From 5a96db72e6bb7597217c5fbbcaa1b29836a9c8c0 Mon Sep 17 00:00:00 2001 From: Petr Vobornik Date: Tue, 25 Apr 2017 18:19:21 +0200 Subject: [PATCH] automount install: fix checking of SSSD functionality on uninstall Change in 2d4d1a9dc0ef2bbe86751768d6e6b009a52c0dc9 no longer initializes api in `ipa-client-automount --uninstallation` Which caused error in wait_for_sssd which gets realm from initialized API. This patch initializes the API in a way that it doesn't download schema on uninstallation and on installation it uses host keytab for it so it no longer requires user's Kerberos credentials. Also fix call of xxx_service_class_factory which requires api as param. https://pagure.io/freeipa/issue/6861 Reviewed-By: Rob Crittenden Reviewed-By: Tomas Krizek --- client/ipa-client-automount | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/client/ipa-client-automount b/client/ipa-client-automount index 18914bd74932180f300fcbc7b7db0ba1505881bd..2b1d8b9a8ca14d5403635fb20cee37984fe4a101 100755 --- a/client/ipa-client-automount +++ b/client/ipa-client-automount @@ -193,7 +193,7 @@ def configure_autofs_sssd(fstore, statestore, autodiscover, options): sssdconfig.write(paths.SSSD_CONF) statestore.backup_state('autofs', 'sssd', True) - sssd = services.service('sssd') + sssd = services.service('sssd', api) sssd.restart() print("Restarting sssd, waiting for it to become available.") wait_for_sssd() @@ -281,7 +281,7 @@ def uninstall(fstore, statestore): break sssdconfig.save_domain(domain) sssdconfig.write(paths.SSSD_CONF) - sssd = services.service('sssd') + sssd = services.service('sssd', api) sssd.restart() wait_for_sssd() except Exception as e: @@ -379,9 +379,6 @@ def main(): paths.IPACLIENT_INSTALL_LOG, verbose=False, debug=options.debug, filemode='a', console_format='%(message)s') - if options.uninstall: - return uninstall(fstore, statestore) - cfg = dict( context='cli_installer', confdir=paths.ETC_IPA, @@ -390,8 +387,11 @@ def main(): verbose=0, ) + # Bootstrap API early so that env object is available api.bootstrap(**cfg) - api.finalize() + + if options.uninstall: + return uninstall(fstore, statestore) ca_cert_path = None if os.path.exists(paths.IPA_CA_CRT): @@ -449,6 +449,10 @@ def main(): os.environ['KRB5CCNAME'] = ccache_name except gssapi.exceptions.GSSError as e: sys.exit("Failed to obtain host TGT: %s" % e) + + # Finalize API when TGT obtained using host keytab exists + api.finalize() + # Now we have a TGT, connect to IPA try: api.Backend.rpcclient.connect() -- 2.12.2