[Freeipa-devel] [PATCH] 0056 Framework for admin/install tools, with ipa-ldap-updater
Rob Crittenden
rcritten at redhat.com
Wed Jun 20 16:15:58 UTC 2012
Petr Viktorin wrote:
> On 06/04/2012 04:56 PM, Petr Viktorin wrote:
>> Currently, FreeIPA's install/admin scripts are long pieces of code
>> that aren't very reusable, importable, or testable.
>> They have been extended over time with features such as logging and
>> error handling, but since each tool was extended individually, there
>> is much inconsistency and code duplication.
>> This patch starts a framework which the admin tools can use, and
>> converts ipa-ldap-updater to use the framework.
>>
>> In an earlier patch I found that improving a particular functionality in
>> all the commands is not workable, so I want to tackle this one tool at a
>> time.
>> I'm starting with ipa-ldap-updater, because it's pretty small, doesn't
>> use DNs (I don't want conflicts with John's work), and has the
>> interesting --upgrade option.
>>
>>
>> The framework does these tasks:
>> - Parse options
>> - Select tool to run (see below)
>> - Validate options
>> - Set up logging
>> - Run the tool code
>> - Handle any errors
>> - Log success/failure
>>
>> The base class has some defaults for these that the tools can
>> extend/override.
>>
>>
>> To handle the case where one script does two different things
>> (ipa-ldap-updater with/without --upgrade, or ipa-server-install
>> with/without --uninstall), I want to split the tool in two classes
>> rather than have repeated ifs in the code.
>> This meant that option parsing (and initializing the parser) has to be
>> done before creating an instance of the tool. I use a factory
>> classmethod.
>>
>>
>> I put the admintool base class in ipapython/ as it should be useful for
>> ipa-client-install as well.
>>
>>
>>
>> First part of the work for:
>> https://fedorahosted.org/freeipa/ticket/2652
>>
>>
>
> Attaching rebased patch.
I gather you want people to be calling run_cli() in their admin tools.
Should main() be made private then? I could see someone getting confused
and using main instead, which would work, but then the return value
might not do the right thing.
Or maybe just drop run_cli and have main exit with sys.exit()?
It isn't correctly handling the case of an update not found:
ipa : INFO Parsing file ad
[Errno 2] No such file or directory: 'ad'
ipa : INFO File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 151, in
execute
self.run()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ipa_ldap_updater.py", line
180, in run
modified = ld.update(self.files)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py", line
828, in update
sys.exit(1)
ipa : INFO The ipa-ldap-updater command failed, exception:
SystemExit: 1
Running in test mode with the attached update doesn't seem to work
either. There is nothing special about this file, just something I had
lying around:
ipa : INFO File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 151, in
execute
self.run()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ipa_ldap_updater.py", line
184, in run
'Update complete, changes to be made, test mode', 2)
ipa : INFO The ipa-ldap-updater command failed, exception:
ScriptError: Update complete, changes to be made, test mode
ipa : ERROR Update complete, changes to be made, test mode
ipa : ERROR None
The unit tests still pass which is good.
With ipa-ldap-updater the return value is a bit strange. All the updates
themselves can fail for one reason or another and the command can still
consider this a success (it may fail because a feature is not enabled,
for example). Still, the success message displayed at the end is a bit
jarring when the updates themselves aren't applied. Here is a snippet
when running ad.update live:
ipa : INFO New entry:
uid=adtrust,cn=notfound,cn=etc,dc=greyoak,dc=com
ipa : DEBUG ---------------------------------------------
ipa : DEBUG dn: uid=adtrust,cn=notfound,cn=etc,dc=greyoak,dc=com
ipa : DEBUG add: 'account' to objectClass, current value []
ipa : DEBUG add: updated value [u'account']
ipa : DEBUG ---------------------------------------------
ipa : DEBUG dn: uid=adtrust,cn=notfound,cn=etc,dc=greyoak,dc=com
ipa : DEBUG objectClass:
ipa : DEBUG account
ipa : DEBUG add: 'adtrust' to uid, current value []
ipa : DEBUG add: updated value [u'adtrust']
ipa : DEBUG ---------------------------------------------
ipa : DEBUG dn: uid=adtrust,cn=notfound,cn=etc,dc=greyoak,dc=com
ipa : DEBUG objectClass:
ipa : DEBUG account
ipa : DEBUG uid:
ipa : DEBUG adtrust
ipa : DEBUG ---------------------------------------------
ipa : DEBUG Final value
ipa : DEBUG dn: uid=adtrust,cn=notfound,cn=etc,dc=greyoak,dc=com
ipa : DEBUG objectClass:
ipa : DEBUG account
ipa : DEBUG uid:
ipa : DEBUG adtrust
ipa : INFO Parent DN of
uid=adtrust,cn=notfound,cn=etc,dc=greyoak,dc=com may not exist, cannot
create the entry
ipa : INFO The ipa-ldap-updater command was successful
[root at pinto freeipa]# echo $?
0
This may be contrasting just because it is a contrived case. The command
rval is separate from whether the updates all applied, so maybe this is ok.
rob
-------------- next part --------------
dn: uid=adtrust,cn=sysaccounts,cn=etc,$SUFFIX
add: objectClass: account
add: objectClass: simplesecurityobject
add: uid: adtrust
dn: uid=adtrust,cn=notfound,cn=etc,$SUFFIX
add: objectClass: account
add: uid: adtrust
More information about the Freeipa-devel
mailing list