diff --git a/install/share/wsgi.py b/install/share/wsgi.py index 457d8e024..e1c2c7332 100644 --- a/install/share/wsgi.py +++ b/install/share/wsgi.py @@ -4,10 +4,14 @@ WSGI appliction for IPA server. from ipalib import api api.bootstrap(context='server', debug=True, log=None) -api.finalize() -api.log.info('*** PROCESS START ***') -import ipawebui -ui = ipawebui.create_wsgi_app(api) +try: + api.finalize() +except StandardError, e: + api.log.error('Failed to start IPA: %s' % e) +else: + api.log.info('*** PROCESS START ***') + import ipawebui + ui = ipawebui.create_wsgi_app(api) -# This is the WSGI callable: -application = api.Backend.session + # This is the WSGI callable: + application = api.Backend.session diff --git a/ipalib/constants.py b/ipalib/constants.py index 05fa1e667..20f1d95d7 100644 --- a/ipalib/constants.py +++ b/ipalib/constants.py @@ -120,6 +120,7 @@ DEFAULT_CONFIG = ( # Debugging: ('verbose', 0), ('debug', False), + ('startup_traceback', False), ('mode', 'production'), # CA plugin: diff --git a/ipalib/plugable.py b/ipalib/plugable.py index 397004eb1..fd5f31a76 100644 --- a/ipalib/plugable.py +++ b/ipalib/plugable.py @@ -536,8 +536,9 @@ class API(DictProxy): 'skipping plugin module %s: %s', fullname, e.reason ) except StandardError, e: - import traceback - self.log.error('could not load plugin module %r\n%s', pyfile, traceback.format_exc()) + if self.env.startup_traceback: + import traceback + self.log.error('could not load plugin module %r\n%s', pyfile, traceback.format_exc()) raise e def finalize(self): diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py index 55a21572c..a2773efb8 100644 --- a/ipalib/plugins/migration.py +++ b/ipalib/plugins/migration.py @@ -31,7 +31,10 @@ from ipalib import api, errors, output, uuid from ipalib import Command, List, Password, Str from ipalib.cli import to_cli if api.env.in_server and api.env.context in ['lite', 'server']: - from ipaserver.plugins.ldap2 import ldap2 + try: + from ipaserver.plugins.ldap2 import ldap2 + except StandardError, e: + raise e from ipalib import _ from ipalib.text import Gettext # FIXME: remove once the other Gettext FIXME is removed diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index 987203caa..aebeb5c27 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -124,17 +124,20 @@ def global_init(url): try: if api.env.context == 'server': - # Create a new credentials cache for this Apache process - tmpdir = tempfile.mkdtemp(prefix = "tmp-") - ccache_file = 'FILE:%s/ccache' % tmpdir - krbcontext = krbV.default_context() - principal = str('HTTP/%s@%s' % (api.env.host, api.env.realm)) - keytab = krbV.Keytab(name='/etc/httpd/conf/ipa.keytab', context=krbcontext) - principal = krbV.Principal(name=principal, context=krbcontext) - os.environ['KRB5CCNAME'] = ccache_file - ccache = krbV.CCache(name=ccache_file, context=krbcontext, primary_principal=principal) - ccache.init(principal) - ccache.init_creds_keytab(keytab=keytab, principal=principal) + try: + # Create a new credentials cache for this Apache process + tmpdir = tempfile.mkdtemp(prefix = "tmp-") + ccache_file = 'FILE:%s/ccache' % tmpdir + krbcontext = krbV.default_context() + principal = str('HTTP/%s@%s' % (api.env.host, api.env.realm)) + keytab = krbV.Keytab(name='/etc/httpd/conf/ipa.keytab', context=krbcontext) + principal = krbV.Principal(name=principal, context=krbcontext) + os.environ['KRB5CCNAME'] = ccache_file + ccache = krbV.CCache(name=ccache_file, context=krbcontext, primary_principal=principal) + ccache.init(principal) + ccache.init_creds_keytab(keytab=keytab, principal=principal) + except krbV.Krb5Error, e: + raise StandardError('Unable to retrieve LDAP schema. Error initializing principal %s in %s: %s' % (principal.name, '/etc/httpd/conf/ipa.keytab', str(e))) conn = _ldap.initialize(url) conn.sasl_interactive_bind_s('', SASL_AUTH) @@ -155,8 +158,9 @@ def global_init(url): except _ldap.SERVER_DOWN: return (None, upg) except _ldap.LDAPError, e: - # TODO: raise a more appropriate exception - _handle_errors(e, **{}) + desc = e.args[0]['desc'].strip() + info = e.args[0].get('info', '').strip() + raise StandardError('Unable to retrieve LDAP schema: %s: %s' % (desc, info)) except IndexError: # no 'cn=schema' entry in LDAP? some servers use 'cn=subschema' # TODO: DS uses 'cn=schema', support for other server? diff --git a/lite-server.py b/lite-server.py index ba7cfe3d3..22ff720f9 100755 --- a/lite-server.py +++ b/lite-server.py @@ -72,6 +72,7 @@ if __name__ == '__main__': ) api.env.in_server = True + api.env.startup_traceback = True (options, args) = api.bootstrap_with_global_options(parser, context='lite') api.env._merge( lite_port=options.port,