API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 21st, 2019
93
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 18.24 KB | None | 0 0
raw download clone embed print report
  1. ________________________________________________________________________________________ ERROR at setup of test_basic_ops _________________________________________________________________________________________
  2.  
  3. self = <lib389.instance.setup.SetupDs object at 0x7fb26620dfd0>, general = {'config_version': 2, 'defaults': '999999999', 'full_machine_name': 'lucy1', 'selinux': True, ...}
  4. slapd = {'backup_dir': '/home/lkrispen/TEST/ci/install/var/lib/dirsrv/slapd-standalone1/bak', 'bin_dir': '/home/lkrispen/TEST/...nstall/etc/dirsrv/slapd-standalone1', 'config_dir': '/home/lkrispen/TEST/ci/install/etc/dirsrv/slapd-standalone1', ...}
  5. backends = [{'cn': 'userRoot', 'nsslapd-suffix': 'dc=example,dc=com', 'sample_entries': '999999999'}], extra = None
  6.  
  7. def create_from_args(self, general, slapd, backends=[], extra=None):
  8. """
  9. Actually does the setup. this is what you want to call as an api.
  10. """
  11.  
  12. self.log.info("\nStarting installation...")
  13.  
  14. # Check we have privs to run
  15. self.log.debug("READY: Preparing installation for %s...", slapd['instance_name'])
  16.  
  17. self._prepare_ds(general, slapd, backends)
  18. # Call our child api to prepare itself.
  19. self._prepare(extra)
  20.  
  21. self.log.debug("READY: Beginning installation for %s...", slapd['instance_name'])
  22.  
  23. if self.dryrun:
  24. self.log.info("NOOP: Dry run requested")
  25. else:
  26. # Actually trigger the installation.
  27. try:
  28. > self._install_ds(general, slapd, backends)
  29.  
  30. ws/389-ds-base/src/lib389/lib389/instance/setup.py:641:
  31. _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
  32.  
  33. self = <lib389.instance.setup.SetupDs object at 0x7fb26620dfd0>, general = {'config_version': 2, 'defaults': '999999999', 'full_machine_name': 'lucy1', 'selinux': True, ...}
  34. slapd = {'backup_dir': '/home/lkrispen/TEST/ci/install/var/lib/dirsrv/slapd-standalone1/bak', 'bin_dir': '/home/lkrispen/TEST/...nstall/etc/dirsrv/slapd-standalone1', 'config_dir': '/home/lkrispen/TEST/ci/install/etc/dirsrv/slapd-standalone1', ...}
  35. backends = [{'cn': 'userRoot', 'nsslapd-suffix': 'dc=example,dc=com', 'sample_entries': '999999999'}]
  36.  
  37. def _install_ds(self, general, slapd, backends):
  38. """
  39. Actually install the Ds from the dicts provided.
  40.  
  41. You should never call this directly, as it bypasses assert_cions.
  42. """
  43. # register the instance to /etc/sysconfig
  44. # We do this first so that we can trick remove-ds.pl if needed.
  45. # There may be a way to create this from template like the dse.ldif ...
  46. initconfig = ""
  47. with open("%s/dirsrv/config/template-initconfig" % slapd['sysconf_dir']) as template_init:
  48. for line in template_init.readlines():
  49. initconfig += line.replace('{{', '{', 1).replace('}}', '}', 1).replace('-', '_')
  50. try:
  51. # /etc/sysconfig
  52. os.makedirs("%s" % slapd['initconfig_dir'], mode=0o770)
  53. except FileExistsError:
  54. pass
  55. sysconfig_filename = "%s/dirsrv-%s" % (slapd['initconfig_dir'], slapd['instance_name'])
  56. with open(sysconfig_filename, 'w') as f:
  57. f.write(initconfig.format(
  58. SERVER_DIR=slapd['lib_dir'],
  59. SERVERBIN_DIR=slapd['sbin_dir'],
  60. CONFIG_DIR=slapd['config_dir'],
  61. INST_DIR=slapd['inst_dir'],
  62. RUN_DIR=slapd['run_dir'],
  63. DS_ROOT='',
  64. PRODUCT_NAME='slapd',
  65. ))
  66. os.chmod(sysconfig_filename, 0o440)
  67. os.chown(sysconfig_filename, slapd['user_uid'], slapd['group_gid'])
  68.  
  69. # Create all the needed paths
  70. # we should only need to make bak_dir, cert_dir, config_dir, db_dir, ldif_dir, lock_dir, log_dir, run_dir?
  71. for path in ('backup_dir', 'cert_dir', 'config_dir', 'db_dir', 'ldif_dir', 'lock_dir', 'log_dir', 'run_dir'):
  72. self.log.debug("ACTION: creating %s", slapd[path])
  73. try:
  74. os.umask(0o007) # For parent dirs that get created -> sets 770 for perms
  75. os.makedirs(slapd[path], mode=0o770)
  76. except OSError:
  77. pass
  78. os.chown(slapd[path], slapd['user_uid'], slapd['group_gid'])
  79.  
  80. # /var/lock/dirsrv needs special attention...
  81. parentdir = os.path.abspath(os.path.join(slapd['lock_dir'], os.pardir))
  82. os.chown(parentdir, slapd['user_uid'], slapd['group_gid'])
  83.  
  84. ### Warning! We need to down the directory under db too for .restore to work.
  85. # See dblayer.c for more!
  86. db_parent = os.path.join(slapd['db_dir'], '..')
  87. os.chown(db_parent, slapd['user_uid'], slapd['group_gid'])
  88.  
  89. # Copy correct data to the paths.
  90. # Copy in the schema
  91. # This is a little fragile, make it better.
  92. # It won't matter when we move schema to usr anyway ...
  93.  
  94. _ds_shutil_copytree(os.path.join(slapd['sysconf_dir'], 'dirsrv/schema'), slapd['schema_dir'])
  95. os.chown(slapd['schema_dir'], slapd['user_uid'], slapd['group_gid'])
  96. os.chmod(slapd['schema_dir'], 0o770)
  97.  
  98. # Copy in the collation
  99. srcfile = os.path.join(slapd['sysconf_dir'], 'dirsrv/config/slapd-collations.conf')
  100. dstfile = os.path.join(slapd['config_dir'], 'slapd-collations.conf')
  101. shutil.copy2(srcfile, dstfile)
  102. os.chown(dstfile, slapd['user_uid'], slapd['group_gid'])
  103. os.chmod(dstfile, 0o440)
  104.  
  105. # Copy in the certmap configuration
  106. srcfile = os.path.join(slapd['sysconf_dir'], 'dirsrv/config/certmap.conf')
  107. dstfile = os.path.join(slapd['config_dir'], 'certmap.conf')
  108. shutil.copy2(srcfile, dstfile)
  109. os.chown(dstfile, slapd['user_uid'], slapd['group_gid'])
  110. os.chmod(dstfile, 0o440)
  111.  
  112. # If we are on the correct platform settings, systemd
  113. if general['systemd'] and not self.containerised:
  114. # Should create the symlink we need, but without starting it.
  115. subprocess.check_call(["systemctl",
  116. "enable",
  117. "dirsrv@%s" % slapd['instance_name']])
  118.  
  119. # Setup tmpfiles_d
  120. tmpfile_d = ds_paths.tmpfiles_d + "/dirsrv-" + slapd['instance_name'] + ".conf"
  121. with open(tmpfile_d, "w") as TMPFILE_D:
  122. TMPFILE_D.write("d {} 0770 {} {}\n".format(slapd['run_dir'], slapd['user'], slapd['group']))
  123. TMPFILE_D.write("d {} 0770 {} {}\n".format(slapd['lock_dir'].replace("slapd-" + slapd['instance_name'], ""),
  124. slapd['user'], slapd['group']))
  125. TMPFILE_D.write("d {} 0770 {} {}\n".format(slapd['lock_dir'], slapd['user'], slapd['group']))
  126.  
  127. # Else we need to detect other init scripts?
  128. # WB: No, we just install and assume that docker will start us ...
  129.  
  130. # Bind sockets to our type?
  131.  
  132. # Get suffix for some plugin defaults (if possible)
  133. # annoyingly for legacy compat backend takes TWO key types
  134. # and we have to now deal with that ....
  135. #
  136. # Create ds_suffix here else it won't be in scope ....
  137. ds_suffix = ''
  138. if len(backends) > 0:
  139. ds_suffix = normalizeDN(backends[0]['nsslapd-suffix'])
  140.  
  141. # Create certdb in sysconfidir
  142. self.log.debug("ACTION: Creating certificate database is %s", slapd['cert_dir'])
  143.  
  144. # Create dse.ldif with a temporary root password.
  145. # The template is in slapd['data_dir']/dirsrv/data/template-dse.ldif
  146. # Variables are done with %KEY%.
  147. # You could cheat and read it in, do a replace of % to { and } then use format?
  148. self.log.debug("ACTION: Creating dse.ldif")
  149. dse = ""
  150. with open(os.path.join(slapd['data_dir'], 'dirsrv', 'data', 'template-dse.ldif')) as template_dse:
  151. for line in template_dse.readlines():
  152. dse += line.replace('%', '{', 1).replace('%', '}', 1)
  153.  
  154. with open(os.path.join(slapd['config_dir'], 'dse.ldif'), 'w') as file_dse:
  155. file_dse.write(dse.format(
  156. schema_dir=slapd['schema_dir'],
  157. lock_dir=slapd['lock_dir'],
  158. tmp_dir=slapd['tmp_dir'],
  159. cert_dir=slapd['cert_dir'],
  160. ldif_dir=slapd['ldif_dir'],
  161. bak_dir=slapd['backup_dir'],
  162. run_dir=slapd['run_dir'],
  163. inst_dir=slapd['inst_dir'],
  164. log_dir=slapd['log_dir'],
  165. fqdn=general['full_machine_name'],
  166. ds_port=slapd['port'],
  167. ds_user=slapd['user'],
  168. rootdn=slapd['root_dn'],
  169. # ds_passwd=slapd['root_password'],
  170. ds_passwd=self._secure_password, # We set our own password here, so we can connect and mod.
  171. ds_suffix=ds_suffix,
  172. config_dir=slapd['config_dir'],
  173. db_dir=slapd['db_dir'],
  174. ))
  175.  
  176. # open the connection to the instance.
  177.  
  178. # Should I move this import? I think this prevents some recursion
  179. from lib389 import DirSrv
  180. ds_instance = DirSrv(self.verbose)
  181. ds_instance.containerised = self.containerised
  182. args = {
  183. SER_PORT: slapd['port'],
  184. SER_SERVERID_PROP: slapd['instance_name'],
  185. SER_ROOT_DN: slapd['root_dn'],
  186. SER_ROOT_PW: self._raw_secure_password,
  187. SER_DEPLOYED_DIR: slapd['prefix']
  188. }
  189.  
  190. ds_instance.allocate(args)
  191. # Does this work?
  192. assert_c(ds_instance.exists(), "Instance failed to install, does not exist when expected")
  193.  
  194. # Create a certificate database.
  195. tlsdb = NssSsl(dbpath=slapd['cert_dir'])
  196. if not tlsdb._db_exists():
  197. tlsdb.reinit()
  198.  
  199. if slapd['self_sign_cert']:
  200. etc_dirsrv_path = os.path.join(slapd['sysconf_dir'], 'dirsrv/')
  201. ssca_path = os.path.join(etc_dirsrv_path, 'ssca/')
  202. ssca = NssSsl(dbpath=ssca_path)
  203. # If it doesn't exist, create a CA DB
  204. if not ssca._db_exists():
  205. ssca.reinit()
  206. ssca.create_rsa_ca(months=slapd['self_sign_cert_valid_months'])
  207. # If CA is expired or will expire soon,
  208. # Reissue it and resign the existing certs that were signed by the cert previously
  209. elif ssca.rsa_ca_needs_renew():
  210. ca = ssca.renew_rsa_ca(months=slapd['self_sign_cert_valid_months'])
  211. # Import CA to the existing instances except the one we install now (we import it later)
  212. for dir in os.listdir(etc_dirsrv_path):
  213. if dir.startswith("slapd-") and dir != slapd['cert_dir']:
  214. tlsdb_inst = NssSsl(dbpath=os.path.join(etc_dirsrv_path, dir))
  215. tlsdb_inst.import_rsa_crt(ca)
  216.  
  217. csr = tlsdb.create_rsa_key_and_csr()
  218. (ca, crt) = ssca.rsa_ca_sign_csr(csr)
  219. tlsdb.import_rsa_crt(ca, crt)
  220. if not self.containerised and general['selinux']:
  221. # Set selinux port label
  222. selinux_label_port(slapd['secure_port'])
  223.  
  224. # Do selinux fixups
  225. if not self.containerised and general['selinux']:
  226. selinux_paths = ('backup_dir', 'cert_dir', 'config_dir', 'db_dir', 'ldif_dir',
  227. 'lock_dir', 'log_dir', 'run_dir', 'schema_dir', 'tmp_dir')
  228. for path in selinux_paths:
  229. selinux_restorecon(slapd[path])
  230.  
  231. > selinux_label_port(slapd['port'])
  232.  
  233. ws/389-ds-base/src/lib389/lib389/instance/setup.py:847:
  234. _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
  235.  
  236. port = 38901, remove_label = False
  237.  
  238. def selinux_label_port(port, remove_label=False):
  239. """
  240. Either set or remove an SELinux label(ldap_port_t) for a TCP port
  241.  
  242. :param port: The TCP port to be labelled
  243. :type port: str
  244. :param remove_label: Set True if the port label should be removed
  245. :type remove_label: boolean
  246. :raises: ValueError: Error message
  247. """
  248. try:
  249. import selinux
  250. except ImportError:
  251. log.debug('selinux python module not found, skipping port labeling.')
  252. return
  253.  
  254. try:
  255. import sepolicy
  256. except ImportError:
  257. log.debug('sepolicy python module not found, skipping port labeling.')
  258. return
  259.  
  260. if not selinux.is_selinux_enabled():
  261. log.debug('selinux is disabled, skipping port relabel')
  262. return
  263.  
  264. # We only label ports that ARE NOT in the default policy that comes with
  265. # a RH based system.
  266. selinux_default_ports = [389, 636, 3268, 3269, 7389]
  267. if port in selinux_default_ports:
  268. log.debug('port %s already in %s, skipping port relabel' % (port, selinux_default_ports))
  269. return
  270.  
  271. label_set = False
  272. label_ex = None
  273.  
  274. policies = [p for p in sepolicy.info(sepolicy.PORT)
  275. if p['protocol'] == 'tcp'
  276. if port in range(p['low'], p['high'] + 1)
  277. if p['type'] not in ['unreserved_port_t', 'reserved_port_t', 'ephemeral_port_t']]
  278.  
  279. for policy in policies:
  280. if "ldap_port_t" == policy['type']:
  281. label_set = True # Port already has our label
  282. if policy['low'] != policy['high']:
  283. # We have a range
  284. if port in range(policy['low'], policy['high'] + 1):
  285. # The port is within the range, just return
  286. return
  287. break
  288. elif not remove_label:
  289. # Port belongs to someone else (bad)
  290. # This is only an issue during setting a label, not removing a label
  291. raise ValueError("Port {} was already labelled with: ({}) Please choose a different port number".format(port, policy['type']))
  292.  
  293. if (remove_label and label_set) or (not remove_label and not label_set):
  294. for i in range(3):
  295.  
  296. try:
  297. subprocess.check_call(["semanage", "port",
  298. "-d" if remove_label else "-a",
  299. "-t", "ldap_port_t",
  300. "-p", "tcp", str(port)])
  301. return
  302. except (OSError, subprocess.CalledProcessError) as e:
  303. label_ex = e
  304. time.sleep(3)
  305. > raise ValueError("Failed to mangle port label: " + str(label_ex))
  306. E ValueError: Failed to mangle port label: Command '['semanage', 'port', '-a', '-t', 'ldap_port_t', '-p', 'tcp', '38901']' returned non-zero exit status 1.
  307.  
  308. ws/389-ds-base/src/lib389/lib389/utils.py:297: ValueError
  309.  
  310. During handling of the above exception, another exception occurred:
  311.  
  312. request = <SubRequest 'topology_st' for <Function 'test_basic_ops'>>
  313.  
  314. @pytest.fixture(scope="module")
  315. def topology_st(request):
  316. """Create DS standalone instance"""
  317.  
  318. > topology = create_topology({ReplicaRole.STANDALONE: 1})
  319.  
  320. ws/389-ds-base/src/lib389/lib389/topologies.py:241:
  321. _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
  322. ws/389-ds-base/src/lib389/lib389/topologies.py:133: in create_topology
  323. topo = _create_instances(topo_dict, suffix)
  324. ws/389-ds-base/src/lib389/lib389/topologies.py:89: in _create_instances
  325. instance.create()
  326. ws/389-ds-base/src/lib389/lib389/__init__.py:971: in create
  327. self._createPythonDirsrv(version)
  328. ws/389-ds-base/src/lib389/lib389/__init__.py:941: in _createPythonDirsrv
  329. sds.create_from_args(general, slapd, backends, None)
  330. _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
  331.  
  332. self = <lib389.instance.setup.SetupDs object at 0x7fb26620dfd0>, general = {'config_version': 2, 'defaults': '999999999', 'full_machine_name': 'lucy1', 'selinux': True, ...}
  333. slapd = {'backup_dir': '/home/lkrispen/TEST/ci/install/var/lib/dirsrv/slapd-standalone1/bak', 'bin_dir': '/home/lkrispen/TEST/...nstall/etc/dirsrv/slapd-standalone1', 'config_dir': '/home/lkrispen/TEST/ci/install/etc/dirsrv/slapd-standalone1', ...}
  334. backends = [{'cn': 'userRoot', 'nsslapd-suffix': 'dc=example,dc=com', 'sample_entries': '999999999'}], extra = None
  335.  
  336. def create_from_args(self, general, slapd, backends=[], extra=None):
  337. """
  338. Actually does the setup. this is what you want to call as an api.
  339. """
  340.  
  341. self.log.info("\nStarting installation...")
  342.  
  343. # Check we have privs to run
  344. self.log.debug("READY: Preparing installation for %s...", slapd['instance_name'])
  345.  
  346. self._prepare_ds(general, slapd, backends)
  347. # Call our child api to prepare itself.
  348. self._prepare(extra)
  349.  
  350. self.log.debug("READY: Beginning installation for %s...", slapd['instance_name'])
  351.  
  352. if self.dryrun:
  353. self.log.info("NOOP: Dry run requested")
  354. else:
  355. # Actually trigger the installation.
  356. try:
  357. self._install_ds(general, slapd, backends)
  358. except ValueError as e:
  359. self.log.fatal("Error: " + str(e) + ", removing incomplete installation...")
  360. self._remove_failed_install(slapd['instance_name'])
  361. > raise ValueError("Instance creation failed!")
  362. E ValueError: Instance creation failed!
  363.  
  364. ws/389-ds-base/src/lib389/lib389/instance/setup.py:645: ValueError
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!