Re: [Freeipa-devel] [PATCH] 4 (1) ipa-client-install complains about non-existing nss_ldap
On 06.07.2011 17:26, Rob Crittenden wrote: ipa-client-install should be usable on non-RH platforms (see https://fedorahosted.org/freeipa/ticket/1374), so you shouldn't use /bin/rpm, as that's platform-specific. Wouldn't just rephrasing the warning message (as suggested in the ticket) be sufficient? If you want to support non-rpm-based platforms, you'll need to do much greater work than not depend on rpm. For example, /sbin/service and chkconfig might not be there. I'm not sure adding even more complexity is helpful, especially when it's used just to print a warning message. But I'd like a second opinion on this. I think it is time we start renaming ipautil.py to ipautil-rh.py and do ourselves, or invite someone to write ipautil-debian.py, then have code that loads the right module at runtime. Simo. I believe that nss-pam-ldapd uses a different configuration file than nss_ldap, I think I'd rather use the existence of that to determine what is being used. Calling out to rpm seems heavy-weight. In continuation of the same story, ticket 1368 asks for propagating hostname into static configuration (/etc/sysconfig/network, HOSTNAME variable on Red Hat systems). This is an example of system-specific common code where we want to ensure configuration is made and backed up but we don't care what is configuration's location and format. I.e. perfect example to write platform-specific support. I'm going to rework ipautil into providing common functions and loading platform-specific ones from separate files so that we can have Red Hat or Fedora (or LSB) platforms, Debian-based platforms and so on. Remeber, this is for ipa-client-install so some flexibility is welcomed here. I'll try to avoid using package management tools in such platform-specific code as much as possible also to avoid lock conflicts (if something is being installed in background you might get locked when asking a package database). We don't need to do platform detection at runtime as that is could be deferred to package maintainers. After all, IPA most likely will be packaged and ipa-client-install will come from such a package. Thus, providing proper ipautil-system.py file can be done as packaging effort. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 4 (1) ipa-client-install complains about non-existing nss_ldap
Simo Sorce wrote: On Fri, 2011-07-01 at 14:18 +0200, Jan Cholasta wrote: On 1.7.2011 14:00, Alexander Bokovoy wrote: Hi, On 01.07.2011 14:54, Jan Cholasta wrote: On 1.7.2011 11:44, Alexander Bokovoy wrote: New version: forgot to import package_installed_name from ipautil. Previous version can be ignored. ipa-client-install should be usable on non-RH platforms (see https://fedorahosted.org/freeipa/ticket/1374), so you shouldn't use /bin/rpm, as that's platform-specific. Wouldn't just rephrasing the warning message (as suggested in the ticket) be sufficient? If you want to support non-rpm-based platforms, you'll need to do much greater work than not depend on rpm. For example, /sbin/service and chkconfig might not be there. I'm not sure adding even more complexity is helpful, especially when it's used just to print a warning message. But I'd like a second opinion on this. I think it is time we start renaming ipautil.py to ipautil-rh.py and do ourselves, or invite someone to write ipautil-debian.py, then have code that loads the right module at runtime. Simo. I believe that nss-pam-ldapd uses a different configuration file than nss_ldap, I think I'd rather use the existence of that to determine what is being used. Calling out to rpm seems heavy-weight. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 4 (1) ipa-client-install complains about non-existing nss_ldap
On 06.07.2011 17:26, Rob Crittenden wrote: I'm not sure adding even more complexity is helpful, especially when it's used just to print a warning message. But I'd like a second opinion on this. I think it is time we start renaming ipautil.py to ipautil-rh.py and do ourselves, or invite someone to write ipautil-debian.py, then have code that loads the right module at runtime. I believe that nss-pam-ldapd uses a different configuration file than nss_ldap, I think I'd rather use the existence of that to determine what is being used. Calling out to rpm seems heavy-weight. Ok, I'll rework it. Do we have other cases where it is *not* enough to have check on the configuration files rather than package itself? For example, for cases where we would enforce installation of a required package to satisfy dependencies (like it was discussed for PackageKit on #freeipa)? -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 4 (1) ipa-client-install complains about non-existing nss_ldap
New version: forgot to import package_installed_name from ipautil. Previous version can be ignored. -- / Alexander Bokovoy From a78f8a4d18a9eae266215238dbaefe3b6cc6cd98 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy aboko...@redhat.com Date: Fri, 1 Jul 2011 12:41:45 +0300 Subject: [PATCH] Make error reporting more 'local' for various configurations of nss_ldap packages https://fedorahosted.org/freeipa/ticket/1369 When nss_ldap-based configuration does not work, report proper package name instead of always assuming nss_ldap. At least, in RHEL6 and Fedora appropriate package is called nss-pam-ldapd while in older releases and other distributions it might be called differently. The change makes less confusing error reporting. It also introduces common utility function package_installed_name() which provides an interface to query package manager for existence of mutually exclusive packages which is helpful to distinguish between different configuration paths. --- ipa-client/ipa-install/ipa-client-install |5 +++-- ipapython/ipautil.py | 18 ++ 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 884dd213b82bf5c29d6cb4928fde6789057b16af..66a9e4935287ec0504127accf7e373e152aedb7e 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -31,7 +31,7 @@ try: import ipaclient.ipadiscovery import ipaclient.ipachangeconf import ipaclient.ntpconf -from ipapython.ipautil import run, user_input, CalledProcessError, file_exists +from ipapython.ipautil import run, user_input, CalledProcessError, file_exists, package_installed_name from ipapython import ipautil from ipapython import dnsclient from ipapython import sysrestore @@ -974,7 +974,8 @@ def main(): n = n + 1 if not found: -print nss_ldap is not able to use DNS discovery! +package = package_installed_name([nss-pam-ldapd,nss_ldap]) +print Unable to use DNS discovery! Recognized configuration: %s % (package) print Changing configuration to use hardcoded server name: +cli_server try: diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index 91d19e95f570e0ef189b6fdc5519a9e344b2dab8..1573e0a172350444e3296e19e0092995721f5991 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -1169,3 +1169,21 @@ def bind_port_responder(port, socket_stream=True, socket_timeout=None, responder s.sendto(responder_data, addr) finally: s.close() + +def package_installed_name(packages): + +Find out which of mutually exclusive packages is installed + +packages is a list of package names to check + +Returns package name or None + + +args = [/bin/rpm,-q,--queryformat,%{NAME}] +for package in packages: +try: +(package_name, error, retcode) = run(args+[package]) +return package_name +except CalledProcessError: +continue +return None -- 1.7.5.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 4 (1) ipa-client-install complains about non-existing nss_ldap
On 1.7.2011 11:44, Alexander Bokovoy wrote: New version: forgot to import package_installed_name from ipautil. Previous version can be ignored. ipa-client-install should be usable on non-RH platforms (see https://fedorahosted.org/freeipa/ticket/1374), so you shouldn't use /bin/rpm, as that's platform-specific. Wouldn't just rephrasing the warning message (as suggested in the ticket) be sufficient? Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 4 (1) ipa-client-install complains about non-existing nss_ldap
Hi, On 01.07.2011 14:54, Jan Cholasta wrote: On 1.7.2011 11:44, Alexander Bokovoy wrote: New version: forgot to import package_installed_name from ipautil. Previous version can be ignored. ipa-client-install should be usable on non-RH platforms (see https://fedorahosted.org/freeipa/ticket/1374), so you shouldn't use /bin/rpm, as that's platform-specific. Wouldn't just rephrasing the warning message (as suggested in the ticket) be sufficient? If you want to support non-rpm-based platforms, you'll need to do much greater work than not depend on rpm. For example, /sbin/service and chkconfig might not be there. All this is abstracted now in ipautil.py and right thing for those platforms would be to provide appropriate implementation of the ipautil.py. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 4 (1) ipa-client-install complains about non-existing nss_ldap
On 1.7.2011 14:00, Alexander Bokovoy wrote: Hi, On 01.07.2011 14:54, Jan Cholasta wrote: On 1.7.2011 11:44, Alexander Bokovoy wrote: New version: forgot to import package_installed_name from ipautil. Previous version can be ignored. ipa-client-install should be usable on non-RH platforms (see https://fedorahosted.org/freeipa/ticket/1374), so you shouldn't use /bin/rpm, as that's platform-specific. Wouldn't just rephrasing the warning message (as suggested in the ticket) be sufficient? If you want to support non-rpm-based platforms, you'll need to do much greater work than not depend on rpm. For example, /sbin/service and chkconfig might not be there. I'm not sure adding even more complexity is helpful, especially when it's used just to print a warning message. But I'd like a second opinion on this. All this is abstracted now in ipautil.py and right thing for those platforms would be to provide appropriate implementation of the ipautil.py. Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel