From 7130e7595ee5e919558a143e64fb08cab1e3d45d Mon Sep 17 00:00:00 2001 From: Mark Reynolds Date: Thu, 6 Feb 2020 15:30:42 -0500 Subject: [PATCH] Issue 50882 - Fix healthcheck errors for instances that do not have TLS enabled Bug Description: The config and FSChecks fail when TLS is not setup Fix Description: Properly check for conditions when TLS is not enabled, and ignore errors if TLS related files are not present during the FS permissions check. relates: https://pagure.io/389-ds-base/issue/50882 Reviewed by: firstyear(thanks!) --- src/lib389/lib389/config.py | 2 +- src/lib389/lib389/dseldif.py | 23 +++++++++++++---------- src/lib389/lib389/lint.py | 3 +-- src/lib389/lib389/nss_ssl.py | 3 +++ 4 files changed, 18 insertions(+), 13 deletions(-) diff --git a/src/lib389/lib389/config.py b/src/lib389/lib389/config.py index f71baf2d8..268b99c90 100644 --- a/src/lib389/lib389/config.py +++ b/src/lib389/lib389/config.py @@ -238,7 +238,7 @@ class Encryption(DSLdapObject): def _lint_check_tls_version(self): tls_min = self.get_attr_val('sslVersionMin') - if tls_min < ensure_bytes('TLS1.1'): + if tls_min is not None and tls_min < ensure_bytes('TLS1.1'): report = copy.deepcopy(DSELE0001) report['fix'] = report['fix'].replace('YOUR_INSTANCE', self._instance.serverid) yield report diff --git a/src/lib389/lib389/dseldif.py b/src/lib389/lib389/dseldif.py index fbb50623b..716dd46e9 100644 --- a/src/lib389/lib389/dseldif.py +++ b/src/lib389/lib389/dseldif.py @@ -200,13 +200,16 @@ class FSChecks(object): """Test file permissions are safe """ for ds_file in self.ds_files: - perms = int(oct(os.stat(ds_file['name'])[ST_MODE])[-3:]) - if perms not in ds_file['perms']: - perms = str(ds_file['perms'][0]) - report = copy.deepcopy(ds_file['report']) - report['items'].append(ds_file['name']) - report['detail'] = report['detail'].replace('FILE', ds_file['name']) - report['detail'] = report['detail'].replace('PERMS', perms) - report['fix'] = report['fix'].replace('FILE', ds_file['name']) - report['fix'] = report['fix'].replace('PERMS', perms) - yield report + try: + perms = int(oct(os.stat(ds_file['name'])[ST_MODE])[-3:]) + if perms not in ds_file['perms']: + perms = str(ds_file['perms'][0]) + report = copy.deepcopy(ds_file['report']) + report['items'].append(ds_file['name']) + report['detail'] = report['detail'].replace('FILE', ds_file['name']) + report['detail'] = report['detail'].replace('PERMS', perms) + report['fix'] = report['fix'].replace('FILE', ds_file['name']) + report['fix'] = report['fix'].replace('PERMS', perms) + yield report + except FileNotFoundError: + pass diff --git a/src/lib389/lib389/lint.py b/src/lib389/lib389/lint.py index 68b729674..742058fa1 100644 --- a/src/lib389/lib389/lint.py +++ b/src/lib389/lib389/lint.py @@ -224,8 +224,7 @@ DSREPLLE0002 = { 'dsle': 'DSREPLLE0002', 'severity': 'LOW', 'items' : ['Replication', 'Conflict Entries'], - 'detail': """There were COUNT conflict entries found under the replication suffix "SUFFIX". -Status message: MSG""", + 'detail': "There were COUNT conflict entries found under the replication suffix \"SUFFIX\".", 'fix' : """While conflict entries are expected to occur in an MMR environment, they should be resolved. In regards to conflict entries there is always the original/counterpart entry that has a normal DN, and then the conflict version of that entry. Technically both diff --git a/src/lib389/lib389/nss_ssl.py b/src/lib389/lib389/nss_ssl.py index 41b19caa4..c64f158d5 100644 --- a/src/lib389/lib389/nss_ssl.py +++ b/src/lib389/lib389/nss_ssl.py @@ -394,6 +394,9 @@ only. for line in lines: if line == '': continue + if line == 'Database needs user init': + # There are no certs, abort... + return [] cert_values.append(re.match(r'^(.+[^\s])[\s]+([^\s]+)$', line.rstrip()).groups()) return cert_values -- 2.21.1