<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Thank you for the detailed review. Responses to all the issues found
are inline:<br>
<br>
<div class="moz-cite-prefix">On 06/06/2014 01:04 PM, Petr Viktorin
wrote:<br>
</div>
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">On
06/05/2014 03:14 PM, Petr Viktorin wrote:
<br>
<blockquote type="cite">On 06/04/2014 11:42 AM, Tomas Babej wrote:
<br>
<blockquote type="cite">Hi,
<br>
<br>
the following set of patches implements the ticket:
<br>
<br>
<a class="moz-txt-link-freetext" href="https://fedorahosted.org/freeipa/ticket/4052">https://fedorahosted.org/freeipa/ticket/4052</a>
<br>
<br>
The refactoring touches both server and client bits, main
features are:
<br>
<br>
* easier inheritance and creation of new platform modules
<br>
* all filesystem paths are defined as platform constants
<br>
* platform related functionality is implemented as transparent
platform
<br>
tasks
<br>
(as opposed to platform dependent implementations)
<br>
* no need to implement your own authconfig class, since tasks
encapsulate
<br>
the relevant parts of the code
<br>
<br>
More documentation, mainly on the part of the documenting the
tasks
<br>
contracts
<br>
and the creation of own platform modules should follow later.
<br>
<br>
</blockquote>
<br>
Thanks for all the work!
<br>
I didn't test yet; actually I haven't read it all yet, but
sharing the
<br>
first thoughts might make the review faster. If you'd rather
have the
<br>
whole thing, just wait :)
<br>
<br>
<br>
0202: OK
<br>
<br>
0203:
<br>
Can we remove the leading underscores from
`__wait_for_open_ports`? I
<br>
don't think there's a good reason for that to be "private", let
alone
<br>
super-annoyingly "private".
<br>
</blockquote>
</blockquote>
<br>
Fixed.<br>
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">
<blockquote type="cite">
<br>
It would be nice to have the Services' __init__s take an
optional `api`
<br>
argument, and then use `self.api` everywhere. I'm certain we'd
<br>
appreciate it in the future.
<br>
<br>
</blockquote>
</blockquote>
<br>
Added.<br>
<br>
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">
<blockquote type="cite">In SystemdService.restart, I think the
comment is obsolete by now. But
<br>
If we want to keep it we should add a link to
<br>
<a class="moz-txt-link-freetext" href="https://bugs.freedesktop.org/show_bug.cgi?id=39824">https://bugs.freedesktop.org/show_bug.cgi?id=39824</a>
<br>
<br>
</blockquote>
</blockquote>
Removed.<br>
<br>
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">
<blockquote type="cite">Also, it's pointless to just fix
whitespace issues and line length. If
<br>
you're cleaning up, please convert the code to actually
idiomatic
<br>
Python, otherwise these are just changes for the sake of change.
(Or
<br>
maybe for the sake of passing automated style checks, which is
pretty
<br>
stupid. The real issues are those the tool doesn't report.
There's a
<br>
nice summary on using the `pep8` tool like this in the last
paragraph of
<br>
<a class="moz-txt-link-freetext" href="http://bugs.python.org/msg193909">http://bugs.python.org/msg193909</a>.)
<br>
<br>
</blockquote>
</blockquote>
I do not go to such length as to run pep8 tool voluntarily to check
all the errors.<br>
IDE of my choice (NINJA-IDE - check it out!) highlights a subset of
PEP8 errors in the<br>
editor, so it makes it super easy to spot these errors and fix them
very quickly.<br>
<br>
But I agree and you have point with the converting the code to
idiomatic python code.<br>
<br>
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">
<blockquote type="cite">In PlatformService.start, use `with` for
open files. Also flush() is
<br>
unnecessary before closing a file.
<br>
</blockquote>
</blockquote>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<p>
Fixed. Also fixed the same issues in the stop method.</p>
<meta name="Description" content="Copy-Paste Buffer">
<meta name="Generator" content="Zim">
<br>
<br>
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">
<blockquote type="cite">
<br>
In SystemdService.service_instance,
<br>
len(string) == 0
<br>
translates to:
<br>
not string
<br>
<br>
</blockquote>
</blockquote>
Fixed.<br>
<br>
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">
<blockquote type="cite">In SystemdService.parse_variables,
<br>
map(lambda x: y(x), z)
<br>
translates to:
<br>
[y(x) for x in z]
<br>
(plus you can skip the [ ] since you don't need a list)
<br>
<br>
</blockquote>
</blockquote>
Fixed.<br>
<br>
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">
<blockquote type="cite">In SystemdService.stop/start
<br>
if 'context' in api.env and api.env.context in X:
<br>
translates to:
<br>
if getattr(api.env, 'context', None) in X:
<br>
<br>
</blockquote>
</blockquote>
Fixed.<br>
<br>
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">
<blockquote type="cite">SystemdService.is_installed, the flag is
not needed, just return directly.
<br>
<br>
</blockquote>
</blockquote>
<br>
Fixed.<br>
<br>
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">
<blockquote type="cite">0204:
<br>
When commenting what a function does, use a docstring.
<br>
<br>
</blockquote>
</blockquote>
Will be documented in a later patch.<br>
<br>
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">
<blockquote type="cite">0205: OK
<br>
0206: OK
<br>
<br>
0207:
<br>
In system_units: again, a generator expression is better than
<br>
map(lambda, ...)
<br>
<br>
</blockquote>
</blockquote>
Fixed.<br>
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">
<blockquote type="cite">In FedoraService.__init__,
<br>
len(string.split(c)) == 1
<br>
translates to:
<br>
c not in string
<br>
<br>
</blockquote>
</blockquote>
Fixed.<br>
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">
<blockquote type="cite">In FedoraDirectoryService, the comment
applies just to restart(), could
<br>
you move it there?
<br>
<br>
</blockquote>
</blockquote>
Done.<br>
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">
<blockquote type="cite">In FedoraDirectoryService.restart, there's
`len(instance_name) > 0` again
<br>
<br>
</blockquote>
</blockquote>
Fixed.<br>
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">
<blockquote type="cite">In FedoraCAService, can
__wait_until_running have just one leading
<br>
underscore? I don't think we need to hide it.
<br>
<br>
</blockquote>
</blockquote>
Fixed.<br>
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">
<blockquote type="cite">In FedoraCAService.__wait_until_running,
there are some hardcoded paths.
<br>
Can we pull them from the paths module? It'll be easier to reuse
if we
<br>
ever find out the class applies to more than Fedora.
<br>
(You could do it in some later patch of course.)
<br>
<br>
</blockquote>
</blockquote>
Addresed in a later patch.<br>
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">
<blockquote type="cite">0208:
<br>
Again some hardcoded paths, would be nice to pull them from the
paths
<br>
object
<br>
<br>
</blockquote>
</blockquote>
Addresed in a later patch.
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">
<blockquote type="cite">I'm surprised you left the parentheses
around `if` expressions, since
<br>
you're so meticulous about whitespace and line length...
<br>
<br>
</blockquote>
</blockquote>
Fixed (in both cases).<br>
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">
<blockquote type="cite">check_selinux_status, in the RuntimeError
message, assumes that it's
<br>
called from an installation. This should at least be pointed out
in the
<br>
docstring.
<br>
<br>
There's no newline at the end of the file.
<br>
<br>
0209:
<br>
ipa-client-install, --noac help: "Red Hat" has two words. Also
it's a
<br>
company; I don't think "Red Hat based distributions" is a
correct use of
<br>
the trademark. In comments/class names it doesn't really matter
but in
<br>
user-facing text we should try to be professional.
<br>
We can either go with "Fedora-based" here and sort this out in a
RHEL
<br>
patch if needed, or better, adjust the help text (or visibility
of the
<br>
option) based on if the platform uses authconfig.
<br>
<br>
</blockquote>
</blockquote>
I'm thinking we could go as far as to provide a way in the
installers to define<br>
platform dependent options. What do you think?<br>
<br>
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">
<blockquote type="cite">In configure_sshd_config, why did you
remove `authorized_keys_changes =
<br>
candidate`?
<br>
<br>
</blockquote>
</blockquote>
Thanks for spotting that, fixed.<br>
<br>
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">
<blockquote type="cite">base.tasks: These need docstrings. Will
those included in the
<br>
documentation that you want to provide later?
<br>
<br>
base.{tasks,fedora}.restore_pre_ipa_client_configuration: line
too long.
<br>
</blockquote>
</blockquote>
Fixed.<br>
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">
<blockquote type="cite">You fix this in a later patch, why not
here?
<br>
<br>
<br>
Each of the functions configure_sssd_for_user_info_and_auth,
<br>
configure_ldap_for_user_info, configure_auto_homedir_creation
now
<br>
execute authconfig.
<br>
<br>
</blockquote>
</blockquote>
Yes, that was a tradeoff for the portability.<br>
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">
<blockquote type="cite">In the base.authconfig.Authconfig
docstring, the example is wrong.
<br>
<br>
In that docstring and in ipaplatform.fedora.tasks, instead of
<br>
auth_config.enable("sssd").\
<br>
enable("sssdauth")
<br>
please use
<br>
auth_config.enable("sssd")
<br>
auth_config.enable("sssdauth")
<br>
In addition to PEP8 compliance (this is Python, not JQuery),
it's more
<br>
diff-friendly.
<br>
Alternately, be pythonic and add support for:
<br>
auth_config.enable("sssd", "sssdauth")
<br>
auth_config.add_parameters(nisdomain=nisdomain):
<br>
<br>
</blockquote>
</blockquote>
Fixed.<br>
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">
<blockquote type="cite">It seems that for every
AuthConfig.execute(), you need to do
<br>
auth_config.add_option("update")
<br>
Why not roll that into execute(), with a (default) argument?
<br>
<br>
</blockquote>
</blockquote>
Fixed.<br>
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">
<blockquote type="cite">AuthConfig.__build_args should lose the
leading underscores. Nothing to
<br>
hide here; according to the docstring it's even part of the
public
<br>
interface. I'd also move it (and execute()) to the base
implementation,
<br>
since it's quite unlikely that authconfig would use different
arguments
<br>
in other distros that support it (and they can override anyway).
<br>
<br>
</blockquote>
</blockquote>
Fixed.<br>
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">
<blockquote type="cite">There's another hardcoded path,
"/usr/sbin/authconfig".
<br>
<br>
</blockquote>
</blockquote>
Fixed.<br>
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">
<blockquote type="cite">0210: OK
<br>
It might be good to point to this patch in some docs, there are
some
<br>
ideas for porting to System V distros.
<br>
<br>
0211:
<br>
I believe ipaplatform.paths.path_namespace doesn't exist yet.
Should
<br>
these changes be in a later patch?
<br>
<br>
I see more hardcodced paths.
<br>
<br>
</blockquote>
</blockquote>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<p>
Will be dealth with later.</p>
<meta name="Description" content="Copy-Paste Buffer">
<meta name="Generator" content="Zim">
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">
<blockquote type="cite">For logging, use multiple arguments
instead of %, and str() is
<br>
unnecessary, e.g.:
<br>
root_logger.info("Failed to add CA to the systemwide "
<br>
"CA trust database: %s", e)
<br>
<br>
<br>
</blockquote>
</blockquote>
Fixed.<br>
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">
<blockquote type="cite">In backup_and_replace_hostname, please use
the logger for the message,
<br>
so it ends up a logfile. (Do it in addition to the print if the
logger
<br>
might be unconfigured.)
<br>
<br>
</blockquote>
</blockquote>
Fixed.<br>
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">
<blockquote type="cite">In backup_and_replace_hostname, the
`readlines` in `for line in
<br>
f.readlines():` is unnecessary.
<br>
<br>
</blockquote>
</blockquote>
Fixed.<br>
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">
<blockquote type="cite">0212: OK
<br>
0213: OK
<br>
0214: OK
<br>
0215: Looks OK
<br>
(pylint should be enough to check this, haven't run it yet)
<br>
<br>
0216:
<br>
I see a lot of these lines:
<br>
from ipaplatform.paths import path_namespace as paths
<br>
I don't think it's healthy to have an object that you *always*
import as
<br>
another name (actually in a single codebase we shouldn't need
renaming
<br>
objects on import at all, but that would be a very minor
nitpick). We
<br>
had some discussions about this, maybe I gave you the idea;
sorry for
<br>
any miscommunication. (I was mostly scared at wanting to
redefine a
<br>
module's __getattr__, which is some seriously arcane magic --
you should
<br>
only try it at home.)
<br>
<br>
You can do better by just placing the class in a convenient
place:
<br>
ipaplatform/<platform>/paths_module.py:
<br>
class PathsNamespace(object):
<br>
...
<br>
ipaplatform/paths_module.py →
ipaplatform/<platform>/paths_module.py
<br>
ipaplatform/__init__.py:
<br>
from ipaplatform.paths_module import PathsNamespace
<br>
paths = PathsNamespace()
<br>
any other module:
<br>
from ipaplatform import paths
<br>
mkdir(paths.IMPORTANT_DIR)
<br>
<br>
</blockquote>
</blockquote>
As we discussed, to avoid cyclical imports, separate modules for
paths and tasks are needed.<br>
Calling the paths_namespace object by its descriptive name is rather
cumbersome, so I changed that to:<br>
<br>
from ipaplatform.paths import paths<br>
from ipaplatform.tasks import tasks<br>
<br>
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">
<blockquote type="cite">ipalib/__init__.py: I think your regex got
too hungry here...
<br>
<br>
</blockquote>
</blockquote>
Thanks for spotting that.<br>
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">
<blockquote type="cite">I'd add a _TEMPLATE suffix to names of
"paths" containing %s, to make it
<br>
clear what they are.
<br>
<br>
</blockquote>
<br>
</blockquote>
Fixed.<br>
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">Continuing
with 0216:
<br>
ipaserver/install/httpinstance.py: NSS_CONF is already in paths;
SSL_CONF should be added there as well.
<br>
selinux_warning should use paths.SETSEBOOL.
<br>
<br>
</blockquote>
Fixed. <br>
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">Regarding
the integration tests, we'll probably want to have each host have
a "paths" attribute and use that in the commands, since each can
potentially be on a different platform.
<br>
That can be done later, though.
<br>
<br>
ipatests/test_xmlrpc/test_automount_plugin.py: this change is
unnecessary
<br>
<br>
0217: OK
<br>
0218: OK
<br>
0219: As I said above, I'd prefer this renamed
<br>
0220: Looks OK
<br>
0221: Looks OK
<br>
<br>
0222:
<br>
Similarly to paths, we should do `from ipaplatform import tasks`;
the module can have an inconvenient name.
<br>
<br>
</blockquote>
Fixed.<br>
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">
<br>
<blockquote type="cite">
<br>
When moving code around you remove the Authors: lines from the
top of
<br>
the files, and replace them with yourself. I don't think that's
a fair
<br>
thing to do.
<br>
</blockquote>
<br>
</blockquote>
Not trying to steal the credit here :) I fixed the Authors and
copyright years.<br>
<blockquote cite="mid:5391A03D.1030408@redhat.com" type="cite">
<br>
Functionally, I didn't find any regressions.
<br>
<br>
</blockquote>
Updated patchset attached. Please note the new patch 223.<br>
<br>
I also added new symlinks to platform modules to .gitignore.<br>
<pre class="moz-signature" cols="72">--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org </pre>
</body>
</html>