Re: [Freeipa-devel] [PATCH] 4 (1) ipa-client-install complains about non-existing nss_ldap
On 06.07.2011 17:26, Rob Crittenden wrote: ipa-client-install should be usable on non-RH platforms (see https://fedorahosted.org/freeipa/ticket/1374), so you shouldn't use /bin/rpm, as that's platform-specific. Wouldn't just rephrasing the warning message (as suggested in the ticket) be sufficient? If you want to support non-rpm-based platforms, you'll need to do much greater work than not depend on rpm. For example, /sbin/service and chkconfig might not be there. I'm not sure adding even more complexity is helpful, especially when it's used just to print a warning message. But I'd like a second opinion on this. I think it is time we start renaming ipautil.py to ipautil-rh.py and do ourselves, or invite someone to write ipautil-debian.py, then have code that loads the right module at runtime. Simo. I believe that nss-pam-ldapd uses a different configuration file than nss_ldap, I think I'd rather use the existence of that to determine what is being used. Calling out to rpm seems heavy-weight. In continuation of the same story, ticket 1368 asks for propagating hostname into static configuration (/etc/sysconfig/network, HOSTNAME variable on Red Hat systems). This is an example of system-specific common code where we want to ensure configuration is made and backed up but we don't care what is configuration's location and format. I.e. perfect example to write platform-specific support. I'm going to rework ipautil into providing common functions and loading platform-specific ones from separate files so that we can have Red Hat or Fedora (or LSB) platforms, Debian-based platforms and so on. Remeber, this is for ipa-client-install so some flexibility is welcomed here. I'll try to avoid using package management tools in such platform-specific code as much as possible also to avoid lock conflicts (if something is being installed in background you might get locked when asking a package database). We don't need to do platform detection at runtime as that is could be deferred to package maintainers. After all, IPA most likely will be packaged and ipa-client-install will come from such a package. Thus, providing proper ipautil-system.py file can be done as packaging effort. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 4 (1) ipa-client-install complains about non-existing nss_ldap
Simo Sorce wrote: On Fri, 2011-07-01 at 14:18 +0200, Jan Cholasta wrote: On 1.7.2011 14:00, Alexander Bokovoy wrote: Hi, On 01.07.2011 14:54, Jan Cholasta wrote: On 1.7.2011 11:44, Alexander Bokovoy wrote: New version: forgot to import package_installed_name from ipautil. Previous version can be ignored. ipa-client-install should be usable on non-RH platforms (see https://fedorahosted.org/freeipa/ticket/1374), so you shouldn't use /bin/rpm, as that's platform-specific. Wouldn't just rephrasing the warning message (as suggested in the ticket) be sufficient? If you want to support non-rpm-based platforms, you'll need to do much greater work than not depend on rpm. For example, /sbin/service and chkconfig might not be there. I'm not sure adding even more complexity is helpful, especially when it's used just to print a warning message. But I'd like a second opinion on this. I think it is time we start renaming ipautil.py to ipautil-rh.py and do ourselves, or invite someone to write ipautil-debian.py, then have code that loads the right module at runtime. Simo. I believe that nss-pam-ldapd uses a different configuration file than nss_ldap, I think I'd rather use the existence of that to determine what is being used. Calling out to rpm seems heavy-weight. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 4 (1) ipa-client-install complains about non-existing nss_ldap
On 06.07.2011 17:26, Rob Crittenden wrote: I'm not sure adding even more complexity is helpful, especially when it's used just to print a warning message. But I'd like a second opinion on this. I think it is time we start renaming ipautil.py to ipautil-rh.py and do ourselves, or invite someone to write ipautil-debian.py, then have code that loads the right module at runtime. I believe that nss-pam-ldapd uses a different configuration file than nss_ldap, I think I'd rather use the existence of that to determine what is being used. Calling out to rpm seems heavy-weight. Ok, I'll rework it. Do we have other cases where it is *not* enough to have check on the configuration files rather than package itself? For example, for cases where we would enforce installation of a required package to satisfy dependencies (like it was discussed for PackageKit on #freeipa)? -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 4 (1) ipa-client-install complains about non-existing nss_ldap
New version: forgot to import package_installed_name from ipautil.
Previous version can be ignored.
--
/ Alexander Bokovoy
From a78f8a4d18a9eae266215238dbaefe3b6cc6cd98 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy aboko...@redhat.com
Date: Fri, 1 Jul 2011 12:41:45 +0300
Subject: [PATCH] Make error reporting more 'local' for various configurations
of nss_ldap packages
https://fedorahosted.org/freeipa/ticket/1369
When nss_ldap-based configuration does not work, report proper package name
instead of always assuming nss_ldap.
At least, in RHEL6 and Fedora appropriate package is called nss-pam-ldapd while
in older releases and other
distributions it might be called differently.
The change makes less confusing error reporting. It also introduces common
utility function package_installed_name()
which provides an interface to query package manager for existence of mutually
exclusive packages which is
helpful to distinguish between different configuration paths.
---
ipa-client/ipa-install/ipa-client-install |5 +++--
ipapython/ipautil.py | 18 ++
2 files changed, 21 insertions(+), 2 deletions(-)
diff --git a/ipa-client/ipa-install/ipa-client-install
b/ipa-client/ipa-install/ipa-client-install
index
884dd213b82bf5c29d6cb4928fde6789057b16af..66a9e4935287ec0504127accf7e373e152aedb7e
100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -31,7 +31,7 @@ try:
import ipaclient.ipadiscovery
import ipaclient.ipachangeconf
import ipaclient.ntpconf
-from ipapython.ipautil import run, user_input, CalledProcessError,
file_exists
+from ipapython.ipautil import run, user_input, CalledProcessError,
file_exists, package_installed_name
from ipapython import ipautil
from ipapython import dnsclient
from ipapython import sysrestore
@@ -974,7 +974,8 @@ def main():
n = n + 1
if not found:
-print nss_ldap is not able to use DNS discovery!
+package = package_installed_name([nss-pam-ldapd,nss_ldap])
+print Unable to use DNS discovery! Recognized configuration: %s
% (package)
print Changing configuration to use hardcoded server name:
+cli_server
try:
diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index
91d19e95f570e0ef189b6fdc5519a9e344b2dab8..1573e0a172350444e3296e19e0092995721f5991
100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -1169,3 +1169,21 @@ def bind_port_responder(port, socket_stream=True,
socket_timeout=None, responder
s.sendto(responder_data, addr)
finally:
s.close()
+
+def package_installed_name(packages):
+
+Find out which of mutually exclusive packages is installed
+
+packages is a list of package names to check
+
+Returns package name or None
+
+
+args = [/bin/rpm,-q,--queryformat,%{NAME}]
+for package in packages:
+try:
+(package_name, error, retcode) = run(args+[package])
+return package_name
+except CalledProcessError:
+continue
+return None
--
1.7.5.4
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 4 (1) ipa-client-install complains about non-existing nss_ldap
On 1.7.2011 11:44, Alexander Bokovoy wrote: New version: forgot to import package_installed_name from ipautil. Previous version can be ignored. ipa-client-install should be usable on non-RH platforms (see https://fedorahosted.org/freeipa/ticket/1374), so you shouldn't use /bin/rpm, as that's platform-specific. Wouldn't just rephrasing the warning message (as suggested in the ticket) be sufficient? Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 4 (1) ipa-client-install complains about non-existing nss_ldap
Hi, On 01.07.2011 14:54, Jan Cholasta wrote: On 1.7.2011 11:44, Alexander Bokovoy wrote: New version: forgot to import package_installed_name from ipautil. Previous version can be ignored. ipa-client-install should be usable on non-RH platforms (see https://fedorahosted.org/freeipa/ticket/1374), so you shouldn't use /bin/rpm, as that's platform-specific. Wouldn't just rephrasing the warning message (as suggested in the ticket) be sufficient? If you want to support non-rpm-based platforms, you'll need to do much greater work than not depend on rpm. For example, /sbin/service and chkconfig might not be there. All this is abstracted now in ipautil.py and right thing for those platforms would be to provide appropriate implementation of the ipautil.py. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 4 (1) ipa-client-install complains about non-existing nss_ldap
On 1.7.2011 14:00, Alexander Bokovoy wrote: Hi, On 01.07.2011 14:54, Jan Cholasta wrote: On 1.7.2011 11:44, Alexander Bokovoy wrote: New version: forgot to import package_installed_name from ipautil. Previous version can be ignored. ipa-client-install should be usable on non-RH platforms (see https://fedorahosted.org/freeipa/ticket/1374), so you shouldn't use /bin/rpm, as that's platform-specific. Wouldn't just rephrasing the warning message (as suggested in the ticket) be sufficient? If you want to support non-rpm-based platforms, you'll need to do much greater work than not depend on rpm. For example, /sbin/service and chkconfig might not be there. I'm not sure adding even more complexity is helpful, especially when it's used just to print a warning message. But I'd like a second opinion on this. All this is abstracted now in ipautil.py and right thing for those platforms would be to provide appropriate implementation of the ipautil.py. Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
