[SSSD] [DESIGN] sss_confcheck tool

Wed, 20 Apr 2016 03:04:45 -0700 

Hi,

I just updated the design for the planned sss_confcheck tool.
It can be found here: https://fedorahosted.org/sssd/wiki/DesignDocs/ConfigCheckTool 

For convenience I paste it here as well:


sss_confcheck tool

Related ticket(s):

    ​https://fedorahosted.org/sssd/ticket/2269

Problem statement


There is no easy way to debug the SSSD configuration without having to 
look into the debug logs. Moreover the debug logs can be difficult to 
understand for people outside SSSD development team. Some common issues 
can be identified during static offline analysis of the config files. To 
find these issues soon we need a tool that performs this analysis and 
provides human readable report.


Use cases

- performing ad-hoc static analysis of the installed SSSD       configuration

- performing ad-hoc static analysis of SSSD configuration files 
retrieved from user with some SSSD problems


Overview of the solution - sss_confcheck tool


A new tool will be added to sss_* tools that will perform static 
analysis of SSSD configuration files. This tool can be run without any 
parameters in which case it will print a report to the standard output 
in the following or similar format:


-----------------
$ sss_confcheck
Number of identified issues: 1

[rule/allowed_nss_options]: Attribute 'foo' is not allowed in section 
'nss'. Check for typos.


Used configuration file:
<Here will be the contents of sssd.conf file>

Number of used configuration override snippets: 2

List of configuration override snippets in order of priority (lowest 
priority first):

snippet_name_1.conf
snippet_name_2.conf

Content of configuration override snippets:
snippet_name_1.conf:
<content of snippet_name_1.conf>

snippet_name_2.conf:
<content of snippet_name_2.conf>
-------------------

Available options:

  ?, --help

  --config-file PATH_CONFIG_FILE                Path to config file 
that will be checked.

  --snippets-dir PATH_TO_SNIPPETS_DIRECTORY     Path to snippets directory.

  --no-validators                               Do not use validators 
(no analysis will be made).
  --no-file-content                             Do not print config 
file or snippet contents.

  --no-snippets                                 Ignore the snippets.

  --silent                                      If no errors are 
detected, do not print anything.


Implementation details


The tool will use ding-libs validators feature described in this design 
document ​ 
https://fedorahosted.org/sssd/wiki/DesignDocs/libini-config-file-checks.


Configuration changes

No configuration changes.

How To Test


Depending on the capabilities of validators used by SSSD, make an error 
in configuration and run sss_confcheck to see if it was detected.

_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org






















					Reply via email to