From 827c97d9d60eadbb3fdd7652635f9e6829b78216 Mon Sep 17 00:00:00 2001 From: Mark Reynolds Date: Feb 07 2020 19:23:50 +0000 Subject: Issue 50882 - Fix healthcheck errors for instances that do not have TLS enabled Bug Description: The config and FSChecks fail when TLS is not setup Fix Description: Properly check for conditions when TLS is not enabled, and ignore errors if TLS related files are not present during the FS permissions check. relates: https://pagure.io/389-ds-base/issue/50882 Reviewed by: firstyear(thanks!) --- diff --git a/src/lib389/lib389/config.py b/src/lib389/lib389/config.py index a2f0159..becfccb 100644 --- a/src/lib389/lib389/config.py +++ b/src/lib389/lib389/config.py @@ -251,7 +251,7 @@ class Encryption(DSLdapObject): def _lint_check_tls_version(self): tls_min = self.get_attr_val('sslVersionMin') - if tls_min < ensure_bytes('TLS1.1'): + if tls_min is not None and tls_min < ensure_bytes('TLS1.1'): report = copy.deepcopy(DSELE0001) report['fix'] = report['fix'].replace('YOUR_INSTANCE', self._instance.serverid) yield report diff --git a/src/lib389/lib389/dseldif.py b/src/lib389/lib389/dseldif.py index d1dc242..1cafaef 100644 --- a/src/lib389/lib389/dseldif.py +++ b/src/lib389/lib389/dseldif.py @@ -361,13 +361,16 @@ class FSChecks(object): """Test file permissions are safe """ for ds_file in self.ds_files: - perms = int(oct(os.stat(ds_file['name'])[ST_MODE])[-3:]) - if perms not in ds_file['perms']: - perms = str(ds_file['perms'][0]) - report = copy.deepcopy(ds_file['report']) - report['items'].append(ds_file['name']) - report['detail'] = report['detail'].replace('FILE', ds_file['name']) - report['detail'] = report['detail'].replace('PERMS', perms) - report['fix'] = report['fix'].replace('FILE', ds_file['name']) - report['fix'] = report['fix'].replace('PERMS', perms) - yield report + try: + perms = int(oct(os.stat(ds_file['name'])[ST_MODE])[-3:]) + if perms not in ds_file['perms']: + perms = str(ds_file['perms'][0]) + report = copy.deepcopy(ds_file['report']) + report['items'].append(ds_file['name']) + report['detail'] = report['detail'].replace('FILE', ds_file['name']) + report['detail'] = report['detail'].replace('PERMS', perms) + report['fix'] = report['fix'].replace('FILE', ds_file['name']) + report['fix'] = report['fix'].replace('PERMS', perms) + yield report + except FileNotFoundError: + pass diff --git a/src/lib389/lib389/lint.py b/src/lib389/lib389/lint.py index c6f2df3..60af195 100644 --- a/src/lib389/lib389/lint.py +++ b/src/lib389/lib389/lint.py @@ -224,8 +224,7 @@ DSREPLLE0002 = { 'dsle': 'DSREPLLE0002', 'severity': 'LOW', 'items' : ['Replication', 'Conflict Entries'], - 'detail': """There were COUNT conflict entries found under the replication suffix "SUFFIX". -Status message: MSG""", + 'detail': "There were COUNT conflict entries found under the replication suffix \"SUFFIX\".", 'fix' : """While conflict entries are expected to occur in an MMR environment, they should be resolved. In regards to conflict entries there is always the original/counterpart entry that has a normal DN, and then the conflict version of that entry. Technically both diff --git a/src/lib389/lib389/nss_ssl.py b/src/lib389/lib389/nss_ssl.py index b1af141..205773e 100644 --- a/src/lib389/lib389/nss_ssl.py +++ b/src/lib389/lib389/nss_ssl.py @@ -395,6 +395,9 @@ only. for line in lines: if line == '': continue + if line == 'Database needs user init': + # There are no certs, abort... + return [] cert_values.append(re.match(r'^(.+[^\s])[\s]+([^\s]+)$', line.rstrip()).groups()) return cert_values