Hello,
This patch removes most sys.exits() from installer modules and scripts
and replaces them with ScriptError. I only left sys.exits at places
where the user decides yes/no on continuation of the script.
From 7968f068141e53f7bf0000111221b38c40cac432 Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka <slazn...@redhat.com>
Date: Thu, 16 Jun 2016 17:12:24 +0200
Subject: [PATCH] Remove sys.exit from install modules and scripts
sys.exit() calls sometimes make it hard to find bugs and mask code that
does not always work properly.
https://fedorahosted.org/freeipa/ticket/5750
---
install/tools/ipa-adtrust-install | 17 +++---
install/tools/ipa-ca-install | 23 ++++----
install/tools/ipa-compat-manage | 11 ++--
install/tools/ipa-dns-install | 3 +-
ipaserver/install/bindinstance.py | 2 +-
ipaserver/install/ca.py | 19 +++---
ipaserver/install/cainstance.py | 5 +-
ipaserver/install/dns.py | 5 +-
ipaserver/install/dsinstance.py | 3 +-
ipaserver/install/installutils.py | 16 +++---
ipaserver/install/ipa_ldap_updater.py | 2 +-
ipaserver/install/krainstance.py | 3 +-
ipaserver/install/replication.py | 10 ++--
ipaserver/install/server/install.py | 64 +++++++++++----------
ipaserver/install/server/replicainstall.py | 92 ++++++++++++++++--------------
15 files changed, 147 insertions(+), 128 deletions(-)
diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install
index 36caa5c2d429c6cf107df03e82aa80e15d8efe01..da635cb02c3c8affb234515dd64f2cb06e9ea872 100755
--- a/install/tools/ipa-adtrust-install
+++ b/install/tools/ipa-adtrust-install
@@ -37,6 +37,7 @@ from ipaserver.install.installutils import (
from ipaserver.install import service
from ipapython import version
from ipapython import ipautil, sysrestore, ipaldap
+from ipapython.admintool import ScriptError
from ipalib import api, errors, krb_utils
from ipapython.config import IPAOptionParser
from ipaplatform.paths import paths
@@ -192,7 +193,7 @@ def set_and_check_netbios_name(netbios_name, unattended):
if not adtrustinstance.check_netbios_name(netbios_name):
if unattended and not gen_netbios_name:
netbios_name_error(netbios_name)
- sys.exit("Aborting installation.")
+ raise ScriptError("Aborting installation.")
else:
if netbios_name:
netbios_name_error(netbios_name)
@@ -227,7 +228,7 @@ def main():
safe_options, options = parse_options()
if os.getegid() != 0:
- sys.exit("Must be root to setup AD trusts on server")
+ raise ScriptError("Must be root to setup AD trusts on server")
standard_logging_setup(log_file_name, debug=options.debug, filemode='a')
print("\nThe log file for this installation can be found in %s" % log_file_name)
@@ -255,7 +256,7 @@ def main():
# Check if samba packages are installed
if not adtrustinstance.check_inst():
- sys.exit("Aborting installation.")
+ raise ScriptError("Aborting installation.")
# Initialize the ipalib api
cfg = dict(
@@ -318,14 +319,14 @@ def main():
try:
principal = krb_utils.get_principal()
except errors.CCacheError as e:
- sys.exit("Must have Kerberos credentials to setup AD trusts on server: %s" % e.message)
+ raise ScriptError("Must have Kerberos credentials to setup AD trusts on server: %s" % e.message)
try:
api.Backend.ldap2.connect()
except errors.ACIError as e:
- sys.exit("Outdated Kerberos credentials. Use kdestroy and kinit to update your ticket")
+ raise ScriptError("Outdated Kerberos credentials. Use kdestroy and kinit to update your ticket")
except errors.DatabaseError as e:
- sys.exit("Cannot connect to the LDAP database. Please check if IPA is running")
+ raise ScriptError("Cannot connect to the LDAP database. Please check if IPA is running")
try:
user = api.Command.user_show(principal.partition('@')[0].partition('/')[0])['result']
@@ -334,9 +335,9 @@ def main():
group['cn'][0] in user['memberof_group']):
raise errors.RequirementError(name='admins group membership')
except errors.RequirementError as e:
- sys.exit("Must have administrative privileges to setup AD trusts on server")
+ raise ScriptError("Must have administrative privileges to setup AD trusts on server")
except Exception as e:
- sys.exit("Unrecognized error during check of admin rights: %s" % (str(e)))
+ raise ScriptError("Unrecognized error during check of admin rights: %s" % (str(e)))
(netbios_name, reset_netbios_name) = \
set_and_check_netbios_name(options.netbios_name,
diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install
index 1bc5def03bf687a1e4f9fb38a54363b5429c8fc4..3a863b3f750b9a1f2f02fe0db2a80740247c5c04 100755
--- a/install/tools/ipa-ca-install
+++ b/install/tools/ipa-ca-install
@@ -31,6 +31,7 @@ from ipaserver.install.installutils import check_creds, ReplicaConfig
from ipaserver.install import dsinstance, ca
from ipaserver.install import cainstance, custodiainstance, service
from ipapython import version
+from ipapython.admintool import ScriptError
from ipalib import api
from ipalib.constants import DOMAIN_LEVEL_0
from ipapython.dn import DN
@@ -109,13 +110,13 @@ def get_dirman_password():
def install_replica(safe_options, options, filename):
if options.promote:
if filename is not None:
- sys.exit("Too many parameters provided. "
- "No replica file is required")
+ raise ScriptError("Too many parameters provided. "
+ "No replica file is required")
else:
if filename is None:
- sys.exit("A replica file is required")
+ raise ScriptError("A replica file is required")
if not ipautil.file_exists(filename):
- sys.exit("Replica file %s does not exist" % filename)
+ raise ScriptError("Replica file %s does not exist" % filename)
if not options.promote:
# Check if we have admin creds already, otherwise acquire them
@@ -125,17 +126,17 @@ def install_replica(safe_options, options, filename):
dirman_password = options.password
if not dirman_password:
if options.unattended:
- sys.exit('Directory Manager password required')
+ raise ScriptError('Directory Manager password required')
try:
dirman_password = get_dirman_password()
except KeyboardInterrupt:
- sys.exit(0)
+ raise ScriptError(rval=0)
if dirman_password is None:
- sys.exit("Directory Manager password required")
+ raise ScriptError("Directory Manager password required")
if (not options.promote and not options.admin_password and
not options.skip_conncheck and options.unattended):
- sys.exit('admin password required')
+ raise ScriptError('admin password required')
if options.promote:
config = ReplicaConfig()
@@ -203,13 +204,13 @@ def install_master(safe_options, options):
dm_password = options.password
if not dm_password:
if options.unattended:
- sys.exit('Directory Manager password required')
+ raise ScriptError('Directory Manager password required')
try:
dm_password = get_dirman_password()
except KeyboardInterrupt:
- sys.exit(0)
+ raise ScriptError(rval=0)
if dm_password is None:
- sys.exit("Directory Manager password required")
+ raise ScriptError("Directory Manager password required")
api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')),
bind_pw=dm_password)
diff --git a/install/tools/ipa-compat-manage b/install/tools/ipa-compat-manage
index 2b13c4a68531c7b6261465399b59225db094aba2..5b54edebaba01e8102e1c74b0bba3cf1a1002f5f 100755
--- a/install/tools/ipa-compat-manage
+++ b/install/tools/ipa-compat-manage
@@ -26,6 +26,7 @@ from ipaplatform.paths import paths
try:
from optparse import OptionParser
from ipapython import ipautil, config
+ from ipapython.admin import ScriptError
from ipaserver.install import installutils
from ipaserver.install.ldapupdate import LDAPUpdate
from ipaserver.plugins.ldap2 import ldap2
@@ -88,9 +89,9 @@ def main():
options, args = parse_options()
if len(args) != 1:
- sys.exit("You must specify one action: enable | disable | status")
+ raise ScriptError("You must specify one action: enable | disable | status")
elif args[0] != "enable" and args[0] != "disable" and args[0] != "status":
- sys.exit("Unrecognized action [" + args[0] + "]")
+ raise ScriptError("Unrecognized action [" + args[0] + "]")
standard_logging_setup(None, debug=options.debug)
@@ -101,7 +102,7 @@ def main():
else:
dirman_password = get_dirman_password()
if dirman_password is None:
- sys.exit("Directory Manager password required")
+ raise ScriptError("Directory Manager password required")
api.bootstrap(context='cli', debug=options.debug)
api.finalize()
@@ -114,9 +115,9 @@ def main():
bind_dn=DN(('cn', 'directory manager')), bind_pw=dirman_password
)
except errors.ExecutionError as lde:
- sys.exit("An error occurred while connecting to the server.\n%s\n" % str(lde))
+ raise ScriptError("An error occurred while connecting to the server.\n%s\n" % str(lde))
except errors.ACIError as e:
- sys.exit("Authentication failed: %s" % e.info)
+ raise ScriptError("Authentication failed: %s" % e.info)
if args[0] == "status":
entry = None
diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install
index 4138622356e49a02750da3084667604ae7426769..d39bac3b3d5e3cec8a1a3951fb582b6af9057afe 100755
--- a/install/tools/ipa-dns-install
+++ b/install/tools/ipa-dns-install
@@ -34,6 +34,7 @@ from ipalib import api
from ipaplatform.paths import paths
from ipapython import ipautil
from ipapython import sysrestore
+from ipapython.admintool import ScriptError
from ipapython.config import IPAOptionParser
from ipapython.ipa_log_manager import standard_logging_setup, root_logger
@@ -122,7 +123,7 @@ def main():
safe_options, options = parse_options()
if os.getegid() != 0:
- sys.exit("Must be root to setup server")
+ raise ScriptError("Must be root to setup server")
standard_logging_setup(log_file_name, debug=options.debug, filemode='a')
print("\nThe log file for this installation can be found in %s" % log_file_name)
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 78e75359266bbefe7954242b98922272fb0c9194..c9e528856414371ce2e5e54df3642907c89d2856 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -466,7 +466,7 @@ def check_reverse_zones(ip_addresses, reverse_zones, options, unattended,
except ValueError as e:
msg = "Reverse zone %s will not be used: %s" % (rz, e)
if unattended:
- sys.exit(msg)
+ raise RuntimeError(msg)
else:
root_logger.warning(msg)
continue
diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py
index ac72c76883fda00e2f258a9ecfe9925722041fe9..b83555270d37a04117627a11b51214e25e80779d 100644
--- a/ipaserver/install/ca.py
+++ b/ipaserver/install/ca.py
@@ -8,6 +8,7 @@ import sys
from ipaserver.install import cainstance, dsinstance, bindinstance
from ipapython import ipautil, certdb
+from ipapython.admintool import ScriptError
from ipaplatform import services
from ipaplatform.paths import paths
from ipaserver.install import installutils, certs
@@ -30,12 +31,12 @@ def install_check(standalone, replica_config, options):
if replica_config is not None:
if standalone and api.env.ra_plugin == 'selfsign':
- sys.exit('A selfsign CA can not be added')
+ raise ScriptError('A selfsign CA can not be added')
if ((not options.promote
and not ipautil.file_exists(replica_config.dir + "/cacert.p12"))):
print('CA cannot be installed in CA-less setup.')
- sys.exit(1)
+ raise ScriptError
if standalone and not options.skip_conncheck:
principal = options.principal
@@ -53,7 +54,7 @@ def install_check(standalone, replica_config, options):
if standalone:
if api.Command.ca_is_enabled()['result']:
- sys.exit(
+ raise ScriptError(
"One or more CA masters are already present in IPA realm "
"'%s'.\nIf you wish to replicate CA to this host, please "
"re-run 'ipa-ca-install'\nwith a replica file generated on "
@@ -67,7 +68,7 @@ def install_check(standalone, replica_config, options):
print("CA is not installed yet. To install with an external CA "
"is a two-stage process.\nFirst run the installer with "
"--external-ca.")
- sys.exit(1)
+ raise ScriptError
external_cert_file, external_ca_file = installutils.load_external_cert(
options.external_cert_files, options.subject)
@@ -75,17 +76,17 @@ def install_check(standalone, replica_config, options):
if cainstance.is_step_one_done():
print("CA is already installed.\nRun the installer with "
"--external-cert-file.")
- sys.exit(1)
+ raise ScriptError
if ipautil.file_exists(paths.ROOT_IPA_CSR):
print(("CA CSR file %s already exists.\nIn order to continue "
"remove the file and run the installer again." %
paths.ROOT_IPA_CSR))
- sys.exit(1)
+ raise ScriptError
if not options.external_cert_files:
if not cainstance.check_port():
print("IPA requires port 8443 for PKI but it is currently in use.")
- sys.exit("Aborting installation")
+ raise ScriptError("Aborting installation")
if standalone:
dirname = dsinstance.config_dirname(
@@ -100,7 +101,7 @@ def install_check(standalone, replica_config, options):
'Signing-Cert'):
print(("Certificate with nickname %s is present in %s, "
"cannot continue." % (nickname, db.secdir)))
- sys.exit(1)
+ raise ScriptError
cert = db.get_cert_from_db(nickname)
if not cert:
@@ -111,7 +112,7 @@ def install_check(standalone, replica_config, options):
DN('CN=Object Signing Cert', subject_base)):
print(("Certificate with subject %s is present in %s, "
"cannot continue." % (subject, db.secdir)))
- sys.exit(1)
+ raise ScriptError
def install(standalone, replica_config, options):
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 8dfb71528d2dc020e05ccd7ff42199218a1c0839..26adacd475bd948580390e0ca0c385caac069d78 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -60,6 +60,7 @@ from ipapython.certdb import get_ca_nickname
from ipapython.dn import DN
from ipapython.ipa_log_manager import log_mgr,\
standard_logging_setup, root_logger
+from ipapython.admintool import ScriptError
from ipapython.secrets.kem import IPAKEMKeys
from ipaserver.install import certs
@@ -588,7 +589,7 @@ class CAInstance(DogtagInstance):
if self.external == 1:
print("The next step is to get %s signed by your CA and re-run %s as:" % (self.csr_file, sys.argv[0]))
print("%s --external-cert-file=/path/to/signed_certificate --external-cert-file=/path/to/external_ca_certificate" % sys.argv[0])
- sys.exit(0)
+ raise ScriptError(rval=0)
else:
shutil.move(paths.CA_BACKUP_KEYS_P12,
paths.CACERT_P12)
@@ -1494,7 +1495,7 @@ def install_replica_ca(config, postinstall=False, ra_p12=None):
return ca
if ca.is_installed():
- sys.exit("A CA is already configured on this system.")
+ raise ScriptError("A CA is already configured on this system.")
if postinstall:
# If installing this afterward the Apache NSS database already
diff --git a/ipaserver/install/dns.py b/ipaserver/install/dns.py
index 0fb869a7bab5b38f0a543b74220b2bb74888357f..c5544baf9e50dcb1d75885ba68d824c3e77dda89 100644
--- a/ipaserver/install/dns.py
+++ b/ipaserver/install/dns.py
@@ -22,6 +22,7 @@ from ipapython import sysrestore
from ipapython import dnsutil
from ipapython.dn import DN
from ipapython.ipa_log_manager import root_logger
+from ipapython.admintool import ScriptError
from ipapython.ipaldap import AUTOBIND_ENABLED
from ipapython.ipautil import user_input
from ipaserver.install.installutils import get_server_ip_address
@@ -207,8 +208,8 @@ def install_check(standalone, api, replica, options, hostname):
# we can reinstall current server if it is dnssec master
if dnssec_masters and api.env.host not in dnssec_masters:
print("DNSSEC key master(s):", u','.join(dnssec_masters))
- sys.exit("Only one DNSSEC key master is supported in current "
- "version.")
+ raise ScriptError(
+ "Only one DNSSEC key master is supported in current version.")
if options.kasp_db_file:
dnskeysyncd = services.service('ipa-dnskeysyncd')
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index c93b3b4ff58c4102a9de448247966ad3dd8e4e7c..996d69ba7aa82917d20a13639dbb72f8228310d4 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -48,6 +48,7 @@ from ipaplatform.constants import constants as platformconstants
from ipaplatform.tasks import tasks
from ipalib.constants import CACERT
from ipapython.dn import DN
+from ipapython.admintool import ScriptError
from ipaplatform import services
from ipaplatform.paths import paths
@@ -620,7 +621,7 @@ class DsInstance(service.Service):
super(DsInstance, self).restart(instance)
if not is_ds_running(instance):
root_logger.critical("Failed to restart the directory server. See the installation log for details.")
- sys.exit(1)
+ raise ScriptError
except SystemExit as e:
raise e
except Exception as e:
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index b8ce068a86ddc0498c9bd46fe400c54bcb48c6f8..653bb61e6cb0e2fd1db42b3cd784a48a3f746427 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -470,7 +470,7 @@ def get_server_ip_address(host_name, unattended, setup_dns, ip_addresses):
print("The KDC service does not listen on localhost", file=sys.stderr)
print("", file=sys.stderr)
print("Please fix your /etc/hosts file and restart the setup program", file=sys.stderr)
- sys.exit(1)
+ raise ScriptError
ips = []
if len(hostaddr):
@@ -497,11 +497,11 @@ def get_server_ip_address(host_name, unattended, setup_dns, ip_addresses):
print("or /etc/hosts file and restart the installation.", file=sys.stderr)
print("Provided but not resolved address(es): %s" % \
", ".join(str(ip) for ip in (set(ip_addresses) - set(ips))), file=sys.stderr)
- sys.exit(1)
+ raise ScriptError
if not ips:
print("No usable IP address provided nor resolved.", file=sys.stderr)
- sys.exit(1)
+ raise ScriptError
for ip_address in ips:
# check /etc/hosts sanity
@@ -516,7 +516,7 @@ def get_server_ip_address(host_name, unattended, setup_dns, ip_addresses):
print("Chosen hostname %s does not match configured canonical hostname %s" \
% (host_name, primary_host), file=sys.stderr)
print("Please fix your /etc/hosts file and restart the installation.", file=sys.stderr)
- sys.exit(1)
+ raise ScriptError
return ips
@@ -597,7 +597,7 @@ def create_replica_config(dirman_password, filename, options):
root_logger.error("Failed to decrypt or open the replica file.")
print("ERROR: Failed to decrypt or open the replica file.")
print("Verify you entered the correct Directory Manager password.")
- sys.exit(1)
+ raise ScriptError
config = ReplicaConfig(top_dir)
read_replica_info(dir, config)
root_logger.debug(
@@ -607,13 +607,13 @@ def create_replica_config(dirman_password, filename, options):
root_logger.error(
'A replica file from a newer release (%d) cannot be installed on an older version (%d)',
config.version, version.NUM_VERSION)
- sys.exit(1)
+ raise ScriptError
config.dirman_password = dirman_password
try:
host = get_host_name(options.no_host_dns)
except BadHostError as e:
root_logger.error(str(e))
- sys.exit(1)
+ raise ScriptError
if config.host_name != host:
try:
print("This replica was created for '%s' but this machine is named '%s'" % (config.host_name, host))
@@ -627,7 +627,7 @@ def create_replica_config(dirman_password, filename, options):
print("")
except KeyboardInterrupt:
root_logger.debug("Keyboard Interrupt")
- sys.exit(0)
+ raise ScriptError(rval=0)
config.dir = dir
config.ca_ds_port = read_replica_info_dogtag_port(config.dir)
return config
diff --git a/ipaserver/install/ipa_ldap_updater.py b/ipaserver/install/ipa_ldap_updater.py
index 2f91a830ff5f8fd9e61f47b4df963118102f7a02..c38fc13010b64111df33b46b03d3a66126872ec5 100644
--- a/ipaserver/install/ipa_ldap_updater.py
+++ b/ipaserver/install/ipa_ldap_updater.py
@@ -83,7 +83,7 @@ class LDAPUpdater(admintool.AdminTool):
installutils.check_server_configuration()
except RuntimeError as e:
print(unicode(e))
- sys.exit(1)
+ raise admintool.ScriptError
def setup_logging(self):
super(LDAPUpdater, self).setup_logging(log_file_mode='a')
diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py
index 67ad6544c16734a0f0a9fcb1355499daeec48642..64090cfb7c09d90a01caa47bba1deff848e446f8 100644
--- a/ipaserver/install/krainstance.py
+++ b/ipaserver/install/krainstance.py
@@ -33,6 +33,7 @@ from ipaplatform.paths import paths
from ipapython import certdb
from ipapython import ipautil
from ipapython.dn import DN
+from ipapython.admintool import ScriptError
from ipaserver.install import certs
from ipaserver.install import cainstance
from ipaserver.install import installutils
@@ -424,7 +425,7 @@ def install_replica_kra(config, postinstall=False):
_kra.dm_password = config.dirman_password
_kra.subject_base = config.subject_base
if _kra.is_installed():
- sys.exit("A KRA is already configured on this system.")
+ raise ScriptError("A KRA is already configured on this system.")
_kra.configure_instance(config.realm_name, config.host_name,
config.dirman_password, config.dirman_password,
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
index a4fd97def8150382880f1cf7f66fec1735d32e82..7b54f27f7d299910f62c102a8c327a2008a22013 100644
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -32,6 +32,7 @@ from ipalib.constants import CACERT
from ipalib.util import create_topology_graph, get_topology_connection_errors
from ipapython.ipa_log_manager import root_logger
from ipapython import ipautil, ipaldap
+from ipapython.admintool import ScriptError
from ipapython.dn import DN
from ipaplatform import services
from ipaplatform.paths import paths
@@ -72,7 +73,7 @@ def replica_conn_check(master_host, host_name, realm, check_ca,
Check the ports used by the replica both locally and remotely to be sure
that replication will work.
- Does not return a value, will sys.exit() on failure.
+ Does not return a value, will raise ScriptError on failure.
"""
print("Run connection check to master")
args = [paths.IPA_REPLICA_CONNCHECK, "--master", master_host,
@@ -97,9 +98,10 @@ def replica_conn_check(master_host, host_name, realm, check_ca,
args, raiseonerr=False, capture_output=False, nolog=nolog)
if result.returncode != 0:
- sys.exit("Connection check failed!" +
- "\nPlease fix your network settings according to error messages above." +
- "\nIf the check results are not valid it can be skipped with --skip-conncheck parameter.")
+ raise ScriptError(
+ "Connection check failed!"
+ "\nPlease fix your network settings according to error messages above."
+ "\nIf the check results are not valid it can be skipped with --skip-conncheck parameter.")
else:
print("Connection check OK")
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index 46b7190dc899dc85daa109af4850206cf5343d5c..c9b158fd0b1072858eb972d7e15415cb1a106309 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -24,6 +24,7 @@ from ipapython.install.core import Knob
from ipapython.ipa_log_manager import root_logger
from ipapython.ipautil import (
decrypt_file, format_netloc, ipa_generate_password, run, user_input)
+from ipapython.admintool import ScriptError
from ipaplatform import services
from ipaplatform.paths import paths
from ipaplatform.tasks import tasks
@@ -193,7 +194,7 @@ def read_realm_name(domain_name, unattended):
" as realm name?", True):
print("")
print("An upper-case realm name is required. Unable to continue.")
- sys.exit(1)
+ raise ScriptError
else:
realm_name = upper_dom
print("")
@@ -235,7 +236,7 @@ def check_dirsrv(unattended):
print("\t389")
if not ds_secure:
print("\t636")
- sys.exit(1)
+ raise ScriptError
def set_subject_in_config(realm_name, dm_password, suffix, subject_base):
@@ -277,7 +278,7 @@ def common_cleanup(func):
root_logger.error("Failed to remove DS instance. You "
"may need to remove instance data "
"manually")
- sys.exit(1)
+ raise ScriptError
finally:
if not success and installer._installation_cleanup:
# Do a cautious clean up as we don't know what failed and
@@ -403,7 +404,7 @@ def check_master_deleted(api, masters, interactive):
"already removed from topology.")
if (interactive and not user_input("Proceed with uninstallation?", False)):
print("Aborted")
- sys.exit(1)
+ raise ScriptError
return False
@@ -419,7 +420,7 @@ def check_topology_connectivity(api, masters):
print("Uninstallation leads to disconnected topology")
print("Use '--ignore-topology-disconnect' to skip this check")
print("Aborting uninstallation")
- sys.exit(1)
+ raise ScriptError
@common_cleanup
@@ -451,16 +452,18 @@ def install_check(installer):
if (not options.external_ca and not options.external_cert_files and
is_ipa_configured()):
installer._installation_cleanup = False
- sys.exit("IPA server is already configured on this system.\n"
- "If you want to reinstall the IPA server, please uninstall "
- "it first using 'ipa-server-install --uninstall'.")
+ raise ScriptError(
+ "IPA server is already configured on this system.\n"
+ "If you want to reinstall the IPA server, please uninstall "
+ "it first using 'ipa-server-install --uninstall'.")
client_fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
if client_fstore.has_files():
installer._installation_cleanup = False
- sys.exit("IPA client is already configured on this system.\n"
- "Please uninstall it before configuring the IPA server, "
- "using 'ipa-client-install --uninstall'")
+ raise ScriptError(
+ "IPA client is already configured on this system.\n"
+ "Please uninstall it before configuring the IPA server, "
+ "using 'ipa-client-install --uninstall'")
fstore = sysrestore.FileStore(SYSRESTORE_DIR_PATH)
sstore = sysrestore.StateFile(SYSRESTORE_DIR_PATH)
@@ -472,7 +475,7 @@ def install_check(installer):
else:
dm_password = read_password("Directory Manager", confirm=False)
if dm_password is None:
- sys.exit("Directory Manager password required")
+ raise ScriptError("Directory Manager password required")
try:
cache_vars = read_cache(dm_password)
options.__dict__.update(cache_vars)
@@ -480,7 +483,7 @@ def install_check(installer):
options.external_ca = False
options.interactive = False
except Exception as e:
- sys.exit("Cannot process the cache file: %s" % str(e))
+ raise ScriptError("Cannot process the cache file: %s" % str(e))
# We only set up the CA if the PKCS#12 options are not given.
if options.dirsrv_cert_files:
@@ -535,7 +538,7 @@ def install_check(installer):
# Check to see if httpd is already configured to listen on 443
if httpinstance.httpd_443_configured():
- sys.exit("Aborting installation")
+ raise ScriptError("Aborting installation")
if not options.setup_dns and installer.interactive:
if ipautil.user_input("Do you want to configure integrated DNS "
@@ -565,7 +568,7 @@ def install_check(installer):
else:
host_name = read_host_name(host_default, options.no_host_dns)
except BadHostError as e:
- sys.exit(str(e) + "\n")
+ raise ScriptError(e)
host_name = host_name.lower()
root_logger.debug("will use host_name: %s\n" % host_name)
@@ -577,7 +580,7 @@ def install_check(installer):
try:
validate_domain_name(domain_name)
except ValueError as e:
- sys.exit("Invalid domain name: %s" % unicode(e))
+ raise ScriptError("Invalid domain name: %s" % unicode(e))
else:
domain_name = options.domain_name
@@ -598,7 +601,7 @@ def install_check(installer):
"Enter Apache Server private key unlock",
confirm=False, validate=False)
if options.http_pin is None:
- sys.exit(
+ raise ScriptError(
"Apache Server private key unlock password required")
http_pkcs12_file, http_pin, http_ca_cert = load_pkcs12(
cert_files=options.http_cert_files,
@@ -614,7 +617,7 @@ def install_check(installer):
"Enter Directory Server private key unlock",
confirm=False, validate=False)
if options.dirsrv_pin is None:
- sys.exit(
+ raise ScriptError(
"Directory Server private key unlock password required")
dirsrv_pkcs12_file, dirsrv_pin, dirsrv_ca_cert = load_pkcs12(
cert_files=options.dirsrv_cert_files,
@@ -630,7 +633,7 @@ def install_check(installer):
"Enter Kerberos KDC private key unlock",
confirm=False, validate=False)
if options.pkinit_pin is None:
- sys.exit(
+ raise ScriptError(
"Kerberos KDC private key unlock password required")
pkinit_pkcs12_file, pkinit_pin, pkinit_ca_cert = load_pkcs12(
cert_files=options.pkinit_cert_files,
@@ -642,14 +645,15 @@ def install_check(installer):
if (options.http_cert_files and options.dirsrv_cert_files and
http_ca_cert != dirsrv_ca_cert):
- sys.exit("Apache Server SSL certificate and Directory Server SSL "
- "certificate are not signed by the same CA certificate")
+ raise ScriptError(
+ "Apache Server SSL certificate and Directory Server SSL "
+ "certificate are not signed by the same CA certificate")
if not options.dm_password:
dm_password = read_dm_password()
if dm_password is None:
- sys.exit("Directory Manager password required")
+ raise ScriptError("Directory Manager password required")
else:
dm_password = options.dm_password
@@ -661,7 +665,7 @@ def install_check(installer):
if not options.admin_password:
admin_password = read_admin_password()
if admin_password is None:
- sys.exit("IPA admin password required")
+ raise ScriptError("IPA admin password required")
else:
admin_password = options.admin_password
@@ -757,7 +761,7 @@ def install_check(installer):
if installer.interactive and not user_input(
"Continue to configure the system with these values?", False):
- sys.exit("Installation aborted")
+ raise ScriptError("Installation aborted")
options.realm_name = realm_name
options.domain_name = domain_name
@@ -1005,8 +1009,8 @@ def install(installer):
args.append("--mkhomedir")
run(args, redirect_output=True)
print()
- except Exception as e:
- sys.exit("Configuration of client side components failed!")
+ except Exception:
+ raise ScriptError("Configuration of client side components failed!")
# Everything installed properly, activate ipa service.
services.knownservices.ipa.enable()
@@ -1092,7 +1096,7 @@ def uninstall_check(installer):
"uninstall procedure?", False):
print("")
print("Aborting uninstall operation.")
- sys.exit(1)
+ raise ScriptError
try:
conn = ipaldap.IPAdmin(
@@ -1118,7 +1122,7 @@ def uninstall_check(installer):
"procedure?", False)):
print("")
print("Aborting uninstall operation.")
- sys.exit(1)
+ raise ScriptError
else:
dns.uninstall_check(options)
@@ -1149,7 +1153,7 @@ def uninstall_check(installer):
" the uninstall procedure?", False)):
print("")
print("Aborting uninstall operation.")
- sys.exit(1)
+ raise ScriptError
else:
masters = api.Command.server_find(
sizelimit=0, no_members=False)['result']
@@ -1164,7 +1168,7 @@ def uninstall_check(installer):
if (not options.unattended and not user_input(
"Do you want to continue uninstallation?", False)):
print("Aborted")
- sys.exit(1)
+ raise ScriptError
if not options.ignore_topology_disconnect:
check_topology_connectivity(api, masters)
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index f597880471eb3710ebc7163f771d4e6dc9f1e3d6..2bb0f8305239afd405a4ee8161a83db4afd77bb5 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -22,6 +22,7 @@ from ipapython.dn import DN
from ipapython.install.common import step
from ipapython.install.core import Knob
from ipapython.ipa_log_manager import root_logger
+from ipapython.admintool import ScriptError
from ipaplatform import services
from ipaplatform.tasks import tasks
from ipaplatform.paths import paths
@@ -157,7 +158,7 @@ def install_ca_cert(ldap, base_dn, realm, cafile):
os.chmod(constants.CACERT, 0o444)
except Exception as e:
print("error copying files: " + str(e))
- sys.exit(1)
+ raise ScriptError
def install_http(config, auto_redirect, ca_is_configured, promote=False,
@@ -232,7 +233,7 @@ def check_dirsrv():
print("\t389")
if not ds_secure:
print("\t636")
- sys.exit(1)
+ raise ScriptError
def check_dns_resolution(host_name, dns_servers):
@@ -331,7 +332,7 @@ def configure_certmonger():
messagebus.start()
except Exception as e:
print("Messagebus service unavailable: %s" % str(e))
- sys.exit(3)
+ raise ScriptError(rval=3)
# Ensure that certmonger has been started at least once to generate the
# cas files in /var/lib/certmonger/cas.
@@ -340,13 +341,13 @@ def configure_certmonger():
cmonger.restart()
except Exception as e:
print("Certmonger service unavailable: %s" % str(e))
- sys.exit(3)
+ raise ScriptError(rval=3)
try:
cmonger.enable()
except Exception as e:
print("Failed to enable Certmonger: %s" % str(e))
- sys.exit(3)
+ raise ScriptError(rval=3)
def remove_replica_info_dir(installer):
@@ -367,7 +368,7 @@ def common_cleanup(func):
remove_replica_info_dir(installer)
raise
except KeyboardInterrupt:
- sys.exit(1)
+ raise ScriptError
except Exception:
print(
"Your system may be partly configured.\n"
@@ -488,15 +489,17 @@ def install_check(installer):
tasks.check_selinux_status()
if is_ipa_configured():
- sys.exit("IPA server is already configured on this system.\n"
- "If you want to reinstall the IPA server, please uninstall "
- "it first using 'ipa-server-install --uninstall'.")
+ raise ScriptError(
+ "IPA server is already configured on this system.\n"
+ "If you want to reinstall the IPA server, please uninstall "
+ "it first using 'ipa-server-install --uninstall'.")
client_fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
if client_fstore.has_files():
- sys.exit("IPA client is already configured on this system.\n"
- "Please uninstall it first before configuring the replica, "
- "using 'ipa-client-install --uninstall'.")
+ raise ScriptError(
+ "IPA client is already configured on this system.\n"
+ "Please uninstall it first before configuring the replica, "
+ "using 'ipa-client-install --uninstall'.")
sstore = sysrestore.StateFile(paths.SYSRESTORE)
@@ -504,7 +507,7 @@ def install_check(installer):
# Check to see if httpd is already configured to listen on 443
if httpinstance.httpd_443_configured():
- sys.exit("Aborting installation")
+ raise ScriptError("Aborting installation")
check_dirsrv()
@@ -525,9 +528,9 @@ def install_check(installer):
try:
dirman_password = get_dirman_password()
except KeyboardInterrupt:
- sys.exit(0)
+ raise ScriptError(rval=0)
if dirman_password is None:
- sys.exit("Directory Manager password required")
+ raise ScriptError("Directory Manager password required")
config = create_replica_config(dirman_password, filename, options)
installer._top_dir = config.top_dir
@@ -628,7 +631,7 @@ def install_check(installer):
print("Run this on the master that generated the info file:")
print((" %% ipa-replica-manage del %s --force" %
config.host_name))
- sys.exit(3)
+ raise ScriptError(rval=3)
# Detect the current domain level
try:
@@ -660,7 +663,7 @@ def install_check(installer):
"within this domain.")
root_logger.error(message)
print(message)
- sys.exit(3)
+ raise ScriptError(rval=3)
# Check pre-existing host entry
try:
@@ -676,7 +679,7 @@ def install_check(installer):
config.host_name))
print("You should remove it before proceeding:")
print(" %% ipa host-del %s" % config.host_name)
- sys.exit(3)
+ raise ScriptError(rval=3)
dns_masters = remote_api.Object['dnsrecord'].get_dns_masters()
if dns_masters:
@@ -688,7 +691,7 @@ def install_check(installer):
check_dns_resolution(config.host_name, dns_masters))
if not resolution_ok and installer.interactive:
if not ipautil.user_input("Continue?", False):
- sys.exit(0)
+ raise ScriptError(rval=0)
else:
root_logger.debug('No IPA DNS servers, '
'skipping forward/reverse resolution check')
@@ -704,7 +707,7 @@ def install_check(installer):
kra.install_check(remote_api, config, options)
except RuntimeError as e:
print(str(e))
- sys.exit(1)
+ raise ScriptError
if options.setup_dns:
dns.install_check(False, remote_api, True, options,
@@ -716,11 +719,11 @@ def install_check(installer):
options.ip_addresses)
except errors.ACIError:
- sys.exit("\nThe password provided is incorrect for LDAP server "
- "%s" % config.master_host_name)
+ raise ScriptError("\nThe password provided is incorrect for LDAP server "
+ "%s" % config.master_host_name)
except errors.LDAPError:
- sys.exit("\nUnable to connect to LDAP server %s" %
- config.master_host_name)
+ raise ScriptError("\nUnable to connect to LDAP server %s" %
+ config.master_host_name)
finally:
if replman and replman.conn:
replman.conn.unbind()
@@ -927,7 +930,7 @@ def ensure_enrolled(installer):
ipautil.run(args, stdin=stdin, redirect_output=True)
print()
except Exception:
- sys.exit("Configuration of client side components failed!")
+ raise ScriptError("Configuration of client side components failed!")
@common_cleanup
@preserve_enrollment_state
@@ -940,9 +943,10 @@ def promote_check(installer):
tasks.check_selinux_status()
if is_ipa_configured():
- sys.exit("IPA server is already configured on this system.\n"
- "If you want to reinstall the IPA server, please uninstall "
- "it first using 'ipa-server-install --uninstall'.")
+ raise ScriptError(
+ "IPA server is already configured on this system.\n"
+ "If you want to reinstall the IPA server, please uninstall "
+ "it first using 'ipa-server-install --uninstall'.")
client_fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
if not client_fstore.has_files():
@@ -960,7 +964,7 @@ def promote_check(installer):
# Check to see if httpd is already configured to listen on 443
if httpinstance.httpd_443_configured():
- sys.exit("Aborting installation")
+ raise ScriptError("Aborting installation")
check_dirsrv()
@@ -1001,7 +1005,7 @@ def promote_check(installer):
"Enter Apache Server private key unlock",
confirm=False, validate=False)
if options.http_pin is None:
- sys.exit(
+ raise ScriptError(
"Apache Server private key unlock password required")
http_pkcs12_file, http_pin, http_ca_cert = load_pkcs12(
cert_files=options.http_cert_files,
@@ -1017,7 +1021,7 @@ def promote_check(installer):
"Enter Directory Server private key unlock",
confirm=False, validate=False)
if options.dirsrv_pin is None:
- sys.exit(
+ raise ScriptError(
"Directory Server private key unlock password required")
dirsrv_pkcs12_file, dirsrv_pin, dirsrv_ca_cert = load_pkcs12(
cert_files=options.dirsrv_cert_files,
@@ -1033,7 +1037,7 @@ def promote_check(installer):
"Enter Kerberos KDC private key unlock",
confirm=False, validate=False)
if options.pkinit_pin is None:
- sys.exit(
+ raise ScriptError(
"Kerberos KDC private key unlock password required")
pkinit_pkcs12_file, pkinit_pin, pkinit_ca_cert = load_pkcs12(
cert_files=options.pkinit_cert_files,
@@ -1141,7 +1145,7 @@ def promote_check(installer):
print("Run this command:")
print(" %% ipa-replica-manage del %s --force" %
config.host_name)
- sys.exit(3)
+ raise ScriptError(rval=3)
# Detect if current level is out of supported range
# for this IPA version
@@ -1156,7 +1160,7 @@ def promote_check(installer):
"this version is allowed to be installed "
"within this domain.")
root_logger.error(message)
- sys.exit(3)
+ raise ScriptError(rval=3)
# Detect if the other master can handle replication managers
# cn=replication managers,cn=sysaccounts,cn=etc,$SUFFIX
@@ -1172,7 +1176,7 @@ def promote_check(installer):
"command on the master and use a prep file to install "
"this replica.")
root_logger.error(msg)
- sys.exit(3)
+ raise ScriptError(rval=3)
dns_masters = remote_api.Object['dnsrecord'].get_dns_masters()
if dns_masters:
@@ -1184,7 +1188,7 @@ def promote_check(installer):
check_dns_resolution(config.host_name, dns_masters))
if not resolution_ok and installer.interactive:
if not ipautil.user_input("Continue?", False):
- sys.exit(0)
+ raise ScriptError(rval=0)
else:
root_logger.debug('No IPA DNS servers, '
'skipping forward/reverse resolution check')
@@ -1202,7 +1206,7 @@ def promote_check(installer):
if options.dirsrv_cert_files:
root_logger.error("Certificates could not be provided when "
"CA is present on some master.")
- sys.exit(3)
+ raise ScriptError(rval=3)
else:
ca_enabled = False
if not options.dirsrv_cert_files:
@@ -1210,20 +1214,20 @@ def promote_check(installer):
"installed. Use the --http-cert-file, "
"--dirsrv-cert-file options to provide "
"custom certificates.")
- sys.exit(3)
+ raise ScriptError(rval=3)
config.kra_host_name = service.find_providing_server('KRA', conn,
api.env.server)
if options.setup_kra and config.kra_host_name is None:
root_logger.error("There is no KRA server in the domain, can't "
"setup a KRA clone")
- sys.exit(3)
+ raise ScriptError(rval=3)
if options.setup_ca:
if not ca_enabled:
root_logger.error("The remote master does not have a CA "
"installed, can't set up CA")
- sys.exit(3)
+ raise ScriptError(rval=3)
options.realm_name = config.realm_name
options.host_name = config.host_name
@@ -1235,7 +1239,7 @@ def promote_check(installer):
kra.install_check(remote_api, config, options)
except RuntimeError as e:
print(str(e))
- sys.exit(1)
+ raise ScriptError
if options.setup_dns:
dns.install_check(False, remote_api, True, options,
@@ -1246,10 +1250,10 @@ def promote_check(installer):
False, options.ip_addresses)
except errors.ACIError:
- sys.exit("\nInsufficient privileges to promote the server.")
+ raise ScriptError("\nInsufficient privileges to promote the server.")
except errors.LDAPError:
- sys.exit("\nUnable to connect to LDAP server %s" %
- config.master_host_name)
+ raise ScriptError("\nUnable to connect to LDAP server %s" %
+ config.master_host_name)
finally:
if replman and replman.conn:
replman.conn.unbind()
--
2.5.5
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
