[Freeipa-devel] [PATCH] 0079 Use common group for DS instances

Simo Sorce ssorce at redhat.com
Mon Jan 31 21:27:39 UTC 2011 

On Mon, 31 Jan 2011 15:46:37 -0500
Rob Crittenden <rcritten at redhat.com> wrote:

> Simo Sorce wrote:
> > On Sat, 29 Jan 2011 10:28:49 -0500
> > Simo Sorce<ssorce at redhat.com>  wrote:
> >
> >> On Fri, 28 Jan 2011 19:11:39 -0500
> >> Rob Crittenden<rcritten at redhat.com>  wrote:
> >>
> >>> Simo Sorce wrote:
> >>>>
> >>>> Use a common group named 'dirsrv' for all DS instances, as
> >>>> requested in ticket #851
> >>>>
> >>>> While there also remove the -u option, it is silly to allow to
> >>>> change one in three (the other are group name and pki ds instance
> >>>> user) accounts only. Plus it is apparently confusing to admins.
> >>>>
> >>>> Simo.
> >>>
> >>> Just a couple of really minor nit-pickiness.
> >>>
> >>> If we are hardcoding the user why make it an argument to the
> >>> various create_instance commands? You already import the group
> >>> from dsinstance, why not the user too?
> >>
> >> I didn't want to change too much code :-)
> >> I'll change that, hopefully w/o introducing regressions.
> >>
> >>> And this code:
> >>>
> >>> if not group_exists is None and not group_exists:
> >>>
> >>> might be more readable as:
> >>>
> >>> if group_exists == False:
> >>
> >> I copied from dsinstance.uninstall() I will change it.
> >>
> >> Simo.
> >>
> >
> > Revised patch attached.
> >
> > Simo.
> 
> Install on a master and replica worked fine but uninstall on the
> replica failed with:
> 
> Shutting down all IPA services
> Removing IPA client configuration
> Unconfiguring ntpd
> Unconfiguring CA directory server
> Unconfiguring CA
> Unconfiguring web server
> Unconfiguring krb5kdc
> Unconfiguring ipa_kpasswd
> Unconfiguring directory server
> root        : CRITICAL failed to delete group Command 
> '/usr/sbin/groupdel dirsrv' returned non-zero exit status 6
> 
> error 6 means specified group doesn´t exist
> 
> The last bit of the uninstall log confirms this:
> 
> 2011-01-31 15:44:28,001 INFO args=/usr/sbin/groupdel dirsrv
> 2011-01-31 15:44:28,002 INFO stdout=
> 2011-01-31 15:44:28,003 INFO stderr=groupdel: group 'dirsrv' does not
> exist
> 
> 2011-01-31 15:44:28,004 CRITICAL failed to delete group Command 
> '/usr/sbin/groupdel dirsrv' returned non-zero exit status 6
> 
> rob

Ok attached  patch that cheks if the group exists before trying to
delete it.

The reason it fails I think is because it has the same name of the
idrsrv user and when we remove the dirsrv user userdel probably removes
also the group because at that stage the other user in that group
(pkisrv) has already been removed as well.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-simo-0079-3-Use-a-common-group-for-all-DS-instances.patch
Type: text/x-patch
Size: 36353 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20110131/c610cf51/attachment.bin>

More information about the Freeipa-devel mailing list