With ipa-healthcheck 0.14, ipa-healthcheck reports a traceback if the LDAP server is not running:
# rpm -qa freeipa-healthcheck
freeipa-healthcheck-0.14-1.fc38.noarch
# systemctl stop dirsrv@IPA-TEST.service
# ipa-healthcheck
Traceback (most recent call last):
File "/usr/lib/python3.11/site-packages/ipapython/ipaldap.py", line 1088, in error_handler
yield
File "/usr/lib/python3.11/site-packages/ipapython/ipaldap.py", line 1246, in external_bind
self.conn.sasl_interactive_bind_s(
File "/usr/lib64/python3.11/site-packages/ldap/ldapobject.py", line 270, in sasl_interactive_bind_s
return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.11/site-packages/ldap/ldapobject.py", line 128, in _ldap_call
result = func(*args,**kwargs)
^^^^^^^^^^^^^^^^^^^^
ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'errno': 111, 'ctrls': [], 'info': 'Connection refused'}
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/bin/ipa-healthcheck", line 33, in <module>
sys.exit(load_entry_point('ipahealthcheck==0.14', 'console_scripts', 'ipa-healthcheck')())
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/site-packages/ipahealthcheck/core/main.py", line 54, in main
sys.exit(ipachecks.run_healthcheck())
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/site-packages/ipahealthcheck/core/core.py", line 440, in run_healthcheck
results, available = run_service_plugins(plugins,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/site-packages/ipahealthcheck/core/core.py", line 145, in run_service_plugins
for result in plugin.check():
^^^^^^^^^^^^^^
File "/usr/lib/python3.11/site-packages/ipahealthcheck/meta/services.py", line 122, in check
self.service_name = self.get_service_name('KEYS')
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/site-packages/ipahealthcheck/meta/services.py", line 31, in get_service_name
api.Backend.ldap2.connect()
File "/usr/lib/python3.11/site-packages/ipalib/backend.py", line 69, in connect
conn = self.create_connection(*args, **kw)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/site-packages/ipaserver/plugins/ldap2.py", line 187, in create_connection
client.external_bind(server_controls=serverctrls,
File "/usr/lib/python3.11/site-packages/ipapython/ipaldap.py", line 1243, in external_bind
with self.error_handler():
File "/usr/lib64/python3.11/contextlib.py", line 155, in __exit__
self.gen.throw(typ, value, traceback)
File "/usr/lib/python3.11/site-packages/ipapython/ipaldap.py", line 1141, in error_handler
raise errors.NetworkError(uri=self.ldap_uri,
ipalib.errors.NetworkError: cannot connect to 'ldapi://%2Frun%2Fslapd-IPA-TEST.socket': Connection refused
The regression was introduced with this commit that discovers the service name based on roles stored in LDAP.
ipa-healthcheck 0.12 doesn't have the issue:
With ipa-healthcheck 0.14, ipa-healthcheck reports a traceback if the LDAP server is not running:
The regression was introduced with this commit that discovers the service name based on roles stored in LDAP. ipa-healthcheck 0.12 doesn't have the issue: