[Freeipa-devel] [freeipa PR#1675][opened] [Backport][ipa-4-5] ipa-server-install: handle error when calling kdb5_util create

Tue, 13 Mar 2018 02:12:00 -0700 

   URL: https://github.com/freeipa/freeipa/pull/1675
Author: flo-renaud
 Title: #1675: [Backport][ipa-4-5] ipa-server-install: handle error when 
calling kdb5_util create
Action: opened

PR body:
"""
This PR was opened automatically because PR #1664 was pushed to master and 
backport to ipa-4-5 is required.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1675/head:pr1675
git checkout pr1675

From b2e2b2d83691059be8191977840951ef1ec7a9c3 Mon Sep 17 00:00:00 2001
From: Florence Blanc-Renaud <f...@redhat.com>
Date: Fri, 9 Mar 2018 11:45:57 +0100
Subject: [PATCH] ipa-server-install: handle error when calling kdb5_util
 create

ipa-server-install creates the kerberos container by calling
kdb5_util create -s -r $REALM -x ipa-setup-override-restrictions

but does not react on failure of this command. The installer fails later
when trying to create a ldap principal, and it is difficult to diagnose the
root cause.

The fix raises a RuntimeException when kdb5_util fails, to make sure
that the installer exits immediately with a proper error message.

Note: no test added because there is no easy reproducer. One would need to
stop dirsrv just before calling kdb5_util to simulate a failure.

https://pagure.io/freeipa/issue/7438
---
 ipaserver/install/krbinstance.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index 34fe46aa8e..5c15c3b8cf 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -324,8 +324,9 @@ def __init_ipa_kdb(self):
         )
         try:
             ipautil.run(args, nolog=(self.master_password,), stdin=''.join(dialogue))
-        except ipautil.CalledProcessError:
-            print("Failed to initialize the realm container")
+        except ipautil.CalledProcessError as error:
+            logger.debug("kdb5_util failed with %s", error)
+            raise RuntimeError("Failed to initialize kerberos container")
 
     def __configure_instance(self):
         self.__template_file(paths.KRB5KDC_KDC_CONF, chmod=None)

_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

Reply via email to