[Freeipa-devel] [PATCH] 0079 Use common group for DS instances

Rob Crittenden rcritten at redhat.com
Mon Jan 31 21:32:47 UTC 2011 

Simo Sorce wrote:
> On Mon, 31 Jan 2011 15:46:37 -0500
> Rob Crittenden<rcritten at redhat.com>  wrote:
>
>> Simo Sorce wrote:
>>> On Sat, 29 Jan 2011 10:28:49 -0500
>>> Simo Sorce<ssorce at redhat.com>   wrote:
>>>
>>>> On Fri, 28 Jan 2011 19:11:39 -0500
>>>> Rob Crittenden<rcritten at redhat.com>   wrote:
>>>>
>>>>> Simo Sorce wrote:
>>>>>>
>>>>>> Use a common group named 'dirsrv' for all DS instances, as
>>>>>> requested in ticket #851
>>>>>>
>>>>>> While there also remove the -u option, it is silly to allow to
>>>>>> change one in three (the other are group name and pki ds instance
>>>>>> user) accounts only. Plus it is apparently confusing to admins.
>>>>>>
>>>>>> Simo.
>>>>>
>>>>> Just a couple of really minor nit-pickiness.
>>>>>
>>>>> If we are hardcoding the user why make it an argument to the
>>>>> various create_instance commands? You already import the group
>>>>> from dsinstance, why not the user too?
>>>>
>>>> I didn't want to change too much code :-)
>>>> I'll change that, hopefully w/o introducing regressions.
>>>>
>>>>> And this code:
>>>>>
>>>>> if not group_exists is None and not group_exists:
>>>>>
>>>>> might be more readable as:
>>>>>
>>>>> if group_exists == False:
>>>>
>>>> I copied from dsinstance.uninstall() I will change it.
>>>>
>>>> Simo.
>>>>
>>>
>>> Revised patch attached.
>>>
>>> Simo.
>>
>> Install on a master and replica worked fine but uninstall on the
>> replica failed with:
>>
>> Shutting down all IPA services
>> Removing IPA client configuration
>> Unconfiguring ntpd
>> Unconfiguring CA directory server
>> Unconfiguring CA
>> Unconfiguring web server
>> Unconfiguring krb5kdc
>> Unconfiguring ipa_kpasswd
>> Unconfiguring directory server
>> root        : CRITICAL failed to delete group Command
>> '/usr/sbin/groupdel dirsrv' returned non-zero exit status 6
>>
>> error 6 means specified group doesn´t exist
>>
>> The last bit of the uninstall log confirms this:
>>
>> 2011-01-31 15:44:28,001 INFO args=/usr/sbin/groupdel dirsrv
>> 2011-01-31 15:44:28,002 INFO stdout=
>> 2011-01-31 15:44:28,003 INFO stderr=groupdel: group 'dirsrv' does not
>> exist
>>
>> 2011-01-31 15:44:28,004 CRITICAL failed to delete group Command
>> '/usr/sbin/groupdel dirsrv' returned non-zero exit status 6
>>
>> rob
>
> Ok attached  patch that cheks if the group exists before trying to
> delete it.
>
> The reason it fails I think is because it has the same name of the
> idrsrv user and when we remove the dirsrv user userdel probably removes
> also the group because at that stage the other user in that group
> (pkisrv) has already been removed as well.
>
> Simo.
>

ack

More information about the Freeipa-devel mailing list