[Freeipa-devel] [PATCH] 12 Call generate-rndc-key.sh during ipa-server-install

Martin Kosek mkosek at redhat.com
Tue May 27 11:16:16 UTC 2014 

On 04/18/2014 04:01 PM, Misnyovszki Adam wrote:
> On Thu, 17 Apr 2014 16:21:19 +0200
> Martin Kosek <mkosek at redhat.com> wrote:
> 
>> On 04/17/2014 04:10 PM, Rob Crittenden wrote:
>>> Misnyovszki Adam wrote:
>>>> Hi,
>>>> this patch modifies ipa-server-install to warn the user, if there
>>>> is a lack of entropy, also runs generate-rndc-key.sh before named
>>>> restart, to ensure, that it can start before systemd timeouts.
>>>
>>> I think the exception should be logged in check_entropy() in case
>>> this every does fail (the file name changes, the format changes,
>>> etc).
>>>
>>> There should be a try/except around the run() call.
>>>
>>> I noticed that /etc/rndc.key isn't removed on uninstall, which I
>>> guess means the same key will be re-used. Should we be removing
>>> that?
>>>
>>> rob
>>
>> Also, bare exceptions are bad!
>>
>> +    except:
>> +        service.print_msg("Could not determine entropy, possible
>> long delays")
>>
>> Next, you do all the checks in ipa-server-install, while they should
>> be in service files, like krbinstance.py so that it is also checked
>> in other installers, like ipa-replica-install.
>>
>> Same for DNS, it should be a separate step in bindinstance.py so that
>> when the installation is hanging, you can see
>>
>>  [X/Y] Generating rndc key file
>>
>> and know that it is hanging on that part.
>>
>> I would not misuse "service.print_msg" for regular messages, I would
>> only do the
>>
>> service.print_msg("WARNING: Your system is running out of entropy,
>> expect long delays!")
>>
>> others can be either turn into separate installation step or debug
>> log message.
>>
>> Martin
> 
> Hi,
> according to personal discussion with Martin, see the corrected patch!
> Thanks
> Adam
> 

ACK. Pushed to master: 71c6d2f1eb9610a0e0a994a6cfd78fdf9bb9d1fa

Given that Adam no longer works in the Adam and cannot update the patch, I did
couple very minor fixes - description is in the commit message.

Martin

More information about the Freeipa-devel mailing list