[Freeipa-devel] [PATCH] 0079 Use common group for DS instances

Simo Sorce ssorce at redhat.com
Mon Jan 31 21:36:29 UTC 2011 

On Mon, 31 Jan 2011 16:32:47 -0500
Rob Crittenden <rcritten at redhat.com> wrote:

> Simo Sorce wrote:
> > On Mon, 31 Jan 2011 15:46:37 -0500
> > Rob Crittenden<rcritten at redhat.com>  wrote:
> >
> >> Simo Sorce wrote:
> >>> On Sat, 29 Jan 2011 10:28:49 -0500
> >>> Simo Sorce<ssorce at redhat.com>   wrote:
> >>>
> >>>> On Fri, 28 Jan 2011 19:11:39 -0500
> >>>> Rob Crittenden<rcritten at redhat.com>   wrote:
> >>>>
> >>>>> Simo Sorce wrote:
> >>>>>>
> >>>>>> Use a common group named 'dirsrv' for all DS instances, as
> >>>>>> requested in ticket #851
> >>>>>>
> >>>>>> While there also remove the -u option, it is silly to allow to
> >>>>>> change one in three (the other are group name and pki ds
> >>>>>> instance user) accounts only. Plus it is apparently confusing
> >>>>>> to admins.
> >>>>>>
> >>>>>> Simo.
> >>>>>
> >>>>> Just a couple of really minor nit-pickiness.
> >>>>>
> >>>>> If we are hardcoding the user why make it an argument to the
> >>>>> various create_instance commands? You already import the group
> >>>>> from dsinstance, why not the user too?
> >>>>
> >>>> I didn't want to change too much code :-)
> >>>> I'll change that, hopefully w/o introducing regressions.
> >>>>
> >>>>> And this code:
> >>>>>
> >>>>> if not group_exists is None and not group_exists:
> >>>>>
> >>>>> might be more readable as:
> >>>>>
> >>>>> if group_exists == False:
> >>>>
> >>>> I copied from dsinstance.uninstall() I will change it.
> >>>>
> >>>> Simo.
> >>>>
> >>>
> >>> Revised patch attached.
> >>>
> >>> Simo.
> >>
> >> Install on a master and replica worked fine but uninstall on the
> >> replica failed with:
> >>
> >> Shutting down all IPA services
> >> Removing IPA client configuration
> >> Unconfiguring ntpd
> >> Unconfiguring CA directory server
> >> Unconfiguring CA
> >> Unconfiguring web server
> >> Unconfiguring krb5kdc
> >> Unconfiguring ipa_kpasswd
> >> Unconfiguring directory server
> >> root        : CRITICAL failed to delete group Command
> >> '/usr/sbin/groupdel dirsrv' returned non-zero exit status 6
> >>
> >> error 6 means specified group doesn´t exist
> >>
> >> The last bit of the uninstall log confirms this:
> >>
> >> 2011-01-31 15:44:28,001 INFO args=/usr/sbin/groupdel dirsrv
> >> 2011-01-31 15:44:28,002 INFO stdout=
> >> 2011-01-31 15:44:28,003 INFO stderr=groupdel: group 'dirsrv' does
> >> not exist
> >>
> >> 2011-01-31 15:44:28,004 CRITICAL failed to delete group Command
> >> '/usr/sbin/groupdel dirsrv' returned non-zero exit status 6
> >>
> >> rob
> >
> > Ok attached  patch that cheks if the group exists before trying to
> > delete it.
> >
> > The reason it fails I think is because it has the same name of the
> > idrsrv user and when we remove the dirsrv user userdel probably
> > removes also the group because at that stage the other user in that
> > group (pkisrv) has already been removed as well.
> >
> > Simo.
> >
> 
> ack

pushed to master.
Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

More information about the Freeipa-devel mailing list