[Freeipa-devel] [PATCH] 979 kinit before connect in client

[Rob Crittenden]

Jan Cholasta wrote:
> On 4.3.2012 02:04, Rob Crittenden wrote:
>> I'm not sure why this didn't always fail but in the client installer we
>> were creating a connection before calling kinit. I re-arranged this in
>> and beefed up the client logging.
>>
>> While testing this I periodically ran into an NSS shutdown error where
>> the ping() connection hadn't closed before the host_mod to add the SSH
>> keys was run.
>>
>> This stores dbdir in the connection so we can check to see if the same
>> database is being used so NSSConnection can skip the nss_init().
>>
>> I tested client installs using: ipa-client-install --enable-dns-updates
>> --ssh-trust-dns
>>
>> This same error was reported when installing a replica with --setup-dns.
>>
>> rob
>>
>
> ACK, both ipa-client-install and ipa-replica-install work fine now.
>
> However, in __nss_initialized we should check for SSLTransport instead
> of KerbTransport (as dbdir is set in SSLTransport) and we don't have to
> check for its subclasses (because isinstance checks them automatically).
> Also, we can make the function more readable by getting rid of the
> nested ifs:
>
> + def __nss_initialized(self, dbdir):
> + """
> + If there is another connections open it may have already
> + initialized NSS. This is likely to lead to an NSS shutdown
> + failure. One way to mitigate this is to tell NSS to not
> + initialize if it has already been done in another open connection.
> +
> + Returns True if another connection is using the same db.
> + """
> + for value in context.__dict__.values():
> + if not isinstance(value, Connection):
> + continue
> + if not isinstance(value.conn._ServerProxy__transport, SSLTransport):
> + continue
> + if value.conn._ServerProxy__transport.dbdir == dbdir:
> + return True
> + return False
>
> Honza
>

Thanks, that is much more readable.

Pushed to master and ipa-2-2 with your suggestion.

rob