Add option to have ipautil.run() not raise an exception

There are times where a caller will want to determine the course of
action based on the returncode instead of relying on it != 0.

This also lets the caller get the contents of stdout and stderr.

ipapython/ipautil.py

@@ -89,7 +89,7 @@ def write_tmp_file(txt):
 
     return fd
 
-def run(args, stdin=None):
+def run(args, stdin=None, raiseonerr=True):
     if stdin:
         p = subprocess.Popen(args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True)
         stdout,stderr = p.communicate(stdin)
@@ -101,10 +101,10 @@ def run(args, stdin=None):
     logging.info('stdout=%s' % stdout)
     logging.info('stderr=%s' % stderr)
 
-    if p.returncode != 0:
+    if p.returncode != 0 and raiseonerr:
         raise CalledProcessError(p.returncode, ' '.join(args))
 
-    return (stdout, stderr)
+    return (stdout, stderr, p.returncode)
 
 def file_exists(filename):
     try:

ipaserver/install/cainstance.py

@@ -612,7 +612,7 @@ class CAInstance(service.Service):
             # pkisilent doesn't return 1 on error so look at the output of
             # /sbin/service pki-ca status. It will tell us if the instance
             # still needs to be configured.
-            (stdout, stderr) = ipautil.run(["/sbin/service", "pki-ca", "status"])
+            (stdout, stderr, returncode) = ipautil.run(["/sbin/service", "pki-ca", "status"])
             try:
                 stdout.index("CONFIGURED!")
                 raise RuntimeError("pkisilent failed to configure instance.")
@@ -640,7 +640,7 @@ class CAInstance(service.Service):
 
     def __get_agent_cert(self, nickname):
         args = ["/usr/bin/certutil", "-L", "-d", self.ca_agent_db, "-n", nickname, "-a"]
-        (out, err) = ipautil.run(args)
+        (out, err, returncode) = ipautil.run(args)
         out = out.replace('-----BEGIN CERTIFICATE-----', '')
         out = out.replace('-----END CERTIFICATE-----', '')
         return out
@@ -692,7 +692,7 @@ class CAInstance(service.Service):
             '%s:%d' % (self.host_name, AGENT_SECURE_PORT),
         ]
         logging.debug("running sslget %s" % args)
-        (stdout, stderr) = ipautil.run(args)
+        (stdout, stderr, returncode) = ipautil.run(args)
 
         data = stdout.split('\r\n')
         params = get_defList(data)
@@ -713,7 +713,7 @@ class CAInstance(service.Service):
             '%s:%d' % (self.host_name, AGENT_SECURE_PORT),
         ]
         logging.debug("running sslget %s" % args)
-        (stdout, stderr) = ipautil.run(args)
+        (stdout, stderr, returncode) = ipautil.run(args)
 
         data = stdout.split('\r\n')
         outputList = get_outputList(data)
@@ -844,7 +844,7 @@ class CAInstance(service.Service):
         # makes openssl throw up.
         data = base64.b64decode(chain)
 
-        (certs, stderr) = ipautil.run(["/usr/bin/openssl",
+        (certs, stderr, returncode) = ipautil.run(["/usr/bin/openssl",
              "pkcs7",
              "-inform",
              "DER",
@@ -989,7 +989,7 @@ class CAInstance(service.Service):
         """
 
         # Start by checking to see if policy is already installed.
-        (stdout, stderr) = ipautils.run(["/usr/sbin/semodule", "-l"])
+        (stdout, stderr, returncode) = ipautil.run(["/usr/sbin/semodule", "-l"])
 
         # Ok, so stdout is a huge string of the output. Look through that
         # for our policy

ipaserver/install/certs.py

@@ -382,7 +382,7 @@ class CertDB(object):
         root_nicknames = self.find_root_cert(nickname)
         fd = open(self.cacert_fname, "w")
         for root in root_nicknames:
-            (cert, stderr) = self.run_certutil(["-L", "-n", root, "-a"])
+            (cert, stderr, returncode) = self.run_certutil(["-L", "-n", root, "-a"])
             fd.write(cert)
         fd.close()
         os.chmod(self.cacert_fname, stat.S_IRUSR | stat.S_IRGRP | stat.S_IROTH)
@@ -424,13 +424,13 @@ class CertDB(object):
     def get_cert_from_db(self, nickname):
         try:
             args = ["-L", "-n", nickname, "-a"]
-            (cert, err) = self.run_certutil(args)
+            (cert, err, returncode) = self.run_certutil(args)
             return cert
         except ipautil.CalledProcessError:
             return ''
 
     def find_cacert_serial(self):
-        (out,err) = self.run_certutil(["-L", "-n", self.cacert_name])
+        (out, err, returncode) = self.run_certutil(["-L", "-n", self.cacert_name])
         data = out.split('\n')
         for line in data:
             x = re.match(r'\s+Serial Number: (\d+) .*', line)
@@ -485,7 +485,7 @@ class CertDB(object):
                 "-f", self.passwd_fname]
         if not self.self_signed_ca:
             args.append("-a")
-        (stdout, stderr) = self.run_certutil(args)
+        (stdout, stderr, returncode) = self.run_certutil(args)
         os.remove(self.noise_fname)
 
         return (stdout, stderr)
@@ -746,7 +746,7 @@ class CertDB(object):
         if passwd_fname:
             args = args + ["-w", passwd_fname]
         try:
-            (stdout, stderr) = ipautil.run(args)
+            (stdout, stderr, returncode) = ipautil.run(args)
         except ipautil.CalledProcessError, e:
             if e.returncode == 17:
                 raise RuntimeError("incorrect password")

ipaserver/install/dsinstance.py

@@ -105,7 +105,7 @@ def is_ds_running():
     """
     ret = True
     try:
-        (sout, serr) = ipautil.run(["/sbin/service", "dirsrv", "status"])
+        (sout, serr, rcode) = ipautil.run(["/sbin/service", "dirsrv", "status"])
         if sout.find("is stopped") >= 0:
             ret = False
     except ipautil.CalledProcessError:

ipaserver/install/httpinstance.py

@@ -100,7 +100,7 @@ class HTTPInstance(service.Service):
         if selinux:
             try:
                 # returns e.g. "httpd_can_network_connect --> off"
-                (stdout, stderr) = ipautil.run(["/usr/sbin/getsebool",
+                (stdout, stderr, returncode) = ipautil.run(["/usr/sbin/getsebool",
                                                 "httpd_can_network_connect"])
                 self.backup_state("httpd_can_network_connect", stdout.split()[2])
             except:

ipaserver/install/service.py

@@ -54,7 +54,7 @@ def chkconfig_del(service_name):
     ipautil.run(["/sbin/chkconfig", "--del", service_name])
 
 def is_enabled(service_name):
-    (stdout, stderr) = ipautil.run(["/sbin/chkconfig", "--list", service_name])
+    (stdout, stderr, returncode) = ipautil.run(["/sbin/chkconfig", "--list", service_name])
 
     runlevels = {}
     for runlevel in range(0, 7):