From 71d134dfa03eb86066eeb331815647bdff04aaa8 Mon Sep 17 00:00:00 2001 From: Ondrej Hamada Date: Fri, 9 Mar 2012 13:04:23 +0100 Subject: More exception handlers in ipa-client-install Added exception handler to certutil operation of adding CA to the default NSS database. If operation fails, installation is aborted and changes are rolled back. https://fedorahosted.org/freeipa/ticket/2415 If obtaining host TGT fails, the installation is aborted and changes are rolled back. https://fedorahosted.org/freeipa/ticket/1995 --- ipa-client/ipa-install/ipa-client-install | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'ipa-client/ipa-install') diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 22c6a9256..604283ae4 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -1337,7 +1337,11 @@ def install(options, env, fstore, statestore): print "Configured /etc/sssd/sssd.conf" # Add the CA to the default NSS database and trust it - run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", "/etc/ipa/ca.crt"]) + try: + run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", "/etc/ipa/ca.crt"]) + except CalledProcessError, e: + print >>sys.stderr, "Failed to add CA to the default NSS database." + return CLIENT_INSTALL_ERROR # If on master assume kerberos is already configured properly. if not options.on_master: @@ -1354,6 +1358,9 @@ def install(options, env, fstore, statestore): api.Backend.xmlclient.connect() except CalledProcessError, e: print >>sys.stderr, "Failed to obtain host TGT." + # fail to obtain ticket makes it impossible to login and bind from sssd to LDAP, + # abort installation and rollback changes + return CLIENT_INSTALL_ERROR if not options.on_master: client_dns(cli_server, hostname, options.dns_updates) -- cgit