Move the kinit call before the connection, otherwise failure

Also move the user existence code as it is both necessary for the init and it saves us the trouble of initializing the IPA API if it fails.
2016-09-20 13:16:35 -04:00 · 2016-09-20 13:16:35 -04:00 · 56e133a7f2
parent e0eb3eed51
commit 56e133a7f2
1 changed files with 12 additions and 11 deletions
--- a/scripts/novajoin-install
+++ b/scripts/novajoin-install
@ -98,20 +98,24 @@ def install(args):
        raise ConfigurationError('%s environment variable not set.'
                                 % e.message)

-    api.bootstrap(context='novajoin')
-    api.finalize()
-
-    try:
-        api.Backend.rpcclient.connect()
-    except errors.CCacheError:
-        raise ConfigurationError("No Kerberos credentials")
-
    try:
        user = pwd.getpwnam(args['user'])
    except KeyError:
        raise ConfigurationError('User: %s not found on the system' %
                                 args['user'])

+    api.bootstrap(context='novajoin')
+    api.finalize()
+
+    novajoin = configure_ipa.NovajoinRole(user=args.get('user'))
+    if not args.get('no_kinit', False):
+        novajoin.kinit(args.get('principal'), args.get('password'))
+
+    try:
+        api.Backend.rpcclient.connect()
+    except errors.CCacheError:
+        raise ConfigurationError("No Kerberos credentials")
+
    logger.info('Installing default config files')

    confopts = {'FQDN': args['hostname'],
@ -190,9 +194,6 @@ def install(args):

    logger.info('Creating IPA permissions')

-    novajoin = configure_ipa.NovajoinRole(user=args.get('user'))
-    if not args.get('no_kinit', False):
-        novajoin.kinit(args.get('principal'), args.get('password'))
    novajoin.configure_ipa()