Re: [Freeipa-devel] [PATCH] 389 Fix ipa-restore on systems without IPA installed

2015-01-13 Thread Jan Cholasta 

Dne 13.1.2015 v 17:20 Petr Vobornik napsal(a):

On 01/13/2015 05:06 PM, Jan Cholasta wrote:

Dne 13.1.2015 v 16:47 Petr Vobornik napsal(a):

On 01/13/2015 11:54 AM, Jan Cholasta wrote:

Dne 13.1.2015 v 10:46 Petr Vobornik napsal(a):

On 01/12/2015 06:07 PM, Jan Cholasta wrote:

Hi,

the attached patch fixes
.

Honza



Is there a reason why `installutils.check_server_configuration() `
is called in `cert_restore_prepare`, ie., method which is not
really connected with it, and not in `run` as for DATA backup?


Full restore may be done when IPA is not installed, but
cert_restore_prepare crashes when IPA is not installed, the check
prevents that.

Anyway, see the attached patch for an alternative, possibly better
approach.



Works, but with full restore I got:

 ...
 Disabling all replication.
 Unable to get connection, skipping disabling agreements: Unable to
bind to LDAP server: [Errno 2] No such file or directory
 Stopping IPA services
 Restoring files
 ...

I wonder if it needs a better error message, it may be confusing for
users.


Can you open a ticket for this? I would rather not deal with this right
now in this patch...


opened: https://fedorahosted.org/freeipa/ticket/4838

ACK, I'll leave push and rebase order of backup patches up to you


Thanks, rebased and pushed to:
master: abcbe271d5e022ac805b448c85ebe4790bae7fb1
ipa-4-1: a98bc2381b7152c7076223e6bd36a1411fa850eb

--
Jan Cholasta

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 389 Fix ipa-restore on systems without IPA installed

2015-01-13 Thread Petr Vobornik 

On 01/13/2015 05:06 PM, Jan Cholasta wrote:

Dne 13.1.2015 v 16:47 Petr Vobornik napsal(a):

On 01/13/2015 11:54 AM, Jan Cholasta wrote:

Dne 13.1.2015 v 10:46 Petr Vobornik napsal(a):

On 01/12/2015 06:07 PM, Jan Cholasta wrote:

Hi,

the attached patch fixes
.

Honza



Is there a reason why `installutils.check_server_configuration() `
is called in `cert_restore_prepare`, ie., method which is not
really connected with it, and not in `run` as for DATA backup?


Full restore may be done when IPA is not installed, but
cert_restore_prepare crashes when IPA is not installed, the check
prevents that.

Anyway, see the attached patch for an alternative, possibly better
approach.



Works, but with full restore I got:

 ...
 Disabling all replication.
 Unable to get connection, skipping disabling agreements: Unable to
bind to LDAP server: [Errno 2] No such file or directory
 Stopping IPA services
 Restoring files
 ...

I wonder if it needs a better error message, it may be confusing for
users.


Can you open a ticket for this? I would rather not deal with this right
now in this patch...


opened: https://fedorahosted.org/freeipa/ticket/4838

ACK, I'll leave push and rebase order of backup patches up to you





Btw what is the use case for fullrestore without IPA? Is it somewhere
documented or mentioned?



http://www.freeipa.org/page/V3/Backup_and_Restore#Catastrophic_hardware_failure_on_a_machine.



Thanks
--
Petr Vobornik

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 389 Fix ipa-restore on systems without IPA installed

2015-01-13 Thread Jan Cholasta 

Dne 13.1.2015 v 16:47 Petr Vobornik napsal(a):

On 01/13/2015 11:54 AM, Jan Cholasta wrote:

Dne 13.1.2015 v 10:46 Petr Vobornik napsal(a):

On 01/12/2015 06:07 PM, Jan Cholasta wrote:

Hi,

the attached patch fixes
.

Honza



Is there a reason why `installutils.check_server_configuration() `
is called in `cert_restore_prepare`, ie., method which is not
really connected with it, and not in `run` as for DATA backup?


Full restore may be done when IPA is not installed, but
cert_restore_prepare crashes when IPA is not installed, the check
prevents that.

Anyway, see the attached patch for an alternative, possibly better
approach.



Works, but with full restore I got:

 ...
 Disabling all replication.
 Unable to get connection, skipping disabling agreements: Unable to
bind to LDAP server: [Errno 2] No such file or directory
 Stopping IPA services
 Restoring files
 ...

I wonder if it needs a better error message, it may be confusing for users.


Can you open a ticket for this? I would rather not deal with this right 
now in this patch...




Btw what is the use case for fullrestore without IPA? Is it somewhere
documented or mentioned?



http://www.freeipa.org/page/V3/Backup_and_Restore#Catastrophic_hardware_failure_on_a_machine.

--
Jan Cholasta

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 389 Fix ipa-restore on systems without IPA installed

2015-01-13 Thread Petr Vobornik 

On 01/13/2015 11:54 AM, Jan Cholasta wrote:

Dne 13.1.2015 v 10:46 Petr Vobornik napsal(a):

On 01/12/2015 06:07 PM, Jan Cholasta wrote:

Hi,

the attached patch fixes
.

Honza



Is there a reason why `installutils.check_server_configuration() `
is called in `cert_restore_prepare`, ie., method which is not
really connected with it, and not in `run` as for DATA backup?


Full restore may be done when IPA is not installed, but
cert_restore_prepare crashes when IPA is not installed, the check
prevents that.

Anyway, see the attached patch for an alternative, possibly better
approach.



Works, but with full restore I got:

...
Disabling all replication.
Unable to get connection, skipping disabling agreements: Unable to
bind to LDAP server: [Errno 2] No such file or directory
Stopping IPA services
Restoring files
...

I wonder if it needs a better error message, it may be confusing for users.

Btw what is the use case for fullrestore without IPA? Is it somewhere 
documented or mentioned?


--
Petr Vobornik

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 389 Fix ipa-restore on systems without IPA installed

2015-01-13 Thread Jan Cholasta 

Dne 13.1.2015 v 10:46 Petr Vobornik napsal(a):

On 01/12/2015 06:07 PM, Jan Cholasta wrote:

Hi,

the attached patch fixes .

Honza



Is there a reason why `installutils.check_server_configuration()
` is called in `cert_restore_prepare`, ie., method which is not really
connected with it, and not in `run` as for DATA backup?


Full restore may be done when IPA is not installed, but 
cert_restore_prepare crashes when IPA is not installed, the check 
prevents that.


Anyway, see the attached patch for an alternative, possibly better approach.

--
Jan Cholasta
>From 529831fd7d48660774c6c7fa6f3a0770b45d602a Mon Sep 17 00:00:00 2001
From: Jan Cholasta 
Date: Mon, 12 Jan 2015 17:03:22 +
Subject: [PATCH] Fix ipa-restore on systems without IPA installed

https://fedorahosted.org/freeipa/ticket/4824
---
 ipaserver/install/ipa_restore.py | 8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py
index 0977039..5e88f2b 100644
--- a/ipaserver/install/ipa_restore.py
+++ b/ipaserver/install/ipa_restore.py
@@ -694,8 +694,12 @@ class Restore(admintool.AdminTool):
 cainstance.stop_tracking_certificates(
 dogtag.configured_constants())
 httpinstance.HTTPInstance().stop_tracking_certificates()
-dsinstance.DsInstance().stop_tracking_certificates(
-realm_to_serverid(api.env.realm))
+try:
+dsinstance.DsInstance().stop_tracking_certificates(
+realm_to_serverid(api.env.realm))
+except OSError:
+# When IPA is not installed, DS NSS DB does not exist
+pass
 
 for basename in ('cert8.db', 'key3.db', 'secmod.db', 'pwdfile.txt'):
 filename = os.path.join(paths.IPA_NSSDB_DIR, basename)
-- 
2.1.0

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 389 Fix ipa-restore on systems without IPA installed

2015-01-13 Thread Petr Vobornik 

On 01/12/2015 06:07 PM, Jan Cholasta wrote:

Hi,

the attached patch fixes .

Honza



Is there a reason why `installutils.check_server_configuration()
` is called in `cert_restore_prepare`, ie., method which is not really 
connected with it, and not in `run` as for DATA backup?

--
Petr Vobornik

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel