New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clean up Uninstall output #1899
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
pylint errors:
************* Module ipapython.admintool
ipapython/admintool.py:177: [E1101(no-member), AdminTool.execute] Instance of 'BaseException' has no 'rval' member)
ipapython/admintool.py:177: [E1101(no-member), AdminTool.execute] Instance of 'BaseException' has no 'rval' member)
ipapython/admintool.py:178: [E1101(no-member), AdminTool.execute] Instance of 'BaseException' has no 'rval' member)
ipapython/admintool.py:181: [E1101(no-member), AdminTool.execute] Instance of 'AdminTool' has no 'ignore_return_codes' member)
************* Module ipaserver.install.dogtaginstance
ipaserver/install/dogtaginstance.py:322: [W1201(logging-not-lazy), DogtagInstance.stop_tracking_certificates] Specify string format arguments as logging function parameters)
I'm baffled about the PEP8 error. I tried to wrap it in another set of parens and same error. I'm tempted to ignore it but would appreciate some input. |
ipaserver/plugins/server.py
Outdated
@@ -619,7 +619,10 @@ def _remove_server_principal_references(self, master): | |||
if master in srvlist: | |||
srvlist.remove(master) | |||
attr = ' '.join(srvlist) | |||
ret['defaultServerList'] = attr | |||
if len(srvlist) == 0: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if not srvlist:
del ret['defaultServerList']
else:
ret['defaultServerList'] = ' '.join(srvlist)
^-- removes the possibly unnecessary join()
if the list is empty and the condition is a bit more Pythonic I believe :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1, done
ipapython/install/cli.py
Outdated
@@ -58,7 +58,24 @@ def _get_usage(configurable_class): | |||
|
|||
def install_tool(configurable_class, command_name, log_file_name, | |||
debug_option=False, verbose=False, console_format=None, | |||
use_private_ccache=True, uninstall_log_file_name=None): | |||
use_private_ccache=True, uninstall_log_file_name=None, | |||
ignore_return_codes=[]): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please don't use mutable data types in argument lists. If you need an iterable, use a tuple as default argument ignore_return_codes=()
.
@@ -25,7 +25,8 @@ | |||
# The Python re module doesn't do nested parenthesis | |||
|
|||
# Break the ACI into 3 pieces: target, name, permissions/bind_rules | |||
ACIPat = re.compile(r'\(version\s+3.0\s*;\s*ac[li]\s+\"([^\"]*)\"\s*;\s*([^;]*);\s*\)', re.UNICODE) | |||
ACIPat = re.compile(r'\(version\s+3.0\s*;\s*ac[li]\s+\"([^\"]*)\"\s*;' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This change looks unrelated to the rest.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This and the change to test_aci.py are related because by enabling logging two ACI parsing errors were exposed by the LDAP updater.
ACI parsing is forgiving and errors are not treated as fatal so this didn't cause any operational issues but two rather nasty looking errors would appear while applying updates as a direct result of my output changes so I fixed this as well.
ipapython/admintool.py
Outdated
@@ -93,6 +93,7 @@ class AdminTool(object): | |||
log_file_name = None | |||
usage = None | |||
description = None | |||
ignore_return_codes = [] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here, use a tuple ()
.
@@ -162,3 +162,15 @@ def test_aci_parsing_8(): | |||
def test_aci_parsing_9(): | |||
check_aci_parsing('(targetfilter = "(|(objectClass=person)(objectClass=krbPrincipalAux)(objectClass=posixAccount)(objectClass=groupOfNames)(objectClass=posixGroup))")(targetattr != "aci || userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory")(version 3.0; acl "Account Admins can manage Users and Groups"; allow (add, delete, read, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=greyoak,dc=com";)', | |||
'(targetattr != "aci || userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory")(targetfilter = "(|(objectClass=person)(objectClass=krbPrincipalAux)(objectClass=posixAccount)(objectClass=groupOfNames)(objectClass=posixGroup))")(version 3.0;acl "Account Admins can manage Users and Groups";allow (add,delete,read,write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=greyoak,dc=com";)') | |||
|
|||
|
|||
def test_aci_parsing_10(): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This also looks unrelated.
ipaserver/install/cainstance.py
Outdated
@@ -1794,7 +1794,7 @@ def _create_dogtag_profile(profile_id, profile_data, overwrite): | |||
# import the profile | |||
try: | |||
profile_api.create_profile(profile_data) | |||
logger.info("Profile '%s' successfully migrated to LDAP", | |||
logger.debug("Profile '%s' successfully migrated to LDAP", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The second like with profile_id
needs to be reindented, too.
Thanks for cleanup up the logger! 👍 |
2e987b1
to
89cc34f
Compare
The server installation and uninstallation overlaps both the server and client installers. The output could be confusing with a server uninstall finishing with the message: The ipa-client-install command was successful This was in part due to the fact that the server was not configured with a console format and verbose was False which meant that no logger messages were displayed at all. In order to suppress client installation errors and avoid confusion add a list of errors to ignore. If a server install was not successful and hadn't gotten far enough to do the client install then we shouldn't complain loudly about it. https://pagure.io/freeipa/issue/6760 Signed-off-by: Rob Crittenden <rcritten@redhat.com>
This otherwise returns a syntax error if trying to set an empty value. Related: https://pagure.io/freeipa/issue/6760 Signed-off-by: Rob Crittenden <rcritten@redhat.com>
89cc34f
to
ef2e74f
Compare
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
pylint complains
The server installer had no console logger set so print statements were used for communication. Now that a logger is enabled the extra prints need to be dropped. A number of logger.info statements have been upgraded to debug since they do not need to appear on the console by default. https://pagure.io/freeipa/issue/6760 Signed-off-by: Rob Crittenden <rcritten@redhat.com>
While enabling console output in the server installation the "Allow trust agents to retrieve keytab keys for cross realm principals" ACI was throwing an unparseable error because it has a subkey which broke parsing (the extra semi-colon): userattr="ipaAllowedToPerform;read_keys#GROUPDN"; The regular expression pattern needed to be updated to handle this case. Related: https://pagure.io/freeipa/issue/6760 Signed-off-by: Rob Crittenden <rcritten@redhat.com>
ef2e74f
to
332c140
Compare
ipa-server-install did not configure a console logger. This caused odd output because ipa-client-install does and a normal server uninstall would end with "ipa-client-install command was successful"
Because there was no console logger there were print statements in a lot of places. Those were dropped because the equivalent logging statement was already there.
A number of info loggers were converted to debug to suppress their output. They were never shown in the past for the most part with the exception of the client installer and Forwarding and trying statements.
Adding the logger exposed two additional issues: