point the users to PKI-related logs when CA configuration fails

This patch adds an error handler which prints out the paths to logs related to
configuration and installation of Dogtag/CA in the case of failure.

https://fedorahosted.org/freeipa/ticket/4900

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>

3 files changed, 19 insertions, 5 deletions

diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py
index 3d70bccfc..c74b8736a 100644
--- a/ipapython/dogtag.py
+++ b/ipapython/dogtag.py
@@ -55,7 +55,9 @@ class Dogtag10Constants(object):
     DESTROY_BINARY = paths.PKIDESTROY
 
     SERVER_ROOT = paths.VAR_LIB_PKI_DIR
+    PKI_INSTALL_LOG = paths.PKI_CA_INSTALL_LOG
     PKI_INSTANCE_NAME = 'pki-tomcat'
+    PKI_LOG_TOP_LEVEL = os.path.join(paths.VAR_LOG_PKI_DIR, PKI_INSTANCE_NAME)
     PKI_ROOT = '%s/%s' % (SERVER_ROOT, PKI_INSTANCE_NAME)
     CRL_PUBLISH_PATH = paths.PKI_CA_PUBLISH_DIR
     CS_CFG_PATH = '%s/conf/ca/CS.cfg' % PKI_ROOT
@@ -89,7 +91,9 @@ class Dogtag9Constants(object):
     DESTROY_BINARY = paths.PKISILENT
 
     SERVER_ROOT = paths.VAR_LIB
+    PKI_INSTALL_LOG = paths.PKI_CA_INSTALL_LOG
     PKI_INSTANCE_NAME = 'pki-ca'
+    PKI_LOG_TOP_LEVEL = paths.PKI_CA_LOG_DIR
     PKI_ROOT = '%s/%s' % (SERVER_ROOT, PKI_INSTANCE_NAME)
     CRL_PUBLISH_PATH = paths.PKI_CA_PUBLISH_DIR
     CS_CFG_PATH = '%s/conf/CS.cfg' % PKI_ROOT
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 59a6b5f21..8ccfd1a82 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -754,8 +754,7 @@ class CAInstance(DogtagInstance):
 
             ipautil.run(args, env={'PKI_HOSTNAME':self.fqdn}, nolog=nolog)
         except ipautil.CalledProcessError, e:
-            self.log.critical("failed to configure ca instance %s", e)
-            raise RuntimeError('Configuration of CA failed')
+            self.handle_setup_error(e)
 
         if self.external == 1:
             print "The next step is to get %s signed by your CA and re-run %s as:" % (self.csr_file, sys.argv[0])
diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py
index 83ce0ca50..98929b864 100644
--- a/ipaserver/install/dogtaginstance.py
+++ b/ipaserver/install/dogtaginstance.py
@@ -176,9 +176,7 @@ class DogtagInstance(service.Service):
         try:
             ipautil.run(args, nolog=nolog)
         except ipautil.CalledProcessError, e:
-            self.log.critical("failed to configure %s instance %s",
-                              subsystem, e)
-            raise RuntimeError('Configuration of %s failed' % subsystem)
+            self.handle_setup_error(e)
 
     def enable(self):
         self.backup_state("enabled", self.is_enabled())
@@ -438,3 +436,16 @@ class DogtagInstance(service.Service):
                 conn.unbind()
 
         return base64.b64encode(admin_cert)
+
+    def handle_setup_error(self, e):
+        self.log.critical("Failed to configure %s instance: %s"
+                          % (self.subsystem, e))
+        self.log.critical("See the installation logs and the following "
+                          "files/directories for more information:")
+        logs = [self.dogtag_constants.PKI_INSTALL_LOG,
+                self.dogtag_constants.PKI_LOG_TOP_LEVEL]
+
+        for log in logs:
+            self.log.critical("  %s" % log)
+
+        raise RuntimeError("%s configuration failed." % self.subsystem)