On Tue, Sep 04, 2018 at 01:53:45PM +0200, Andrea Bolognani wrote:
On Tue, 2018-09-04 at 10:49 +0200, Martin Kletzander wrote:s/manually/ourselves/ in the subject. [...]def get_root_password_file(self): - root_pass_file = self._get_config_file("root-password") - root_hash_file = self._get_config_file(".root-password.hash") - - try: - with open(root_pass_file, "r") as infile: - root_pass = infile.readline().strip() - except Exception: - raise Error( - "Missing or invalid root password file ({})".format( - root_pass_file, - ) - ) - - # The hash will be different every time we run, but that doesn't - # matter - it will still validate the correct root password - root_hash = crypt.crypt(root_pass, Util.mksalt()) - - try: - with open(root_hash_file, "w") as infile: - infile.write("{}\n".format(root_hash)) - except Exception: - raise Error( - "Can't write hashed root password file ({})".format( - root_hash_file, - ) - ) - - return root_hash_file + return self._get_config_file("root-password")This is a really nice improvement overall, but we can't quite get rid of the entire function: we still need to try and open the file, or at least stat() it, like we do in get_vault_password_file(), so that we can error out early instead of having Ansible bail out on us really late in the game.
So what you had in mind is something like the following squashed in? diff --git i/guests/lcitool w/guests/lcitool index 609c73c43dbc..2ac98ea69030 100755 --- i/guests/lcitool +++ w/guests/lcitool @@ -151,7 +151,22 @@ class Config: return vault_pass_file def get_root_password_file(self): - return self._get_config_file("root-password") + root_pass_file = None + + root_pass_file = self._get_config_file("root-password") + + try: + with open(root_pass_file, "r") as infile: + if not infile.readline().strip(): + raise ValueError + except Exception: + raise Error( + "Missing or invalid root password file ({})".format( + root_pass_file, + ) + ) + + return root_pass_file class Inventory: -- Or we could have the check in ansible itself, but that would be a bigger change and the codebase is not prepared for that. TLTTIRN, Martin
signature.asc
Description: Digital signature
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list