subject:"\[Freeipa\-devel\] \[PATCH 0024\] Handle timeout error in ipa\-httpd\-kdcproxy"

[Freeipa-devel] [PATCH 0024] Handle timeout error in ipa-httpd-kdcproxy

2015-09-10 Thread Christian Heimes

The ipa-httpd-kdcproxy script now handles LDAP timeout errors correctly.
A timeout does no longer result into an Apache startup error.

https://fedorahosted.org/freeipa/ticket/5292


From 7ae756234534f0c6e750b5820733c6c5cb0682c6 Mon Sep 17 00:00:00 2001
From: Christian Heimes 
Date: Thu, 10 Sep 2015 11:54:32 +0200
Subject: [PATCH] Handle timeout error in ipa-httpd-kdcproxy

The ipa-httpd-kdcproxy script now handles LDAP timeout errors correctly.
A timeout does no longer result into an Apache startup error.

https://fedorahosted.org/freeipa/ticket/5292
---
 install/tools/ipa-httpd-kdcproxy | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/install/tools/ipa-httpd-kdcproxy b/install/tools/ipa-httpd-kdcproxy
index 60b22f2cc321d416871c74f3b4d580594c186a85..5e9863f8bd82e1628030b0b767a6697ab2a1d7bd 100755
--- a/install/tools/ipa-httpd-kdcproxy
+++ b/install/tools/ipa-httpd-kdcproxy
@@ -24,6 +24,7 @@ This script creates or removes the symlink from /etc/ipa/ipa-kdc-proxy.conf
 to /etc/httpd/conf.d/. It's called from ExecStartPre hook in httpd.service.
 """
 import os
+import socket
 import sys
 
 from ipalib import api, errors
@@ -81,7 +82,7 @@ class KDCProxyConfig(object):
 # EXTERNAL bind as root user
 self.con.ldapi = True
 self.con.do_bind(timeout=self.time_limit)
-except errors.NetworkError as e:
+except (errors.NetworkError, socket.timeout) as e:
 msg = 'Unable to connect to dirsrv: %s' % e
 raise CheckError(msg)
 except errors.AuthorizationError as e:
-- 
2.4.3



signature.asc
Description: OpenPGP digital signature
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0024] Handle timeout error in ipa-httpd-kdcproxy

2015-09-10 Thread Rob Crittenden

Christian Heimes wrote:
> The ipa-httpd-kdcproxy script now handles LDAP timeout errors correctly.
> A timeout does no longer result into an Apache startup error.
> 
> https://fedorahosted.org/freeipa/ticket/5292
> 
> 
> 
> 

Since this is related to IPA not being configured yet would it make
sense to call ipaserver.install.installutils.is_ipa_configured() and
exit early and gracefully, doing no work, if it isn't? IMHO it should
happen before the api is initialized.

rob

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0024] Handle timeout error in ipa-httpd-kdcproxy

2015-09-10 Thread Martin Basti




On 09/10/2015 01:29 PM, Martin Basti wrote:

ACK

On 09/10/2015 11:58 AM, Christian Heimes wrote:

The ipa-httpd-kdcproxy script now handles LDAP timeout errors correctly.
A timeout does no longer result into an Apache startup error.

https://fedorahosted.org/freeipa/ticket/5292










Pushed to:
master: a3d077443fc7f15c005f86aeed40443d0a0843a1
ipa-4-2: 1464437ca2a1bb18fd6468e673ae7589e4d4216f

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0024] Handle timeout error in ipa-httpd-kdcproxy

2015-09-10 Thread Martin Basti


ACK

On 09/10/2015 11:58 AM, Christian Heimes wrote:

The ipa-httpd-kdcproxy script now handles LDAP timeout errors correctly.
A timeout does no longer result into an Apache startup error.

https://fedorahosted.org/freeipa/ticket/5292






-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0024] Handle timeout error in ipa-httpd-kdcproxy

2015-09-10 Thread Christian Heimes

On 2015-09-10 14:58, Rob Crittenden wrote:
> Christian Heimes wrote:
>> The ipa-httpd-kdcproxy script now handles LDAP timeout errors correctly.
>> A timeout does no longer result into an Apache startup error.
>>
>> https://fedorahosted.org/freeipa/ticket/5292
>>
>>
>>
>>
> 
> 
> Since this is related to IPA not being configured yet would it make
> sense to call ipaserver.install.installutils.is_ipa_configured() and
> exit early and gracefully, doing no work, if it isn't? IMHO it should
> happen before the api is initialized.

That sounds like a very good idea! I didn't know about that API function.

Christian




signature.asc
Description: OpenPGP digital signature
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [PATCH 0024] Handle timeout error in ipa-httpd-kdcproxy

Re: [Freeipa-devel] [PATCH 0024] Handle timeout error in ipa-httpd-kdcproxy

Re: [Freeipa-devel] [PATCH 0024] Handle timeout error in ipa-httpd-kdcproxy

Re: [Freeipa-devel] [PATCH 0024] Handle timeout error in ipa-httpd-kdcproxy

Re: [Freeipa-devel] [PATCH 0024] Handle timeout error in ipa-httpd-kdcproxy

5 matches

Site Navigation

Mail list logo

Footer information