Re: [Freeipa-devel] [PATCH 0014] emit a more helpful error messages when CA configuration fails
Dne 28.4.2015 v 15:03 Martin Basti napsal(a): On 27/04/15 10:54, Martin Babinsky wrote: On 04/24/2015 04:15 PM, Martin Basti wrote: On 20/04/15 12:59, Martin Babinsky wrote: On 04/17/2015 03:56 PM, Martin Babinsky wrote: On 03/05/2015 01:11 PM, Martin Babinsky wrote: https://fedorahosted.org/freeipa/ticket/4900 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Nobody to review this? Attaching updated patches, one for ipa-4-1 (no DogtagInstance) and one for master. Hello, thank for patches: 1) why is there +PKI_UNINSTALL_LOG = paths.PKI_CA_UNINSTALL_LOG I cannot find it used in patches? Martin^2 -- Martin Basti That was likely only my oversight. Attaching updated patches. ACK Pushed to: master: a1f91247ccf69a60d1e18942e6697f45b951fe4b ipa-4-1: 04f5842784e06f7e3f973b534d34d08a74a7 (Shamelessly added myself as a reviewer, since I did an offline review which lead to the changes done between the first and second generation of the patches.) -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0014] emit a more helpful error messages when CA configuration fails
On 27/04/15 10:54, Martin Babinsky wrote: On 04/24/2015 04:15 PM, Martin Basti wrote: On 20/04/15 12:59, Martin Babinsky wrote: On 04/17/2015 03:56 PM, Martin Babinsky wrote: On 03/05/2015 01:11 PM, Martin Babinsky wrote: https://fedorahosted.org/freeipa/ticket/4900 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Nobody to review this? Attaching updated patches, one for ipa-4-1 (no DogtagInstance) and one for master. Hello, thank for patches: 1) why is there +PKI_UNINSTALL_LOG = paths.PKI_CA_UNINSTALL_LOG I cannot find it used in patches? Martin^2 -- Martin Basti That was likely only my oversight. Attaching updated patches. ACK -- Martin Basti -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0014] emit a more helpful error messages when CA configuration fails
On 04/24/2015 04:15 PM, Martin Basti wrote: On 20/04/15 12:59, Martin Babinsky wrote: On 04/17/2015 03:56 PM, Martin Babinsky wrote: On 03/05/2015 01:11 PM, Martin Babinsky wrote: https://fedorahosted.org/freeipa/ticket/4900 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Nobody to review this? Attaching updated patches, one for ipa-4-1 (no DogtagInstance) and one for master. Hello, thank for patches: 1) why is there +PKI_UNINSTALL_LOG = paths.PKI_CA_UNINSTALL_LOG I cannot find it used in patches? Martin^2 -- Martin Basti That was likely only my oversight. Attaching updated patches. -- Martin^3 Babinsky From c11aebd883bce6e506f5ecd7773bb51837be4cb2 Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Fri, 17 Apr 2015 17:27:55 +0200 Subject: [PATCH] point the users to PKI-related logs when CA configuration fails This patch adds an error handler which prints out the paths to logs related to configuration and installation of Dogtag/CA in the case of failure. https://fedorahosted.org/freeipa/ticket/4900 --- ipapython/dogtag.py | 4 ipaserver/install/cainstance.py | 19 +++ 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py index 675d2a77fe30b9109c17089f129b189282ffa57b..e291045a69ed765084edaef5a8ca63834068ea3f 100644 --- a/ipapython/dogtag.py +++ b/ipapython/dogtag.py @@ -55,7 +55,9 @@ class Dogtag10Constants(object): DESTROY_BINARY = paths.PKIDESTROY SERVER_ROOT = paths.VAR_LIB_PKI_DIR +PKI_INSTALL_LOG = paths.PKI_CA_INSTALL_LOG PKI_INSTANCE_NAME = 'pki-tomcat' +PKI_LOG_TOP_LEVEL = os.path.join(paths.VAR_LOG_PKI_DIR, PKI_INSTANCE_NAME) PKI_ROOT = '%s/%s' % (SERVER_ROOT, PKI_INSTANCE_NAME) CRL_PUBLISH_PATH = paths.PKI_CA_PUBLISH_DIR CS_CFG_PATH = '%s/conf/ca/CS.cfg' % PKI_ROOT @@ -88,7 +90,9 @@ class Dogtag9Constants(object): DESTROY_BINARY = paths.PKISILENT SERVER_ROOT = paths.VAR_LIB +PKI_INSTALL_LOG = paths.PKI_CA_INSTALL_LOG PKI_INSTANCE_NAME = 'pki-ca' +PKI_LOG_TOP_LEVEL = paths.PKI_CA_LOG_DIR PKI_ROOT = '%s/%s' % (SERVER_ROOT, PKI_INSTANCE_NAME) CRL_PUBLISH_PATH = paths.PKI_CA_PUBLISH_DIR CS_CFG_PATH = '%s/conf/CS.cfg' % PKI_ROOT diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index cf80d17e04fc59d97ad02116ccfbd3f8bbc10823..54f2f6c53c0103786b3a866f76df8ed365f64788 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -669,8 +669,7 @@ class CAInstance(service.Service): try: ipautil.run(args, nolog=nolog) except ipautil.CalledProcessError, e: -root_logger.critical("failed to configure ca instance %s" % e) -raise RuntimeError('Configuration of CA failed') +self.handle_setup_error(e) finally: os.remove(cfg_file) @@ -820,8 +819,7 @@ class CAInstance(service.Service): ipautil.run(args, env={'PKI_HOSTNAME':self.fqdn}, nolog=nolog) except ipautil.CalledProcessError, e: -root_logger.critical("failed to configure ca instance %s" % e) -raise RuntimeError('Configuration of CA failed') +self.handle_setup_error(e) if self.external == 1: print "The next step is to get %s signed by your CA and re-run %s as:" % (self.csr_file, sys.argv[0]) @@ -1764,6 +1762,19 @@ class CAInstance(service.Service): master_entry['ipaConfigString'].append('caRenewalMaster') self.admin_conn.update_entry(master_entry) +def handle_setup_error(self, e): +root_logger.critical("Failed to configure CA instance: %s" + % e) +root_logger.critical("See the installation logs and the following " + "files/directories for more information:") +logs = [self.dogtag_constants.PKI_INSTALL_LOG, +self.dogtag_constants.PKI_LOG_TOP_LEVEL] + +for log in logs: +root_logger.critical(" %s" % log) + +raise RuntimeError("CA configuration failed.") + def replica_ca_install_check(config): if not config.setup_ca: -- 2.1.0 From 1f50525b9840de33cfd4fa0ec3ebb10c04fbf75c Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Mon, 20 Apr 2015 12:34:38 +0200 Subject: [PATCH] point the users to PKI-related logs when CA configuration fails This patch adds an error handler which prints out the paths to logs related to configuration and installation of Dogtag/CA in the case of failure. https://fedorahosted.org/freeipa/ticket/4900 --- ipapython/dogtag.py | 4 ipaserver/install/cainstance.py | 3 +-- ipaserver/install/dogtaginstance.py | 17 ++--- 3 files changed, 19 insertions(+), 5 deletions(-) diff --git a/ipapython/dogtag.py b/ipapython/dogtag
Re: [Freeipa-devel] [PATCH 0014] emit a more helpful error messages when CA configuration fails
On 20/04/15 12:59, Martin Babinsky wrote: On 04/17/2015 03:56 PM, Martin Babinsky wrote: On 03/05/2015 01:11 PM, Martin Babinsky wrote: https://fedorahosted.org/freeipa/ticket/4900 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Nobody to review this? Attaching updated patches, one for ipa-4-1 (no DogtagInstance) and one for master. Hello, thank for patches: 1) why is there +PKI_UNINSTALL_LOG = paths.PKI_CA_UNINSTALL_LOG I cannot find it used in patches? Martin^2 -- Martin Basti -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0014] emit a more helpful error messages when CA configuration fails
On 04/17/2015 03:56 PM, Martin Babinsky wrote: On 03/05/2015 01:11 PM, Martin Babinsky wrote: https://fedorahosted.org/freeipa/ticket/4900 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Nobody to review this? Attaching updated patches, one for ipa-4-1 (no DogtagInstance) and one for master. -- Martin^3 Babinsky From 83a5b8aa57d40f5d293f91b9088c13a1efdbbd49 Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Fri, 17 Apr 2015 17:27:55 +0200 Subject: [PATCH] point the users to PKI-related logs when CA configuration fails This patch adds an error handler which prints out the paths to logs related to configuration and installation of Dogtag/CA in the case of failure. https://fedorahosted.org/freeipa/ticket/4900 --- ipapython/dogtag.py | 6 ++ ipaserver/install/cainstance.py | 19 +++ 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py index 675d2a77fe30b9109c17089f129b189282ffa57b..78409dfda2e1620aab1d239b14d6925ae5b0aee6 100644 --- a/ipapython/dogtag.py +++ b/ipapython/dogtag.py @@ -55,7 +55,10 @@ class Dogtag10Constants(object): DESTROY_BINARY = paths.PKIDESTROY SERVER_ROOT = paths.VAR_LIB_PKI_DIR +PKI_INSTALL_LOG = paths.PKI_CA_INSTALL_LOG +PKI_UNINSTALL_LOG = paths.PKI_CA_UNINSTALL_LOG PKI_INSTANCE_NAME = 'pki-tomcat' +PKI_LOG_TOP_LEVEL = os.path.join(paths.VAR_LOG_PKI_DIR, PKI_INSTANCE_NAME) PKI_ROOT = '%s/%s' % (SERVER_ROOT, PKI_INSTANCE_NAME) CRL_PUBLISH_PATH = paths.PKI_CA_PUBLISH_DIR CS_CFG_PATH = '%s/conf/ca/CS.cfg' % PKI_ROOT @@ -88,7 +91,10 @@ class Dogtag9Constants(object): DESTROY_BINARY = paths.PKISILENT SERVER_ROOT = paths.VAR_LIB +PKI_INSTALL_LOG = paths.PKI_CA_INSTALL_LOG +PKI_UNINSTALL_LOG = paths.PKI_CA_UNINSTALL_LOG PKI_INSTANCE_NAME = 'pki-ca' +PKI_LOG_TOP_LEVEL = paths.PKI_CA_LOG_DIR PKI_ROOT = '%s/%s' % (SERVER_ROOT, PKI_INSTANCE_NAME) CRL_PUBLISH_PATH = paths.PKI_CA_PUBLISH_DIR CS_CFG_PATH = '%s/conf/CS.cfg' % PKI_ROOT diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index cf80d17e04fc59d97ad02116ccfbd3f8bbc10823..54f2f6c53c0103786b3a866f76df8ed365f64788 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -669,8 +669,7 @@ class CAInstance(service.Service): try: ipautil.run(args, nolog=nolog) except ipautil.CalledProcessError, e: -root_logger.critical("failed to configure ca instance %s" % e) -raise RuntimeError('Configuration of CA failed') +self.handle_setup_error(e) finally: os.remove(cfg_file) @@ -820,8 +819,7 @@ class CAInstance(service.Service): ipautil.run(args, env={'PKI_HOSTNAME':self.fqdn}, nolog=nolog) except ipautil.CalledProcessError, e: -root_logger.critical("failed to configure ca instance %s" % e) -raise RuntimeError('Configuration of CA failed') +self.handle_setup_error(e) if self.external == 1: print "The next step is to get %s signed by your CA and re-run %s as:" % (self.csr_file, sys.argv[0]) @@ -1764,6 +1762,19 @@ class CAInstance(service.Service): master_entry['ipaConfigString'].append('caRenewalMaster') self.admin_conn.update_entry(master_entry) +def handle_setup_error(self, e): +root_logger.critical("Failed to configure CA instance: %s" + % e) +root_logger.critical("See the installation logs and the following " + "files/directories for more information:") +logs = [self.dogtag_constants.PKI_INSTALL_LOG, +self.dogtag_constants.PKI_LOG_TOP_LEVEL] + +for log in logs: +root_logger.critical(" %s" % log) + +raise RuntimeError("CA configuration failed.") + def replica_ca_install_check(config): if not config.setup_ca: -- 2.1.0 From e4cada419253dadeaaa5a051e36d54d1a4fca6ae Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Mon, 20 Apr 2015 12:34:38 +0200 Subject: [PATCH] point the users to PKI-related logs when CA configuration fails This patch adds an error handler which prints out the paths to logs related to configuration and installation of Dogtag/CA in the case of failure. https://fedorahosted.org/freeipa/ticket/4900 --- ipapython/dogtag.py | 6 ++ ipaserver/install/cainstance.py | 3 +-- ipaserver/install/dogtaginstance.py | 17 ++--- 3 files changed, 21 insertions(+), 5 deletions(-) diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py index 3d70bccfc32901ac884f5b412866d986a4087244..5dc532b7aa83586e7bc5a2904d01443d2979 100644 --- a/ipapython/dogtag.py +++ b/ipapython/dogtag.py @@ -55,7 +55,10 @@ class Dogtag10Constants(object):
Re: [Freeipa-devel] [PATCH 0014] emit a more helpful error messages when CA configuration fails
On 03/05/2015 01:11 PM, Martin Babinsky wrote: https://fedorahosted.org/freeipa/ticket/4900 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Nobody to review this? -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code