You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
With ipa-healthcheck 0.14, ipa-healthcheck reports a traceback if the LDAP server is not running:
# rpm -qa freeipa-healthcheck
freeipa-healthcheck-0.14-1.fc38.noarch
# systemctl stop dirsrv@IPA-TEST.service
# ipa-healthcheck
Traceback (most recent call last):
File "/usr/lib/python3.11/site-packages/ipapython/ipaldap.py", line 1088, in error_handler
yield
File "/usr/lib/python3.11/site-packages/ipapython/ipaldap.py", line 1246, in external_bind
self.conn.sasl_interactive_bind_s(
File "/usr/lib64/python3.11/site-packages/ldap/ldapobject.py", line 270, in sasl_interactive_bind_s
return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.11/site-packages/ldap/ldapobject.py", line 128, in _ldap_call
result = func(*args,**kwargs)
^^^^^^^^^^^^^^^^^^^^
ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'errno': 111, 'ctrls': [], 'info': 'Connection refused'}
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/bin/ipa-healthcheck", line 33, in <module>
sys.exit(load_entry_point('ipahealthcheck==0.14', 'console_scripts', 'ipa-healthcheck')())
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/site-packages/ipahealthcheck/core/main.py", line 54, in main
sys.exit(ipachecks.run_healthcheck())
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/site-packages/ipahealthcheck/core/core.py", line 440, in run_healthcheck
results, available = run_service_plugins(plugins,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/site-packages/ipahealthcheck/core/core.py", line 145, in run_service_plugins
for result in plugin.check():
^^^^^^^^^^^^^^
File "/usr/lib/python3.11/site-packages/ipahealthcheck/meta/services.py", line 122, in check
self.service_name = self.get_service_name('KEYS')
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/site-packages/ipahealthcheck/meta/services.py", line 31, in get_service_name
api.Backend.ldap2.connect()
File "/usr/lib/python3.11/site-packages/ipalib/backend.py", line 69, in connect
conn = self.create_connection(*args, **kw)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/site-packages/ipaserver/plugins/ldap2.py", line 187, in create_connection
client.external_bind(server_controls=serverctrls,
File "/usr/lib/python3.11/site-packages/ipapython/ipaldap.py", line 1243, in external_bind
with self.error_handler():
File "/usr/lib64/python3.11/contextlib.py", line 155, in __exit__
self.gen.throw(typ, value, traceback)
File "/usr/lib/python3.11/site-packages/ipapython/ipaldap.py", line 1141, in error_handler
raise errors.NetworkError(uri=self.ldap_uri,
ipalib.errors.NetworkError: cannot connect to 'ldapi://%2Frun%2Fslapd-IPA-TEST.socket': Connection refused
The regression was introduced with this commit that discovers the service name based on roles stored in LDAP.
ipa-healthcheck 0.12 doesn't have the issue:
Some services aren't included in ipaplaform.knownservices
like smb and winbind. It is possible to discover the
service name using the same method used by ipactl, via roles.
If dirsrv isn't started then this will blow up spectacularly
so use requires as a guard against it.
Fixes: freeipa#300
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
rcritten
added a commit
to rcritten/freeipa-healthcheck
that referenced
this issue
Sep 28, 2023
Some services aren't included in ipaplaform.knownservices
like smb and winbind. It is possible to discover the
service name using the same method used by ipactl, via roles.
If dirsrv isn't started then this will blow up spectacularly
so use requires as a guard against it.
Fixes: freeipa#300
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
With ipa-healthcheck 0.14, ipa-healthcheck reports a traceback if the LDAP server is not running:
The regression was introduced with this commit that discovers the service name based on roles stored in LDAP.
ipa-healthcheck 0.12 doesn't have the issue:
The text was updated successfully, but these errors were encountered: