freeipa

Clone
Source Code
GIT

#6625 WSGI fails with internal server error when mode != production (locked attribute)
Closed: fixed 7 years ago Opened 7 years ago by cheimes.

Closed: fixed
Reopen Issue

The WSGI server fails to update ldap2.time_limit because the API is locked. The failure causes an attribute error which is then propagated as internal server error. German Parente reported a similar bug about two weeks ago. I'm now able to reproduce the issue with my modernized lite-server.py on top of PR 314. WSGI is broken unless I set mode to production manually.

Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/werkzeug/serving.py", line 193, in run_wsgi
    execute(self.server.app)
  File "/usr/lib/python2.7/site-packages/werkzeug/serving.py", line 181, in execute
    application_iter = app(environ, start_response)
  File "/home/heimes/redhat/freeipa/lite-server.py", line 169, in wsgi
    return app(environ, start_response)
  File "/usr/lib/python2.7/site-packages/werkzeug/wsgi.py", line 599, in __call__
    return self.app(environ, start_response)
  File "/usr/lib/python2.7/site-packages/werkzeug/wsgi.py", line 659, in __call__
    return app(environ, start_response)
  File "/home/heimes/redhat/freeipa/lite-server.py", line 92, in __call__
    return self.app(environ, start_response)
  File "/home/heimes/redhat/freeipa/ipaserver/rpcserver.py", line 263, in __call__
    return self.route(environ, start_response)
  File "/home/heimes/redhat/freeipa/ipaserver/rpcserver.py", line 275, in route
    return app(environ, start_response)
  File "/home/heimes/redhat/freeipa/ipaserver/rpcserver.py", line 787, in __call__
    self.create_context(ccache=ccache_name)
  File "/home/heimes/redhat/freeipa/ipalib/backend.py", line 125, in create_context
    time_limit=None)
  File "/home/heimes/redhat/freeipa/ipalib/backend.py", line 66, in connect
    conn = self.create_connection(*args, **kw)
  File "/home/heimes/redhat/freeipa/ipaserver/plugins/ldap2.py", line 161, in create_connection
    self.time_limit = time_limit
  File "/home/heimes/redhat/freeipa/ipalib/base.py", line 134, in __setattr__
    SET_ERROR % (self.__class__.__name__, name, value)
AttributeError: locked: cannot set ldap2.time_limit to None

mbasti:  get rid of locking in python, check the available modes and remove the  unusables, IdM is tested only with mode=production, I'm not sure if we  should provide a way for admins to change it.

dkupka: +1, is there still need for 'mode' if it's set to 'production' all the time? Can we drop?

+1 FYI: production is not the default value, https://github.com/freeipa/freeipa/pull/407/files#diff-a87ed44874fd3b4ec2313ffc72783b65R142

mbasti: we need different mode for installers and upgrade

H: +1

H: fix this particular issue in 4.5, get rid of locking later

Metadata Update from @cheimes:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.5
7 years ago

Metadata Update from @jcholast:
- Issue assigned to jcholast (was: someone)
7 years ago

master:

  • 8fdd7a9 backend plugins: fix crashes in development mode
  • fe4489e Travis CI: run tests in development mode

Metadata Update from @mbasti:
- Issue close_status updated to: None
7 years ago

Metadata Update from @mbasti:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
low
None
None
None
None
defect
None
None
IPA
None
None
None
None
None
None
0
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.