[Freeipa-devel] [PATCH] 12 Call generate-rndc-key.sh during ipa-server-install
Misnyovszki Adam
amisnyov at redhat.com
Fri Apr 18 14:01:34 UTC 2014
On Thu, 17 Apr 2014 16:21:19 +0200
Martin Kosek <mkosek at redhat.com> wrote:
> On 04/17/2014 04:10 PM, Rob Crittenden wrote:
> > Misnyovszki Adam wrote:
> >> Hi,
> >> this patch modifies ipa-server-install to warn the user, if there
> >> is a lack of entropy, also runs generate-rndc-key.sh before named
> >> restart, to ensure, that it can start before systemd timeouts.
> >
> > I think the exception should be logged in check_entropy() in case
> > this every does fail (the file name changes, the format changes,
> > etc).
> >
> > There should be a try/except around the run() call.
> >
> > I noticed that /etc/rndc.key isn't removed on uninstall, which I
> > guess means the same key will be re-used. Should we be removing
> > that?
> >
> > rob
>
> Also, bare exceptions are bad!
>
> + except:
> + service.print_msg("Could not determine entropy, possible
> long delays")
>
> Next, you do all the checks in ipa-server-install, while they should
> be in service files, like krbinstance.py so that it is also checked
> in other installers, like ipa-replica-install.
>
> Same for DNS, it should be a separate step in bindinstance.py so that
> when the installation is hanging, you can see
>
> [X/Y] Generating rndc key file
>
> and know that it is hanging on that part.
>
> I would not misuse "service.print_msg" for regular messages, I would
> only do the
>
> service.print_msg("WARNING: Your system is running out of entropy,
> expect long delays!")
>
> others can be either turn into separate installation step or debug
> log message.
>
> Martin
Hi,
according to personal discussion with Martin, see the corrected patch!
Thanks
Adam
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-amisnyov-0012-2-Call-generate-rndc-key.sh-during-ipa-server-install.patch
Type: text/x-patch
Size: 4188 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140418/1550f856/attachment.bin>
More information about the Freeipa-devel
mailing list