[Freeipa-devel] [PATCH] 0012 Modify existing SSSD configuration instead of dropping it

Alexander Bokovoy abokovoy at redhat.com
Tue Sep 13 13:22:43 UTC 2011


On Tue, 13 Sep 2011, Martin Kosek wrote:
> > So this patch is unblocked. To solve delayed data initialization from 
> > SSSD in NSS responder we might simply increase number of tries to 10 
> > in case SSSD is in use.
> That sounds good. I made few tests of this patch and I still see a
> problem here. What if, for any reason, sssd.conf is not present on the
> machine? IPA client installation then crashes:
> 
> # ipa-client-install --server vm-139.idm.lab.bos.redhat.com --domain idm.lab.bos.redhat.com
> DNS domain 'idm.lab.bos.redhat.com' is not configured for automatic KDC address lookup.
> KDC address will be set to fixed value.
> 
> Discovery was successful!
> Hostname: vm-027.idm.lab.bos.redhat.com
> Realm: IDM.LAB.BOS.REDHAT.COM
> DNS Domain: idm.lab.bos.redhat.com
> IPA Server: vm-139.idm.lab.bos.redhat.com
> BaseDN: dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
> 
> 
> Continue to configure the system with these values? [no]: y
> User authorized to enroll computers: admin
> Password for admin at IDM.LAB.BOS.REDHAT.COM: 
> 
> Enrolled in IPA realm IDM.LAB.BOS.REDHAT.COM
> Created /etc/ipa/default.conf
> Traceback (most recent call last):
>   File "/usr/sbin/ipa-client-install", line 1144, in <module>
>     sys.exit(main())
>   File "/usr/sbin/ipa-client-install", line 1133, in main
>     rval = install(options, env, fstore, statestore)
>   File "/usr/sbin/ipa-client-install", line 977, in install
>     if configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options):
>   File "/usr/sbin/ipa-client-install", line 600, in configure_sssd_conf
>     sssdconfig.import_config()
>   File "/usr/lib/python2.7/site-packages/SSSDConfig.py", line 1207, in import_config
>     fd = open(configfile, 'r')
> IOError: [Errno 2] No such file or directory: '/etc/sssd/sssd.conf'
Right, we need to fallback to new sssd.conf in case of any exception, 
not only for ParsingError.

Attached.
-- 
/ Alexander Bokovoy
-------------- next part --------------
>From 47d663ce4b265b65f1c4ab4b4e8ec36379d9e602 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy at redhat.com>
Date: Wed, 7 Sep 2011 14:23:29 +0300
Subject: [PATCH] ipa-client-install should not clobber existing SSSD
 configurations

https://fedorahosted.org/freeipa/ticket/1750

When modifying SSSD configuration, attempt to add new domain rather than replacing whole configuration file.
Only replace file in case it is impossible to parse it by current SSSD version.
---
 ipa-client/ipa-install/ipa-client-install |   13 +++++++++++--
 1 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index b3b8b7788fc39ec2d7f427c4dd260c8d36365657..e1cc8059a3d613e4e37e96b07c60c3dc6f0d8bdc 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -595,8 +595,17 @@ def configure_certmonger(fstore, subject_base, cli_realm, hostname, options):
             print "%s request for host certificate failed" % (cmonger.service_name)
 
 def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options):
-    sssdconfig = SSSDConfig.SSSDConfig()
-    sssdconfig.new_config()
+    try:
+        sssdconfig = SSSDConfig.SSSDConfig()
+        sssdconfig.import_config()
+    except:
+        # no existing SSSD configuration, make a new one
+        # We do make new SSSDConfig instance because IPAChangeConf-derived classes have no
+        # means to reset their state and ParseError exception could come due to parsing
+        # error from older version which cannot be upgraded anymore, leaving sssdconfig
+        # instance practically unusable
+        sssdconfig = SSSDConfig.SSSDConfig()
+        sssdconfig.new_config()
 
     domain = sssdconfig.new_domain(cli_domain)
     domain.add_provider('ipa', 'id')
-- 
1.7.6.1



More information about the Freeipa-devel mailing list