rpms / 389-ds-base

Clone
Source Code
GIT

Blame SOURCES/0032-Issue-50882-Fix-healthcheck-errors-for-instances-tha.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-armhfp c7-beta c8-beta-stream-1.4 c8-stream-1.4 c8s-stream-1.4 c8s-stream-ds c9 c9-beta
  1.   ea1d1b15c51d82ed9b03a0f51dedfdb082244a52
  2.   SOURCES
  3.   0032-Issue-50882-Fix-healthcheck-errors-for-instances-tha.patch
Blob History Raw
8394b4 
From 7130e7595ee5e919558a143e64fb08cab1e3d45d Mon Sep 17 00:00:00 2001
8394b4 
From: Mark Reynolds <mreynolds@redhat.com>
8394b4 
Date: Thu, 6 Feb 2020 15:30:42 -0500
8394b4 
Subject: [PATCH] Issue 50882 - Fix healthcheck errors for instances that do
8394b4 
 not have TLS enabled
8394b4
8394b4 
Bug Description:  The config and FSChecks fail when TLS is not setup
8394b4
8394b4 
Fix Description:  Properly check for conditions when TLS is not enabled,
8394b4 
                  and ignore errors if TLS related files are not present
8394b4 
                  during the FS permissions check.
8394b4
8394b4 
relates: https://pagure.io/389-ds-base/issue/50882
8394b4
8394b4 
Reviewed by: firstyear(thanks!)
8394b4 
---
8394b4 
 src/lib389/lib389/config.py  |  2 +-
8394b4 
 src/lib389/lib389/dseldif.py | 23 +++++++++++++----------
8394b4 
 src/lib389/lib389/lint.py    |  3 +--
8394b4 
 src/lib389/lib389/nss_ssl.py |  3 +++
8394b4 
 4 files changed, 18 insertions(+), 13 deletions(-)
8394b4
8394b4 
diff --git a/src/lib389/lib389/config.py b/src/lib389/lib389/config.py
8394b4 
index f71baf2d8..268b99c90 100644
8394b4 
--- a/src/lib389/lib389/config.py
8394b4 
+++ b/src/lib389/lib389/config.py
8394b4 
@@ -238,7 +238,7 @@ class Encryption(DSLdapObject):
8394b4
8394b4 
     def _lint_check_tls_version(self):
8394b4 
         tls_min = self.get_attr_val('sslVersionMin')
8394b4 
-        if tls_min < ensure_bytes('TLS1.1'):
8394b4 
+        if tls_min is not None and tls_min < ensure_bytes('TLS1.1'):
8394b4 
             report = copy.deepcopy(DSELE0001)
8394b4 
             report['fix'] = report['fix'].replace('YOUR_INSTANCE', self._instance.serverid)
8394b4 
             yield report
8394b4 
diff --git a/src/lib389/lib389/dseldif.py b/src/lib389/lib389/dseldif.py
8394b4 
index fbb50623b..716dd46e9 100644
8394b4 
--- a/src/lib389/lib389/dseldif.py
8394b4 
+++ b/src/lib389/lib389/dseldif.py
8394b4 
@@ -200,13 +200,16 @@ class FSChecks(object):
8394b4 
         """Test file permissions are safe
8394b4 
         """
8394b4 
         for ds_file in self.ds_files:
8394b4 
-            perms = int(oct(os.stat(ds_file['name'])[ST_MODE])[-3:])
8394b4 
-            if perms not in ds_file['perms']:
8394b4 
-                perms = str(ds_file['perms'][0])
8394b4 
-                report = copy.deepcopy(ds_file['report'])
8394b4 
-                report['items'].append(ds_file['name'])
8394b4 
-                report['detail'] = report['detail'].replace('FILE', ds_file['name'])
8394b4 
-                report['detail'] = report['detail'].replace('PERMS', perms)
8394b4 
-                report['fix'] = report['fix'].replace('FILE', ds_file['name'])
8394b4 
-                report['fix'] = report['fix'].replace('PERMS', perms)
8394b4 
-                yield report
8394b4 
+            try:
8394b4 
+                perms = int(oct(os.stat(ds_file['name'])[ST_MODE])[-3:])
8394b4 
+                if perms not in ds_file['perms']:
8394b4 
+                    perms = str(ds_file['perms'][0])
8394b4 
+                    report = copy.deepcopy(ds_file['report'])
8394b4 
+                    report['items'].append(ds_file['name'])
8394b4 
+                    report['detail'] = report['detail'].replace('FILE', ds_file['name'])
8394b4 
+                    report['detail'] = report['detail'].replace('PERMS', perms)
8394b4 
+                    report['fix'] = report['fix'].replace('FILE', ds_file['name'])
8394b4 
+                    report['fix'] = report['fix'].replace('PERMS', perms)
8394b4 
+                    yield report
8394b4 
+            except FileNotFoundError:
8394b4 
+                pass
8394b4 
diff --git a/src/lib389/lib389/lint.py b/src/lib389/lib389/lint.py
8394b4 
index 68b729674..742058fa1 100644
8394b4 
--- a/src/lib389/lib389/lint.py
8394b4 
+++ b/src/lib389/lib389/lint.py
8394b4 
@@ -224,8 +224,7 @@ DSREPLLE0002 = {
8394b4 
     'dsle': 'DSREPLLE0002',
8394b4 
     'severity': 'LOW',
8394b4 
     'items' : ['Replication', 'Conflict Entries'],
8394b4 
-    'detail': """There were COUNT conflict entries found under the replication suffix "SUFFIX".
8394b4 
-Status message: MSG""",
8394b4 
+    'detail': "There were COUNT conflict entries found under the replication suffix \"SUFFIX\".",
8394b4 
     'fix' : """While conflict entries are expected to occur in an MMR environment, they
8394b4 
 should be resolved.  In regards to conflict entries there is always the original/counterpart
8394b4 
 entry that has a normal DN, and then the conflict version of that entry.  Technically both
8394b4 
diff --git a/src/lib389/lib389/nss_ssl.py b/src/lib389/lib389/nss_ssl.py
8394b4 
index 41b19caa4..c64f158d5 100644
8394b4 
--- a/src/lib389/lib389/nss_ssl.py
8394b4 
+++ b/src/lib389/lib389/nss_ssl.py
8394b4 
@@ -394,6 +394,9 @@ only.
8394b4 
         for line in lines:
8394b4 
             if line == '':
8394b4 
                 continue
8394b4 
+            if line == 'Database needs user init':
8394b4 
+                # There are no certs, abort...
8394b4 
+                return []
8394b4 
             cert_values.append(re.match(r'^(.+[^\s])[\s]+([^\s]+)$', line.rstrip()).groups())
8394b4 
         return cert_values
8394b4
8394b4 
--
8394b4 
2.21.1
8394b4

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation