URL: https://github.com/freeipa/freeipa/pull/135
Author: mbasti-rh
 Title: #135: Pylint: remove unused variables from install modules and scripts
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/135/head:pr135
git checkout pr135
From 118ed2094efb789a0e58f24f2b8f2af0e58da1bc Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Tue, 4 Oct 2016 16:54:44 +0200
Subject: [PATCH] Pylint: remove unused variables from installers and scripts

---
 client/ipa-client-automount                        | 12 +++----
 client/ipa-client-install                          | 17 ++++------
 daemons/dnssec/ipa-ods-exporter                    |  6 ++--
 .../certmonger/dogtag-ipa-ca-renew-agent-submit    | 10 +++---
 install/tools/ipa-adtrust-install                  | 17 +++++-----
 install/tools/ipa-replica-manage                   | 16 ++++-----
 install/tools/ipactl                               | 10 ++----
 ipaclient/ipachangeconf.py                         | 12 ++-----
 ipaclient/ipadiscovery.py                          |  4 ---
 ipapython/install/core.py                          | 12 +++----
 ipaserver/install/bindinstance.py                  |  9 +++--
 ipaserver/install/ca.py                            |  6 +---
 ipaserver/install/cainstance.py                    |  7 +---
 ipaserver/install/certs.py                         | 14 ++++----
 ipaserver/install/dns.py                           | 14 +-------
 ipaserver/install/dnskeysyncinstance.py            | 13 ++------
 ipaserver/install/dogtaginstance.py                |  5 +--
 ipaserver/install/dsinstance.py                    | 17 ++++------
 ipaserver/install/ipa_backup.py                    |  5 ---
 ipaserver/install/ipa_cacert_manage.py             |  3 --
 ipaserver/install/ipa_replica_prepare.py           | 15 +++------
 ipaserver/install/ipa_restore.py                   |  4 ---
 ipaserver/install/ipa_winsync_migrate.py           | 11 +++----
 ipaserver/install/opendnssecinstance.py            |  8 -----
 ipaserver/install/plugins/rename_managed.py        | 11 +++----
 ipaserver/install/replication.py                   | 28 ++++++++--------
 ipaserver/install/server/install.py                | 12 ++-----
 ipaserver/install/server/replicainstall.py         | 38 +++++++++-------------
 ipaserver/install/server/upgrade.py                |  5 ---
 ipaserver/install/upgradeinstance.py               |  4 +--
 30 files changed, 111 insertions(+), 234 deletions(-)

diff --git a/client/ipa-client-automount b/client/ipa-client-automount
index 91bdc88..88adb0a 100755
--- a/client/ipa-client-automount
+++ b/client/ipa-client-automount
@@ -45,8 +45,6 @@ from ipaplatform.tasks import tasks
 from ipaplatform import services
 from ipaplatform.paths import paths
 
-# pylint: disable=unused-variable
-
 def parse_options():
     usage = "%prog [options]\n"
     parser = OptionParser(usage=usage)
@@ -81,7 +79,7 @@ def wait_for_sssd():
         try:
             ipautil.run(["getent", "passwd", "admin@%s" % api.env.realm])
             found = True
-        except Exception as e:
+        except Exception:
             time.sleep(1)
             n = n + 1
 
@@ -180,7 +178,7 @@ def configure_autofs_sssd(fstore, statestore, autodiscover, options):
         if provider == "ipa":
             domain.add_provider('ipa', 'autofs')
             try:
-                location = domain.get_option('ipa_automount_location')
+                domain.get_option('ipa_automount_location')
                 sys.exit('An automount location is already configured')
             except SSSDConfig.NoOptionError:
                 domain.set_option('ipa_automount_location', options.location)
@@ -373,7 +371,7 @@ def main():
     if not fstore.has_files() and not os.path.exists(paths.IPA_DEFAULT_CONF):
         sys.exit('IPA client is not configured on this system.\n')
 
-    options, args = parse_options()
+    options, _args = parse_options()
 
     standard_logging_setup(
         paths.IPACLIENT_INSTALL_LOG, verbose=False, debug=options.debug,
@@ -400,7 +398,6 @@ def main():
         sys.exit('automount is already configured on this system.\n')
 
     autodiscover = False
-    servers = []
     ds = ipadiscovery.IPADiscovery()
     if not options.server:
         print("Searching for IPA server...")
@@ -437,7 +434,6 @@ def main():
         print("IPA server: DNS discovery")
         root_logger.debug('Configuring to use DNS discovery')
 
-    search_base = str(DN(('cn', options.location), api.env.container_automount, api.env.basedn))
     print("Location: %s" % options.location)
     root_logger.debug('Using automount location %s' % options.location)
 
@@ -457,7 +453,7 @@ def main():
             sys.exit('Cannot connect to the server due to ' + str(e))
         try:
             # Use the RPC directly so older servers are supported
-            result = api.Backend.rpcclient.forward(
+            api.Backend.rpcclient.forward(
                 'automountlocation_show',
                 ipautil.fsdecode(options.location),
                 version=u'2.0',
diff --git a/client/ipa-client-install b/client/ipa-client-install
index d38eaf9..da7d6b3 100755
--- a/client/ipa-client-install
+++ b/client/ipa-client-install
@@ -72,8 +72,6 @@ error was:
 """ % e, file=sys.stderr)
     sys.exit(1)
 
-# pylint: disable=unused-variable
-
 SUCCESS = 0
 CLIENT_INSTALL_ERROR = 1
 CLIENT_NOT_CONFIGURED = 2
@@ -97,7 +95,7 @@ def parse_options():
         initialized = nss.nss_is_initialized()
         try:
             cert = x509.load_certificate_from_file(value)
-        except Exception as e:
+        except Exception:
             raise OptionValueError("%s option '%s' is not a valid certificate file" % (opt, value))
         else:
             del(cert)
@@ -230,7 +228,7 @@ def parse_options():
                                           "be run with --unattended option")
     parser.add_option_group(uninstall_group)
 
-    options, args = parser.parse_args()
+    options, _args = parser.parse_args()
     safe_opts = parser.get_safe_opts(options)
 
     if (options.server and not options.domain):
@@ -383,7 +381,6 @@ def nssldap_exists():
 # helper function for uninstall
 # deletes IPA domain from sssd.conf
 def delete_ipa_domain():
-    sssd = services.service('sssd')
     try:
         sssdconfig = SSSDConfig.SSSDConfig()
         sssdconfig.import_config()
@@ -1509,7 +1506,7 @@ def configure_nisdomain(options, domain):
         try:
             result = ipautil.run([paths.BIN_NISDOMAINNAME],
                                  capture_output=True)
-        except CalledProcessError as e:
+        except CalledProcessError:
             pass
         else:
             nis_domain_name = result.output
@@ -1748,7 +1745,7 @@ def verify_dns_update(fqdn, ips):
 def get_server_connection_interface(server):
     # connect to IPA server, get all ip addresses of inteface used to connect
     for res in socket.getaddrinfo(server, 389, socket.AF_UNSPEC, socket.SOCK_STREAM):
-        (af, socktype, proto, canonname, sa) = res
+        af, socktype, proto, _canonname, sa = res
         try:
             s = socket.socket(af, socktype, proto)
         except socket.error as e:
@@ -1923,7 +1920,7 @@ def get_ca_certs_from_file(url):
     root_logger.debug("trying to retrieve CA cert from file %s", filename)
     try:
         certs = x509.load_certificate_list_from_file(filename)
-    except Exception as e:
+    except Exception:
         raise errors.NoCertificateError(entry=filename)
 
     return certs
@@ -1944,7 +1941,7 @@ def get_ca_certs_from_http(url, warn=True):
     try:
 
         result = run([paths.BIN_CURL, "-o", "-", url], capture_output=True)
-    except CalledProcessError as e:
+    except CalledProcessError:
         raise errors.NoCertificateError(entry=url)
     stdout = result.output
 
@@ -2981,7 +2978,7 @@ def install(options, env, fstore, statestore):
     if nslcd.is_installed():
         save_state(nslcd)
 
-    retcode, conf, filename = (0, None, None)
+    retcode, conf = (0, None)
 
     if not options.no_ac:
         # Modify nsswitch/pam stack
diff --git a/daemons/dnssec/ipa-ods-exporter b/daemons/dnssec/ipa-ods-exporter
index bb208d2..6633249 100755
--- a/daemons/dnssec/ipa-ods-exporter
+++ b/daemons/dnssec/ipa-ods-exporter
@@ -41,8 +41,6 @@ from ipapython.dnssec.abshsm import sync_pkcs11_metadata, wrappingmech_name2id
 from ipapython.dnssec.ldapkeydb import LdapKeyDB
 from ipapython.dnssec.localhsm import LocalHSM
 
-# pylint: disable=unused-variable
-
 DAEMONNAME = 'ipa-ods-exporter'
 PRINCIPAL = None  # not initialized yet
 WORKDIR = os.path.join(paths.VAR_OPENDNSSEC_DIR ,'tmp')
@@ -446,13 +444,13 @@ def receive_systemd_command(log):
         raise KeyError('Exactly one socket is expected.')
 
     sck = socket.fromfd(fds[0], socket.AF_UNIX, socket.SOCK_STREAM)
-    rlist, wlist, xlist = select.select([sck], [], [], 0)
+    rlist, _wlist, _xlist = select.select([sck], [], [], 0)
     if not rlist:
         log.critical('socket activation did not return socket with a command')
         sys.exit(0)
 
     log.debug('accepting new connection')
-    conn, addr = sck.accept()
+    conn, _addr = sck.accept()
     log.debug('accepted new connection %s', repr(conn))
 
     # this implements cmdhandler_handle_cmd() logic
diff --git a/install/certmonger/dogtag-ipa-ca-renew-agent-submit b/install/certmonger/dogtag-ipa-ca-renew-agent-submit
index 329daa0..967ce6e 100755
--- a/install/certmonger/dogtag-ipa-ca-renew-agent-submit
+++ b/install/certmonger/dogtag-ipa-ca-renew-agent-submit
@@ -44,8 +44,6 @@ from ipaplatform.paths import paths
 from ipaserver.plugins.ldap2 import ldap2
 from ipaserver.install import cainstance, certs
 
-# pylint: disable=unused-variable
-
 # This is a certmonger CA helper script for IPA CA subsystem cert renewal. See
 # https://git.fedorahosted.org/cgit/certmonger.git/tree/doc/submit.txt for more
 # info on certmonger CA helper scripts.
@@ -194,7 +192,7 @@ def request_cert():
 
     rc = result.returncode
     if rc == WAIT_WITH_DELAY:
-        delay, sep, cookie = stdout.partition('\n')
+        delay, _sep, cookie = stdout.partition('\n')
         return (rc, delay, cookie)
     else:
         return (rc, stdout)
@@ -282,7 +280,7 @@ def request_and_store_cert():
         if not cookie:
             return (UNCONFIGURED, "Cookie not provided")
 
-        state, sep, cookie = cookie.partition(':')
+        state, _sep, cookie = cookie.partition(':')
         if state not in ('request', 'store'):
             return (UNCONFIGURED,
                     "Invalid cookie: %r" % os.environ['CERTMONGER_CA_COOKIE'])
@@ -306,7 +304,7 @@ def request_and_store_cert():
             cert = result[1]
             cookie = None
     else:
-        cert, sep, cookie = cookie.partition(':')
+        cert, _sep, cookie = cookie.partition(':')
 
     if cookie is None:
         os.environ['CERTMONGER_OPERATION'] = 'SUBMIT'
@@ -438,7 +436,7 @@ def renew_ca_cert():
         if not cookie:
             return (UNCONFIGURED, "Cookie not provided")
 
-        state, sep, cookie = cookie.partition(':')
+        state, _sep, cookie = cookie.partition(':')
         if state not in ('retrieve', 'request'):
             return (UNCONFIGURED,
                     "Invalid cookie: %r" % os.environ['CERTMONGER_CA_COOKIE'])
diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install
index 13c62aa..378627d 100755
--- a/install/tools/ipa-adtrust-install
+++ b/install/tools/ipa-adtrust-install
@@ -45,8 +45,6 @@ from ipaplatform.paths import paths
 from ipapython.ipa_log_manager import root_logger, standard_logging_setup
 from ipapython.dn import DN
 
-# pylint: disable=unused-variable
-
 if six.PY3:
     unicode = str
 
@@ -87,7 +85,7 @@ def parse_options():
                       dest="enable_compat", default=False, action="store_true",
                       help="Enable support for trusted domains for old clients")
 
-    options, args = parser.parse_args()
+    options, _args = parser.parse_args()
     safe_options = parser.get_safe_opts(options)
 
     return safe_options, options
@@ -215,7 +213,7 @@ def set_and_check_netbios_name(netbios_name, unattended):
 def ensure_admin_kinit(admin_name, admin_password):
     try:
         ipautil.run(['kinit', admin_name], stdin=admin_password+'\n')
-    except ipautil.CalledProcessError as e:
+    except ipautil.CalledProcessError:
         print("There was error to automatically re-kinit your admin user ticket.")
         return False
     return True
@@ -357,8 +355,8 @@ def main():
         try:
             root_logger.debug("Searching for objects with missing SID with "
                 "filter=%s, base_dn=%s", filter, base_dn)
-            (entries, truncated) = api.Backend.ldap2.find_entries(filter=filter,
-                base_dn=base_dn, attrs_list=[''])
+            entries, _truncated = api.Backend.ldap2.find_entries(
+                filter=filter, base_dn=base_dn, attrs_list=[''])
         except errors.NotFound:
             # All objects have SIDs assigned
             pass
@@ -413,7 +411,7 @@ def main():
         try:
             # Search only masters which have support for domain levels
             # because only these masters will have SSSD recent enough to support AD trust agents
-            (entries_m, truncated) = smb.admin_conn.find_entries(
+            entries_m, _truncated = smb.admin_conn.find_entries(
                 filter="(&(objectclass=ipaSupportedDomainLevelConfig)(ipaMaxDomainLevel=*)(ipaMinDomainLevel=*))",
                 base_dn=masters_dn, attrs_list=['cn'], scope=ldap.SCOPE_ONELEVEL)
         except errors.NotFound:
@@ -423,8 +421,9 @@ def main():
            print(unicode(e))
 
         try:
-           (entries_a, truncated) = smb.admin_conn.find_entries(filter="",
-               base_dn=agents_dn, attrs_list=['member'], scope=ldap.SCOPE_BASE)
+           entries_a, _truncated = smb.admin_conn.find_entries(
+               filter="", base_dn=agents_dn, attrs_list=['member'],
+               scope=ldap.SCOPE_BASE)
         except errors.NotFound:
             pass
         except (errors.DatabaseError, errors.NetworkError) as e:
diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage
index 6152898..d9dee9c 100755
--- a/install/tools/ipa-replica-manage
+++ b/install/tools/ipa-replica-manage
@@ -45,8 +45,6 @@ from ipaclient import ipadiscovery
 from six.moves.xmlrpc_client import MAXINT
 from ipaplatform.paths import paths
 
-# pylint: disable=unused-variable
-
 # dict of command name and tuples of min/max num of args needed
 commands = {
     "list":(0, 1, "[master fqdn]", ""),
@@ -142,7 +140,7 @@ def test_connection(realm, host, nolookup=False):
         if not nolookup:
             enforce_host_existence(host)
         replman = replication.ReplicationManager(realm, host, None)
-        ents = replman.find_replication_agreements()
+        replman.find_replication_agreements()
         del replman
         return True
     except errors.ACIError:
@@ -216,7 +214,7 @@ def list_replicas(realm, host, replica, dirman_passwd, verbose, nolookup=False):
         if winsync_peer:
             repl = replication.ReplicationManager(realm, winsync_peer,
                                                   dirman_passwd)
-            cn, dn = repl.agreement_dn(replica)
+            _cn, dn = repl.agreement_dn(replica)
             entries = repl.conn.get_entries(
                 dn, conn.SCOPE_BASE,
                 "(objectclass=nsDSWindowsReplicationAgreement)")
@@ -308,7 +306,7 @@ def del_link(realm, replica1, replica2, dirman_passwd, force=False):
         try:
             repl2.set_readonly(readonly=True)
             repl2.force_sync(repl2.conn, replica1)
-            cn, dn = repl2.agreement_dn(repl1.conn.host)
+            _cn, dn = repl2.agreement_dn(repl1.conn.host)
             repl2.wait_for_repl_update(repl2.conn, dn, 30)
             (range_start, range_max) = repl2.get_DNA_range(repl2.conn.host)
             (next_start, next_max) = repl2.get_DNA_next_range(repl2.conn.host)
@@ -391,7 +389,9 @@ def get_ruv(realm, host, dirman_passwd, nolookup=False, ca=False):
             data = re.match('\{replica (\d+) (ldap://.*:\d+)\}(\s+\w+\s+\w*){0,1}', ruv)
             if data:
                 rid = data.group(1)
-                (scheme, netloc, path, params, query, fragment) = urlparse(data.group(2))
+                (
+                    _scheme, netloc, _path, _params, _query, _fragment
+                ) = urlparse(data.group(2))
                 servers.append((netloc, rid))
             else:
                 print("unable to decode: %s" % ruv)
@@ -1323,7 +1323,7 @@ def store_DNA_range(repl, range_start, range_max, deleted_master, realm,
         except Exception as e:
             print("Connection failed: %s" % e)
             continue
-        (next_start, next_max) = repl2.get_DNA_next_range(candidate)
+        next_start, _next_max = repl2.get_DNA_next_range(candidate)
         if next_start is None:
             try:
                 return repl2.save_DNA_next_range(range_start, range_max)
@@ -1359,7 +1359,7 @@ def set_DNA_range(hostname, range, realm, dirman_passwd, next_range=False,
         """
         try:
             (dna_next, dna_max) = range.split('-', 1)
-        except ValueError as e:
+        except ValueError:
             return "Invalid range, must be the form x-y"
 
         try:
diff --git a/install/tools/ipactl b/install/tools/ipactl
index d229738..42bd73e 100755
--- a/install/tools/ipactl
+++ b/install/tools/ipactl
@@ -39,9 +39,6 @@ from ipapython.dn import DN
 from ipaplatform import services
 from ipaplatform.paths import paths
 
-# pylint: disable=unused-variable
-
-
 MSG_HINT_IGNORE_SERVICE_FAILURE = (
     "Hint: You can use --ignore-service-failure option for forced start in "
     "case that a non-critical service failed"
@@ -89,7 +86,7 @@ def is_dirsrv_debugging_enabled():
         fd.close()
         for line in lines:
             if line.lower().startswith('nsslapd-errorlog-level'):
-                (option, value) = line.split(':')
+                _option, value = line.split(':')
                 if int(value) > 0:
                     debugging = True
 
@@ -239,7 +236,7 @@ def get_config_from_file():
         def_svc_list.append([s[1], s[0]])
 
     ordered_list = []
-    for (order, svc) in sorted(def_svc_list):
+    for _order, svc in sorted(def_svc_list):
         if svc in svc_list:
             ordered_list.append(svc)
 
@@ -286,7 +283,6 @@ def ipa_start(options):
     except Exception as e:
         raise IpactlError("Failed to start Directory Service: " + str(e))
 
-    ldap_list = []
     try:
         svc_list = get_config(dirsrv)
     except Exception as e:
@@ -540,7 +536,7 @@ def main():
         # LSB status code 4: user had insufficient privilege
         raise IpactlError("You must be root to run ipactl.", 4)
 
-    safe_options, options, args = parse_options()
+    _safe_options, options, args = parse_options()
 
     if len(args) != 1:
         # LSB status code 2: invalid or excess argument(s)
diff --git a/ipaclient/ipachangeconf.py b/ipaclient/ipachangeconf.py
index b6cbc9b..b7d8ffc 100644
--- a/ipaclient/ipachangeconf.py
+++ b/ipaclient/ipachangeconf.py
@@ -24,8 +24,6 @@
 
 import six
 
-# pylint: disable=unused-variable
-
 if six.PY3:
     unicode = str
 
@@ -303,7 +301,7 @@ def mergeOld(self, oldopts, newopts):
 
         for o in oldopts:
             if o['type'] == "section" or o['type'] == "subsection":
-                (num, no) = self.findOpts(newopts, o['type'], o['name'])
+                _num, no = self.findOpts(newopts, o['type'], o['name'])
                 if not no:
                     opts.append(o)
                     continue
@@ -327,7 +325,7 @@ def mergeOld(self, oldopts, newopts):
                 continue
 
             if o['type'] == "option":
-                (num, no) = self.findOpts(newopts, 'option', o['name'], True)
+                _num, no = self.findOpts(newopts, 'option', o['name'], True)
                 if not no:
                     opts.append(o)
                     continue
@@ -482,9 +480,6 @@ def parse(self, f):
     #     [{'name': 'foo', 'value': 'bar', 'action': 'set/comment'}]
     # section is a section name like 'global'
     def changeConf(self, file, newopts):
-        autosection = False
-        savedsection = None
-        done = False
         output = ""
         f = None
         try:
@@ -517,9 +512,6 @@ def changeConf(self, file, newopts):
     # options is a set of dictionaries in the form:
     #     [{'name': 'foo', 'value': 'bar', 'action': 'set/comment'}]
     def newConf(self, file, options):
-        autosection = False
-        savedsection = None
-        done = False
         output = ""
         f = None
         try:
diff --git a/ipaclient/ipadiscovery.py b/ipaclient/ipadiscovery.py
index e051bc7..2075c33 100644
--- a/ipaclient/ipadiscovery.py
+++ b/ipaclient/ipadiscovery.py
@@ -30,8 +30,6 @@
 from ipapython.ipautil import valid_ip, realm_to_suffix
 from ipapython.dn import DN
 
-# pylint: disable=unused-variable
-
 NOT_FQDN = -1
 NO_LDAP_SERVER = -2
 REALM_NOT_FOUND = -3
@@ -376,8 +374,6 @@ def ipacheckldap(self, thost, trealm, ca_cert_path=None):
 
         lrealms = []
 
-        i = 0
-
         #now verify the server is really an IPA server
         try:
             root_logger.debug("Init LDAP connection to: %s", thost)
diff --git a/ipapython/install/core.py b/ipapython/install/core.py
index 98ee588..e94c0f2 100644
--- a/ipapython/install/core.py
+++ b/ipapython/install/core.py
@@ -19,8 +19,6 @@
 from . import util
 from .util import from_
 
-# pylint: disable=unused-variable
-
 __all__ = ['InvalidStateError', 'KnobValueError', 'Property', 'Knob',
            'Configurable', 'Group', 'Component', 'Composite']
 
@@ -207,7 +205,7 @@ def properties(cls):
 
             result = sorted(result, key=lambda r: r[0])
 
-            for order, owner_cls, name in result:
+            for _order, owner_cls, name in result:
                 yield owner_cls, name
 
     @classmethod
@@ -316,7 +314,7 @@ def validate(self):
         Run the validation part of the configurable.
         """
 
-        for nothing in self._validator():
+        for _nothing in self._validator():
             pass
 
     def _validator(self):
@@ -333,7 +331,7 @@ def execute(self):
         Run the execution part of the configurable.
         """
 
-        for nothing in self._executor():
+        for _nothing in self._executor():
             pass
 
     def _executor(self):
@@ -541,7 +539,7 @@ def components(cls):
 
             result = sorted(result, key=lambda r: r[0])
 
-            for order, owner_cls, name in result:
+            for _order, owner_cls, name in result:
                 yield owner_cls, name
 
     def __getattr__(self, name):
@@ -565,7 +563,7 @@ def _reset(self):
         super(Composite, self)._reset()
 
     def _get_components(self):
-        for owner_cls, name in self.components():
+        for _owner_cls, name in self.components():
             yield getattr(self, name)
 
     def _configure(self):
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index a04822e..350cb3c 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -60,8 +60,6 @@
                          UnresolvableRecordError)
 from ipalib.constants import CACERT
 
-# pylint: disable=unused-variable
-
 if six.PY3:
     unicode = str
 
@@ -289,7 +287,7 @@ def find_reverse_zone(ip_address, api=api):
     while len(zone) > 0:
         if dns_zone_exists(zone, api):
             return zone
-        foo, bar, zone = zone.partition('.')
+        zone = zone.partition('.')[2]
 
     return None
 
@@ -866,7 +864,7 @@ def __add_master_records(self, fqdn, addrs):
         for addr in addrs:
             try:
                 add_fwd_rr(zone, host, addr, self.api)
-            except errors.NotFound as e:
+            except errors.NotFound:
                 pass
 
             reverse_zone = find_reverse_zone(addr, self.api)
@@ -1107,7 +1105,8 @@ def remove_server_ns_records(self, fqdn):
         attributes = ['idnsname', 'objectclass']
         dn = DN(self.api.env.container_dns, self.api.env.basedn)
 
-        entries, truncated = ldap.find_entries(attr_filter, attributes, base_dn=dn)
+        entries, _truncated = ldap.find_entries(
+            attr_filter, attributes, base_dn=dn)
 
         # remove records
         if entries:
diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py
index b23ccfd..dadc34e 100644
--- a/ipaserver/install/ca.py
+++ b/ipaserver/install/ca.py
@@ -15,8 +15,6 @@
 from ipapython.dn import DN
 from ipapython.ipa_log_manager import root_logger
 
-# pylint: disable=unused-variable
-
 external_cert_file = None
 external_ca_file = None
 
@@ -94,7 +92,7 @@ def install_check(standalone, replica_config, options):
         dsdb = certs.CertDB(realm_name, nssdir=dirname, subject_base=subject_base)
 
         for db in (cadb, dsdb):
-            for nickname, trust_flags in db.list_certs():
+            for nickname, _trust_flags in db.list_certs():
                 if nickname in (certdb.get_ca_nickname(realm_name),
                                 'ipaCert',
                                 'Signing-Cert'):
@@ -121,7 +119,6 @@ def install(standalone, replica_config, options):
 
 def install_step_0(standalone, replica_config, options):
     realm_name = options.realm_name
-    domain_name = options.domain_name
     dm_password = options.dm_password
     host_name = options.host_name
     subject_base = options.subject
@@ -170,7 +167,6 @@ def install_step_0(standalone, replica_config, options):
 
 def install_step_1(standalone, replica_config, options):
     realm_name = options.realm_name
-    domain_name = options.domain_name
     dm_password = options.dm_password
     host_name = options.host_name
     subject_base = options.subject
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index dea1110..d352a1d 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -81,8 +81,6 @@
 except ImportError:
     import http.client as httplib
 
-# pylint: disable=unused-variable
-
 # We need to reset the template because the CA uses the regular boot
 # information
 INF_TEMPLATE = """
@@ -1625,9 +1623,6 @@ def __update_entry_from_cert(make_filter, make_entry, dercert):
     """
 
     base_dn = DN(('o', 'ipaca'))
-    serial_number = x509.get_serial_number(dercert, datatype=x509.DER)
-    subject = x509.get_subject(dercert, datatype=x509.DER)
-    issuer = x509.get_issuer(dercert, datatype=x509.DER)
 
     attempts = 0
     server_id = installutils.realm_to_serverid(api.env.realm)
@@ -1909,7 +1904,7 @@ def repair_profile_caIPAserviceCert():
     with api.Backend.ra_certprofile as profile_api:
         try:
             cur_config = profile_api.read_profile(profile_id).splitlines()
-        except errors.RemoteRetrieveError as e:
+        except errors.RemoteRetrieveError:
             # no profile there to check/repair
             api.Backend.ra_certprofile.override_port = None
             return
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index b55bb6c..31fd36c 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -45,8 +45,6 @@
 from ipaplatform.constants import constants
 from ipaplatform.paths import paths
 
-# pylint: disable=unused-variable
-
 # Apache needs access to this database so we need to create it
 # where apache can reach
 NSS_DIR = paths.HTTPD_ALIAS_DIR
@@ -260,7 +258,7 @@ def load_cacert(self, cacert_fname, trust_flags):
         while True:
             try:
                 (cert, st) = find_cert_from_txt(certs, st)
-                (rdn, subject_dn) = get_cert_nickname(cert)
+                _rdn, subject_dn = get_cert_nickname(cert)
                 if subject_dn == ca_dn:
                     nick = get_ca_nickname(self.realm)
                 else:
@@ -283,7 +281,7 @@ def get_cert_from_db(self, nickname, pem=True):
             if pem:
                 return cert
             else:
-                (cert, start) = find_cert_from_txt(cert, start=0)
+                cert, _start = find_cert_from_txt(cert, start=0)
                 cert = x509.strip_header(cert)
                 dercert = base64.b64decode(cert)
                 return dercert
@@ -405,7 +403,7 @@ def issue_server_cert(self, certreq_fname, cert_fname):
         result = dogtag.https_request(
             self.host_name, 8443, "/ca/ee/ca/profileSubmitSSLClient",
             self.secdir, password, "ipaCert", **params)
-        http_status, http_headers, http_body = result
+        http_status, _http_headers, http_body = result
         root_logger.debug("CA answer: %s", http_body)
 
         if http_status != 200:
@@ -459,7 +457,7 @@ def issue_signing_cert(self, certreq_fname, cert_fname):
         result = dogtag.https_request(
             self.host_name, 8443, "/ca/ee/ca/profileSubmitSSLClient",
             self.secdir, password, "ipaCert", **params)
-        http_status, http_headers, http_body = result
+        http_status, _http_headers, http_body = result
         if http_status != 200:
             raise RuntimeError("Unable to submit cert request")
 
@@ -571,11 +569,11 @@ def create_from_cacert(self, cacert_fname, passwd=None):
             newca = f.readlines()
             f.close()
             newca = "".join(newca)
-            (newca, st) = find_cert_from_txt(newca)
+            newca, _st = find_cert_from_txt(newca)
 
             cacert = self.get_cert_from_db(self.cacert_name)
             if cacert != '':
-                (cacert, st) = find_cert_from_txt(cacert)
+                cacert, _st = find_cert_from_txt(cacert)
 
             if newca == cacert:
                 return
diff --git a/ipaserver/install/dns.py b/ipaserver/install/dns.py
index efff82a..c16b963 100644
--- a/ipaserver/install/dns.py
+++ b/ipaserver/install/dns.py
@@ -30,12 +30,9 @@
 from ipaserver.install.installutils import update_hosts_file
 from ipaserver.install import bindinstance
 from ipaserver.install import dnskeysyncinstance
-from ipaserver.install import ntpinstance
 from ipaserver.install import odsexporterinstance
 from ipaserver.install import opendnssecinstance
 
-# pylint: disable=unused-variable
-
 ip_addresses = []
 reverse_zones = []
 
@@ -45,7 +42,7 @@ def _find_dnssec_enabled_zones(conn):
     dnssec_enabled_filter = conn.make_filter(search_kw)
     dn = DN('cn=dns', api.env.basedn)
     try:
-        entries, truncated = conn.find_entries(
+        entries, _truncated = conn.find_entries(
             base_dn=dn, filter=dnssec_enabled_filter, attrs_list=['idnsname'])
     except errors.NotFound:
         return []
@@ -222,8 +219,6 @@ def install_check(standalone, api, replica, options, hostname):
                                    "database (kasp.db file)")
 
             # check if replica can be the DNSSEC master
-            named = services.knownservices.named
-            ods_enforcerd = services.knownservices.ods_enforcerd
             cmd = [paths.IPA_DNSKEYSYNCD_REPLICA]
             environment = {
                 "SOFTHSM2_CONF": paths.DNSSEC_SOFTHSM2_CONF,
@@ -316,15 +311,8 @@ def install_check(standalone, api, replica, options, hostname):
 
 
 def install(standalone, replica, options, api=api):
-    local_dnskeysyncd_dn = DN(('cn', 'DNSKeySync'), ('cn', api.env.host),
-                              ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'),
-                              api.env.basedn)
-    conn = api.Backend.ldap2
-
     fstore = sysrestore.FileStore(paths.SYSRESTORE)
 
-    conf_ntp = ntpinstance.NTPInstance(fstore).is_enabled()
-
     if standalone:
         # otherwise this is done by server/replica installer
         update_hosts_file(ip_addresses, api.env.host, fstore)
diff --git a/ipaserver/install/dnskeysyncinstance.py b/ipaserver/install/dnskeysyncinstance.py
index 3e862b3..f397879 100644
--- a/ipaserver/install/dnskeysyncinstance.py
+++ b/ipaserver/install/dnskeysyncinstance.py
@@ -21,15 +21,12 @@
 from ipapython.dn import DN
 from ipapython import ipaldap
 from ipapython import sysrestore, ipautil
-from ipaplatform import services
 from ipaplatform.constants import constants
 from ipaplatform.paths import paths
 from ipalib import errors, api
 from ipalib.constants import CACERT
 from ipaserver.install.bindinstance import dns_container_exists
 
-# pylint: disable=unused-variable
-
 softhsm_token_label = u'ipaDNSSEC'
 softhsm_slot = 0
 replica_keylabel_template = u"dnssec-replica:%s"
@@ -117,7 +114,7 @@ def remove_replica_public_keys(self, replica_fqdn):
             'ipk11Wrap': True,
         }
         filter = ldap.make_filter(search_kw, rules=ldap.MATCH_ALL)
-        entries, truncated = ldap.find_entries(filter=filter, base_dn=dn_base)
+        entries, _truncated = ldap.find_entries(filter=filter, base_dn=dn_base)
         for entry in entries:
             ldap.delete_entry(entry)
 
@@ -149,22 +146,18 @@ def create_instance(self, fqdn, realm_name):
         self.start_creation()
 
     def __get_named_uid(self):
-        named = services.knownservices.named
         try:
             return pwd.getpwnam(constants.NAMED_USER).pw_uid
         except KeyError:
             raise RuntimeError("Named UID not found")
 
     def __get_named_gid(self):
-        named = services.knownservices.named
         try:
             return grp.getgrnam(constants.NAMED_GROUP).gr_gid
         except KeyError:
             raise RuntimeError("Named GID not found")
 
     def __check_dnssec_status(self):
-        ods_enforcerd = services.knownservices.ods_enforcerd
-
         self.named_uid = self.__get_named_uid()
         self.named_gid = self.__get_named_gid()
 
@@ -338,7 +331,7 @@ def __setup_replica_keys(self):
                 if not priv_keys:
                     break  # we found unique id
 
-            public_key_handle, private_key_handle = p11.generate_replica_key_pair(
+            public_key_handle, _privkey_handle = p11.generate_replica_key_pair(
                     keylabel, key_id,
                     pub_cka_verify=False,
                     pub_cka_verify_recover=False,
@@ -394,7 +387,7 @@ def __setup_replica_keys(self):
                 'ipk11Wrap': True,
             }
             filter = ldap.make_filter(search_kw, rules=ldap.MATCH_ALL)
-            entries, truncated = ldap.find_entries(filter=filter,
+            entries, _truncated = ldap.find_entries(filter=filter,
                                                    base_dn=dn_base)
             for entry in entries:
                 # don't disable wrapping for new key
diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py
index ea80a2f..d682745 100644
--- a/ipaserver/install/dogtaginstance.py
+++ b/ipaserver/install/dogtaginstance.py
@@ -45,8 +45,6 @@
 from ipaserver.install.installutils import stopped_service
 from ipapython.ipa_log_manager import log_mgr
 
-# pylint: disable=unused-variable
-
 HTTPD_USER = constants.HTTPD_USER
 
 
@@ -356,7 +354,7 @@ def stop_tracking_certificates(self, stop_certmonger=True):
         services.knownservices.messagebus.start()
         cmonger.start()
 
-        nicknames = [nickname for nickname, profile in self.tracking_reqs]
+        nicknames = [nickname for nickname, _profile in self.tracking_reqs]
         if self.server_cert_name is not None:
             nicknames.append(self.server_cert_name)
 
@@ -477,7 +475,6 @@ def setup_admin(self):
 
     def __remove_admin_from_group(self, group):
         dn = DN(('cn', group), ('ou', 'groups'), ('o', 'ipaca'))
-        entry = self.admin_conn.get_entry(dn)
         mod = [(ldap.MOD_DELETE, 'uniqueMember', self.admin_dn)]
         try:
             self.admin_conn.modify_s(dn, mod)
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 30e0038..aaaba07 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -52,8 +52,6 @@
 from ipaplatform import services
 from ipaplatform.paths import paths
 
-# pylint: disable=unused-variable
-
 DS_USER = platformconstants.DS_USER
 DS_GROUP = platformconstants.DS_GROUP
 
@@ -186,7 +184,7 @@ def get_domain_level(api=api):
 def get_all_external_schema_files(root):
     """Get all schema files"""
     f = []
-    for path, subdirs, files in os.walk(root):
+    for path, _subdirs, files in os.walk(root):
         for name in files:
             if fnmatch.fnmatch(name, "*.ldif"):
                 f.append(os.path.join(path, name))
@@ -741,7 +739,7 @@ def configure_dirsrv_ccache(self):
             os.chown(filepath, 0, 0)
 
         replacevars = {'KRB5CCNAME': ccache}
-        old_values = ipautil.backup_config_and_replace_variables(
+        ipautil.backup_config_and_replace_variables(
             self.fstore, filepath, replacevars=replacevars)
         tasks.restore_context(filepath)
 
@@ -898,7 +896,6 @@ def add_hbac(self):
 
     def change_admin_password(self, password):
         root_logger.debug("Changing admin password")
-        dirname = config_dirname(self.serverid)
         dmpwdfile = ""
         admpwdfile = ""
 
@@ -937,7 +934,7 @@ def uninstall(self):
         enabled = self.restore_state("enabled")
 
         # Just eat this state if it exists
-        running = self.restore_state("running")
+        self.restore_state("running")
 
         try:
             self.fstore.restore_file(paths.LIMITS_CONF)
@@ -961,10 +958,8 @@ def uninstall(self):
                 root_logger.error("Failed to remove DS instance. You may "
                                   "need to remove instance data manually")
 
-        # At one time we removed this user on uninstall. That can potentially
-        # orphan files, or worse, if another useradd runs in the intermim,
-        # cause files to have a new owner.
-        user_exists = self.restore_state("user_exists")
+        # Just eat this state
+        self.restore_state("user_exists")
 
         # Make sure some upgrade-related state is removed. This could cause
         # re-installation problems.
@@ -1341,7 +1336,7 @@ def update_dna_shared_config(self, method="SASL/GSSAPI", protocol="LDAP"):
         # the failure to update the shared config entry and return
         #
         max_wait = 30
-        for i in range(0, max_wait + 1):
+        for _i in range(0, max_wait + 1):
             try:
                 entries = conn.get_entries(
                     sharedcfgdn, scope=ldap.SCOPE_ONELEVEL,
diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py
index 3c38e6f..e7fefd8 100644
--- a/ipaserver/install/ipa_backup.py
+++ b/ipaserver/install/ipa_backup.py
@@ -40,8 +40,6 @@
 from ipaplatform.constants import constants
 from ipaplatform.tasks import tasks
 
-# pylint: disable=unused-variable
-
 """
 A test gpg can be generated like this:
 
@@ -382,7 +380,6 @@ def db2ldif(self, instance, backend, online=True):
         '''
         self.log.info('Backing up %s in %s to LDIF' % (backend, instance))
 
-        now = time.localtime()
         cn = time.strftime('export_%Y_%m_%d_%H_%M_%S')
         dn = DN(('cn', cn), ('cn', 'export'), ('cn', 'tasks'), ('cn', 'config'))
 
@@ -434,7 +431,6 @@ def db2bak(self, instance, online=True):
         If executed online create a task and wait for it to complete.
         '''
         self.log.info('Backing up %s' % instance)
-        now = time.localtime()
         cn = time.strftime('backup_%Y_%m_%d_%H_%M_%S')
         dn = DN(('cn', cn), ('cn', 'backup'), ('cn', 'tasks'), ('cn', 'config'))
 
@@ -591,7 +587,6 @@ def finalize_backup(self, data_only=False, encrypt=False, keyring=None):
         os.mkdir(backup_dir)
         os.chmod(backup_dir, 0o700)
 
-        cwd = os.getcwd()
         os.chdir(self.dir)
         args = ['tar',
                 '--xattrs',
diff --git a/ipaserver/install/ipa_cacert_manage.py b/ipaserver/install/ipa_cacert_manage.py
index e691f41..859c254 100644
--- a/ipaserver/install/ipa_cacert_manage.py
+++ b/ipaserver/install/ipa_cacert_manage.py
@@ -31,8 +31,6 @@
 from ipalib import api, errors, x509, certstore
 from ipaserver.install import certs, cainstance, installutils
 
-# pylint: disable=unused-variable
-
 
 class CACertManage(admintool.AdminTool):
     command_name = 'ipa-cacert-manage'
@@ -87,7 +85,6 @@ def validate_options(self):
             parser.error("command not provided")
 
         command = self.command = self.args[0]
-        options = self.options
 
         if command == 'renew':
             pass
diff --git a/ipaserver/install/ipa_replica_prepare.py b/ipaserver/install/ipa_replica_prepare.py
index e58f9b6..d7ab813 100644
--- a/ipaserver/install/ipa_replica_prepare.py
+++ b/ipaserver/install/ipa_replica_prepare.py
@@ -43,8 +43,6 @@
 from ipaplatform.paths import paths
 from ipalib.constants import CACERT, DOMAIN_LEVEL_0
 
-# pylint: disable=unused-variable
-
 UNSUPPORTED_DOMAIN_LEVEL_TEMPLATE = """
 Replica creation using '{command_name}' to generate replica file
 is supported only in {domain_level}-level IPA domain.
@@ -215,7 +213,6 @@ def ask_for_options(self):
                     "Directory Manager password required")
 
         # Try out the password & get the subject base
-        suffix = ipautil.realm_to_suffix(api.env.realm)
         try:
             conn = api.Backend.ldap2
             conn.connect(bind_dn=DN(('cn', 'directory manager')),
@@ -254,7 +251,6 @@ def ask_for_options(self):
         try:
             installutils.verify_fqdn(self.replica_fqdn, local_hostname=False)
         except installutils.BadHostError as e:
-            msg = str(e)
             if isinstance(e, installutils.HostLookupError):
                 if not options.ip_addresses:
                     if dns_container_exists(
@@ -292,7 +288,7 @@ def ask_for_options(self):
                 options.ip_addresses, options.reverse_zones, options, False,
                 True)
 
-            host, zone = self.replica_fqdn.split('.', 1)
+            _host, zone = self.replica_fqdn.split('.', 1)
             if not bindinstance.dns_zone_exists(zone, api=api):
                 self.log.error("DNS zone %s does not exist in IPA managed DNS "
                                "server. Either create DNS zone or omit "
@@ -340,7 +336,7 @@ def ask_for_options(self):
                 if options.pkinit_pin is None:
                     raise admintool.ScriptError(
                         "Kerberos KDC private key unlock password required")
-            pkinit_pkcs12_file, pkinit_pin, pkinit_ca_cert = self.load_pkcs12(
+            pkinit_pkcs12_file, pkinit_pin, _pkinit_ca_cert = self.load_pkcs12(
                 options.pkinit_cert_files, options.pkinit_pin,
                 options.pkinit_cert_name)
             self.pkinit_pkcs12_file = pkinit_pkcs12_file
@@ -537,10 +533,10 @@ def check_dns(self, replica_fqdn):
                       dns.resolver.Timeout, dns.resolver.NoNameservers)
 
         try:
-            dns_answer = resolver.query(replica_fqdn, 'A', 'IN')
+            resolver.query(replica_fqdn, 'A', 'IN')
         except exceptions:
             try:
-                dns_answer = resolver.query(replica_fqdn, 'AAAA', 'IN')
+                resolver.query(replica_fqdn, 'AAAA', 'IN')
             except exceptions:
                 return False
         except Exception as e:
@@ -550,8 +546,6 @@ def check_dns(self, replica_fqdn):
         return True
 
     def wait_for_dns(self):
-        options = self.options
-
         # Make sure replica_fqdn has a trailing dot, so the
         # 'search' directive in /etc/resolv.conf doesn't apply
         replica_fqdn = self.replica_fqdn
@@ -601,7 +595,6 @@ def export_certdb(self, fname, passwd_fname, is_kdc=False):
         :param passwd_fname: File that holds the cert DB password
         :param is_kdc: True if we're exporting KDC certs
         """
-        options = self.options
         hostname = self.replica_fqdn
         subject_base = self.subject_base
 
diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py
index 9cafa68..64ab9e4 100644
--- a/ipaserver/install/ipa_restore.py
+++ b/ipaserver/install/ipa_restore.py
@@ -51,8 +51,6 @@
 except ImportError:
     adtrustinstance = None
 
-# pylint: disable=unused-variable
-
 def recursive_chown(path, uid, gid):
     '''
     Change ownership of all files and directories in a path.
@@ -523,7 +521,6 @@ def ldif2db(self, instance, backend, online=True):
         '''
         self.log.info('Restoring from %s in %s' % (backend, instance))
 
-        now = time.localtime()
         cn = time.strftime('import_%Y_%m_%d_%H_%M_%S')
         dn = DN(('cn', cn), ('cn', 'import'), ('cn', 'tasks'), ('cn', 'config'))
 
@@ -746,7 +743,6 @@ def extract_backup(self, keyring=None):
             self.log.info('Decrypting %s' % filename)
             filename = decrypt_file(self.dir, filename, keyring)
 
-        cwd = os.getcwd()
         os.chdir(self.dir)
 
         args = ['tar',
diff --git a/ipaserver/install/ipa_winsync_migrate.py b/ipaserver/install/ipa_winsync_migrate.py
index cf89366..d0653c9 100644
--- a/ipaserver/install/ipa_winsync_migrate.py
+++ b/ipaserver/install/ipa_winsync_migrate.py
@@ -29,8 +29,6 @@
 from ipapython.ipautil import realm_to_suffix, posixify
 from ipaserver.install import replication, installutils
 
-# pylint: disable=unused-variable
-
 if six.PY3:
     unicode = str
 
@@ -175,7 +173,7 @@ def create_id_user_override(self, entry):
         }
 
         try:
-            result = api.Command['idoverrideuser_add'](
+            api.Command['idoverrideuser_add'](
                 DEFAULT_TRUST_VIEW_NAME,
                 user_identifier,
                 **kwargs
@@ -193,7 +191,7 @@ def find_winsync_users(self):
 
         user_filter = "(&(objectclass=ntuser)(ntUserDomainId=*))"
         user_base = DN(api.env.container_user, api.env.basedn)
-        entries, _ = self.ldap.find_entries(
+        entries, _truncated = self.ldap.find_entries(
             filter=user_filter,
             base_dn=user_base,
             paged_search=True)
@@ -262,8 +260,9 @@ def create_winsync_group(object_entry, suffix=0):
                                                         user_entry.dn)
 
         try:
-            objects, _ = self.ldap.find_entries(member_filter,
-                                                base_dn=object_container_dn)
+            objects, _truncated = self.ldap.find_entries(
+                member_filter,
+                base_dn=object_container_dn)
         except errors.EmptyResult:
             # If there's nothing to migrate, then let's get out of here
             return
diff --git a/ipaserver/install/opendnssecinstance.py b/ipaserver/install/opendnssecinstance.py
index 39ea196..28638a1 100644
--- a/ipaserver/install/opendnssecinstance.py
+++ b/ipaserver/install/opendnssecinstance.py
@@ -20,8 +20,6 @@
 from ipalib import errors, api
 from ipaserver.install import dnskeysyncinstance
 
-# pylint: disable=unused-variable
-
 KEYMASTER = u'dnssecKeyMaster'
 softhsm_slot = 0
 
@@ -126,9 +124,6 @@ def create_instance(self, fqdn, realm_name, generate_master_key=True,
         self.start_creation()
 
     def __check_dnssec_status(self):
-        named = services.knownservices.named
-        ods_enforcerd = services.knownservices.ods_enforcerd
-
         try:
             self.named_uid = pwd.getpwnam(constants.NAMED_USER).pw_uid
         except KeyError:
@@ -289,7 +284,6 @@ def __setup_dnssec(self):
             os.chmod(paths.OPENDNSSEC_KASP_DB, 0o660)
 
             # regenerate zonelist.xml
-            ods_enforcerd = services.knownservices.ods_enforcerd
             cmd = [paths.ODS_KSMUTIL, 'zonelist', 'export']
             result = ipautil.run(cmd,
                                  runas=constants.ODS_USER,
@@ -307,7 +301,6 @@ def __setup_dnssec(self):
                 'setup'
             ]
 
-            ods_enforcerd = services.knownservices.ods_enforcerd
             ipautil.run(command, stdin="y", runas=constants.ODS_USER)
 
     def __setup_dnskeysyncd(self):
@@ -353,7 +346,6 @@ def uninstall(self):
         if ipautil.file_exists(paths.OPENDNSSEC_KASP_DB):
 
             # force to export data
-            ods_enforcerd = services.knownservices.ods_enforcerd
             cmd = [paths.IPA_ODS_EXPORTER, 'ipa-full-update']
             try:
                 self.print_msg("Exporting DNSSEC data before uninstallation")
diff --git a/ipaserver/install/plugins/rename_managed.py b/ipaserver/install/plugins/rename_managed.py
index 96da85f..5db00c7 100644
--- a/ipaserver/install/plugins/rename_managed.py
+++ b/ipaserver/install/plugins/rename_managed.py
@@ -24,8 +24,6 @@
 from ipapython import ipautil
 from ipapython.dn import DN
 
-# pylint: disable=unused-variable
-
 register = Registry()
 
 if six.PY3:
@@ -80,16 +78,15 @@ def generate_update(self, deletes=False):
         old_definition_container = DN(('cn', 'managed entries'), ('cn', 'plugins'), ('cn', 'config'), suffix)
         new_definition_container = DN(('cn', 'Definitions'), ('cn', 'Managed Entries'), ('cn', 'etc'), suffix)
 
-        definitions_dn = DN(('cn', 'Definitions'))
         update_list = []
         restart = False
 
         # If the old entries don't exist the server has already been updated.
         try:
-            definitions_managed_entries, truncated = ldap.find_entries(
+            definitions_managed_entries, _truncated = ldap.find_entries(
                 searchfilter, ['*'], old_definition_container,
                 ldap.SCOPE_ONELEVEL)
-        except errors.NotFound as e:
+        except errors.NotFound:
             return (False, update_list)
 
         for entry in definitions_managed_entries:
@@ -99,7 +96,7 @@ def generate_update(self, deletes=False):
                 assert isinstance(old_dn, DN)
                 try:
                     entry = ldap.get_entry(old_dn, ['*'])
-                except errors.NotFound as e:
+                except errors.NotFound:
                     pass
                 else:
                     # Compute the new dn by replacing the old container with the new container
@@ -164,7 +161,7 @@ class update_managed_post_first(Updater, GenerateUpdateMixin):
 
     def execute(self, **options):
         # Never need to restart with the pre-update changes
-        (ignore, update_list) = self.generate_update(False)
+        _ignore, update_list = self.generate_update(False)
 
         return False, update_list
 
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
index e9fa796..fcd0b32 100644
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -38,8 +38,6 @@
 from ipaplatform import services
 from ipaplatform.paths import paths
 
-# pylint: disable=unused-variable
-
 if six.PY3:
     unicode = str
 
@@ -708,7 +706,7 @@ def setup_agreement(self, a_conn, b_hostname, port=389,
             mod = [(ldap.MOD_ADD, 'nsDS5ReplicatedAttributeListTotal',
                    '(objectclass=*) $ EXCLUDE %s' % " ".join(TOTAL_EXCLUDES))]
             a_conn.modify_s(dn, mod)
-        except ldap.LDAPError as e:
+        except ldap.LDAPError:
             # Apparently there are problems set the total list
             # Probably the master is an old 389-ds server, tell the caller
             # that we will have to set the memberof fixup task
@@ -763,15 +761,15 @@ def get_replica_principal_dns(self, a, b, retries):
                 root_logger.debug('Unable to find entry for %s on %s'
                     % (filter_a, str(b)))
                 self.force_sync(a, b.host)
-                cn, dn = self.agreement_dn(b.host)
-                haserror, error_message = self.wait_for_repl_update(a, dn, 60)
+                _cn, dn = self.agreement_dn(b.host)
+                _haserror, error_message = self.wait_for_repl_update(a, dn, 60)
 
             if not b_entry:
                 root_logger.debug('Unable to find entry for %s on %s'
                     % (filter_b, str(a)))
                 self.force_sync(b, a.host)
-                cn, dn = self.agreement_dn(a.host)
-                haserror, error_message = self.wait_for_repl_update(b, dn, 60)
+                _cn, dn = self.agreement_dn(a.host)
+                _haserror, error_message = self.wait_for_repl_update(b, dn, 60)
 
             retries -= 1
 
@@ -834,10 +832,10 @@ def gssapi_update_agreements(self, a, b):
                (ldap.MOD_DELETE, "nsds5replicabinddn", None),
                (ldap.MOD_DELETE, "nsds5replicacredentials", None)]
 
-        cn, a_ag_dn = self.agreement_dn(b.host)
+        _cn, a_ag_dn = self.agreement_dn(b.host)
         a.modify_s(a_ag_dn, mod)
 
-        cn, b_ag_dn = self.agreement_dn(a.host)
+        _cn, b_ag_dn = self.agreement_dn(a.host)
         b.modify_s(b_ag_dn, mod)
 
         # Finally remove the temporary replication manager user
@@ -863,7 +861,7 @@ def delete_agreement(self, hostname, dn=None):
         better to pass the DN in directly.
         """
         if dn is None:
-            cn, dn = self.agreement_dn(hostname)
+            _cn, dn = self.agreement_dn(hostname)
         return self.conn.delete_entry(dn)
 
     def delete_referral(self, hostname):
@@ -984,7 +982,7 @@ def start_replication(self, conn, hostname=None, master=None):
         print("Starting replication, please wait until this has completed.")
         if hostname == None:
             hostname = self.conn.host
-        cn, dn = self.agreement_dn(hostname, master)
+        _cn, dn = self.agreement_dn(hostname, master)
 
         mod = [(ldap.MOD_ADD, 'nsds5BeginReplicaRefresh', 'start')]
         conn.modify_s(dn, mod)
@@ -1091,7 +1089,7 @@ def setup_winsync_replication(self,
                              repl_man_dn=ad_binddn, repl_man_passwd=ad_pwd,
                              iswinsync=True, win_subtree=ad_subtree)
         root_logger.info("Added new sync agreement, waiting for it to become ready . . .")
-        cn, dn = self.agreement_dn(ad_dc_name)
+        _cn, dn = self.agreement_dn(ad_dc_name)
         self.wait_for_repl_update(self.conn, dn, 300)
         root_logger.info("Agreement is ready, starting replication . . .")
 
@@ -1125,12 +1123,12 @@ def convert_to_gssapi_replication(self, r_hostname, r_binddn, r_bindpw):
         # have all principals and their passwords and can release
         # the right tickets. We do this by force pushing all our changes
         self.force_sync(self.conn, r_hostname)
-        cn, dn = self.agreement_dn(r_hostname)
+        _cn, dn = self.agreement_dn(r_hostname)
         self.wait_for_repl_update(self.conn, dn, 300)
 
         # now in the opposite direction
         self.force_sync(r_conn, self.hostname)
-        cn, dn = self.agreement_dn(self.hostname)
+        _cn, dn = self.agreement_dn(self.hostname)
         self.wait_for_repl_update(r_conn, dn, 300)
 
         # now that directories are in sync,
@@ -1698,7 +1696,7 @@ def delete_referral(self, hostname, port):
 
     def has_ipaca(self):
         try:
-            entry = self.conn.get_entry(self.db_suffix)
+            self.conn.get_entry(self.db_suffix)
         except errors.NotFound:
             return False
         else:
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index 0bc9691..22328ef 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -59,8 +59,6 @@
 
 from .common import BaseServer, BaseServerCA
 
-# pylint: disable=unused-variable
-
 SYSRESTORE_DIR_PATH = paths.SYSRESTORE
 
 
@@ -531,7 +529,7 @@ def install_check(installer):
             if options.pkinit_pin is None:
                 raise ScriptError(
                     "Kerberos KDC private key unlock password required")
-        pkinit_pkcs12_file, pkinit_pin, pkinit_ca_cert = load_pkcs12(
+        pkinit_pkcs12_file, pkinit_pin, _pkinit_ca_cert = load_pkcs12(
             cert_files=options.pkinit_cert_files,
             key_password=options.pkinit_pin,
             key_nickname=options.pkinit_cert_name,
@@ -687,14 +685,9 @@ def install(installer):
     options = installer
     fstore = installer._fstore
     sstore = installer._sstore
-    dirsrv_pkcs12_file = installer._dirsrv_pkcs12_file
-    http_pkcs12_file = installer._http_pkcs12_file
-    pkinit_pkcs12_file = installer._pkinit_pkcs12_file
     dirsrv_pkcs12_info = installer._dirsrv_pkcs12_info
     http_pkcs12_info = installer._http_pkcs12_info
     pkinit_pkcs12_info = installer._pkinit_pkcs12_info
-    external_cert_file = installer._external_cert_file
-    external_ca_file = installer._external_ca_file
     http_ca_cert = installer._ca_cert
 
     realm_name = options.realm_name
@@ -705,7 +698,6 @@ def install(installer):
     host_name = options.host_name
     ip_addresses = options.ip_addresses
     setup_ca = options.setup_ca
-    setup_kra = options.setup_kra
 
     # Installation has started. No IPA sysrestore items are restored in case of
     # failure to enable root cause investigation
@@ -1062,7 +1054,7 @@ def uninstall(installer):
     print("Shutting down all IPA services")
     try:
         run([paths.IPACTL, "stop"], raiseonerr=False)
-    except Exception as e:
+    except Exception:
         pass
 
     ntpinstance.NTPInstance(fstore).uninstall()
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index 27e9f57..7effda7 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -47,8 +47,6 @@
 
 from .common import BaseServer
 
-# pylint: disable=unused-variable
-
 if six.PY3:
     unicode = str
 
@@ -691,9 +689,9 @@ def install_check(installer):
 
         # Check pre-existing host entry
         try:
-            entry = conn.find_entries(u'fqdn=%s' % config.host_name,
-                                      ['fqdn'], DN(api.env.container_host,
-                                                   api.env.basedn))
+            conn.find_entries(
+                u'fqdn=%s' % config.host_name, ['fqdn'],
+                DN(api.env.container_host, api.env.basedn))
         except errors.NotFound:
             pass
         else:
@@ -920,8 +918,6 @@ def install(installer):
 
 
 def ensure_enrolled(installer):
-    config = installer._config
-
     # Call client install script
     service.print_msg("Configuring client side components")
     try:
@@ -1100,7 +1096,7 @@ def promote_check(installer):
             if options.pkinit_pin is None:
                 raise ScriptError(
                     "Kerberos KDC private key unlock password required")
-        pkinit_pkcs12_file, pkinit_pin, pkinit_ca_cert = load_pkcs12(
+        pkinit_pkcs12_file, pkinit_pin, _pkinit_ca_cert = load_pkcs12(
             cert_files=options.pkinit_cert_files,
             key_password=options.pkinit_pin,
             key_nickname=options.pkinit_cert_name,
@@ -1201,8 +1197,8 @@ def promote_check(installer):
 
         # Check that we don't already have a replication agreement
         try:
-            (acn, adn) = replman.agreement_dn(config.host_name)
-            entry = conn.get_entry(adn, ['*'])
+            _acn, adn = replman.agreement_dn(config.host_name)
+            conn.get_entry(adn, ['*'])
         except errors.NotFound:
             pass
         else:
@@ -1235,7 +1231,7 @@ def promote_check(installer):
         dn = DN(('cn', 'replication managers'), ('cn', 'sysaccounts'),
                 ('cn', 'etc'), ipautil.realm_to_suffix(config.realm_name))
         try:
-            entry = conn.get_entry(dn)
+            conn.get_entry(dn)
         except errors.NotFound:
             msg = ("The Replication Managers group is not available in "
                    "the domain. Replica promotion requires the use of "
@@ -1374,12 +1370,8 @@ def promote(installer):
     fstore = installer._fstore
     sstore = installer._sstore
     config = installer._config
-    dirsrv_pkcs12_file = installer._dirsrv_pkcs12_file
     dirsrv_pkcs12_info = installer._dirsrv_pkcs12_info
-    http_pkcs12_file = installer._http_pkcs12_file
     http_pkcs12_info = installer._http_pkcs12_info
-    pkinit_pkcs12_file = installer._pkinit_pkcs12_file
-    pkinit_pkcs12_info = installer._pkinit_pkcs12_info
 
     ccache = os.environ['KRB5CCNAME']
     remote_api = installer._remote_api
@@ -1491,14 +1483,16 @@ def promote(installer):
         cainstance.export_kra_agent_pem()
         CA.fix_ra_perms()
 
-    krb = install_krb(config,
-                      setup_pkinit=not options.no_pkinit,
-                      promote=True)
+    install_krb(
+        config,
+        setup_pkinit=not options.no_pkinit,
+        promote=True)
 
-    http = install_http(config,
-                        auto_redirect=not options.no_ui_redirect,
-                        promote=True, pkcs12_info=http_pkcs12_info,
-                        ca_is_configured=installer._ca_enabled)
+    install_http(
+        config,
+        auto_redirect=not options.no_ui_redirect,
+        promote=True, pkcs12_info=http_pkcs12_info,
+        ca_is_configured=installer._ca_enabled)
 
     # Apply any LDAP updates. Needs to be done after the replica is synced-up
     service.print_msg("Applying LDAP updates")
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index 2893a29..4426b7f 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -49,8 +49,6 @@
 from ipaserver.install.upgradeinstance import IPAUpgrade
 from ipaserver.install.ldapupdate import BadSyntax
 
-# pylint: disable=unused-variable
-
 if six.PY3:
     unicode = str
 
@@ -68,7 +66,6 @@ def uninstall_ipa_kpasswd():
     """
     ipa_kpasswd = KpasswdInstance()
 
-    running = ipa_kpasswd.restore_state("running")
     enabled = not ipa_kpasswd.restore_state("enabled")
 
     if enabled is not None and not enabled:
@@ -81,7 +78,6 @@ def backup_file(filename, ext):
         raise ValueError("Absolute path required")
 
     backupfile = filename + ".bak"
-    (reldir, file) = os.path.split(filename)
 
     while os.path.exists(backupfile):
         backupfile = backupfile + "." + str(ext)
@@ -209,7 +205,6 @@ def update_dbmodules(realm, filename=paths.KRB5_CONF):
     prefix = ''
 
     root_logger.info('[Verifying that KDC configuration is using ipa-kdb backend]')
-    st = os.stat(filename)
     fd = open(filename)
 
     lines = fd.readlines()
diff --git a/ipaserver/install/upgradeinstance.py b/ipaserver/install/upgradeinstance.py
index 2ecbfb6..dbbef4d 100644
--- a/ipaserver/install/upgradeinstance.py
+++ b/ipaserver/install/upgradeinstance.py
@@ -30,8 +30,6 @@
 from ipaserver.install import ldapupdate
 from ipaserver.install import service
 
-# pylint: disable=unused-variable
-
 DSE = 'dse.ldif'
 
 
@@ -79,7 +77,7 @@ def __init__(self, realm_name, files=[], schema_files=[]):
 
         ext = ''
         rand = random.Random()
-        for i in range(8):
+        for _i in range(8):
             h = "%02x" % rand.randint(0,255)
             ext += h
         service.Service.__init__(self, "dirsrv")
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to