Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

automount install: do not wait for sssd restart on uninstallation #735

Closed
wants to merge 1 commit into from
Closed

automount install: do not wait for sssd restart on uninstallation #735

wants to merge 1 commit into from

Conversation

pvoborni
Copy link
Member

@pvoborni pvoborni commented Apr 26, 2017
edited by MartinBasti

Change in 2d4d1a9 no longer initializes
api in ipa-client-automount --uninstallation Which caused error in
wait_for_sssd which gets realm from initialized API.

In my opinion, there is no reason to check working sssd after uninstallation by running
id command. If anything depends on running sssd then it should do the check.

Also fix call of xxx_service_class_factory which requires api as param.

https://pagure.io/freeipa/issue/6861

@rcritten
Copy link
Contributor

I guess I have more issues with the commit message than the patch content. What would you suggest ensure that sssd is up? A typical user wouldn't notice until an nss lookup failed which likely means a login was rejected. The wait for restart was there to ensure, in interactive sessions at least, that unconfiguring automount didn't hose the system.

To me is another example of how wrong it is to require a ticket to initialize an API.

@pvoborni
Copy link
Member Author

Thanks Rob, this reason for the wait didn't occurred to me. New patch changes api initialization so that it works for both install and uninstall even without user's Kerberos credentials and with cleared cache,

rcritten
rcritten requested changes Apr 26, 2017
View reviewed changes
client/ipa-client-automount Outdated
@@ -448,7 +448,11 @@ def main():
kinit_keytab(host_princ, paths.KRB5_KEYTAB, ccache_name)
os.environ['KRB5CCNAME'] = ccache_name
except gssapi.exceptions.GSSError as e:
sys.exit("Failed to obtain host TGT: %s" % e)
sys.exit("Failed to obtained host TGT: %s" % e)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The original line is more correct.

@pvoborni
automount install: fix checking of SSSD functionality on uninstall
6aad7fd 
Change in 2d4d1a9 no longer initializes
api in `ipa-client-automount --uninstallation` Which caused error in
wait_for_sssd which gets realm from initialized API.

This patch initializes the API in a way that it doesn't download schema
on uninstallation and on installation it uses host keytab for it so it
no longer requires user's Kerberos credentials.

Also fix call of xxx_service_class_factory which requires api as param.

https://pagure.io/freeipa/issue/6861
@pvoborni
Copy link
Member Author

The error message was reverted to original (I was fixing the comment below and wondered why it was not fixed, now I know).

@tkrizek tkrizek self-assigned this Apr 28, 2017
@tkrizek tkrizek added the ack Pull Request approved, can be merged label Apr 28, 2017
@MartinBasti
Copy link
Contributor

master:

  • b4e447f automount install: fix checking of SSSD functionality on uninstall

ipa-4-5:

  • ff513d6 automount install: fix checking of SSSD functionality on uninstall

@MartinBasti MartinBasti added the pushed Pull Request has already been pushed label Apr 28, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rcritten rcritten rcritten requested changes

Assignees

@tkrizek tkrizek

Labels
ack Pull Request approved, can be merged pushed Pull Request has already been pushed
Projects
None yet
Milestone
No milestone
4 participants
@pvoborni @rcritten @MartinBasti @tkrizek