URL: https://github.com/freeipa/freeipa/pull/735 Author: pvoborni Title: #735: automount install: do not wait for sssd restart on uninstallation Action: synchronized
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/735/head:pr735 git checkout pr735
From 769c520574e690cfba4f1484bbd838be0176d5a1 Mon Sep 17 00:00:00 2001 From: Petr Vobornik <pvobo...@redhat.com> Date: Tue, 25 Apr 2017 18:19:21 +0200 Subject: [PATCH] automount install: fix checking of SSSD functionality on uninstall Change in 2d4d1a9dc0ef2bbe86751768d6e6b009a52c0dc9 no longer initializes api in `ipa-client-automount --uninstallation` Which caused error in wait_for_sssd which gets realm from initialized API. This patch initializes the API in a way that it doesn't download schema on uninstallation and on installation it uses host keytab for it so it no longer requires user's Kerberos credentials. Also fix call of xxx_service_class_factory which requires api as param. https://pagure.io/freeipa/issue/6861 --- client/ipa-client-automount | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/client/ipa-client-automount b/client/ipa-client-automount index 18914bd..c1a6b2c 100755 --- a/client/ipa-client-automount +++ b/client/ipa-client-automount @@ -193,7 +193,7 @@ def configure_autofs_sssd(fstore, statestore, autodiscover, options): sssdconfig.write(paths.SSSD_CONF) statestore.backup_state('autofs', 'sssd', True) - sssd = services.service('sssd') + sssd = services.service('sssd', api) sssd.restart() print("Restarting sssd, waiting for it to become available.") wait_for_sssd() @@ -281,7 +281,7 @@ def uninstall(fstore, statestore): break sssdconfig.save_domain(domain) sssdconfig.write(paths.SSSD_CONF) - sssd = services.service('sssd') + sssd = services.service('sssd', api) sssd.restart() wait_for_sssd() except Exception as e: @@ -379,9 +379,6 @@ def main(): paths.IPACLIENT_INSTALL_LOG, verbose=False, debug=options.debug, filemode='a', console_format='%(message)s') - if options.uninstall: - return uninstall(fstore, statestore) - cfg = dict( context='cli_installer', confdir=paths.ETC_IPA, @@ -390,8 +387,11 @@ def main(): verbose=0, ) + # Bootstrap API early so that env object is available api.bootstrap(**cfg) - api.finalize() + + if options.uninstall: + return uninstall(fstore, statestore) ca_cert_path = None if os.path.exists(paths.IPA_CA_CRT): @@ -448,7 +448,11 @@ def main(): kinit_keytab(host_princ, paths.KRB5_KEYTAB, ccache_name) os.environ['KRB5CCNAME'] = ccache_name except gssapi.exceptions.GSSError as e: - sys.exit("Failed to obtain host TGT: %s" % e) + sys.exit("Failed to obtained host TGT: %s" % e) + + # Finilize api when TGT obtain using host keytab exists + api.finalize() + # Now we have a TGT, connect to IPA try: api.Backend.rpcclient.connect()
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code