suppress errors arising from adding existing LDAP entries during KRA install

https://fedorahosted.org/freeipa/ticket/5346 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
author: Martin Babinsky <mbabinsk@redhat.com> 2015-11-19 14:33:49 +0100
committer: Jan Cholasta <jcholast@redhat.com> 2015-11-19 15:04:12 +0100
commit: 4d59a711af2b5b5e3441116f6d18d54ec9eccfb8 (patch)
tree: 04ad5ad4c9d875ec072bcbd3617c6119f141fd70 /ipaserver
parent: f3076c6ab37e081ba9b0ec9f0502379f60dfbd10 (diff)
download: freeipa-4d59a711af2b5b5e3441116f6d18d54ec9eccfb8.tar.gz
freeipa-4d59a711af2b5b5e3441116f6d18d54ec9eccfb8.tar.xz
freeipa-4d59a711af2b5b5e3441116f6d18d54ec9eccfb8.zip
2 files changed, 17 insertions, 3 deletions
diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py
index ed47be737..be62226ad 100644
--- a/ipaserver/install/krainstance.py
+++ b/ipaserver/install/krainstance.py
@@ -53,6 +53,8 @@ ADMIN_GROUPS = [
     'Security Domain Administrators'
 ]
 
+LDAPMOD_ERR_ALREADY_EXISTS = 68
+
 class KRAInstance(DogtagInstance):
     """
     We assume that the CA has already been installed, and we use the
@@ -312,8 +314,18 @@ class KRAInstance(DogtagInstance):
         conn.disconnect()
 
     def __add_vault_container(self):
-        self._ldap_mod('vault.ldif', {'SUFFIX': self.suffix})
-        self.ldap_disconnect()
+        try:
+            self._ldap_mod('vault.ldif', {'SUFFIX': self.suffix},
+                           raise_on_err=True)
+        except ipautil.CalledProcessError as e:
+            if e.returncode == LDAPMOD_ERR_ALREADY_EXISTS:
+                self.log.debug("Vault container already exists")
+            else:
+                self.log.error("Failed to add vault container: {0}".format(e))
+        finally:
+            # we need to disconnect from LDAP, because _ldap_mod() makes the
+            # connection without actually using it
+            self.ldap_disconnect()
 
     def __apply_updates(self):
         sub_dict = {
diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py
index b9e68121d..c856cccd0 100644
--- a/ipaserver/install/service.py
+++ b/ipaserver/install/service.py
@@ -184,7 +184,7 @@ class Service(object):
         self.admin_conn.unbind()
         self.admin_conn = None
 
-    def _ldap_mod(self, ldif, sub_dict=None):
+    def _ldap_mod(self, ldif, sub_dict=None, raise_on_err=False):
         pw_name = None
         fd = None
         path = ipautil.SHARE_DIR + ldif
@@ -228,6 +228,8 @@ class Service(object):
             try:
                 ipautil.run(args, nolog=nologlist)
             except ipautil.CalledProcessError as e:
+                if raise_on_err:
+                    raise
                 root_logger.critical("Failed to load %s: %s" % (ldif, str(e)))
         finally:
             if pw_name:
author	Martin Babinsky <mbabinsk@redhat.com>	2015-11-19 14:33:49 +0100
committer	Jan Cholasta <jcholast@redhat.com>	2015-11-19 15:04:12 +0100
commit	4d59a711af2b5b5e3441116f6d18d54ec9eccfb8 (patch)
tree	04ad5ad4c9d875ec072bcbd3617c6119f141fd70 /ipaserver
parent	f3076c6ab37e081ba9b0ec9f0502379f60dfbd10 (diff)
download	freeipa-4d59a711af2b5b5e3441116f6d18d54ec9eccfb8.tar.gz freeipa-4d59a711af2b5b5e3441116f6d18d54ec9eccfb8.tar.xz freeipa-4d59a711af2b5b5e3441116f6d18d54ec9eccfb8.zip