andykimpe / rpms / 389-ds-base

Forked from rpms/389-ds-base 5 months ago
Clone

Blame SOURCES/0032-Issue-50882-Fix-healthcheck-errors-for-instances-tha.patch

8394b4
From 7130e7595ee5e919558a143e64fb08cab1e3d45d Mon Sep 17 00:00:00 2001
8394b4
From: Mark Reynolds <mreynolds@redhat.com>
8394b4
Date: Thu, 6 Feb 2020 15:30:42 -0500
8394b4
Subject: [PATCH] Issue 50882 - Fix healthcheck errors for instances that do
8394b4
 not have TLS enabled
8394b4
8394b4
Bug Description:  The config and FSChecks fail when TLS is not setup
8394b4
8394b4
Fix Description:  Properly check for conditions when TLS is not enabled,
8394b4
                  and ignore errors if TLS related files are not present
8394b4
                  during the FS permissions check.
8394b4
8394b4
relates: https://pagure.io/389-ds-base/issue/50882
8394b4
8394b4
Reviewed by: firstyear(thanks!)
8394b4
---
8394b4
 src/lib389/lib389/config.py  |  2 +-
8394b4
 src/lib389/lib389/dseldif.py | 23 +++++++++++++----------
8394b4
 src/lib389/lib389/lint.py    |  3 +--
8394b4
 src/lib389/lib389/nss_ssl.py |  3 +++
8394b4
 4 files changed, 18 insertions(+), 13 deletions(-)
8394b4
8394b4
diff --git a/src/lib389/lib389/config.py b/src/lib389/lib389/config.py
8394b4
index f71baf2d8..268b99c90 100644
8394b4
--- a/src/lib389/lib389/config.py
8394b4
+++ b/src/lib389/lib389/config.py
8394b4
@@ -238,7 +238,7 @@ class Encryption(DSLdapObject):
8394b4
 
8394b4
     def _lint_check_tls_version(self):
8394b4
         tls_min = self.get_attr_val('sslVersionMin')
8394b4
-        if tls_min < ensure_bytes('TLS1.1'):
8394b4
+        if tls_min is not None and tls_min < ensure_bytes('TLS1.1'):
8394b4
             report = copy.deepcopy(DSELE0001)
8394b4
             report['fix'] = report['fix'].replace('YOUR_INSTANCE', self._instance.serverid)
8394b4
             yield report
8394b4
diff --git a/src/lib389/lib389/dseldif.py b/src/lib389/lib389/dseldif.py
8394b4
index fbb50623b..716dd46e9 100644
8394b4
--- a/src/lib389/lib389/dseldif.py
8394b4
+++ b/src/lib389/lib389/dseldif.py
8394b4
@@ -200,13 +200,16 @@ class FSChecks(object):
8394b4
         """Test file permissions are safe
8394b4
         """
8394b4
         for ds_file in self.ds_files:
8394b4
-            perms = int(oct(os.stat(ds_file['name'])[ST_MODE])[-3:])
8394b4
-            if perms not in ds_file['perms']:
8394b4
-                perms = str(ds_file['perms'][0])
8394b4
-                report = copy.deepcopy(ds_file['report'])
8394b4
-                report['items'].append(ds_file['name'])
8394b4
-                report['detail'] = report['detail'].replace('FILE', ds_file['name'])
8394b4
-                report['detail'] = report['detail'].replace('PERMS', perms)
8394b4
-                report['fix'] = report['fix'].replace('FILE', ds_file['name'])
8394b4
-                report['fix'] = report['fix'].replace('PERMS', perms)
8394b4
-                yield report
8394b4
+            try:
8394b4
+                perms = int(oct(os.stat(ds_file['name'])[ST_MODE])[-3:])
8394b4
+                if perms not in ds_file['perms']:
8394b4
+                    perms = str(ds_file['perms'][0])
8394b4
+                    report = copy.deepcopy(ds_file['report'])
8394b4
+                    report['items'].append(ds_file['name'])
8394b4
+                    report['detail'] = report['detail'].replace('FILE', ds_file['name'])
8394b4
+                    report['detail'] = report['detail'].replace('PERMS', perms)
8394b4
+                    report['fix'] = report['fix'].replace('FILE', ds_file['name'])
8394b4
+                    report['fix'] = report['fix'].replace('PERMS', perms)
8394b4
+                    yield report
8394b4
+            except FileNotFoundError:
8394b4
+                pass
8394b4
diff --git a/src/lib389/lib389/lint.py b/src/lib389/lib389/lint.py
8394b4
index 68b729674..742058fa1 100644
8394b4
--- a/src/lib389/lib389/lint.py
8394b4
+++ b/src/lib389/lib389/lint.py
8394b4
@@ -224,8 +224,7 @@ DSREPLLE0002 = {
8394b4
     'dsle': 'DSREPLLE0002',
8394b4
     'severity': 'LOW',
8394b4
     'items' : ['Replication', 'Conflict Entries'],
8394b4
-    'detail': """There were COUNT conflict entries found under the replication suffix "SUFFIX".
8394b4
-Status message: MSG""",
8394b4
+    'detail': "There were COUNT conflict entries found under the replication suffix \"SUFFIX\".",
8394b4
     'fix' : """While conflict entries are expected to occur in an MMR environment, they
8394b4
 should be resolved.  In regards to conflict entries there is always the original/counterpart
8394b4
 entry that has a normal DN, and then the conflict version of that entry.  Technically both
8394b4
diff --git a/src/lib389/lib389/nss_ssl.py b/src/lib389/lib389/nss_ssl.py
8394b4
index 41b19caa4..c64f158d5 100644
8394b4
--- a/src/lib389/lib389/nss_ssl.py
8394b4
+++ b/src/lib389/lib389/nss_ssl.py
8394b4
@@ -394,6 +394,9 @@ only.
8394b4
         for line in lines:
8394b4
             if line == '':
8394b4
                 continue
8394b4
+            if line == 'Database needs user init':
8394b4
+                # There are no certs, abort...
8394b4
+                return []
8394b4
             cert_values.append(re.match(r'^(.+[^\s])[\s]+([^\s]+)$', line.rstrip()).groups())
8394b4
         return cert_values
8394b4
 
8394b4
-- 
8394b4
2.21.1
8394b4