[Freeipa-devel] [PATCH] 12 Call generate-rndc-key.sh during ipa-server-install
Martin Kosek
mkosek at redhat.com
Thu Apr 17 14:21:19 UTC 2014
On 04/17/2014 04:10 PM, Rob Crittenden wrote:
> Misnyovszki Adam wrote:
>> Hi,
>> this patch modifies ipa-server-install to warn the user, if there is
>> a lack of entropy, also runs generate-rndc-key.sh before named restart,
>> to ensure, that it can start before systemd timeouts.
>
> I think the exception should be logged in check_entropy() in case this every
> does fail (the file name changes, the format changes, etc).
>
> There should be a try/except around the run() call.
>
> I noticed that /etc/rndc.key isn't removed on uninstall, which I guess means
> the same key will be re-used. Should we be removing that?
>
> rob
Also, bare exceptions are bad!
+ except:
+ service.print_msg("Could not determine entropy, possible long delays")
Next, you do all the checks in ipa-server-install, while they should be in
service files, like krbinstance.py so that it is also checked in other
installers, like ipa-replica-install.
Same for DNS, it should be a separate step in bindinstance.py so that when the
installation is hanging, you can see
[X/Y] Generating rndc key file
and know that it is hanging on that part.
I would not misuse "service.print_msg" for regular messages, I would only do the
service.print_msg("WARNING: Your system is running out of entropy, expect long
delays!")
others can be either turn into separate installation step or debug log message.
Martin
More information about the Freeipa-devel
mailing list