[Freeipa-devel] [PATCH] 979 kinit before connect in client
Jan Cholasta
jcholast at redhat.com
Mon Mar 5 08:43:36 UTC 2012
On 4.3.2012 02:04, Rob Crittenden wrote:
> I'm not sure why this didn't always fail but in the client installer we
> were creating a connection before calling kinit. I re-arranged this in
> and beefed up the client logging.
>
> While testing this I periodically ran into an NSS shutdown error where
> the ping() connection hadn't closed before the host_mod to add the SSH
> keys was run.
>
> This stores dbdir in the connection so we can check to see if the same
> database is being used so NSSConnection can skip the nss_init().
>
> I tested client installs using: ipa-client-install --enable-dns-updates
> --ssh-trust-dns
>
> This same error was reported when installing a replica with --setup-dns.
>
> rob
>
ACK, both ipa-client-install and ipa-replica-install work fine now.
However, in __nss_initialized we should check for SSLTransport instead
of KerbTransport (as dbdir is set in SSLTransport) and we don't have to
check for its subclasses (because isinstance checks them automatically).
Also, we can make the function more readable by getting rid of the
nested ifs:
+ def __nss_initialized(self, dbdir):
+ """
+ If there is another connections open it may have already
+ initialized NSS. This is likely to lead to an NSS shutdown
+ failure. One way to mitigate this is to tell NSS to not
+ initialize if it has already been done in another open connection.
+
+ Returns True if another connection is using the same db.
+ """
+ for value in context.__dict__.values():
+ if not isinstance(value, Connection):
+ continue
+ if not isinstance(value.conn._ServerProxy__transport,
SSLTransport):
+ continue
+ if value.conn._ServerProxy__transport.dbdir == dbdir:
+ return True
+ return False
Honza
--
Jan Cholasta
More information about the Freeipa-devel
mailing list