[Freeipa-devel] [freeipa PR#212][opened] KRA: don't add KRA container when KRA replica

Fri, 04 Nov 2016 10:50:08 -0700 

   URL: https://github.com/freeipa/freeipa/pull/212
Author: mbasti-rh
 Title: #212: KRA: don't add KRA container when KRA replica
Action: opened

PR body:
"""
Regression in master branch only

This fixes regression caused by c56256e2a29f076e6afa559225a66f58b0773eb5
"""
  [9/11]: add vault container
ipa         : CRITICAL Failed to load vault.ldif: Command
'/usr/bin/ldapmodify -v -f /tmp/tmpxxO9IC -H
ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -x -D cn=Directory Manager
-y /tmp/tmpVKinCZ' returned non-zero exit status 68
  [10/11]: apply LDAP updates
"""

and removes unneded steps during installation of KRA replica, because
KRA container must be there since installation of first KRA instance.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/212/head:pr212
git checkout pr212

From af15e230727a497b27e55c550df248a2ab148b36 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Fri, 4 Nov 2016 18:45:43 +0100
Subject: [PATCH] KRA: don't add KRA container when KRA replica

This fixes regression caused by c56256e2a29f076e6afa559225a66f58b0773eb5
"""
  [9/11]: add vault container
ipa         : CRITICAL Failed to load vault.ldif: Command
'/usr/bin/ldapmodify -v -f /tmp/tmpxxO9IC -H
ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -x -D cn=Directory Manager
-y /tmp/tmpVKinCZ' returned non-zero exit status 68
  [10/11]: apply LDAP updates
"""

and removes unneded steps during installation of KRA replica, because
KRA container must be there since installation of first KRA instance.
---
 ipaserver/install/krainstance.py | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py
index a2210a2..463d490 100644
--- a/ipaserver/install/krainstance.py
+++ b/ipaserver/install/krainstance.py
@@ -313,11 +313,6 @@ def __add_vault_container(self):
         try:
             self._ldap_mod('vault.ldif', {'SUFFIX': self.suffix},
                            raise_on_err=True)
-        except ipautil.CalledProcessError as e:
-            if e.returncode == LDAPMOD_ERR_ALREADY_EXISTS:
-                self.log.debug("Vault container already exists")
-            else:
-                self.log.error("Failed to add vault container: {0}".format(e))
         finally:
             # we need to disconnect from LDAP, because _ldap_mod() makes the
             # connection without actually using it
@@ -394,7 +389,6 @@ def configure_replica(self, host_name, master_host, dm_password,
         self.step("configure certmonger for renewals",
                   self.configure_certmonger_renewal)
         self.step("configure certificate renewals", self.configure_renewal)
-        self.step("add vault container", self.__add_vault_container)
 
         self.step("enabling KRA instance", self.__enable_instance)
 

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to