Re: [Freeipa-devel] [PATCH] 458 catch no CA preop.pin
On 05/28/2010 05:22 PM, Rob Crittenden wrote: The preop.pin is used to authenticate the admin when doing CA enrollment. We were assuming it would be available and things blow up badly if not (we end up passing None as an argument to exec). If there isn't a preop pin there is no need to do anything, so raise an error. rob It looks like the patch message is missing a part, it ends with: To remove an existing instance run: and then nothing, but that's just a detail :) ack. Pavel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 456 replica creation
On 05/27/2010 11:51 PM, Rob Crittenden wrote: If a host is already enrolled (either as a client or a former replica) then ipa-replica-install will fail spectacularly with an error about a missing keytab. This is because some entries already exist and it totally confuses things. We need to start this host from scratch, so catch this condition and give the admin some hints on how to fix it. rob It seems to work, but this: except Exception, e: pass is a very bad practice, because it catches everything (even the KeyboardInterrupt exception) and makes code very hard to debug if something really unexpected happens. I've already replaced a few things like this in the installer, but there are probably more left. Catch errors.ExecutionError instead or in this case errors.NotFound. auto-ack when this is fixed. Pavel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 456 replica creation
Pavel Zuna wrote: On 05/27/2010 11:51 PM, Rob Crittenden wrote: If a host is already enrolled (either as a client or a former replica) then ipa-replica-install will fail spectacularly with an error about a missing keytab. This is because some entries already exist and it totally confuses things. We need to start this host from scratch, so catch this condition and give the admin some hints on how to fix it. rob It seems to work, but this: except Exception, e: pass is a very bad practice, because it catches everything (even the KeyboardInterrupt exception) and makes code very hard to debug if something really unexpected happens. I've already replaced a few things like this in the installer, but there are probably more left. Catch errors.ExecutionError instead or in this case errors.NotFound. auto-ack when this is fixed. Pavel Ok, switched to errors.NotFound. pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 457 fall back to DM password in ipa-replica-manage
Pavel Zuna wrote: On 05/27/2010 11:52 PM, Rob Crittenden wrote: ipa-replica-manage can use the current kerberos credentials for some commands now. To make it a bit nicer to use fall back to prompt for the DM password if there are no credentials. I've found it handy to have this in development. I also fix up the errors when deleting a replica too (my test case for the fallback). The error message was a bit mis-formatted. rob ack. Pavel pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 458 catch no CA preop.pin
Pavel Zuna wrote: On 05/28/2010 05:22 PM, Rob Crittenden wrote: The preop.pin is used to authenticate the admin when doing CA enrollment. We were assuming it would be available and things blow up badly if not (we end up passing None as an argument to exec). If there isn't a preop pin there is no need to do anything, so raise an error. rob It looks like the patch message is missing a part, it ends with: To remove an existing instance run: and then nothing, but that's just a detail :) ack. Pavel Heh, in this case I was demonstrating something that needed to be run as root, so I included the # shell prompt. Of course git helpfully dropped this. I added the pkiremove example back in. pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 459 remove Requires on python-krbV
I used python-krbV to get the configured kerberos realm so we could clean up /etc/krb5.keytab. This is a bit heavy-weight for one line of code. We can instead parse /etc/ipa/default.conf to get the same thing without an additional Requires. rob freeipa-459-client.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 459 remove Requires on python-krbV
On 06/01/2010 02:43 PM, Rob Crittenden wrote: I used python-krbV to get the configured kerberos realm so we could clean up /etc/krb5.keytab. This is a bit heavy-weight for one line of code. We can instead parse /etc/ipa/default.conf to get the same thing without an additional Requires. rob Patch looks good to me. Ack. -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel