IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Remove sys.exit from install modules and scripts

Browse Source 
sys.exit() calls sometimes make it hard to find bugs and mask code that
does not always work properly.

https://fedorahosted.org/freeipa/ticket/5750

Reviewed-By: Martin Basti <mbasti@redhat.com>
This commit is contained in:
Stanislav Laznicka
2016-06-17 13:14:49 +02:00
committed by Martin Basti
parent d461f42f95
commit 5776f1e900
11 changed files with 149 additions and 152 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ipaserver/install/bindinstance.py
View File

@@ -44,6 +44,7 @@ from ipapython import dnsutil
from ipapython.dnsutil import DNSName
from ipapython.ipa_log_manager import root_logger
from ipapython.dn import DN
from ipapython.admintool import ScriptError
import ipalib
from ipalib import api, errors
from ipalib.constants import IPA_CA_RECORD
@@ -473,7 +474,7 @@ def check_reverse_zones(ip_addresses, reverse_zones, options, unattended,
except ValueError as e:
msg = "Reverse zone %s will not be used: %s" % (rz, e)
if unattended:
sys.exit(msg)
raise ScriptError(msg)
else:
root_logger.warning(msg)
continue

42
ipaserver/install/ca.py
View File

@@ -4,10 +4,9 @@
from __future__ import print_function
import sys
from ipaserver.install import cainstance, dsinstance, bindinstance
from ipapython import ipautil, certdb
from ipapython.admintool import ScriptError
from ipaplatform import services
from ipaplatform.paths import paths
from ipaserver.install import installutils, certs
@@ -30,12 +29,11 @@ def install_check(standalone, replica_config, options):
if replica_config is not None:
if standalone and api.env.ra_plugin == 'selfsign':
sys.exit('A selfsign CA can not be added')
raise ScriptError('A selfsign CA can not be added')
if ((not options.promote
and not ipautil.file_exists(replica_config.dir + "/cacert.p12"))):
print('CA cannot be installed in CA-less setup.')
sys.exit(1)
raise ScriptError('CA cannot be installed in CA-less setup.')
if standalone and not options.skip_conncheck:
principal = options.principal
@@ -53,7 +51,7 @@ def install_check(standalone, replica_config, options):
if standalone:
if api.Command.ca_is_enabled()['result']:
sys.exit(
raise ScriptError(
"One or more CA masters are already present in IPA realm "
"'%s'.\nIf you wish to replicate CA to this host, please "
"re-run 'ipa-ca-install'\nwith a replica file generated on "
@@ -64,28 +62,28 @@ def install_check(standalone, replica_config, options):
if not cainstance.is_step_one_done():
# This can happen if someone passes external_ca_file without
# already having done the first stage of the CA install.
print("CA is not installed yet. To install with an external CA "
raise ScriptError(
"CA is not installed yet. To install with an external CA "
"is a two-stage process.\nFirst run the installer with "
"--external-ca.")
sys.exit(1)
external_cert_file, external_ca_file = installutils.load_external_cert(
options.external_cert_files, options.subject)
elif options.external_ca:
if cainstance.is_step_one_done():
print("CA is already installed.\nRun the installer with "
"--external-cert-file.")
sys.exit(1)
raise ScriptError(
"CA is already installed.\nRun the installer with "
"--external-cert-file.")
if ipautil.file_exists(paths.ROOT_IPA_CSR):
print(("CA CSR file %s already exists.\nIn order to continue "
"remove the file and run the installer again." %
paths.ROOT_IPA_CSR))
sys.exit(1)
raise ScriptError(
"CA CSR file %s already exists.\nIn order to continue "
"remove the file and run the installer again." %
paths.ROOT_IPA_CSR)
if not options.external_cert_files:
if not cainstance.check_port():
print("IPA requires port 8443 for PKI but it is currently in use.")
sys.exit("Aborting installation")
raise ScriptError("Aborting installation")
if standalone:
dirname = dsinstance.config_dirname(
@@ -98,9 +96,9 @@ def install_check(standalone, replica_config, options):
if nickname in (certdb.get_ca_nickname(realm_name),
'ipaCert',
'Signing-Cert'):
print(("Certificate with nickname %s is present in %s, "
"cannot continue." % (nickname, db.secdir)))
sys.exit(1)
raise ScriptError(
"Certificate with nickname %s is present in %s, "
"cannot continue." % (nickname, db.secdir))
cert = db.get_cert_from_db(nickname)
if not cert:
@@ -109,9 +107,9 @@ def install_check(standalone, replica_config, options):
if subject in (DN('CN=Certificate Authority', subject_base),
DN('CN=IPA RA', subject_base),
DN('CN=Object Signing Cert', subject_base)):
print(("Certificate with subject %s is present in %s, "
"cannot continue." % (subject, db.secdir)))
sys.exit(1)
raise ScriptError(
"Certificate with subject %s is present in %s, "
"cannot continue." % (subject, db.secdir))
def install(standalone, replica_config, options):

5
ipaserver/install/cainstance.py
View File

@@ -60,6 +60,7 @@ from ipapython.certdb import get_ca_nickname
from ipapython.dn import DN
from ipapython.ipa_log_manager import log_mgr,\
standard_logging_setup, root_logger
from ipapython.admintool import ScriptError
from ipapython.secrets.kem import IPAKEMKeys
from ipaserver.install import certs
@@ -590,7 +591,7 @@ class CAInstance(DogtagInstance):
if self.external == 1:
print("The next step is to get %s signed by your CA and re-run %s as:" % (self.csr_file, sys.argv[0]))
print("%s --external-cert-file=/path/to/signed_certificate --external-cert-file=/path/to/external_ca_certificate" % sys.argv[0])
sys.exit(0)
raise ScriptError(rval=0)
else:
shutil.move(paths.CA_BACKUP_KEYS_P12,
paths.CACERT_P12)
@@ -1517,7 +1518,7 @@ def install_replica_ca(config, postinstall=False, ra_p12=None):
return ca
if ca.is_installed():
sys.exit("A CA is already configured on this system.")
raise ScriptError("A CA is already configured on this system.")
if postinstall:
# If installing this afterward the Apache NSS database already

5
ipaserver/install/dns.py
View File

@@ -22,6 +22,7 @@ from ipapython import sysrestore
from ipapython import dnsutil
from ipapython.dn import DN
from ipapython.ipa_log_manager import root_logger
from ipapython.admintool import ScriptError
from ipapython.ipaldap import AUTOBIND_ENABLED
from ipapython.ipautil import user_input
from ipaserver.install.installutils import get_server_ip_address
@@ -207,8 +208,8 @@ def install_check(standalone, api, replica, options, hostname):
# we can reinstall current server if it is dnssec master
if dnssec_masters and api.env.host not in dnssec_masters:
print("DNSSEC key master(s):", u','.join(dnssec_masters))
sys.exit("Only one DNSSEC key master is supported in current "
"version.")
raise ScriptError(
"Only one DNSSEC key master is supported in current version.")
if options.kasp_db_file:
dnskeysyncd = services.service('ipa-dnskeysyncd')

4
ipaserver/install/dsinstance.py
View File

@@ -22,7 +22,6 @@ from __future__ import print_function
import shutil
import pwd
import sys
import os
import re
import time
@@ -48,6 +47,7 @@ from ipaplatform.constants import constants as platformconstants
from ipaplatform.tasks import tasks
from ipalib.constants import CACERT
from ipapython.dn import DN
from ipapython.admintool import ScriptError
from ipaplatform import services
from ipaplatform.paths import paths
@@ -620,7 +620,7 @@ class DsInstance(service.Service):
super(DsInstance, self).restart(instance)
if not is_ds_running(instance):
root_logger.critical("Failed to restart the directory server. See the installation log for details.")
sys.exit(1)
raise ScriptError()
except SystemExit as e:
raise e
except Exception as e:

20
ipaserver/install/installutils.py
View File

@@ -502,7 +502,7 @@ def get_server_ip_address(host_name, unattended, setup_dns, ip_addresses):
print("The KDC service does not listen on localhost", file=sys.stderr)
print("", file=sys.stderr)
print("Please fix your /etc/hosts file and restart the setup program", file=sys.stderr)
sys.exit(1)
raise ScriptError()
ips = []
if len(hostaddr):
@@ -529,11 +529,11 @@ def get_server_ip_address(host_name, unattended, setup_dns, ip_addresses):
print("or /etc/hosts file and restart the installation.", file=sys.stderr)
print("Provided but not resolved address(es): %s" % \
", ".join(str(ip) for ip in (set(ip_addresses) - set(ips))), file=sys.stderr)
sys.exit(1)
raise ScriptError()
if not ips:
print("No usable IP address provided nor resolved.", file=sys.stderr)
sys.exit(1)
raise ScriptError()
for ip_address in ips:
# check /etc/hosts sanity
@@ -548,7 +548,7 @@ def get_server_ip_address(host_name, unattended, setup_dns, ip_addresses):
print("Chosen hostname %s does not match configured canonical hostname %s" \
% (host_name, primary_host), file=sys.stderr)
print("Please fix your /etc/hosts file and restart the installation.", file=sys.stderr)
sys.exit(1)
raise ScriptError()
return ips
@@ -627,9 +627,9 @@ def create_replica_config(dirman_password, filename, options):
top_dir, dir = expand_replica_info(filename, dirman_password)
except Exception as e:
root_logger.error("Failed to decrypt or open the replica file.")
print("ERROR: Failed to decrypt or open the replica file.")
print("Verify you entered the correct Directory Manager password.")
sys.exit(1)
raise ScriptError(
"ERROR: Failed to decrypt or open the replica file.\n"
"Verify you entered the correct Directory Manager password.")
config = ReplicaConfig(top_dir)
read_replica_info(dir, config)
root_logger.debug(
@@ -639,13 +639,13 @@ def create_replica_config(dirman_password, filename, options):
root_logger.error(
'A replica file from a newer release (%d) cannot be installed on an older version (%d)',
config.version, version.NUM_VERSION)
sys.exit(1)
raise ScriptError()
config.dirman_password = dirman_password
try:
host = get_host_name(options.no_host_dns)
except BadHostError as e:
root_logger.error(str(e))
sys.exit(1)
raise ScriptError()
if config.host_name != host:
try:
print("This replica was created for '%s' but this machine is named '%s'" % (config.host_name, host))
@@ -659,7 +659,7 @@ def create_replica_config(dirman_password, filename, options):
print("")
except KeyboardInterrupt:
root_logger.debug("Keyboard Interrupt")
sys.exit(0)
raise ScriptError(rval=0)
config.dir = dir
config.ca_ds_port = read_replica_info_dogtag_port(config.dir)
return config

4
ipaserver/install/ipa_ldap_updater.py
View File

@@ -26,7 +26,6 @@
from __future__ import print_function
import os
import sys
import six
@@ -82,8 +81,7 @@ class LDAPUpdater(admintool.AdminTool):
try:
installutils.check_server_configuration()
except RuntimeError as e:
print(unicode(e))
sys.exit(1)
raise admintool.ScriptError(e)
def setup_logging(self):
super(LDAPUpdater, self).setup_logging(log_file_mode='a')

4
ipaserver/install/krainstance.py
View File

@@ -20,7 +20,6 @@
import os
import pwd
import shutil
import sys
import tempfile
from six.moves.configparser import ConfigParser
@@ -33,6 +32,7 @@ from ipaplatform.paths import paths
from ipapython import certdb
from ipapython import ipautil
from ipapython.dn import DN
from ipapython.admintool import ScriptError
from ipaserver.install import certs
from ipaserver.install import cainstance
from ipaserver.install import installutils
@@ -425,7 +425,7 @@ def install_replica_kra(config, postinstall=False):
_kra.dm_password = config.dirman_password
_kra.subject_base = config.subject_base
if _kra.is_installed():
sys.exit("A KRA is already configured on this system.")
raise ScriptError("A KRA is already configured on this system.")
_kra.configure_instance(config.realm_name, config.host_name,
config.dirman_password, config.dirman_password,

10
ipaserver/install/replication.py
View File

@@ -33,6 +33,7 @@ from ipalib.cli import textui
from ipalib.constants import CACERT
from ipapython.ipa_log_manager import root_logger
from ipapython import ipautil, ipaldap
from ipapython.admintool import ScriptError
from ipapython.dn import DN
from ipaplatform import services
from ipaplatform.paths import paths
@@ -76,7 +77,7 @@ def replica_conn_check(master_host, host_name, realm, check_ca,
Check the ports used by the replica both locally and remotely to be sure
that replication will work.
Does not return a value, will sys.exit() on failure.
Does not return a value, will raise ScriptError on failure.
"""
print("Run connection check to master")
args = [paths.IPA_REPLICA_CONNCHECK, "--master", master_host,
@@ -101,9 +102,10 @@ def replica_conn_check(master_host, host_name, realm, check_ca,
args, raiseonerr=False, capture_output=False, nolog=nolog)
if result.returncode != 0:
sys.exit("Connection check failed!" +
"\nPlease fix your network settings according to error messages above." +
"\nIf the check results are not valid it can be skipped with --skip-conncheck parameter.")
raise ScriptError(
"Connection check failed!"
"\nPlease fix your network settings according to error messages above."
"\nIf the check results are not valid it can be skipped with --skip-conncheck parameter.")
else:
print("Connection check OK")

75
ipaserver/install/server/install.py
View File

@@ -25,6 +25,7 @@ from ipapython.ipa_log_manager import root_logger
from ipapython.ipautil import (
decrypt_file, format_netloc, ipa_generate_password, run, user_input,
is_fips_enabled)
from ipapython.admintool import ScriptError
from ipaplatform import services
from ipaplatform.paths import paths
from ipaplatform.tasks import tasks
@@ -192,9 +193,8 @@ def read_realm_name(domain_name, unattended):
print("An upper-case realm name is required.")
if not user_input("Do you want to use " + upper_dom +
" as realm name?", True):
print("")
print("An upper-case realm name is required. Unable to continue.")
sys.exit(1)
raise ScriptError(
"An upper-case realm name is required. Unable to continue.")
else:
realm_name = upper_dom
print("")
@@ -230,13 +230,13 @@ def read_admin_password():
def check_dirsrv(unattended):
(ds_unsecure, ds_secure) = dsinstance.check_ports()
if not ds_unsecure or not ds_secure:
print("IPA requires ports 389 and 636 for the Directory Server.")
print("These are currently in use:")
msg = ("IPA requires ports 389 and 636 for the Directory Server.\n"
"These are currently in use:\n")
if not ds_unsecure:
print("\t389")
msg += "\t389\n"
if not ds_secure:
print("\t636")
sys.exit(1)
msg += "\t636\n"
raise ScriptError(msg)
def set_subject_in_config(realm_name, dm_password, suffix, subject_base):
@@ -278,7 +278,7 @@ def common_cleanup(func):
root_logger.error("Failed to remove DS instance. You "
"may need to remove instance data "
"manually")
sys.exit(1)
raise ScriptError()
finally:
if not success and installer._installation_cleanup:
# Do a cautious clean up as we don't know what failed and
@@ -341,16 +341,18 @@ def install_check(installer):
if (not options.external_ca and not options.external_cert_files and
is_ipa_configured()):
installer._installation_cleanup = False
sys.exit("IPA server is already configured on this system.\n"
"If you want to reinstall the IPA server, please uninstall "
"it first using 'ipa-server-install --uninstall'.")
raise ScriptError(
"IPA server is already configured on this system.\n"
"If you want to reinstall the IPA server, please uninstall "
"it first using 'ipa-server-install --uninstall'.")
client_fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
if client_fstore.has_files():
installer._installation_cleanup = False
sys.exit("IPA client is already configured on this system.\n"
"Please uninstall it before configuring the IPA server, "
"using 'ipa-client-install --uninstall'")
raise ScriptError(
"IPA client is already configured on this system.\n"
"Please uninstall it before configuring the IPA server, "
"using 'ipa-client-install --uninstall'")
fstore = sysrestore.FileStore(SYSRESTORE_DIR_PATH)
sstore = sysrestore.StateFile(SYSRESTORE_DIR_PATH)
@@ -362,7 +364,7 @@ def install_check(installer):
else:
dm_password = read_password("Directory Manager", confirm=False)
if dm_password is None:
sys.exit("Directory Manager password required")
raise ScriptError("Directory Manager password required")
try:
cache_vars = read_cache(dm_password)
options.__dict__.update(cache_vars)
@@ -370,7 +372,7 @@ def install_check(installer):
options.external_ca = False
options.interactive = False
except Exception as e:
sys.exit("Cannot process the cache file: %s" % str(e))
raise ScriptError("Cannot process the cache file: %s" % str(e))
# We only set up the CA if the PKCS#12 options are not given.
if options.dirsrv_cert_files:
@@ -425,7 +427,7 @@ def install_check(installer):
# Check to see if httpd is already configured to listen on 443
if httpinstance.httpd_443_configured():
sys.exit("Aborting installation")
raise ScriptError("Aborting installation")
if not options.setup_dns and installer.interactive:
if ipautil.user_input("Do you want to configure integrated DNS "
@@ -455,7 +457,7 @@ def install_check(installer):
else:
host_name = read_host_name(host_default, options.no_host_dns)
except BadHostError as e:
sys.exit(str(e) + "\n")
raise ScriptError(e)
host_name = host_name.lower()
root_logger.debug("will use host_name: %s\n" % host_name)
@@ -467,7 +469,7 @@ def install_check(installer):
try:
validate_domain_name(domain_name)
except ValueError as e:
sys.exit("Invalid domain name: %s" % unicode(e))
raise ScriptError("Invalid domain name: %s" % unicode(e))
else:
domain_name = options.domain_name
@@ -488,7 +490,7 @@ def install_check(installer):
"Enter Apache Server private key unlock",
confirm=False, validate=False)
if options.http_pin is None:
sys.exit(
raise ScriptError(
"Apache Server private key unlock password required")
http_pkcs12_file, http_pin, http_ca_cert = load_pkcs12(
cert_files=options.http_cert_files,
@@ -504,7 +506,7 @@ def install_check(installer):
"Enter Directory Server private key unlock",
confirm=False, validate=False)
if options.dirsrv_pin is None:
sys.exit(
raise ScriptError(
"Directory Server private key unlock password required")
dirsrv_pkcs12_file, dirsrv_pin, dirsrv_ca_cert = load_pkcs12(
cert_files=options.dirsrv_cert_files,
@@ -520,7 +522,7 @@ def install_check(installer):
"Enter Kerberos KDC private key unlock",
confirm=False, validate=False)
if options.pkinit_pin is None:
sys.exit(
raise ScriptError(
"Kerberos KDC private key unlock password required")
pkinit_pkcs12_file, pkinit_pin, pkinit_ca_cert = load_pkcs12(
cert_files=options.pkinit_cert_files,
@@ -532,14 +534,15 @@ def install_check(installer):
if (options.http_cert_files and options.dirsrv_cert_files and
http_ca_cert != dirsrv_ca_cert):
sys.exit("Apache Server SSL certificate and Directory Server SSL "
"certificate are not signed by the same CA certificate")
raise ScriptError(
"Apache Server SSL certificate and Directory Server SSL "
"certificate are not signed by the same CA certificate")
if not options.dm_password:
dm_password = read_dm_password()
if dm_password is None:
sys.exit("Directory Manager password required")
raise ScriptError("Directory Manager password required")
else:
dm_password = options.dm_password
@@ -551,7 +554,7 @@ def install_check(installer):
if not options.admin_password:
admin_password = read_admin_password()
if admin_password is None:
sys.exit("IPA admin password required")
raise ScriptError("IPA admin password required")
else:
admin_password = options.admin_password
@@ -644,7 +647,7 @@ def install_check(installer):
if installer.interactive and not user_input(
"Continue to configure the system with these values?", False):
sys.exit("Installation aborted")
raise ScriptError("Installation aborted")
options.realm_name = realm_name
options.domain_name = domain_name
@@ -892,8 +895,8 @@ def install(installer):
args.append("--mkhomedir")
run(args, redirect_output=True)
print()
except Exception as e:
sys.exit("Configuration of client side components failed!")
except Exception:
raise ScriptError("Configuration of client side components failed!")
# Everything installed properly, activate ipa service.
services.knownservices.ipa.enable()
@@ -977,9 +980,7 @@ def uninstall_check(installer):
"and configuration!\n")
if not user_input("Are you sure you want to continue with the "
"uninstall procedure?", False):
print("")
print("Aborting uninstall operation.")
sys.exit(1)
raise ScriptError("Aborting uninstall operation.")
try:
conn = ipaldap.IPAdmin(
@@ -1003,9 +1004,7 @@ def uninstall_check(installer):
if (installer.interactive and not user_input(
"Are you sure you want to continue with the uninstall "
"procedure?", False)):
print("")
print("Aborting uninstall operation.")
sys.exit(1)
raise ScriptError("Aborting uninstall operation.")
else:
dns.uninstall_check(options)
@@ -1034,9 +1033,7 @@ def uninstall_check(installer):
if (installer.interactive and
not user_input("Are you sure you want to continue with"
" the uninstall procedure?", False)):
print("")
print("Aborting uninstall operation.")
sys.exit(1)
raise ScriptError("Aborting uninstall operation.")
else:
remove_master_from_managed_topology(api, options)

129
ipaserver/install/server/replicainstall.py
View File

@@ -13,7 +13,6 @@ import dns.reversename as dnsreversename
import os
import shutil
import socket
import sys
import tempfile
import six
@@ -23,6 +22,7 @@ from ipapython.dn import DN
from ipapython.install.common import step
from ipapython.install.core import Knob
from ipapython.ipa_log_manager import root_logger
from ipapython.admintool import ScriptError
from ipaplatform import services
from ipaplatform.tasks import tasks
from ipaplatform.paths import paths
@@ -157,8 +157,7 @@ def install_ca_cert(ldap, base_dn, realm, cafile):
os.chmod(constants.CACERT, 0o444)
except Exception as e:
print("error copying files: " + str(e))
sys.exit(1)
raise ScriptError("error copying files: " + str(e))
def install_http(config, auto_redirect, ca_is_configured, promote=False,
@@ -225,13 +224,13 @@ def install_dns_records(config, options, remote_api):
def check_dirsrv():
(ds_unsecure, ds_secure) = dsinstance.check_ports()
if not ds_unsecure or not ds_secure:
print("IPA requires ports 389 and 636 for the Directory Server.")
print("These are currently in use:")
msg = ("IPA requires ports 389 and 636 for the Directory Server.\n"
"These are currently in use:\n")
if not ds_unsecure:
print("\t389")
msg += "\t389\n"
if not ds_secure:
print("\t636")
sys.exit(1)
msg += "\t636\n"
raise ScriptError(msg)
def check_dns_resolution(host_name, dns_servers):
@@ -329,8 +328,8 @@ def configure_certmonger():
try:
messagebus.start()
except Exception as e:
print("Messagebus service unavailable: %s" % str(e))
sys.exit(3)
raise ScriptError("Messagebus service unavailable: %s" % str(e),
rval=3)
# Ensure that certmonger has been started at least once to generate the
# cas files in /var/lib/certmonger/cas.
@@ -338,14 +337,14 @@ def configure_certmonger():
try:
cmonger.restart()
except Exception as e:
print("Certmonger service unavailable: %s" % str(e))
sys.exit(3)
raise ScriptError("Certmonger service unavailable: %s" % str(e),
rval=3)
try:
cmonger.enable()
except Exception as e:
print("Failed to enable Certmonger: %s" % str(e))
sys.exit(3)
raise ScriptError("Failed to enable Certmonger: %s" % str(e),
rval=3)
def remove_replica_info_dir(installer):
@@ -366,7 +365,7 @@ def common_cleanup(func):
remove_replica_info_dir(installer)
raise
except KeyboardInterrupt:
sys.exit(1)
raise ScriptError()
except Exception:
print(
"Your system may be partly configured.\n"
@@ -509,15 +508,17 @@ def install_check(installer):
tasks.check_selinux_status()
if is_ipa_configured():
sys.exit("IPA server is already configured on this system.\n"
"If you want to reinstall the IPA server, please uninstall "
"it first using 'ipa-server-install --uninstall'.")
raise ScriptError(
"IPA server is already configured on this system.\n"
"If you want to reinstall the IPA server, please uninstall "
"it first using 'ipa-server-install --uninstall'.")
client_fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
if client_fstore.has_files():
sys.exit("IPA client is already configured on this system.\n"
"Please uninstall it first before configuring the replica, "
"using 'ipa-client-install --uninstall'.")
raise ScriptError(
"IPA client is already configured on this system.\n"
"Please uninstall it first before configuring the replica, "
"using 'ipa-client-install --uninstall'.")
sstore = sysrestore.StateFile(paths.SYSRESTORE)
@@ -525,7 +526,7 @@ def install_check(installer):
# Check to see if httpd is already configured to listen on 443
if httpinstance.httpd_443_configured():
sys.exit("Aborting installation")
raise ScriptError("Aborting installation")
check_dirsrv()
@@ -546,9 +547,9 @@ def install_check(installer):
try:
dirman_password = get_dirman_password()
except KeyboardInterrupt:
sys.exit(0)
raise ScriptError(rval=0)
if dirman_password is None:
sys.exit("Directory Manager password required")
raise ScriptError("Directory Manager password required")
config = create_replica_config(dirman_password, filename, options)
installer._top_dir = config.top_dir
@@ -644,12 +645,12 @@ def install_check(installer):
if replman.get_replication_agreement(config.host_name):
root_logger.info('Error: A replication agreement for this '
'host already exists.')
print('A replication agreement for this host already exists. '
'It needs to be removed.')
print("Run this on the master that generated the info file:")
print((" %% ipa-replica-manage del %s --force" %
config.host_name))
sys.exit(3)
msg = ("A replication agreement for this host already exists. "
"It needs to be removed.\n"
"Run this on the master that generated the info file:\n"
" %% ipa-replica-manage del %s --force" %
config.host_name)
raise ScriptError(msg, rval=3)
# Detect the current domain level
try:
@@ -680,8 +681,7 @@ def install_check(installer):
"this version is allowed to be installed "
"within this domain.")
root_logger.error(message)
print(message)
sys.exit(3)
raise ScriptError(message, rval=3)
# Check pre-existing host entry
try:
@@ -693,11 +693,11 @@ def install_check(installer):
else:
root_logger.info('Error: Host %s already exists on the master '
'server.' % config.host_name)
print(('The host %s already exists on the master server.' %
config.host_name))
print("You should remove it before proceeding:")
print(" %% ipa host-del %s" % config.host_name)
sys.exit(3)
msg = ("The host %s already exists on the master server.\n"
"You should remove it before proceeding:\n"
" %% ipa host-del %s" %
(config.host_name, config.host_name))
raise ScriptError(msg, rval=3)
dns_masters = remote_api.Object['dnsrecord'].get_dns_masters()
if dns_masters:
@@ -709,7 +709,7 @@ def install_check(installer):
check_dns_resolution(config.host_name, dns_masters))
if not resolution_ok and installer.interactive:
if not ipautil.user_input("Continue?", False):
sys.exit(0)
raise ScriptError(rval=0)
else:
root_logger.debug('No IPA DNS servers, '
'skipping forward/reverse resolution check')
@@ -724,8 +724,7 @@ def install_check(installer):
try:
kra.install_check(remote_api, config, options)
except RuntimeError as e:
print(str(e))
sys.exit(1)
raise ScriptError(e)
if options.setup_dns:
dns.install_check(False, remote_api, True, options,
@@ -737,11 +736,11 @@ def install_check(installer):
options.ip_addresses)
except errors.ACIError:
sys.exit("\nThe password provided is incorrect for LDAP server "
"%s" % config.master_host_name)
raise ScriptError("\nThe password provided is incorrect for LDAP server "
"%s" % config.master_host_name)
except errors.LDAPError:
sys.exit("\nUnable to connect to LDAP server %s" %
config.master_host_name)
raise ScriptError("\nUnable to connect to LDAP server %s" %
config.master_host_name)
finally:
if replman and replman.conn:
replman.conn.unbind()
@@ -955,7 +954,7 @@ def ensure_enrolled(installer):
ipautil.run(args, stdin=stdin, redirect_output=True)
print()
except Exception:
sys.exit("Configuration of client side components failed!")
raise ScriptError("Configuration of client side components failed!")
def promotion_check_ipa_domain(master_ldap_conn, basedn):
@@ -995,9 +994,10 @@ def promote_check(installer):
tasks.check_selinux_status()
if is_ipa_configured():
sys.exit("IPA server is already configured on this system.\n"
"If you want to reinstall the IPA server, please uninstall "
"it first using 'ipa-server-install --uninstall'.")
raise ScriptError(
"IPA server is already configured on this system.\n"
"If you want to reinstall the IPA server, please uninstall "
"it first using 'ipa-server-install --uninstall'.")
client_fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
if not client_fstore.has_files():
@@ -1015,7 +1015,7 @@ def promote_check(installer):
# Check to see if httpd is already configured to listen on 443
if httpinstance.httpd_443_configured():
sys.exit("Aborting installation")
raise ScriptError("Aborting installation")
check_dirsrv()
@@ -1056,7 +1056,7 @@ def promote_check(installer):
"Enter Apache Server private key unlock",
confirm=False, validate=False)
if options.http_pin is None:
sys.exit(
raise ScriptError(
"Apache Server private key unlock password required")
http_pkcs12_file, http_pin, http_ca_cert = load_pkcs12(
cert_files=options.http_cert_files,
@@ -1072,7 +1072,7 @@ def promote_check(installer):
"Enter Directory Server private key unlock",
confirm=False, validate=False)
if options.dirsrv_pin is None:
sys.exit(
raise ScriptError(
"Directory Server private key unlock password required")
dirsrv_pkcs12_file, dirsrv_pin, dirsrv_ca_cert = load_pkcs12(
cert_files=options.dirsrv_cert_files,
@@ -1088,7 +1088,7 @@ def promote_check(installer):
"Enter Kerberos KDC private key unlock",
confirm=False, validate=False)
if options.pkinit_pin is None:
sys.exit(
raise ScriptError(
"Kerberos KDC private key unlock password required")
pkinit_pkcs12_file, pkinit_pin, pkinit_ca_cert = load_pkcs12(
cert_files=options.pkinit_cert_files,
@@ -1203,7 +1203,7 @@ def promote_check(installer):
print("Run this command:")
print(" %% ipa-replica-manage del %s --force" %
config.host_name)
sys.exit(3)
raise ScriptError(rval=3)
# Detect if current level is out of supported range
# for this IPA version
@@ -1218,7 +1218,7 @@ def promote_check(installer):
"this version is allowed to be installed "
"within this domain.")
root_logger.error(message)
sys.exit(3)
raise ScriptError(rval=3)
# Detect if the other master can handle replication managers
# cn=replication managers,cn=sysaccounts,cn=etc,$SUFFIX
@@ -1234,7 +1234,7 @@ def promote_check(installer):
"command on the master and use a prep file to install "
"this replica.")
root_logger.error(msg)
sys.exit(3)
raise ScriptError(rval=3)
dns_masters = remote_api.Object['dnsrecord'].get_dns_masters()
if dns_masters:
@@ -1246,7 +1246,7 @@ def promote_check(installer):
check_dns_resolution(config.host_name, dns_masters))
if not resolution_ok and installer.interactive:
if not ipautil.user_input("Continue?", False):
sys.exit(0)
raise ScriptError(rval=0)
else:
root_logger.debug('No IPA DNS servers, '
'skipping forward/reverse resolution check')
@@ -1264,7 +1264,7 @@ def promote_check(installer):
if options.dirsrv_cert_files:
root_logger.error("Certificates could not be provided when "
"CA is present on some master.")
sys.exit(3)
raise ScriptError(rval=3)
else:
ca_enabled = False
if not options.dirsrv_cert_files:
@@ -1272,20 +1272,20 @@ def promote_check(installer):
"installed. Use the --http-cert-file, "
"--dirsrv-cert-file options to provide "
"custom certificates.")
sys.exit(3)
raise ScriptError(rval=3)
config.kra_host_name = service.find_providing_server('KRA', conn,
api.env.server)
if options.setup_kra and config.kra_host_name is None:
root_logger.error("There is no KRA server in the domain, can't "
"setup a KRA clone")
sys.exit(3)
raise ScriptError(rval=3)
if options.setup_ca:
if not ca_enabled:
root_logger.error("The remote master does not have a CA "
"installed, can't set up CA")
sys.exit(3)
raise ScriptError(rval=3)
options.realm_name = config.realm_name
options.host_name = config.host_name
@@ -1296,8 +1296,7 @@ def promote_check(installer):
try:
kra.install_check(remote_api, config, options)
except RuntimeError as e:
print(str(e))
sys.exit(1)
raise ScriptError(e)
if options.setup_dns:
dns.install_check(False, remote_api, True, options,
@@ -1308,10 +1307,10 @@ def promote_check(installer):
False, options.ip_addresses)
except errors.ACIError:
sys.exit("\nInsufficient privileges to promote the server.")
raise ScriptError("\nInsufficient privileges to promote the server.")
except errors.LDAPError:
sys.exit("\nUnable to connect to LDAP server %s" %
config.master_host_name)
raise ScriptError("\nUnable to connect to LDAP server %s" %
config.master_host_name)
finally:
if replman and replman.conn:
replman.conn.unbind()