[Freeipa-devel] [PATCHES] 241-253 CA certificate renewal

Fri Apr 25 07:10:26 UTC 2014

On 04/24/2014 11:16 PM, Rob Crittenden wrote:
> Jan Cholasta wrote:
>> On 10.4.2014 22:06, Rob Crittenden wrote:
>>> Some in-line, a whole ton of data appended to end.
>>>
>>> Jan Cholasta wrote:
>>>> On 7.4.2014 20:09, Rob Crittenden wrote:
>>>>> Rob Crittenden wrote:
[...]
>>>>>> $ ipa-cacert-manage -v renew
>>>>>> ipa.ipaserver.install.ipa_cacert_manage.CACertManage: DEBUG:   File
>>>>>> "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line
>>>>>> 168, in
>>>>>> execute
>>>>>>      self.validate_options()
>>>>>>    File
>>>>>> "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_cacert_manage.py",
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> line 62, in validate_options
>>>>>>      super(CACertManage, self).validate_options(needs_root=True)
>>>>>>    File "/usr/lib/python2.7/site-packages/ipapython/admintool.py",
>>>>>> line
>>>>>> 189, in validate_options
>>>>>>      raise ScriptError('Must be root to run %s' %
>>>>>> self.command_name, 1)
>>>>>>
>>>>>> ipa.ipaserver.install.ipa_cacert_manage.CACertManage: DEBUG: The
>>>>>> ipa-cacert-manage command failed, exception: ScriptError: Must be
>>>>>> root
>>>>>> to run ipa-cacert-manage
>>>>>> ipa.ipaserver.install.ipa_cacert_manage.CACertManage: ERROR: Must be
>>>>>> root to run ipa-cacert-manage
>>>>
>>>> That's correct, you can run it only as root, because you can't resubmit
>>>> certmonger requests as a regular user.
>>>
>>> Yes but one shouldn't get a traceback!
>>
>> You get the traceback only in verbose mode. I did not invent this, it's
>> how ipapython.admintool does things.
>
> Ok, I'll blame Petr.

In verbose mode you get all the debugging information that's written to 
logs, and that includes the tracebacks. I stand by this decision.
If the command is normally so quiet that you need the -v flag for normal 
operation, that's a problem. Log interesting messages at INFO.
http://www.freeipa.org/page/V3/Logging_and_output#Design

-- 
Petr³