Notification time stamped 2023-11-15 20:18:51 UTC
From 59da07cf2fd302db45e0395ea70be7dd6adb4292 Mon Sep 17 00:00:00 2001 From: Rob Crittenden rcritten@redhat.com Date: Nov 15 2023 20:17:16 +0000 Subject: Fix some issues uncovered by freeIPA CI
If a specific service status is requested that relies on dirsrv the dependency on dirsrv is not validated which can result in a connection error.
The ods exporter check is temporarily removed until the upstream bug is fixed.
---
diff --git a/0002-Don-t-fail-if-a-service-name-cannot-be-looked-up-in-.patch b/0002-Don-t-fail-if-a-service-name-cannot-be-looked-up-in-.patch new file mode 100644 index 0000000..5233083 --- /dev/null +++ b/0002-Don-t-fail-if-a-service-name-cannot-be-looked-up-in-.patch @@ -0,0 +1,44 @@ +From 35ff77300758c12110132d6d638802d5b223bd6d Mon Sep 17 00:00:00 2001 +From: Rob Crittenden rcritten@redhat.com +Date: Mon, 13 Nov 2023 14:09:16 -0500 +Subject: [PATCH] Don't fail if a service name cannot be looked up in LDAP + +A new method was introduced to handle more IPA services. This +requires looking some of them up in LDAP. dirsrv not running +was not being caught so raised an error instead. + +Fixes: https://github.com/freeipa/freeipa-healthcheck/issues/312 + +Signed-off-by: Rob Crittenden rcritten@redhat.com +--- + src/ipahealthcheck/meta/services.py | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/src/ipahealthcheck/meta/services.py b/src/ipahealthcheck/meta/services.py +index 10fa83f..9838128 100644 +--- a/src/ipahealthcheck/meta/services.py ++++ b/src/ipahealthcheck/meta/services.py +@@ -25,10 +25,18 @@ class IPAServiceCheck(ServiceCheck): + def get_service_name(self, role): + """Roles define broad services. Translate a role name into + an individual service name. ++ ++ Returns a string on success, None if the service is not ++ configured or cannot be determined. + """ + conn = api.Backend.ldap2 +- if not api.Backend.ldap2.isconnected(): +- api.Backend.ldap2.connect() ++ try: ++ if not api.Backend.ldap2.isconnected(): ++ api.Backend.ldap2.connect() ++ except errors.NetworkError: ++ logger.debug("Service '%s' is not running", self.service_name) ++ return None ++ + dn = DN( + ("cn", role), ("cn", api.env.host), + ("cn", "masters"), ("cn", "ipa"), ("cn", "etc"), +-- +2.41.0 + diff --git a/0003-Temporarily-disable-the-ipa-ods-exporter-service-sta.patch b/0003-Temporarily-disable-the-ipa-ods-exporter-service-sta.patch new file mode 100644 index 0000000..2795766 --- /dev/null +++ b/0003-Temporarily-disable-the-ipa-ods-exporter-service-sta.patch @@ -0,0 +1,44 @@ +From d1cb1997737c938bbc61d547aae277e308e78fce Mon Sep 17 00:00:00 2001 +From: Rob Crittenden rcritten@redhat.com +Date: Tue, 14 Nov 2023 20:32:54 -0500 +Subject: [PATCH] Temporarily disable the ipa-ods-exporter service status check + +There is a bug in this service such that it will almost always +report as down. Rather than spamming users with this error give +time for it to be fixed in IPA upstream. + +See https://pagure.io/freeipa/issue/9463 + +Signed-off-by: Rob Crittenden rcritten@redhat.com +--- + src/ipahealthcheck/meta/services.py | 14 -------------- + 1 file changed, 14 deletions(-) + +diff --git a/src/ipahealthcheck/meta/services.py b/src/ipahealthcheck/meta/services.py +index 9838128..b8973cb 100644 +--- a/src/ipahealthcheck/meta/services.py ++++ b/src/ipahealthcheck/meta/services.py +@@ -202,20 +202,6 @@ class ods_enforcerd(IPAServiceCheck): + return super().check() + + +-@registry +-class ipa_ods_exporter(IPAServiceCheck): +- requires = ('dirsrv',) +- +- def check(self, instance=''): +- self.service_name = self.get_service_name('DNSKeyExporter') +- +- if self.service_name is None: +- # No service name means it is not configured +- return () +- +- return super().check() +- +- + @registry + class ipa_dnskeysyncd(IPAServiceCheck): + requires = ('dirsrv',) +-- +2.40.1 + diff --git a/freeipa-healthcheck.spec b/freeipa-healthcheck.spec index 95df1fd..3ea789d 100644 --- a/freeipa-healthcheck.spec +++ b/freeipa-healthcheck.spec @@ -17,7 +17,7 @@
Name: %{prefix}-healthcheck Version: 0.16 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Health check tool for %{productname} BuildArch: noarch License: GPL-3.0-or-later @@ -26,6 +26,8 @@ Source0: https://github.com/freeipa/freeipa-healthcheck/archive/%%7Bversion Source1: ipahealthcheck.conf
Patch0001: 0001-Remove-ipaclustercheck.patch +Patch0002: 0002-Don-t-fail-if-a-service-name-cannot-be-looked-up-in-.patch +Patch0003: 0003-Temporarily-disable-the-ipa-ods-exporter-service-sta.patch
Requires: %{name}-core = %{version}-%{release} Requires: %{prefix}-server @@ -155,6 +157,10 @@ PYTHONPATH=src PATH=$PATH:$RPM_BUILD_ROOT/usr/bin pytest-3 tests/test_*
%changelog +* Tue Nov 14 2023 Rob Crittenden rcritten@redhat.com - 0.16-2 +- Don't fail if a service name cannot be looked up in LDAP +- Disable the ipa-ods-exporter service check + * Wed Nov 8 2023 Rob Crittenden rcritten@redhat.com - 0.16-1 - Update to 0.16 release - This fixes pki-healthcheck
https://src.fedoraproject.org/rpms/freeipa-healthcheck/c/59da07cf2fd302db45e...
scm-commits@lists.fedoraproject.org