,8 +219,6 @@ def install_check(standalone, api, replica, options, hostname):
                                    "database (kasp.db file)")
 
             # check if replica can be the DNSSEC master
-            named = services.knownservices.named
-            ods_enforcerd = services.knownservices.ods_enforcerd
             cmd = [paths.IPA_DNSKEYSYNCD_REPLICA]
             environment = {
                 "SOFTHSM2_CONF": paths.DNSSEC_SOFTHSM2_CONF,
@@ -316,15 +311,8 @@ def install_check(standalone, api, replica, options, hostname):
 
 
 def install(standalone, replica, options, api=api):
-    local_dnskeysyncd_dn = DN(('cn', 'DNSKeySync'), ('cn', api.env.host),
-                              ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'),
-                              api.env.basedn)
-    conn = api.Backend.ldap2
-
     fstore = sysrestore.FileStore(paths.SYSRESTORE)
 
-    conf_ntp = ntpinstance.NTPInstance(fstore).is_enabled()
-
     if standalone:
         # otherwise this is done by server/replica installer
         update_hosts_file(ip_addresses, api.env.host, fstore)
diff --git a/ipaserver/install/dnskeysyncinstance.py b/ipaserver/install/dnskeysyncinstance.py
index 3e862b3..f397879 100644
--- a/ipaserver/install/dnskeysyncinstance.py
+++ b/ipaserver/install/dnskeysyncinstance.py
@@ -21,15 +21,12 @@
 from ipapython.dn import DN
 from ipapython import ipaldap
 from ipapython import sysrestore, ipautil
-from ipaplatform import services
 from ipaplatform.constants import constants
 from ipaplatform.paths import paths
 from ipalib import errors, api
 from ipalib.constants import CACERT
 from ipaserver.install.bindinstance import dns_container_exists
 
-# pylint: disable=unused-variable
-
 softhsm_token_label = u'ipaDNSSEC'
 softhsm_slot = 0
 replica_keylabel_template = u"dnssec-replica:%s"
@@ -117,7 +114,7 @@ def remove_replica_public_keys(self, replica_fqdn):
             'ipk11Wrap': True,
         }
         filter = ldap.make_filter(search_kw, rules=ldap.MATCH_ALL)
-        entries, truncated = ldap.find_entries(filter=filter, base_dn=dn_base)
+        entries, _truncated = ldap.find_entries(filter=filter, base_dn=dn_base)
         for entry in entries:
             ldap.delete_entry(entry)
 
@@ -149,22 +146,18 @@ def create_instance(self, fqdn, realm_name):
         self.start_creation()
 
     def __get_named_uid(self):
-        named = services.knownservices.named
         try:
             return pwd.getpwnam(constants.NAMED_USER).pw_uid
         except KeyError:
             raise RuntimeError("Named UID not found")
 
     def __get_named_gid(self):
-        named = services.knownservices.named
         try:
             return grp.getgrnam(constants.NAMED_GROUP).gr_gid
         except KeyError:
             raise RuntimeError("Named GID not found")
 
     def __check_dnssec_status(self):
-        ods_enforcerd = services.knownservices.ods_enforcerd
-
         self.named_uid = self.__get_named_uid()
         self.named_gid = self.__get_named_gid()
 
@@ -338,7 +331,7 @@ def __setup_replica_keys(self):
                 if not priv_keys:
                     break  # we found unique id
 
-            public_key_handle, private_key_handle = p11.generate_replica_key_pair(
+            public_key_handle, _privkey_handle = p11.generate_replica_key_pair(
                     keylabel, key_id,
                     pub_cka_verify=False,
                     pub_cka_verify_recover=False,
@@ -394,7 +387,7 @@ def __setup_replica_keys(self):
                 'ipk11Wrap': True,
             }
             filter = ldap.make_filter(search_kw, rules=ldap.MATCH_ALL)
-            entries, truncated = ldap.find_entries(filter=filter,
+            entries, _truncated = ldap.find_entries(filter=filter,
                                                    base_dn=dn_base)
             for entry in entries:
                 # don't disable wrapping for new key
diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py
index ea80a2f..d682745 100644
--- a/ipaserver/install/dogtaginstance.py
+++ b/ipaserver/install/dogtaginstance.py
@@ -45,8 +45,6 @@
 from ipaserver.install.installutils import stopped_service
 from ipapython.ipa_log_manager import log_mgr
 
-# pylint: disable=unused-variable
-
 HTTPD_USER = constants.HTTPD_USER
 
 
@@ -356,7 +354,7 @@ def stop_tracking_certificates(self, stop_certmonger=True):
         services.knownservices.messagebus.start()
         cmonger.start()
 
-        nicknames = [nickname for nickname, profile in self.tracking_reqs]
+        nicknames = [nickname for nickname, _profile in self.tracking_reqs]
         if self.server_cert_name is not None:
             nicknames.append(self.server_cert_name)
 
@@ -477,7 +475,6 @@ def setup_admin(self):
 
     def __remove_admin_from_group(self, group):
         dn = DN(('cn', group), ('ou', 'groups'), ('o', 'ipaca'))
-        entry = self.admin_conn.get_entry(dn)
         mod = [(ldap.MOD_DELETE, 'uniqueMember', self.admin_dn)]
         try:
             self.admin_conn.modify_s(dn, mod)
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 30e0038..aaaba07 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -52,8 +52,6 @@
 from ipaplatform import services
 from ipaplatform.paths import paths
 
-# pylint: disable=unused-variable
-
 DS_USER = platformconstants.DS_USER
 DS_GROUP = platformconstants.DS_GROUP
 
@@ -186,7 +184,7 @@ def get_domain_level(api=api):
 def get_all_external_schema_files(root):
     """Get all schema files"""
     f = []
-    for path, subdirs, files in os.walk(root):
+    for path, _subdirs, files in os.walk(root):
         for name in files:
             if fnmatch.fnmatch(name, "*.ldif"):
                 f.append(os.path.join(path, name))
@@ -741,7 +739,7 @@ def configure_dirsrv_ccache(self):
             os.chown(filepath, 0, 0)
 
         replacevars = {'KRB5CCNAME': ccache}
-        old_values = ipautil.backup_config_and_replace_variables(
+        ipautil.backup_config_and_replace_variables(
             self.fstore, filepath, replacevars=replacevars)
         tasks.restore_context(filepath)
 
@@ -898,7 +896,6 @@ def add_hbac(self):
 
     def change_admin_password(self, password):
         root_logger.debug("Changing admin password")
-        dirname = config_dirname(self.serverid)
         dmpwdfile = ""
         admpwdfile = ""
 
@@ -937,7 +934,7 @@ def uninstall(self):
         enabled = self.restore_state("enabled")
 
         # Just eat this state if it exists
-        running = self.restore_state("running")
+        self.restore_state("running")
 
         try:
             self.fstore.restore_file(paths.LIMITS_CONF)
@@ -961,10 +958,8 @@ def uninstall(self):
                 root_logger.error("Failed to remove DS instance. You may "
                                   "need to remove instance data manually")
 
-        # At one time we removed this user on uninstall. That can potentially
-        # orphan files, or worse, if another useradd runs in the intermim,
-        # cause files to have a new owner.
-        user_exists = self.restore_state("user_exists")
+        # Just eat this state
+        self.restore_state("user_exists")
 
         # Make sure some upgrade-related state is removed. This could cause
         # re-installation problems.
@@ -1341,7 +1336,7 @@ def update_dna_shared_config(self, method="SASL/GSSAPI", protocol="LDAP"):
         # the failure to update the shared config entry and return
         #
         max_wait = 30
-        for i in range(0, max_wait + 1):
+        for _i in range(0, max_wait + 1):
             try:
                 entries = conn.get_entries(
                     sharedcfgdn, scope=ldap.SCOPE_ONELEVEL,
diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py
index 3c38e6f..e7fefd8 100644
--- a/ipaserver/install/ipa_backup.py
+++ b/ipaserver/install/ipa_backup.py
@@ -40,8 +40,6 @@
 from ipaplatform.constants import constants
 from ipaplatform.tasks import tasks
 
-# pylint: disable=unused-variable
-
 """
 A test gpg can be generated like this:
 
@@ -382,7 +380,6 @@ def db2ldif(self, instance, backend, online=True):
         '''
         self.log.info('Backing up %s in %s to LDIF' % (backend, instance))
 
-        now = time.localtime()
         cn = time.strftime('export_%Y_%m_%d_%H_%M_%S')
         dn = DN(('cn', cn), ('cn', 'export'), ('cn', 'tasks'), ('cn', 'config'))
 
@@ -434,7 +431,6 @@ def db2bak(self, instance, online=True):
         If executed online create a task and wait for it to complete.
         '''
         self.log.info('Backing up %s' % instance)
-        now = time.localtime()
         cn = time.strftime('backup_%Y_%m_%d_%H_%M_%S')
         dn = DN(('cn', cn), ('cn', 'backup'), ('cn', 'tasks'), ('cn', 'config'))
 
@@ -591,7 +587,6 @@ def finalize_backup(self, data_only=False, encrypt=False, keyring=None):
         os.mkdir(backup_dir)
         os.chmod(backup_dir, 0o700)
 
-        cwd = os.getcwd()
         os.chdir(self.dir)
         args = ['tar',
                 '--xattrs',
diff --git a/ipaserver/install/ipa_cacert_manage.py b/ipaserver/install/ipa_cacert_manage.py
index e691f41..859c254 100644
--- a/ipaserver/install/ipa_cacert_manage.py
+++ b/ipaserver/install/ipa_cacert_manage.py
@@ -31,8 +31,6 @@
 from ipalib import api, errors, x509, certstore
 from ipaserver.install import certs, cainstance, installutils
 
-# pylint: disable=unused-variable
-
 
 class CACertManage(admintool.AdminTool):
     command_name = 'ipa-cacert-manage'
@@ -87,7 +85,6 @@ def validate_options(self):
             parser.error("command not provided")
 
         command = self.command = self.args[0]
-        options = self.options
 
         if command == 'renew':
             pass
diff --git a/ipaserver/install/ipa_replica_prepare.py b/ipaserver/install/ipa_replica_prepare.py
index e58f9b6..d7ab813 100644
--- a/ipaserver/install/ipa_replica_prepare.py
+++ b/ipaserver/install/ipa_replica_prepare.py
@@ -43,8 +43,6 @@
 from ipaplatform.paths import paths
 from ipalib.constants import CACERT, DOMAIN_LEVEL_0
 
-# pylint: disable=unused-variable
-
 UNSUPPORTED_DOMAIN_LEVEL_TEMPLATE = """
 Replica creation using '{command_name}' to generate replica file
 is supported only in {domain_level}-level IPA domain.
@@ -215,7 +213,6 @@ def ask_for_options(self):
                     "Directory Manager password required")
 
         # Try out the password & get the subject base
-        suffix = ipautil.realm_to_suffix(api.env.realm)
         try:
             conn = api.Backend.ldap2
             conn.connect(bind_dn=DN(('cn', 'directory manager')),
@@ -254,7 +251,6 @@ def ask_for_options(self):
         try:
             installutils.verify_fqdn(self.replica_fqdn, local_hostname=False)
         except installutils.BadHostError as e:
-            msg = str(e)
             if isinstance(e, installutils.HostLookupError):
                 if not options.ip_addresses:
                     if dns_container_exists(
@@ -292,7 +288,7 @@ def ask_for_options(self):
                 options.ip_addresses, options.reverse_zones, options, False,
                 True)
 
-            host, zone = self.replica_fqdn.split('.', 1)
+            _host, zone = self.replica_fqdn.split('.', 1)
             if not bindinstance.dns_zone_exists(zone, api=api):
                 self.log.error("DNS zone %s does not exist in IPA managed DNS "
                                "server. Either create DNS zone or omit "
@@ -340,7 +336,7 @@ def ask_for_options(self):
                 if options.pkinit_pin is None:
                     raise admintool.ScriptError(
                         "Kerberos KDC private key unlock password required")
-            pkinit_pkcs12_file, pkinit_pin, pkinit_ca_cert = self.load_pkcs12(
+            pkinit_pkcs12_file, pkinit_pin, _pkinit_ca_cert = self.load_pkcs12(
                 options.pkinit_cert_files, options.pkinit_pin,
                 options.pkinit_cert_name)
             self.pkinit_pkcs12_file = pkinit_pkcs12_file
@@ -537,10 +533,10 @@ def check_dns(self, replica_fqdn):
                       dns.resolver.Timeout, dns.resolver.NoNameservers)
 
         try:
-            dns_answer = resolver.query(replica_fqdn, 'A', 'IN')
+            resolver.query(replica_fqdn, 'A', 'IN')
         except exceptions:
             try:
-                dns_answer = resolver.query(replica_fqdn, 'AAAA', 'IN')
+                resolver.query(replica_fqdn, 'AAAA', 'IN')
             except exceptions:
                 return False
         except Exception as e:
@@ -550,8 +546,6 @@ def check_dns(self, replica_fqdn):
         return True
 
     def wait_for_dns(self):
-        options = self.options
-
         # Make sure replica_fqdn has a trailing dot, so the
         # 'search' directive in /etc/resolv.conf doesn't apply
         replica_fqdn = self.replica_fqdn
@@ -601,7 +595,6 @@ def export_certdb(self, fname, passwd_fname, is_kdc=False):
         :param passwd_fname: File that holds the cert DB password
         :param is_kdc: True if we're exporting KDC certs
         """
-        options = self.options
         hostname = self.replica_fqdn
         subject_base = self.subject_base
 
diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py
index 9cafa68..64ab9e4 100644
--- a/ipaserver/install/ipa_restore.py
+++ b/ipaserver/install/ipa_restore.py
@@ -51,8 +51,6 @@
 except ImportError:
     adtrustinstance = None
 
-# pylint: disable=unused-variable
-
 def recursive_chown(path, uid, gid):
     '''
     Change ownership of all files and directories in a path.
@@ -523,7 +521,6 @@ def ldif2db(self, instance, backend, online=True):
         '''
         self.log.info('Restoring from %s in %s' % (backend, instance))
 
-        now = time.localtime()
         cn = time.strftime('import_%Y_%m_%d_%H_%M_%S')
         dn = DN(('cn', cn), ('cn', 'import'), ('cn', 'tasks'), ('cn', 'config'))
 
@@ -746,7 +743,6 @@ def extract_backup(self, keyring=None):
             self.log.info('Decrypting %s' % filename)
             filename = decrypt_file(self.dir, filename, keyring)
 
-        cwd = os.getcwd()
         os.chdir(self.dir)
 
         args = ['tar',
diff --git a/ipaserver/install/ipa_winsync_migrate.py b/ipaserver/install/ipa_winsync_migrate.py
index cf89366..d0653c9 100644
--- a/ipaserver/install/ipa_winsync_migrate.py
+++ b/ipaserver/install/ipa_winsync_migrate.py
@@ -29,8 +29,6 @@
 from ipapython.ipautil import realm_to_suffix, posixify
 from ipaserver.install import replication, installutils
 
-# pylint: disable=unused-variable
-
 if six.PY3:
     unicode = str
 
@@ -175,7 +173,7 @@ def create_id_user_override(self, entry):
         }
 
         try:
-            result = api.Command['idoverrideuser_add'](
+            api.Command['idoverrideuser_add'](
                 DEFAULT_TRUST_VIEW_NAME,
                 user_identifier,
                 **kwargs
@@ -193,7 +191,7 @@ def find_winsync_users(self):
 
         user_filter = "(&(objectclass=ntuser)(ntUserDomainId=*))"
         user_base = DN(api.env.container_user, api.env.basedn)
-        entries, _ = self.ldap.find_entries(
+        entries, _truncated = self.ldap.find_entries(
             filter=user_filter,
             base_dn=user_base,
             paged_search=True)
@@ -262,8 +260,9 @@ def create_winsync_group(object_entry, suffix=0):
                                                         user_entry.dn)
 
         try:
-            objects, _ = self.ldap.find_entries(member_filter,
-                                                base_dn=object_container_dn)
+            objects, _truncated = self.ldap.find_entries(
+                member_filter,
+                base_dn=object_container_dn)
         except errors.EmptyResult:
             # If there's nothing to migrate, then let's get out of here
             return
diff --git a/ipaserver/install/opendnssecinstance.py b/ipaserver/install/opendnssecinstance.py
index 39ea196..28638a1 100644
--- a/ipaserver/install/opendnssecinstance.py
+++ b/ipaserver/install/opendnssecinstance.py
@@ -20,8 +20,6 @@
 from ipalib import errors, api
 from ipaserver.install import dnskeysyncinstance
 
-# pylint: disable=unused-variable
-
 KEYMASTER = u'dnssecKeyMaster'
 softhsm_slot = 0
 
@@ -126,9 +124,6 @@ def create_instance(self, fqdn, realm_name, generate_master_key=True,
         self.start_creation()
 
     def __check_dnssec_status(self):
-        named = services.knownservices.named
-        ods_enforcerd = services.knownservices.ods_enforcerd
-
         try:
             self.named_uid = pwd.getpwnam(constants.NAMED_USER).pw_uid
         except KeyError:
@@ -289,7 +284,6 @@ def __setup_dnssec(self):
             os.chmod(paths.OPENDNSSEC_KASP_DB, 0o660)
 
             # regenerate zonelist.xml
-            ods_enforcerd = services.knownservices.ods_enforcerd
             cmd = [paths.ODS_KSMUTIL, 'zonelist', 'export']
             result = ipautil.run(cmd,
                                  runas=constants.ODS_USER,
@@ -307,7 +301,6 @@ def __setup_dnssec(self):
                 'setup'
             ]
 
-            ods_enforcerd = services.knownservices.ods_enforcerd
             ipautil.run(command, stdin="y", runas=constants.ODS_USER)
 
     def __setup_dnskeysyncd(self):
@@ -353,7 +346,6 @@ def uninstall(self):
         if ipautil.file_exists(paths.OPENDNSSEC_KASP_DB):
 
             # force to export data
-            ods_enforcerd = services.knownservices.ods_enforcerd
             cmd = [paths.IPA_ODS_EXPORTER, 'ipa-full-update']
             try:
                 self.print_msg("Exporting DNSSEC data before uninstallation")
diff --git a/ipaserver/install/plugins/rename_managed.py b/ipaserver/install/plugins/rename_managed.py
index 96da85f..5db00c7 100644
--- a/ipaserver/install/plugins/rename_managed.py
+++ b/ipaserver/install/plugins/rename_managed.py
@@ -24,8 +24,6 @@
 from ipapython import ipautil
 from ipapython.dn import DN
 
-# pylint: disable=unused-variable
-
 register = Registry()
 
 if six.PY3:
@@ -80,16 +78,15 @@ def generate_update(self, deletes=False):
         old_definition_container = DN(('cn', 'managed entries'), ('cn', 'plugins'), ('cn', 'config'), suffix)
         new_definition_container = DN(('cn', 'Definitions'), ('cn', 'Managed Entries'), ('cn', 'etc'), suffix)
 
-        definitions_dn = DN(('cn', 'Definitions'))
         update_list = []
         restart = False
 
         # If the old entries don't exist the server has already been updated.
         try:
-            definitions_managed_entries, truncated = ldap.find_entries(
+            definitions_managed_entries, _truncated = ldap.find_entries(
                 searchfilter, ['*'], old_definition_container,
                 ldap.SCOPE_ONELEVEL)
-        except errors.NotFound as e:
+        except errors.NotFound:
             return (False, update_list)
 
         for entry in definitions_managed_entries:
@@ -99,7 +96,7 @@ def generate_update(self, deletes=False):
                 assert isinstance(old_dn, DN)
                 try:
                     entry = ldap.get_entry(old_dn, ['*'])
-                except errors.NotFound as e:
+                except errors.NotFound:
                     pass
                 else:
                     # Compute the new dn by replacing the old container with the new container
@@ -164,7 +161,7 @@ class update_managed_post_first(Updater, GenerateUpdateMixin):
 
     def execute(self, **options):
         # Never need to restart with the pre-update changes
-        (ignore, update_list) = self.generate_update(False)
+        _ignore, update_list = self.generate_update(False)
 
         return False, update_list
 
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
index e9fa796..fcd0b32 100644
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -38,8 +38,6 @@
 from ipaplatform import services
 from ipaplatform.paths import paths
 
-# pylint: disable=unused-variable
-
 if six.PY3:
     unicode = str
 
@@ -708,7 +706,7 @@ def setup_agreement(self, a_conn, b_hostname, port=389,
             mod = [(ldap.MOD_ADD, 'nsDS5ReplicatedAttributeListTotal',
                    '(objectclass=*) $ EXCLUDE %s' % " ".join(TOTAL_EXCLUDES))]
             a_conn.modify_s(dn, mod)
-        except ldap.LDAPError as e:
+        except ldap.LDAPError:
             # Apparently there are problems set the total list
             # Probably the master is an old 389-ds server, tell the caller
             # that we will have to set the memberof fixup task
@@ -763,15 +761,15 @@ def get_replica_principal_dns(self, a, b, retries):
                 root_logger.debug('Unable to find entry for %s on %s'
                     % (filter_a, str(b)))
                 self.force_sync(a, b.host)
-                cn, dn = self.agreement_dn(b.host)
-                haserror, error_message = self.wait_for_repl_update(a, dn, 60)
+                _cn, dn = self.agreement_dn(b.host)
+                _haserror, error_message = self.wait_for_repl_update(a, dn, 60)
 
             if not b_entry:
                 root_logger.debug('Unable to find entry for %s on %s'
                     % (filter_b, str(a)))
                 self.force_sync(b, a.host)
-                cn, dn = self.agreement_dn(a.host)
-                haserror, error_message = self.wait_for_repl_update(b, dn, 60)
+                _cn, dn = self.agreement_dn(a.host)
+                _haserror, error_message = self.wait_for_repl_update(b, dn, 60)
 
             retries -= 1
 
@@ -834,10 +832,10 @@ def gssapi_update_agreements(self, a, b):
                (ldap.MOD_DELETE, "nsds5replicabinddn", None),
                (ldap.MOD_DELETE, "nsds5replicacredentials", None)]
 
-        cn, a_ag_dn = self.agreement_dn(b.host)
+        _cn, a_ag_dn = self.agreement_dn(b.host)
         a.modify_s(a_ag_dn, mod)
 
-        cn, b_ag_dn = self.agreement_dn(a.host)
+        _cn, b_ag_dn = self.agreement_dn(a.host)
         b.modify_s(b_ag_dn, mod)
 
         # Finally remove the temporary replication manager user
@@ -863,7 +861,7 @@ def delete_agreement(self, hostname, dn=None):
         better to pass the DN in directly.
         """
         if dn is None:
-            cn, dn = self.agreement_dn(hostname)
+            _cn, dn = self.agreement_dn(hostname)
         return self.conn.delete_entry(dn)
 
     def delete_referral(self, hostname):
@@ -984,7 +982,7 @@ def start_replication(self, conn, hostname=None, master=None):
         print("Starting replication, please wait until this has completed.")
         if hostname == None:
             hostname = self.conn.host
-        cn, dn = self.agreement_dn(hostname, master)
+        _cn, dn = self.agreement_dn(hostname, master)
 
         mod = [(ldap.MOD_ADD, 'nsds5BeginReplicaRefresh', 'start')]
         conn.modify_s(dn, mod)
@@ -1091,7 +1089,7 @@ def setup_winsync_replication(self,
                              repl_man_dn=ad_binddn, repl_man_passwd=ad_pwd,
                              iswinsync=True, win_subtree=ad_subtree)
         root_logger.info("Added new sync agreement, waiting for it to become ready . . .")
-        cn, dn = self.agreement_dn(ad_dc_name)
+        _cn, dn = self.agreement_dn(ad_dc_name)
         self.wait_for_repl_update(self.conn, dn, 300)
         root_logger.info("Agreement is ready, starting replication . . .")
 
@@ -1125,12 +1123,12 @@ def convert_to_gssapi_replication(self, r_hostname, r_binddn, r_bindpw):
         # have all principals and their passwords and can release
         # the right tickets. We do this by force pushing all our changes
         self.force_sync(self.conn, r_hostname)
-        cn, dn = self.agreement_dn(r_hostname)
+        _cn, dn = self.agreement_dn(r_hostname)
         self.wait_for_repl_update(self.conn, dn, 300)
 
         # now in the opposite direction
         self.force_sync(r_conn, self.hostname)
-        cn, dn = self.agreement_dn(self.hostname)
+        _cn, dn = self.agreement_dn(self.hostname)
         self.wait_for_repl_update(r_conn, dn, 300)
 
         # now that directories are in sync,
@@ -1698,7 +1696,7 @@ def delete_referral(self, hostname, port):
 
     def has_ipaca(self):
         try:
-            entry = self.conn.get_entry(self.db_suffix)
+            self.conn.get_entry(self.db_suffix)
         except errors.NotFound:
             return False
         else:
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index 0bc9691..22328ef 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -59,8 +59,6 @@
 
 from .common import BaseServer, BaseServerCA
 
-# pylint: disable=unused-variable
-
 SYSRESTORE_DIR_PATH = paths.SYSRESTORE
 
 
@@ -531,7 +529,7 @@ def install_check(installer):
             if options.pkinit_pin is None:
                 raise ScriptError(
                     "Kerberos KDC private key unlock password required")
-        pkinit_pkcs12_file, pkinit_pin, pkinit_ca_cert = load_pkcs12(
+        pkinit_pkcs12_file, pkinit_pin, _pkinit_ca_cert = load_pkcs12(
             cert_files=options.pkinit_cert_files,
             key_password=options.pkinit_pin,
             key_nickname=options.pkinit_cert_name,
@@ -687,14 +685,9 @@ def install(installer):
     options = installer
     fstore = installer._fstore
     sstore = installer._sstore
-    dirsrv_pkcs12_file = installer._dirsrv_pkcs12_file
-    http_pkcs12_file = installer._http_pkcs12_file
-    pkinit_pkcs12_file = installer._pkinit_pkcs12_file
     dirsrv_pkcs12_info = installer._dirsrv_pkcs12_info
     http_pkcs12_info = installer._http_pkcs12_info
     pkinit_pkcs12_info = installer._pkinit_pkcs12_info
-    external_cert_file = installer._external_cert_file
-    external_ca_file = installer._external_ca_file
     http_ca_cert = installer._ca_cert
 
     realm_name = options.realm_name
@@ -705,7 +698,6 @@ def install(installer):
     host_name = options.host_name
     ip_addresses = options.ip_addresses
     setup_ca = options.setup_ca
-    setup_kra = options.setup_kra
 
     # Installation has started. No IPA sysrestore items are restored in case of
     # failure to enable root cause investigation
@@ -1062,7 +1054,7 @@ def uninstall(installer):
     print("Shutting down all IPA services")
     try:
         run([paths.IPACTL, "stop"], raiseonerr=False)
-    except Exception as e:
+    except Exception:
         pass
 
     ntpinstance.NTPInstance(fstore).uninstall()
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index 27e9f57..7effda7 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -47,8 +47,6 @@
 
 from .common import BaseServer
 
-# pylint: disable=unused-variable
-
 if six.PY3:
     unicode = str
 
@@ -691,9 +689,9 @@ def install_check(installer):
 
         # Check pre-existing host entry
         try:
-            entry = conn.find_entries(u'fqdn=%s' % config.host_name,
-                                      ['fqdn'], DN(api.env.container_host,
-                                                   api.env.basedn))
+            conn.find_entries(
+                u'fqdn=%s' % config.host_name, ['fqdn'],
+                DN(api.env.container_host, api.env.basedn))
         except errors.NotFound:
             pass
         else:
@@ -920,8 +918,6 @@ def install(installer):
 
 
 def ensure_enrolled(installer):
-    config = installer._config
-
     # Call client install script
     service.print_msg("Configuring client side components")
     try:
@@ -1100,7 +1096,7 @@ def promote_check(installer):
             if options.pkinit_pin is None:
                 raise ScriptError(
                     "Kerberos KDC private key unlock password required")
-        pkinit_pkcs12_file, pkinit_pin, pkinit_ca_cert = load_pkcs12(
+        pkinit_pkcs12_file, pkinit_pin, _pkinit_ca_cert = load_pkcs12(
             cert_files=options.pkinit_cert_files,
             key_password=options.pkinit_pin,
             key_nickname=options.pkinit_cert_name,
@@ -1201,8 +1197,8 @@ def promote_check(installer):
 
         # Check that we don't already have a replication agreement
         try:
-            (acn, adn) = replman.agreement_dn(config.host_name)
-            entry = conn.get_entry(adn, ['*'])
+            _acn, adn = replman.agreement_dn(config.host_name)
+            conn.get_entry(adn, ['*'])
         except errors.NotFound:
             pass
         else:
@@ -1235,7 +1231,7 @@ def promote_check(installer):
         dn = DN(('cn', 'replication managers'), ('cn', 'sysaccounts'),
                 ('cn', 'etc'), ipautil.realm_to_suffix(config.realm_name))
         try:
-            entry = conn.get_entry(dn)
+            conn.get_entry(dn)
         except errors.NotFound:
             msg = ("The Replication Managers group is not available in "
                    "the domain. Replica promotion requires the use of "
@@ -1374,12 +1370,8 @@ def promote(installer):
     fstore = installer._fstore
     sstore = installer._sstore
     config = installer._config
-    dirsrv_pkcs12_file = installer._dirsrv_pkcs12_file
     dirsrv_pkcs12_info = installer._dirsrv_pkcs12_info
-    http_pkcs12_file = installer._http_pkcs12_file
     http_pkcs12_info = installer._http_pkcs12_info
-    pkinit_pkcs12_file = installer._pkinit_pkcs12_file
-    pkinit_pkcs12_info = installer._pkinit_pkcs12_info
 
     ccache = os.environ['KRB5CCNAME']
     remote_api = installer._remote_api
@@ -1491,14 +1483,16 @@ def promote(installer):
         cainstance.export_kra_agent_pem()
         CA.fix_ra_perms()
 
-    krb = install_krb(config,
-                      setup_pkinit=not options.no_pkinit,
-                      promote=True)
+    install_krb(
+        config,
+        setup_pkinit=not options.no_pkinit,
+        promote=True)
 
-    http = install_http(config,
-                        auto_redirect=not options.no_ui_redirect,
-                        promote=True, pkcs12_info=http_pkcs12_info,
-                        ca_is_configured=installer._ca_enabled)
+    install_http(
+        config,
+        auto_redirect=not options.no_ui_redirect,
+        promote=True, pkcs12_info=http_pkcs12_info,
+        ca_is_configured=installer._ca_enabled)
 
     # Apply any LDAP updates. Needs to be done after the replica is synced-up
     service.print_msg("Applying LDAP updates")
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index 2893a29..4426b7f 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -49,8 +49,6 @@
 from ipaserver.install.upgradeinstance import IPAUpgrade
 from ipaserver.install.ldapupdate import BadSyntax
 
-# pylint: disable=unused-variable
-
 if six.PY3:
     unicode = str
 
@@ -68,7 +66,6 @@ def uninstall_ipa_kpasswd():
     """
     ipa_kpasswd = KpasswdInstance()
 
-    running = ipa_kpasswd.restore_state("running")
     enabled = not ipa_kpasswd.restore_state("enabled")
 
     if enabled is not None and not enabled:
@@ -81,7 +78,6 @@ def backup_file(filename, ext):
         raise ValueError("Absolute path required")
 
     backupfile = filename + ".bak"
-    (reldir, file) = os.path.split(filename)
 
     while os.path.exists(backupfile):
         backupfile = backupfile + "." + str(ext)
@@ -209,7 +205,6 @@ def update_dbmodules(realm, filename=paths.KRB5_CONF):
     prefix = ''
 
     root_logger.info('[Verifying that KDC configuration is using ipa-kdb backend]')
-    st = os.stat(filename)
     fd = open(filename)
 
     lines = fd.readlines()
diff --git a/ipaserver/install/upgradeinstance.py b/ipaserver/install/upgradeinstance.py
index 2ecbfb6..dbbef4d 100644
--- a/ipaserver/install/upgradeinstance.py
+++ b/ipaserver/install/upgradeinstance.py
@@ -30,8 +30,6 @@
 from ipaserver.install import ldapupdate
 from ipaserver.install import service
 
-# pylint: disable=unused-variable
-
 DSE = 'dse.ldif'
 
 
@@ -79,7 +77,7 @@ def __init__(self, realm_name, files=[], schema_files=[]):
 
         ext = ''
         rand = random.Random()
-        for i in range(8):
+        for _i in range(8):
             h = "%02x" % rand.randint(0,255)
             ext += h
         service.Service.__init__(self, "dirsrv")
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to