diff options
author | Ondrej Hamada <ohamada@redhat.com> | 2012-03-09 13:04:23 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2012-03-09 15:48:27 +0100 |
commit | 71d134dfa03eb86066eeb331815647bdff04aaa8 (patch) | |
tree | 24fdcfd64eb19a039d408f6762da0bc1a342dda4 /ipa-client | |
parent | 480e1a098ae3977e09a6d4134232b31b97c5bbb2 (diff) | |
download | freeipa-71d134dfa03eb86066eeb331815647bdff04aaa8.tar.gz freeipa-71d134dfa03eb86066eeb331815647bdff04aaa8.tar.xz freeipa-71d134dfa03eb86066eeb331815647bdff04aaa8.zip |
More exception handlers in ipa-client-install
Added exception handler to certutil operation of adding CA to the
default NSS database. If operation fails, installation is aborted and
changes are rolled back.
https://fedorahosted.org/freeipa/ticket/2415
If obtaining host TGT fails, the installation is aborted and changes are
rolled back.
https://fedorahosted.org/freeipa/ticket/1995
Diffstat (limited to 'ipa-client')
-rwxr-xr-x | ipa-client/ipa-install/ipa-client-install | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 22c6a9256..604283ae4 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -1337,7 +1337,11 @@ def install(options, env, fstore, statestore): print "Configured /etc/sssd/sssd.conf" # Add the CA to the default NSS database and trust it - run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", "/etc/ipa/ca.crt"]) + try: + run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", "/etc/ipa/ca.crt"]) + except CalledProcessError, e: + print >>sys.stderr, "Failed to add CA to the default NSS database." + return CLIENT_INSTALL_ERROR # If on master assume kerberos is already configured properly. if not options.on_master: @@ -1354,6 +1358,9 @@ def install(options, env, fstore, statestore): api.Backend.xmlclient.connect() except CalledProcessError, e: print >>sys.stderr, "Failed to obtain host TGT." + # fail to obtain ticket makes it impossible to login and bind from sssd to LDAP, + # abort installation and rollback changes + return CLIENT_INSTALL_ERROR if not options.on_master: client_dns(cli_server, hostname, options.dns_updates) |