Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ________________________________________________________________________________________ ERROR at setup of test_basic_ops _________________________________________________________________________________________
- self = <lib389.instance.setup.SetupDs object at 0x7fb26620dfd0>, general = {'config_version': 2, 'defaults': '999999999', 'full_machine_name': 'lucy1', 'selinux': True, ...}
- slapd = {'backup_dir': '/home/lkrispen/TEST/ci/install/var/lib/dirsrv/slapd-standalone1/bak', 'bin_dir': '/home/lkrispen/TEST/...nstall/etc/dirsrv/slapd-standalone1', 'config_dir': '/home/lkrispen/TEST/ci/install/etc/dirsrv/slapd-standalone1', ...}
- backends = [{'cn': 'userRoot', 'nsslapd-suffix': 'dc=example,dc=com', 'sample_entries': '999999999'}], extra = None
- def create_from_args(self, general, slapd, backends=[], extra=None):
- """
- Actually does the setup. this is what you want to call as an api.
- """
- self.log.info("\nStarting installation...")
- # Check we have privs to run
- self.log.debug("READY: Preparing installation for %s...", slapd['instance_name'])
- self._prepare_ds(general, slapd, backends)
- # Call our child api to prepare itself.
- self._prepare(extra)
- self.log.debug("READY: Beginning installation for %s...", slapd['instance_name'])
- if self.dryrun:
- self.log.info("NOOP: Dry run requested")
- else:
- # Actually trigger the installation.
- try:
- > self._install_ds(general, slapd, backends)
- ws/389-ds-base/src/lib389/lib389/instance/setup.py:641:
- _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
- self = <lib389.instance.setup.SetupDs object at 0x7fb26620dfd0>, general = {'config_version': 2, 'defaults': '999999999', 'full_machine_name': 'lucy1', 'selinux': True, ...}
- slapd = {'backup_dir': '/home/lkrispen/TEST/ci/install/var/lib/dirsrv/slapd-standalone1/bak', 'bin_dir': '/home/lkrispen/TEST/...nstall/etc/dirsrv/slapd-standalone1', 'config_dir': '/home/lkrispen/TEST/ci/install/etc/dirsrv/slapd-standalone1', ...}
- backends = [{'cn': 'userRoot', 'nsslapd-suffix': 'dc=example,dc=com', 'sample_entries': '999999999'}]
- def _install_ds(self, general, slapd, backends):
- """
- Actually install the Ds from the dicts provided.
- You should never call this directly, as it bypasses assert_cions.
- """
- # register the instance to /etc/sysconfig
- # We do this first so that we can trick remove-ds.pl if needed.
- # There may be a way to create this from template like the dse.ldif ...
- initconfig = ""
- with open("%s/dirsrv/config/template-initconfig" % slapd['sysconf_dir']) as template_init:
- for line in template_init.readlines():
- initconfig += line.replace('{{', '{', 1).replace('}}', '}', 1).replace('-', '_')
- try:
- # /etc/sysconfig
- os.makedirs("%s" % slapd['initconfig_dir'], mode=0o770)
- except FileExistsError:
- pass
- sysconfig_filename = "%s/dirsrv-%s" % (slapd['initconfig_dir'], slapd['instance_name'])
- with open(sysconfig_filename, 'w') as f:
- f.write(initconfig.format(
- SERVER_DIR=slapd['lib_dir'],
- SERVERBIN_DIR=slapd['sbin_dir'],
- CONFIG_DIR=slapd['config_dir'],
- INST_DIR=slapd['inst_dir'],
- RUN_DIR=slapd['run_dir'],
- DS_ROOT='',
- PRODUCT_NAME='slapd',
- ))
- os.chmod(sysconfig_filename, 0o440)
- os.chown(sysconfig_filename, slapd['user_uid'], slapd['group_gid'])
- # Create all the needed paths
- # we should only need to make bak_dir, cert_dir, config_dir, db_dir, ldif_dir, lock_dir, log_dir, run_dir?
- for path in ('backup_dir', 'cert_dir', 'config_dir', 'db_dir', 'ldif_dir', 'lock_dir', 'log_dir', 'run_dir'):
- self.log.debug("ACTION: creating %s", slapd[path])
- try:
- os.umask(0o007) # For parent dirs that get created -> sets 770 for perms
- os.makedirs(slapd[path], mode=0o770)
- except OSError:
- pass
- os.chown(slapd[path], slapd['user_uid'], slapd['group_gid'])
- # /var/lock/dirsrv needs special attention...
- parentdir = os.path.abspath(os.path.join(slapd['lock_dir'], os.pardir))
- os.chown(parentdir, slapd['user_uid'], slapd['group_gid'])
- ### Warning! We need to down the directory under db too for .restore to work.
- # See dblayer.c for more!
- db_parent = os.path.join(slapd['db_dir'], '..')
- os.chown(db_parent, slapd['user_uid'], slapd['group_gid'])
- # Copy correct data to the paths.
- # Copy in the schema
- # This is a little fragile, make it better.
- # It won't matter when we move schema to usr anyway ...
- _ds_shutil_copytree(os.path.join(slapd['sysconf_dir'], 'dirsrv/schema'), slapd['schema_dir'])
- os.chown(slapd['schema_dir'], slapd['user_uid'], slapd['group_gid'])
- os.chmod(slapd['schema_dir'], 0o770)
- # Copy in the collation
- srcfile = os.path.join(slapd['sysconf_dir'], 'dirsrv/config/slapd-collations.conf')
- dstfile = os.path.join(slapd['config_dir'], 'slapd-collations.conf')
- shutil.copy2(srcfile, dstfile)
- os.chown(dstfile, slapd['user_uid'], slapd['group_gid'])
- os.chmod(dstfile, 0o440)
- # Copy in the certmap configuration
- srcfile = os.path.join(slapd['sysconf_dir'], 'dirsrv/config/certmap.conf')
- dstfile = os.path.join(slapd['config_dir'], 'certmap.conf')
- shutil.copy2(srcfile, dstfile)
- os.chown(dstfile, slapd['user_uid'], slapd['group_gid'])
- os.chmod(dstfile, 0o440)
- # If we are on the correct platform settings, systemd
- if general['systemd'] and not self.containerised:
- # Should create the symlink we need, but without starting it.
- subprocess.check_call(["systemctl",
- "enable",
- "dirsrv@%s" % slapd['instance_name']])
- # Setup tmpfiles_d
- tmpfile_d = ds_paths.tmpfiles_d + "/dirsrv-" + slapd['instance_name'] + ".conf"
- with open(tmpfile_d, "w") as TMPFILE_D:
- TMPFILE_D.write("d {} 0770 {} {}\n".format(slapd['run_dir'], slapd['user'], slapd['group']))
- TMPFILE_D.write("d {} 0770 {} {}\n".format(slapd['lock_dir'].replace("slapd-" + slapd['instance_name'], ""),
- slapd['user'], slapd['group']))
- TMPFILE_D.write("d {} 0770 {} {}\n".format(slapd['lock_dir'], slapd['user'], slapd['group']))
- # Else we need to detect other init scripts?
- # WB: No, we just install and assume that docker will start us ...
- # Bind sockets to our type?
- # Get suffix for some plugin defaults (if possible)
- # annoyingly for legacy compat backend takes TWO key types
- # and we have to now deal with that ....
- #
- # Create ds_suffix here else it won't be in scope ....
- ds_suffix = ''
- if len(backends) > 0:
- ds_suffix = normalizeDN(backends[0]['nsslapd-suffix'])
- # Create certdb in sysconfidir
- self.log.debug("ACTION: Creating certificate database is %s", slapd['cert_dir'])
- # Create dse.ldif with a temporary root password.
- # The template is in slapd['data_dir']/dirsrv/data/template-dse.ldif
- # Variables are done with %KEY%.
- # You could cheat and read it in, do a replace of % to { and } then use format?
- self.log.debug("ACTION: Creating dse.ldif")
- dse = ""
- with open(os.path.join(slapd['data_dir'], 'dirsrv', 'data', 'template-dse.ldif')) as template_dse:
- for line in template_dse.readlines():
- dse += line.replace('%', '{', 1).replace('%', '}', 1)
- with open(os.path.join(slapd['config_dir'], 'dse.ldif'), 'w') as file_dse:
- file_dse.write(dse.format(
- schema_dir=slapd['schema_dir'],
- lock_dir=slapd['lock_dir'],
- tmp_dir=slapd['tmp_dir'],
- cert_dir=slapd['cert_dir'],
- ldif_dir=slapd['ldif_dir'],
- bak_dir=slapd['backup_dir'],
- run_dir=slapd['run_dir'],
- inst_dir=slapd['inst_dir'],
- log_dir=slapd['log_dir'],
- fqdn=general['full_machine_name'],
- ds_port=slapd['port'],
- ds_user=slapd['user'],
- rootdn=slapd['root_dn'],
- # ds_passwd=slapd['root_password'],
- ds_passwd=self._secure_password, # We set our own password here, so we can connect and mod.
- ds_suffix=ds_suffix,
- config_dir=slapd['config_dir'],
- db_dir=slapd['db_dir'],
- ))
- # open the connection to the instance.
- # Should I move this import? I think this prevents some recursion
- from lib389 import DirSrv
- ds_instance = DirSrv(self.verbose)
- ds_instance.containerised = self.containerised
- args = {
- SER_PORT: slapd['port'],
- SER_SERVERID_PROP: slapd['instance_name'],
- SER_ROOT_DN: slapd['root_dn'],
- SER_ROOT_PW: self._raw_secure_password,
- SER_DEPLOYED_DIR: slapd['prefix']
- }
- ds_instance.allocate(args)
- # Does this work?
- assert_c(ds_instance.exists(), "Instance failed to install, does not exist when expected")
- # Create a certificate database.
- tlsdb = NssSsl(dbpath=slapd['cert_dir'])
- if not tlsdb._db_exists():
- tlsdb.reinit()
- if slapd['self_sign_cert']:
- etc_dirsrv_path = os.path.join(slapd['sysconf_dir'], 'dirsrv/')
- ssca_path = os.path.join(etc_dirsrv_path, 'ssca/')
- ssca = NssSsl(dbpath=ssca_path)
- # If it doesn't exist, create a CA DB
- if not ssca._db_exists():
- ssca.reinit()
- ssca.create_rsa_ca(months=slapd['self_sign_cert_valid_months'])
- # If CA is expired or will expire soon,
- # Reissue it and resign the existing certs that were signed by the cert previously
- elif ssca.rsa_ca_needs_renew():
- ca = ssca.renew_rsa_ca(months=slapd['self_sign_cert_valid_months'])
- # Import CA to the existing instances except the one we install now (we import it later)
- for dir in os.listdir(etc_dirsrv_path):
- if dir.startswith("slapd-") and dir != slapd['cert_dir']:
- tlsdb_inst = NssSsl(dbpath=os.path.join(etc_dirsrv_path, dir))
- tlsdb_inst.import_rsa_crt(ca)
- csr = tlsdb.create_rsa_key_and_csr()
- (ca, crt) = ssca.rsa_ca_sign_csr(csr)
- tlsdb.import_rsa_crt(ca, crt)
- if not self.containerised and general['selinux']:
- # Set selinux port label
- selinux_label_port(slapd['secure_port'])
- # Do selinux fixups
- if not self.containerised and general['selinux']:
- selinux_paths = ('backup_dir', 'cert_dir', 'config_dir', 'db_dir', 'ldif_dir',
- 'lock_dir', 'log_dir', 'run_dir', 'schema_dir', 'tmp_dir')
- for path in selinux_paths:
- selinux_restorecon(slapd[path])
- > selinux_label_port(slapd['port'])
- ws/389-ds-base/src/lib389/lib389/instance/setup.py:847:
- _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
- port = 38901, remove_label = False
- def selinux_label_port(port, remove_label=False):
- """
- Either set or remove an SELinux label(ldap_port_t) for a TCP port
- :param port: The TCP port to be labelled
- :type port: str
- :param remove_label: Set True if the port label should be removed
- :type remove_label: boolean
- :raises: ValueError: Error message
- """
- try:
- import selinux
- except ImportError:
- log.debug('selinux python module not found, skipping port labeling.')
- return
- try:
- import sepolicy
- except ImportError:
- log.debug('sepolicy python module not found, skipping port labeling.')
- return
- if not selinux.is_selinux_enabled():
- log.debug('selinux is disabled, skipping port relabel')
- return
- # We only label ports that ARE NOT in the default policy that comes with
- # a RH based system.
- selinux_default_ports = [389, 636, 3268, 3269, 7389]
- if port in selinux_default_ports:
- log.debug('port %s already in %s, skipping port relabel' % (port, selinux_default_ports))
- return
- label_set = False
- label_ex = None
- policies = [p for p in sepolicy.info(sepolicy.PORT)
- if p['protocol'] == 'tcp'
- if port in range(p['low'], p['high'] + 1)
- if p['type'] not in ['unreserved_port_t', 'reserved_port_t', 'ephemeral_port_t']]
- for policy in policies:
- if "ldap_port_t" == policy['type']:
- label_set = True # Port already has our label
- if policy['low'] != policy['high']:
- # We have a range
- if port in range(policy['low'], policy['high'] + 1):
- # The port is within the range, just return
- return
- break
- elif not remove_label:
- # Port belongs to someone else (bad)
- # This is only an issue during setting a label, not removing a label
- raise ValueError("Port {} was already labelled with: ({}) Please choose a different port number".format(port, policy['type']))
- if (remove_label and label_set) or (not remove_label and not label_set):
- for i in range(3):
- try:
- subprocess.check_call(["semanage", "port",
- "-d" if remove_label else "-a",
- "-t", "ldap_port_t",
- "-p", "tcp", str(port)])
- return
- except (OSError, subprocess.CalledProcessError) as e:
- label_ex = e
- time.sleep(3)
- > raise ValueError("Failed to mangle port label: " + str(label_ex))
- E ValueError: Failed to mangle port label: Command '['semanage', 'port', '-a', '-t', 'ldap_port_t', '-p', 'tcp', '38901']' returned non-zero exit status 1.
- ws/389-ds-base/src/lib389/lib389/utils.py:297: ValueError
- During handling of the above exception, another exception occurred:
- request = <SubRequest 'topology_st' for <Function 'test_basic_ops'>>
- @pytest.fixture(scope="module")
- def topology_st(request):
- """Create DS standalone instance"""
- > topology = create_topology({ReplicaRole.STANDALONE: 1})
- ws/389-ds-base/src/lib389/lib389/topologies.py:241:
- _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
- ws/389-ds-base/src/lib389/lib389/topologies.py:133: in create_topology
- topo = _create_instances(topo_dict, suffix)
- ws/389-ds-base/src/lib389/lib389/topologies.py:89: in _create_instances
- instance.create()
- ws/389-ds-base/src/lib389/lib389/__init__.py:971: in create
- self._createPythonDirsrv(version)
- ws/389-ds-base/src/lib389/lib389/__init__.py:941: in _createPythonDirsrv
- sds.create_from_args(general, slapd, backends, None)
- _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
- self = <lib389.instance.setup.SetupDs object at 0x7fb26620dfd0>, general = {'config_version': 2, 'defaults': '999999999', 'full_machine_name': 'lucy1', 'selinux': True, ...}
- slapd = {'backup_dir': '/home/lkrispen/TEST/ci/install/var/lib/dirsrv/slapd-standalone1/bak', 'bin_dir': '/home/lkrispen/TEST/...nstall/etc/dirsrv/slapd-standalone1', 'config_dir': '/home/lkrispen/TEST/ci/install/etc/dirsrv/slapd-standalone1', ...}
- backends = [{'cn': 'userRoot', 'nsslapd-suffix': 'dc=example,dc=com', 'sample_entries': '999999999'}], extra = None
- def create_from_args(self, general, slapd, backends=[], extra=None):
- """
- Actually does the setup. this is what you want to call as an api.
- """
- self.log.info("\nStarting installation...")
- # Check we have privs to run
- self.log.debug("READY: Preparing installation for %s...", slapd['instance_name'])
- self._prepare_ds(general, slapd, backends)
- # Call our child api to prepare itself.
- self._prepare(extra)
- self.log.debug("READY: Beginning installation for %s...", slapd['instance_name'])
- if self.dryrun:
- self.log.info("NOOP: Dry run requested")
- else:
- # Actually trigger the installation.
- try:
- self._install_ds(general, slapd, backends)
- except ValueError as e:
- self.log.fatal("Error: " + str(e) + ", removing incomplete installation...")
- self._remove_failed_install(slapd['instance_name'])
- > raise ValueError("Instance creation failed!")
- E ValueError: Instance creation failed!
- ws/389-ds-base/src/lib389/lib389/instance/setup.py:645: ValueError
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement