#5988 Don't connect to memcache in session manager on module import
Closed: Fixed None Opened 7 years ago by pvoborni.

Session manager could be imported even if it is not needed. E.g. if all server plugins are initialized.

ipaserver/plugins/session.py

if api.env.in_server:
    from ipalib.session import session_mgr

ipaserver/session.py contains at the end of mudel:

session_mgr = MemcacheSessionManager()

Which automatically connects the session manager:

    def __init__(self):
        '''
        :returns:
          `MemcacheSessionManager` object.
        '''

        super(MemcacheSessionManager, self).__init__()
        self.servers = ['unix:%s' % self.memcached_socket_path]
        self.mc = memcache.Client(self.servers, debug=0)

        if not self.servers_running():
            self.warning("session memcached servers not running")

Which may results in:

error message: session memcached servers not running

or

time->Thu Jun 16 22:11:32 2016
type=AVC msg=audit(1466107892.404:662): avc:  denied  { write } for
pid=26289 comm="dogtag-ipa-ca-r" name="ipa_memcached" dev="tmpfs"
ino=183080 scontext=system_u:system_r:certmonger_t:s0
tcontext=system_u:object_r:memcached_var_run_t:s0 tclass=sock_file
permissive=0

Not every usage of server API is intended to be used with memchache. Therefore the initialization of MemcacheSessionManager should be explicit in consumer.


master:

  • dcf8b47 session: move the session module from ipalib to ipaserver
  • a901ec1 session: do not initialize session manager on import
  • 7d9afd9 xmlserver: initialize RPC server plugins only in server context
  • 2615103 makeaci, makeapi, oddjob: use the default API context

Metadata Update from @pvoborni:
- Issue assigned to jcholast
- Issue set to the milestone: FreeIPA 4.4

7 years ago

Login to comment on this ticket.

Metadata