[Freeipa-devel] [PATCH] 1023 tool for configuring automount

Rob Crittenden rcritten at redhat.com
Mon Jun 25 19:35:17 UTC 2012 

Rob Crittenden wrote:
> Martin Kosek wrote:
>> On 06/22/2012 07:27 PM, Rob Crittenden wrote:
>>> Martin Kosek wrote:
>>>> On Wed, 2012-06-20 at 13:23 -0400, Rob Crittenden wrote:
>>>>> Rob Crittenden wrote:
>>>>>> Rob Crittenden wrote:
>>>>>>> Here is a tool that can be used to configure automount in an IPA
>>>>>>> client.
>>>>>>> It can use either SSSD or autofs for automount. It also configures
>>>>>>> NFSv4
>>>>>>> on the client so secure maps will work.
>>>>>>
>>>>>> rebased patch
>>>>>
>>>>> rebase again
>>>>>
>>>>> rob
>>>>
>>>> I finally managed to look on this patch. This is generally a good work
>>>> and make things a lot easier, but still I found few issues:
>> [snip]
>>>>
>>>> 5) Would it make sense to check if the given automount location exists?
>>>> Currently there is no check for that:
>>>>
>>>> # ipa-configure-automount --server vm-091.idm.lab.bos.redhat.com
>>>> --location foo
>>>> Searching for IPA server...
>>>> IPA server: DNS discovery
>>>> Location: foo
>>>> Continue to configure the system with these values? [no]: y
>>>> Configured /etc/nsswitch.conf
>>>> Configured /etc/sysconfig/nfs
>>>> Configured /etc/idmapd.conf
>>>> Started nfs-server.service
>>>> Started nfs-secure.service
>>>> Restarting sssd, waiting for it to become available.
>>>> Started autofs.service
>>>>
>>>> Automount then obviously not work:
>>>
>>> There was even a TODO in the code for this. I went ahead and did it. I
>>> had punted originally because it wasn't really a big deal to unconfigure
>>> and reconfigure with the right location.
>>
>> Its better, thanks. The error message could be more user-friendly and
>> for example print all available automount location, but its not a
>> blocking issue.
>>
>> We may however print other errors.ExecutionError's, e.g. I hit this when
>> I uninstalled automount support and then installed it again too fast:
>>
>> # ipa-client-automount --server=vm-091.idm.lab.bos.redhat.com --location
>> brno --no-sssdSearching for IPA server...
>> IPA server: DNS discovery
>> Location: brno
>> Traceback (most recent call last):
>> File "/sbin/ipa-client-automount", line 458, in<module>
>> sys.exit(main())
>> File "/sbin/ipa-client-automount", line 426, in main
>> api.Command['automountlocation_show'](unicode(options.location))
>> File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 435,
>> in __call__
>> ret = self.run(*args, **options)
>> File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 748,
>> in run
>> return self.forward(*args, **options)
>> File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 769,
>> in forward
>> return self.Backend.xmlclient.forward(self.name, *args, **kw)
>> File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 531, in
>> forward
>> return self.forward(name, *args, **kw)
>> File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 514, in
>> forward
>> raise NetworkError(uri=server, error=str(e))
>> ipalib.errors.NetworkError: cannot connect to
>> 'http://vm-091.idm.lab.bos.redhat.com/ipa/xml': [Errno -8053]
>> (SEC_ERROR_BUSY) NSS could not shutdown. Objects are still in use.
>
> I don't think this was related to the speed in which you configured and
> unconfigured though it looks like a timing issue. I wasn't able to
> reproduce this but I did make the logging on it a little nicer if it
> happens again.
>
>>
>>>> 7) This is related to ipa-client-install, but even when I disable
>>>> autodiscovery and add --server option it still disregards it and tries
>>>> to search SRV records:
>>>>
>>>> # ipa-configure-automount --server=vm-091.idm.lab.bos.redhat.com
>>>> <after some time and SRV searches>
>>>> Unable to confirm that<some-ldap-server>.redhat.com is an IPA v2 server
>>>
>>> Yeah, I think a separate ticket should be opened up, I call the same
>>> code as ipa-client-install.
>>
>> The issue here is that you don't pass neither server nor domain to
>> ds.search() function. ipa-client-install use this call:
>>
>> ret = ds.search(domain=options.domain, server=options.server,
>> hostname=hostname)
>>
>> But ipa-client-automount just calls:
>>
>> + ret = ds.search()
>>
>> You may also need to add --domain parameter just like ipa-client-install
>> does.
>
> Ok, I see the problem. I'm not actually trying to do discovery, I'm just
> seeing if it works. If we are able to autodiscover the IPA servers then
> we configure the client to use discovery. Otherwise a server is
> hardcoded in.
>
> It would do this even if a server was provided, I changed that in this
> patch.
>
>>
>>>
>>>>
>>>> 8) When discovery is on, we are not really verbose:
>>>>
>>>> # ipa-configure-automount
>>>> Searching for IPA server...
>>>> IPA server: DNS discovery
>>>> Location: default
>>>> Continue to configure the system with these values? [no]:
>>>>
>>>> We just write "IPA server: DNS discovery", but I would at least like to
>>>> now what servers it detected so that I know it does the right thing.
>>>
>>> This should be better with Petr^3's patches. Is it not? Perhaps only
>>> with --debug?
>>
>> I don't think it does this is printed in ipa-client-automount:
>>
>> + if not autodiscover:
>> + print "IPA server: %s" % server
>> + else:
>> + print "IPA server: DNS discovery"
>>
>
> I'm open to changing the message but basically it is saying whether or
> not a fixed IPA server is going to be configured on the client for autofs.
>
>>>
>>>> 9) autofs via LDAP (no SSSD )is broken when autodiscovery is used.
>>>> After
>>>> some investigation I found this line is causing it:
>>>>
>>>> + if not autodiscover:
>>>> + ldap_uri = "ldap://%s" % server
>>>> + else:
>>>> + ldap_uri = "ldap:///%s" % api.env.basedn<<<
>>>>
>>>> There should be an IPA server, not basedn. When I fixed it, autofs via
>>>> LDAP worked.
>>>
>>> I'm not sure why it didn't work, this is correct.
>>> ldap:///dc=example,dc=com tells the autofs client to use DNS discovery
>>> to find the right server. It works for me.
>>
>> Now, it forked for me too, I must have had some bad setting.
>>
>> [snip]
>>
>> 11) I found another issue, nested indirect maps did not work with sssd
>> provider but they did with ldap provider in nsswitch. But this is a
>> problem on SSSD side, I filed a ticket for them:
>>
>> https://fedorahosted.org/sssd/ticket/1390
>>
>> I also found 3 new issues (sorry for not finding them in original
>> review).
>>
>> 12) I see we log to ~/.ipa/default.log. I think it would be better to
>> append the log ipaclient-install.log or similar.
>
> Ok, good idea. Done.
>
>> 13) First three options in ipa-client-automount man pages are not
>> formatted right. Bold format is missing + there is extra tag<fl> in
>> --location option:
>>
>> --server=SERVER Set the IPA server to connect to
>>
>> --location=<fl>LOCATION
>> Automount location
>>
>> -S, --no-sssd
>> Do not configure the client to use SSSD for automount
>
> I only saw the bad <fl> which I fixed. They are otherwise bolded for me.
>
>> 14) I assume that your patch covers also ticket 2193, I think it should
>> be added to the patch description too.
>
> Fixed that too
>
> rob

And now the correct patch.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-1023-5-automount.patch
Type: text/x-diff
Size: 27513 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120625/6fd91a2e/attachment.bin>

More information about the Freeipa-devel mailing list