upgrade: log missing/misconfigured tracking requests

For better diagnostics during upgrade, log the Certmonger tracking requests that were not found (either because they do not exist, or do not have the expected configuration). Part of: https://pagure.io/freeipa/issue/7991 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2025-02-25 18:55:28 -06:00 · 2019-06-27 09:46:59 +10:00
parent 482866e47e
commit 2d22f568a1
1 changed files with 15 additions and 2 deletions
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -1049,15 +1049,28 @@ def certificate_renewal_update(ca, kra, ds, http):
            )

    # State not set, lets see if we are already configured
+    missing_or_misconfigured_requests = []
    for request in requests:
        request_id = certmonger.get_request_id(request)
        if request_id is None:
-            break
-    else:
+            missing_or_misconfigured_requests.append(request)
+
+    if len(missing_or_misconfigured_requests) == 0:
        logger.info("Certmonger certificate renewal configuration already "
                    "up-to-date")
        return False

+    # Print info about missing requests
+    logger.info("Missing or incorrect tracking request for certificates:")
+    for request in missing_or_misconfigured_requests:
+        cert = None
+        if 'cert-file' in request:
+            cert = request['cert-file']
+        elif 'cert-database' in request and 'cert-nickname' in request:
+            cert = '{cert-database}:{cert-nickname}'.format(**request)
+        if cert is not None:
+            logger.info("  %s", cert)
+
    # Ok, now we need to stop tracking, then we can start tracking them
    # again with new configuration:
    ca.stop_tracking_certificates()