On 03/13/2015 05:37 PM, Martin Babinsky wrote:
> Attaching the next iteration of patches.
>
> I have tried my best to reword the ipa-client-install man page bit about the
> new option. Any suggestions to further improve it are welcome.
>
> I have also slightly modified the 'kinit_keytab' function so that in Kerberos
> errors are reported for each attempt and the text of the last error is
> retained
> when finally raising exception.
The approach looks very good. I think that my only concern with this patch is
this part:
+ ccache.init_creds_keytab(keytab=ktab, principal=princ)
...
+ except krbV.Krb5Error as e:
+ last_exc = str(e)
+ root_logger.debug("Attempt %d/%d: failed: %s"
+ % (attempt, attempts, last_exc))
+ time.sleep(1)
+
+ root_logger.debug("Maximum number of attempts (%d) reached"
+ % attempts)
+ raise StandardError("Error initializing principal %s: %s"
+ % (principal, last_exc))
The problem here is that this function will raise the super-generic
StandardError instead of the proper with all the context and information about
the error that the caller can then process.
I think that
except krbV.Krb5Error as e:
if attempt == max_attempts:
log something
raise
would be better.
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
