From 7130e7595ee5e919558a143e64fb08cab1e3d45d Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Thu, 6 Feb 2020 15:30:42 -0500
Subject: [PATCH] Issue 50882 - Fix healthcheck errors for instances that do
not have TLS enabled
Bug Description: The config and FSChecks fail when TLS is not setup
Fix Description: Properly check for conditions when TLS is not enabled,
and ignore errors if TLS related files are not present
during the FS permissions check.
relates: https://pagure.io/389-ds-base/issue/50882
Reviewed by: firstyear(thanks!)
---
src/lib389/lib389/config.py | 2 +-
src/lib389/lib389/dseldif.py | 23 +++++++++++++----------
src/lib389/lib389/lint.py | 3 +--
src/lib389/lib389/nss_ssl.py | 3 +++
4 files changed, 18 insertions(+), 13 deletions(-)
diff --git a/src/lib389/lib389/config.py b/src/lib389/lib389/config.py
index f71baf2d8..268b99c90 100644
--- a/src/lib389/lib389/config.py
+++ b/src/lib389/lib389/config.py
@@ -238,7 +238,7 @@ class Encryption(DSLdapObject):
def _lint_check_tls_version(self):
tls_min = self.get_attr_val('sslVersionMin')
- if tls_min < ensure_bytes('TLS1.1'):
+ if tls_min is not None and tls_min < ensure_bytes('TLS1.1'):
report = copy.deepcopy(DSELE0001)
report['fix'] = report['fix'].replace('YOUR_INSTANCE', self._instance.serverid)
yield report
diff --git a/src/lib389/lib389/dseldif.py b/src/lib389/lib389/dseldif.py
index fbb50623b..716dd46e9 100644
--- a/src/lib389/lib389/dseldif.py
+++ b/src/lib389/lib389/dseldif.py
@@ -200,13 +200,16 @@ class FSChecks(object):
"""Test file permissions are safe
"""
for ds_file in self.ds_files:
- perms = int(oct(os.stat(ds_file['name'])[ST_MODE])[-3:])
- if perms not in ds_file['perms']:
- perms = str(ds_file['perms'][0])
- report = copy.deepcopy(ds_file['report'])
- report['items'].append(ds_file['name'])
- report['detail'] = report['detail'].replace('FILE', ds_file['name'])
- report['detail'] = report['detail'].replace('PERMS', perms)
- report['fix'] = report['fix'].replace('FILE', ds_file['name'])
- report['fix'] = report['fix'].replace('PERMS', perms)
- yield report
+ try:
+ perms = int(oct(os.stat(ds_file['name'])[ST_MODE])[-3:])
+ if perms not in ds_file['perms']:
+ perms = str(ds_file['perms'][0])
+ report = copy.deepcopy(ds_file['report'])
+ report['items'].append(ds_file['name'])
+ report['detail'] = report['detail'].replace('FILE', ds_file['name'])
+ report['detail'] = report['detail'].replace('PERMS', perms)
+ report['fix'] = report['fix'].replace('FILE', ds_file['name'])
+ report['fix'] = report['fix'].replace('PERMS', perms)
+ yield report
+ except FileNotFoundError:
+ pass
diff --git a/src/lib389/lib389/lint.py b/src/lib389/lib389/lint.py
index 68b729674..742058fa1 100644
--- a/src/lib389/lib389/lint.py
+++ b/src/lib389/lib389/lint.py
@@ -224,8 +224,7 @@ DSREPLLE0002 = {
'dsle': 'DSREPLLE0002',
'severity': 'LOW',
'items' : ['Replication', 'Conflict Entries'],
- 'detail': """There were COUNT conflict entries found under the replication suffix "SUFFIX".
-Status message: MSG""",
+ 'detail': "There were COUNT conflict entries found under the replication suffix \"SUFFIX\".",
'fix' : """While conflict entries are expected to occur in an MMR environment, they
should be resolved. In regards to conflict entries there is always the original/counterpart
entry that has a normal DN, and then the conflict version of that entry. Technically both
diff --git a/src/lib389/lib389/nss_ssl.py b/src/lib389/lib389/nss_ssl.py
index 41b19caa4..c64f158d5 100644
--- a/src/lib389/lib389/nss_ssl.py
+++ b/src/lib389/lib389/nss_ssl.py
@@ -394,6 +394,9 @@ only.
for line in lines:
if line == '':
continue
+ if line == 'Database needs user init':
+ # There are no certs, abort...
+ return []
cert_values.append(re.match(r'^(.+[^\s])[\s]+([^\s]+)$', line.rstrip()).groups())
return cert_values
--
2.21.1