RedHatCAService should wait for local Dogtag instance

RedHatCAService.wait_until_running() uses dogtag.ca_status() to make a HTTP(s) request to Dogtag in order to check if /ca/admin/ca/getStatus returns OK. The ca_status() function defaults to api.env.ca_host as host. On a replica without CA ca_host is a remote host (e.g. master's FQDN). ipa-ca-install waits for master:8080 instead of replica:8080, which might be blocked by a firewall. https://fedorahosted.org/freeipa/ticket/6016 Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
2025-02-25 18:55:28 -06:00 · 2016-07-01 10:21:06 +02:00
parent 229e2a1ed9
commit 1de92b1326
1 changed files with 2 additions and 1 deletions
--- a/ipaplatform/redhat/services.py
+++ b/ipaplatform/redhat/services.py
@@ -199,7 +199,8 @@ class RedHatCAService(RedHatService):
        op_timeout = time.time() + timeout
        while time.time() < op_timeout:
            try:
-                status = dogtag.ca_status()
+                # check status of CA instance on this host, not remote ca_host
+                status = dogtag.ca_status(api.env.host)
            except Exception as e:
                status = 'check interrupted due to error: %s' % e
            root_logger.debug('The CA status is: %s' % status)