Address two issues uncovered in freeIPA CI #314

rcritten · 2023-11-15T21:55:23Z

Temporarily disable the ipa-ods-exporter service status check

There is a bug in this service such that it will almost always
report as down. Rather than spamming users with this error give
time for it to be fixed in IPA upstream.

See https://pagure.io/freeipa/issue/9463

Don't fail if a service name cannot be looked up in LDAP

A new method was introduced to handle more IPA services. This
requires looking some of them up in LDAP. dirsrv not running
was not being caught so raised an error instead.

A new method was introduced to handle more IPA services. This requires looking some of them up in LDAP. dirsrv not running was not being caught so raised an error instead. Fixes: freeipa#312 Signed-off-by: Rob Crittenden <[email protected]>

There is a bug in this service such that it will almost always report as down. Rather than spamming users with this error give time for it to be fixed in IPA upstream. See https://pagure.io/freeipa/issue/9463 Signed-off-by: Rob Crittenden <[email protected]>

flo-renaud · 2023-11-16T08:33:14Z

@rcritten
thanks for the PR, works for me. Tested on Fedora 39, server with CA +DNS configured as dnssec master, replica with DNS.
Without the patch:

# rpm -qa freeipa-healthcheck
freeipa-healthcheck-0.16-1.fc39.noarch
# ipa-healthcheck --source ipahealthcheck.meta.services
[
  {
    "source": "ipahealthcheck.meta.services",
    "check": "ipa_ods_exporter",
    "result": "ERROR",
    "uuid": "b82d0a17-bd8c-4460-8f4a-4c31ece316e0",
    "when": "20231116083203Z",
    "duration": "0.007967",
    "kw": {
      "status": false,
      "msg": "ipa-ods-exporter: not running"
    }
  }
]
# systemctl stop [email protected]
# ipa-healthcheck --source ipahealthcheck.meta --check krb5kdc
Traceback (most recent call last):
  File "/usr/lib/python3.12/site-packages/ipapython/ipaldap.py", line 1096, in error_handler
    yield
  File "/usr/lib/python3.12/site-packages/ipapython/ipaldap.py", line 1254, in external_bind
    self.conn.sasl_interactive_bind_s(
  File "/usr/lib64/python3.12/site-packages/ldap/ldapobject.py", line 270, in sasl_interactive_bind_s
    return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.12/site-packages/ldap/ldapobject.py", line 128, in _ldap_call
    result = func(*args,**kwargs)
             ^^^^^^^^^^^^^^^^^^^^
ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'errno': 111, 'ctrls': [], 'info': 'Connection refused'}

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/bin/ipa-healthcheck", line 33, in <module>
    sys.exit(load_entry_point('ipahealthcheck==0.16', 'console_scripts', 'ipa-healthcheck')())
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/ipahealthcheck/core/main.py", line 54, in main
    sys.exit(ipachecks.run_healthcheck())
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/ipahealthcheck/core/core.py", line 440, in run_healthcheck
    results, available = run_service_plugins(plugins,
                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/ipahealthcheck/core/core.py", line 145, in run_service_plugins
    for result in plugin.check():
                  ^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/ipahealthcheck/meta/services.py", line 124, in check
    self.service_name = self.get_service_name('KEYS')
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/ipahealthcheck/meta/services.py", line 31, in get_service_name
    api.Backend.ldap2.connect()
  File "/usr/lib/python3.12/site-packages/ipalib/backend.py", line 69, in connect
    conn = self.create_connection(*args, **kw)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/ipaserver/plugins/ldap2.py", line 187, in create_connection
    client.external_bind(server_controls=serverctrls,
  File "/usr/lib/python3.12/site-packages/ipapython/ipaldap.py", line 1251, in external_bind
    with self.error_handler():
  File "/usr/lib64/python3.12/contextlib.py", line 155, in __exit__
    self.gen.throw(value)
  File "/usr/lib/python3.12/site-packages/ipapython/ipaldap.py", line 1149, in error_handler
    raise errors.NetworkError(uri=self.ldap_uri,
ipalib.errors.NetworkError: cannot connect to 'ldapi://%2Frun%2Fslapd-IPA-TEST.socket': Connection refused
#

With the patch:

(venv) # ipa-healthcheck --source ipahealthcheck.meta.services
[]
(venv) # systemctl stop [email protected]
(venv) # ipa-healthcheck --source ipahealthcheck.meta --check krb5kdc
Source 'ipahealthcheck.meta' is missing one or more requirements 'dirsrv'
(venv) #

rcritten added 2 commits November 13, 2023 14:30

flo-renaud added the ack label Nov 16, 2023

flo-renaud self-assigned this Nov 16, 2023

rcritten merged commit 96aa8f6 into freeipa:master Nov 16, 2023
5 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Address two issues uncovered in freeIPA CI #314

Address two issues uncovered in freeIPA CI #314

rcritten commented Nov 15, 2023

flo-renaud commented Nov 16, 2023

Address two issues uncovered in freeIPA CI #314

Address two issues uncovered in freeIPA CI #314

Conversation

rcritten commented Nov 15, 2023

flo-renaud commented Nov 16, 2023