[Freeipa-devel] [PATCH 0024] ipa-replica-manage: added --suffix option for certain commands
Martin Basti
mbasti at redhat.com
Wed Mar 30 14:52:08 UTC 2016
On 24.03.2016 19:10, Stanislav Laznicka wrote:
> On 03/23/2016 08:13 PM, Martin Basti wrote:
>> [...]
>> Can you please update design
>> http://www.freeipa.org/page/V4/Manage_replication_topology_4_4 (mainly
>> the --suffix option)? Also there are missing clean-ruv and list-ruv
>> commands in design, and fix usage at the bottom.
>>
>> 1)
>> I don't understand this expression
>> + if dirman_passwd is None or (
>> + not dirman_passwd and args[0] in cs_enabled_commands):
>>
>> You already tested if subcommand belongs to cs_enabled_commands few
>> lines above, IMO the 'dirman_password is None' expression is enough.
> If I understand it well, when empty password is entered, the program
> continues and uses Kerberos credentials for some operations. E.g. for
> list-ruv, if empty password is entered, the command would only display
> RUVs for domain tree but not for the CA tree no matter if CA is set up
> or not (in the current state of the patch, after get_ruv refactoring).
> This here is one possible way around this, although the check for
> non-empty password might probably just as well be in
> get_ruv_both_suffixes.
ok
>> 2)
>> +# tuple of commands that work with ca tree and need Directory Manager
>> password
>> +cs_enabled_commands = ("list-ruv", "clean-ruv", "abort-clean-ruv")
>>
>> this variable is used only toi detect if dirman passwd is needed, I
>> suggest to rename it to commands_req_dirman_passwd, or something better.
>>
>> 3)
>> Q: Do we need is_cs_set() function?
>> A: Yes!
>>
>> I wanted to give you ultimate NACK, but then I checked how get_ruv code
>> works and I changed my mind.
>>
>> Please write a comment where is_cs_set function is used, why we need
>> extra function instead of catching an exception, possibly you can open a
>> refactoring ticket.
> After the refactoring changes, is_cs_set should not be needed anymore,
> removed it.
>>
>> Shame:
>> 1)
>> + if not test_connection(realm, host, options.nolookup) or\
>> Please use parentheses instead of backslash
>>
>> 2)
>> + args[0] in cs_enabled_commands:
>>
>> + not dirman_passwd and args[0] in cs_enabled_commands):
>>
>> Indentation is not multiplication of 4
> Shame on me indeed, fixed it.
>>
>> Nitpicks (I don't insist on fixing these):
>> 1)
>> + if servers.get('ca', None):
>>
>> None is default
>>
>> 2)
>> + for (netloc, rid) in servers['ca']:
>> parentheses are not needed
>>
>> 3)
>> + print("\t%s: %s" % (netloc, rid))
>> Would be nice to use .format() instead of %
>>
>> Martin^2
>>
>>
>>
>> I changed my mind, ultimate NACK.
>> Please fix get_ruv function, is_cs_set will not help. In case there
>> are no RUVs but CA is installed, sys.exit there prevents us from
>> removing RUVs (or any else operation) on domain suffix, and vice versa.
>> I propose to move ticket to 4.4 milestone because I would like to
>> avoid breaking something in 4.3, as this will hit many places in
>> ipa-replica-manage.
>>
>> Please provide the refactoring of get_ruv as separate patch a put
>> these patches on top of it.
>>
>> Martin2
> Did the refactoring. There also seemed to be duplicit code in
> abort_clean_ruv for some reason, removed it (I hope it does not break
> anything, but it seemed rather useless). Also had to change the
> numbers of the patches so that they would apply.
NACK
* ipa-replica-manage refactoring *
1)
Instead of:
- print("Failed to connect to server %s: %s" % (host, e))
- sys.exit(1)
+ root_logger.debug("Failed to connect to server {host}: {err}"
+ .format(host=host, err=e))
+ raise RuntimeError(e)
I expected
- print("Failed to connect to server %s: %s" % (host, e))
- sys.exit(1)
+ root_logger.debug(traceback.format_exc())
+ raise RuntimeError("Failed to connect to server {host}: {err}"
+ .format(host=host, err=e)))
2)
- print("No RUV records found.")
- sys.exit(0)
Here is exit state 0, so we should not raise error.
I think that we should create new nonfatal exception.
3)
- print("unable to decode: %s" % ruv)
+ root_logger.debug("unable to decode: %s" % ruv)
This may break tests, because the logger logs to stderr, leave it as
print for now
4)
- servers = get_ruv(realm, host, dirman_passwd, nolookup)
+ try:
+ servers = get_ruv(realm, host, dirman_passwd, nolookup)
+ except RuntimeError as e:
+ print(e)
+ sys.exit(1)
again we have to print it to stdout for now.
* abort-clean/list/clean-ruv now work for both suffixes *
- if dirman_passwd is None:
+ if dirman_passwd is None or (
+ not dirman_passwd and args[0] in
dirman_passwd_req_commands):
sys.exit("Directory Manager password required")
Please fix other patch accordingly.
Martin^2
More information about the Freeipa-devel
mailing list