[Freeipa-devel] [PATCH] 0012 Modify existing SSSD configuration instead of dropping it

Martin Kosek mkosek at redhat.com
Tue Sep 13 13:33:35 UTC 2011


On Tue, 2011-09-13 at 16:22 +0300, Alexander Bokovoy wrote:
> On Tue, 13 Sep 2011, Martin Kosek wrote:
> > > So this patch is unblocked. To solve delayed data initialization from 
> > > SSSD in NSS responder we might simply increase number of tries to 10 
> > > in case SSSD is in use.
> > That sounds good. I made few tests of this patch and I still see a
> > problem here. What if, for any reason, sssd.conf is not present on the
> > machine? IPA client installation then crashes:
> > 
> > # ipa-client-install --server vm-139.idm.lab.bos.redhat.com --domain idm.lab.bos.redhat.com
> > DNS domain 'idm.lab.bos.redhat.com' is not configured for automatic KDC address lookup.
> > KDC address will be set to fixed value.
> > 
> > Discovery was successful!
> > Hostname: vm-027.idm.lab.bos.redhat.com
> > Realm: IDM.LAB.BOS.REDHAT.COM
> > DNS Domain: idm.lab.bos.redhat.com
> > IPA Server: vm-139.idm.lab.bos.redhat.com
> > BaseDN: dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
> > 
> > 
> > Continue to configure the system with these values? [no]: y
> > User authorized to enroll computers: admin
> > Password for admin at IDM.LAB.BOS.REDHAT.COM: 
> > 
> > Enrolled in IPA realm IDM.LAB.BOS.REDHAT.COM
> > Created /etc/ipa/default.conf
> > Traceback (most recent call last):
> >   File "/usr/sbin/ipa-client-install", line 1144, in <module>
> >     sys.exit(main())
> >   File "/usr/sbin/ipa-client-install", line 1133, in main
> >     rval = install(options, env, fstore, statestore)
> >   File "/usr/sbin/ipa-client-install", line 977, in install
> >     if configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options):
> >   File "/usr/sbin/ipa-client-install", line 600, in configure_sssd_conf
> >     sssdconfig.import_config()
> >   File "/usr/lib/python2.7/site-packages/SSSDConfig.py", line 1207, in import_config
> >     fd = open(configfile, 'r')
> > IOError: [Errno 2] No such file or directory: '/etc/sssd/sssd.conf'
> Right, we need to fallback to new sssd.conf in case of any exception, 
> not only for ParsingError.
> 
> Attached.

Looks promising. I have a suggestion - I think it would make sense
logging the thrown exception. We would then be able to easily
investigate potential user logs and explain why we generated a brand new
sssd.conf.

Martin




More information about the Freeipa-devel mailing list