#38 Support old OSes like RHEL 6 (python 2.6, httpd 2.2)
Closed 4 years ago by puiterwijk. Opened 5 years ago by merlinthp.
merlinthp/ipsilon rhel6  into  master

file modified
+13 -11
@@ -144,20 +144,22 @@ 

              if api.Backend.rpcclient.isconnected():



-         try:

-             msg = "Trying to fetch keytab[%s] for %s" % (

-                   opts['gssapi_httpd_keytab'], princ)

-             logger.info(msg)

-             subprocess.check_output([IPA_GETKEYTAB,

-                                      '-s', server, '-p', princ,

-                                      '-k', opts['gssapi_httpd_keytab']],

-                                     stderr=subprocess.STDOUT)

-         except subprocess.CalledProcessError, e:

+         msg = "Trying to fetch keytab[%s] for %s" % (

+               opts['gssapi_httpd_keytab'], princ)

+         logger.info(msg)

+         gktcmd = [IPA_GETKEYTAB, '-s', server, '-p', princ, '-k',

+                   opts['gssapi_httpd_keytab']]

+         proc = subprocess.Popen(gktcmd, stdout=subprocess.PIPE,

+                                 stderr=subprocess.STDOUT)

+         output, dummy_err = proc.communicate()

+         retcode = proc.poll()

+         if retcode:

              # unfortunately this one is fatal


              logger.info('Error trying to get HTTP keytab:')

-             logger.info('Cmd> %s\n%s', e.cmd, e.output)

-             raise Exception('Missing keytab: [%s]' % e)

+             logger.info('Cmd> %s\n%s', gktcmd, output)

+             raise Exception('Missing keytab: [Command \'%s\' returned non-zero'

+                             ' exit status %d]' % (gktcmd, retcode))


          # Fixup permissions so only the ipsilon user can read these files

          pw = pwd.getpwnam(HTTPD_USER)

no initial comment

Why the pipe to /dev/null?

I tried to work out if there was a way to only match /usr/share/doc/sssd or /usr/share/doc/sssd-<number> but my bash glob fu isn't up to it. On a versioned docdir OS (like RHEL 6 and 7) this will show the contents of the doc dir for every installed sssd subpackage, which is typically something like 10 packages. The pipe to /dev/null just reduces the spam a bit. I'm not that fussed about keeping the pipe, the * is the important bit.

The more I look at this, the less happy I am. I think I was in a mentality of downstream patching, so trying to minimise the number of LoC I was changing. It seems a bit silly to raise the CalledProcessError just to catch it on the next line.

How about switching the call from ls /usr/... to file /usr/...?

Do you want to fix this, or would you like someone else to pick up this PR?

Looks like all the comments got addressed, no?

This PR was WIP, and doesn't work yet.
I have a reworked patch set in my el6-support branch, but I need to work with merlinthp on finishing that up.


4 years ago

Patrick has taken care of all the fixes needed in master, except for the check_output call in the ipa helper code.

This looks good to me, thanks. :thumbsup:

Pull-Request has been closed by puiterwijk

4 years ago