Re: [Freeipa-devel] [PATCH 0117] ipa-client-install: create a temporary directory for ccache files

2015-12-15 Thread Martin Kosek 
On 12/15/2015 08:03 AM, Martin Babinsky wrote:
> On 12/15/2015 07:19 AM, Jan Cholasta wrote:
>> On 14.12.2015 18:51, Tomas Babej wrote:
>>>
>>>
>>> On 12/14/2015 05:31 PM, Martin Babinsky wrote:
 fixes https://fedorahosted.org/freeipa/ticket/5528
>>>
>>> Works as expected, code-wise looks good.
>>>
>>> Thanks for looking into this, ACK!
>>>
>>> Pushed to master: 5886f87f974fa508047a21350c2e6e75a3001da6
>>
>> It would probably be better if ipa-client-install used
>> ipautil.private_ccache(), but I guess we can fix that later, once we
>> start digging into ipa-client-install componentization / rectofaring.
>>
> Yes since that would probably require heroic amounts of spaghetti untangling 
> to
> get it right. Anyway we have any milestone for ipa-client refactoring? Is it a
> part of 4.4 installer redesign effort?

Client refactoring is not currently planned for 4.4. There are plans for "Thin
Client", but not ipa-client-install refactoring. This would fall in 4.5 or even
later, I think.

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0117] ipa-client-install: create a temporary directory for ccache files

2015-12-15 Thread Martin Kosek 
On 12/14/2015 06:51 PM, Tomas Babej wrote:
> 
> 
> On 12/14/2015 05:31 PM, Martin Babinsky wrote:
>> fixes https://fedorahosted.org/freeipa/ticket/5528
> 
> Works as expected, code-wise looks good.
> 
> Thanks for looking into this, ACK!
> 
> Pushed to master: 5886f87f974fa508047a21350c2e6e75a3001da6
> 

Looks like something that should also land in ipa-4-3, no?

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0117] ipa-client-install: create a temporary directory for ccache files

2015-12-15 Thread Martin Kosek 
On 12/15/2015 12:39 PM, Martin Kosek wrote:
> On 12/14/2015 06:51 PM, Tomas Babej wrote:
>>
>>
>> On 12/14/2015 05:31 PM, Martin Babinsky wrote:
>>> fixes https://fedorahosted.org/freeipa/ticket/5528
>>
>> Works as expected, code-wise looks good.
>>
>> Thanks for looking into this, ACK!
>>
>> Pushed to master: 5886f87f974fa508047a21350c2e6e75a3001da6
>>
> 
> Looks like something that should also land in ipa-4-3, no?
> 

Ah, the actual push was yesterday before the branch - please disregard my
message :-)

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0117] ipa-client-install: create a temporary directory for ccache files

2015-12-15 Thread Jan Cholasta 

On 15.12.2015 12:41, Martin Kosek wrote:

On 12/15/2015 08:03 AM, Martin Babinsky wrote:

On 12/15/2015 07:19 AM, Jan Cholasta wrote:

On 14.12.2015 18:51, Tomas Babej wrote:



On 12/14/2015 05:31 PM, Martin Babinsky wrote:

fixes https://fedorahosted.org/freeipa/ticket/5528


Works as expected, code-wise looks good.

Thanks for looking into this, ACK!

Pushed to master: 5886f87f974fa508047a21350c2e6e75a3001da6


It would probably be better if ipa-client-install used
ipautil.private_ccache(), but I guess we can fix that later, once we
start digging into ipa-client-install componentization / rectofaring.


Yes since that would probably require heroic amounts of spaghetti untangling to
get it right. Anyway we have any milestone for ipa-client refactoring? Is it a
part of 4.4 installer redesign effort?


Client refactoring is not currently planned for 4.4. There are plans for "Thin
Client", but not ipa-client-install refactoring. This would fall in 4.5 or even
later, I think.


For further server/replica installer improvements, it's necessary to at 
least create a module from ipa-client-install. So, unless you want to 
freeze server installers in their current (WIP) state, we have to touch 
ipa-client-install as well.


--
Jan Cholasta

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0117] ipa-client-install: create a temporary directory for ccache files

2015-12-14 Thread Jan Cholasta 

On 14.12.2015 18:51, Tomas Babej wrote:



On 12/14/2015 05:31 PM, Martin Babinsky wrote:

fixes https://fedorahosted.org/freeipa/ticket/5528


Works as expected, code-wise looks good.

Thanks for looking into this, ACK!

Pushed to master: 5886f87f974fa508047a21350c2e6e75a3001da6


It would probably be better if ipa-client-install used 
ipautil.private_ccache(), but I guess we can fix that later, once we 
start digging into ipa-client-install componentization / rectofaring.


--
Jan Cholasta

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0117] ipa-client-install: create a temporary directory for ccache files

2015-12-14 Thread Martin Babinsky 

On 12/15/2015 07:19 AM, Jan Cholasta wrote:

On 14.12.2015 18:51, Tomas Babej wrote:



On 12/14/2015 05:31 PM, Martin Babinsky wrote:

fixes https://fedorahosted.org/freeipa/ticket/5528


Works as expected, code-wise looks good.

Thanks for looking into this, ACK!

Pushed to master: 5886f87f974fa508047a21350c2e6e75a3001da6


It would probably be better if ipa-client-install used
ipautil.private_ccache(), but I guess we can fix that later, once we
start digging into ipa-client-install componentization / rectofaring.

Yes since that would probably require heroic amounts of spaghetti 
untangling to get it right. Anyway we have any milestone for ipa-client 
refactoring? Is it a part of 4.4 installer redesign effort?


--
Martin^3 Babinsky

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [PATCH 0117] ipa-client-install: create a temporary directory for ccache files

2015-12-14 Thread Martin Babinsky 

fixes https://fedorahosted.org/freeipa/ticket/5528

--
Martin^3 Babinsky
From 1e6dcfe235b1c9e563dd0fd3408ef93008010a89 Mon Sep 17 00:00:00 2001
From: Martin Babinsky 
Date: Mon, 14 Dec 2015 14:28:41 +0100
Subject: [PATCH] ipa-client-install: create a temporary directory for ccache
 files

gssapi.Credentials instantiation in ipautil.kinit_keytab() raises 'Bad format
in credential cache' error when a name of an existing zero-length file is
passed as a ccache parameter. Use temporary directory instead and let GSSAPI
to create file-based ccache on demand.

https://fedorahosted.org/freeipa/ticket/5528
---
 ipa-client/ipa-install/ipa-client-install | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 9556cdec0fbb5b07984ebf39ee8d4cdd8e53ed97..e9a7d45c3f82a58f6297db7354eb784f6416db4b 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -2578,8 +2578,8 @@ def install(options, env, fstore, statestore):
 root_logger.error("Test kerberos configuration failed")
 return CLIENT_INSTALL_ERROR
 env['KRB5_CONFIG'] = krb_name
-(ccache_fd, ccache_name) = tempfile.mkstemp()
-os.close(ccache_fd)
+ccache_dir = tempfile.mkdtemp(prefix='krbcc')
+ccache_name = os.path.join(ccache_dir, 'ccache')
 join_args = [paths.SBIN_IPA_JOIN,
  "-s", cli_server[0],
  "-b", str(realm_to_suffix(cli_realm)),
@@ -2727,7 +2727,7 @@ def install(options, env, fstore, statestore):
 except OSError:
 root_logger.error("Could not remove %s", krb_name)
 try:
-os.remove(ccache_name)
+os.rmdir(ccache_dir)
 except OSError:
 pass
 try:
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0117] ipa-client-install: create a temporary directory for ccache files

2015-12-14 Thread Tomas Babej 


On 12/14/2015 05:31 PM, Martin Babinsky wrote:
> fixes https://fedorahosted.org/freeipa/ticket/5528

Works as expected, code-wise looks good.

Thanks for looking into this, ACK!

Pushed to master: 5886f87f974fa508047a21350c2e6e75a3001da6

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code