server upgrade: always fix certmonger tracking request

Fix certmonger tracking requests on every run of ipa-server-upgrade rather
than only when the tracking configuration has changed and the requests have
not yet been updated.

This allows fixing broken tracking requests just by re-running
ipa-server-upgrade.

https://pagure.io/freeipa/issue/5799

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>

ipaserver/install/server/upgrade.py

@@ -905,8 +905,6 @@ def certificate_renewal_update(ca, ds, http):
     template = paths.CERTMONGER_COMMAND_TEMPLATE
     serverid = installutils.realm_to_serverid(api.env.realm)
 
-    # bump version when requests is changed
-    version = 6
     requests = [
         {
             'cert-database': paths.PKI_TOMCAT_ALIAS_DIR,
@@ -971,25 +969,17 @@ def certificate_renewal_update(ca, ds, http):
         }
     ]
 
-    root_logger.info("[Update certmonger certificate renewal configuration to "
+    root_logger.info("[Update certmonger certificate renewal configuration]")
-                     "version %d]" % version)
     if not ca.is_configured():
         root_logger.info('CA is not configured')
         return False
 
-    state = 'certificate_renewal_update_%d' % version
-    if sysupgrade.get_upgrade_state('dogtag', state):
-        return False
-
     # State not set, lets see if we are already configured
     for request in requests:
         request_id = certmonger.get_request_id(request)
         if request_id is None:
             break
     else:
-        sysupgrade.set_upgrade_state('dogtag', state, True)
-        root_logger.info("Certmonger certificate renewal configuration is "
-                         "already at version %d" % version)
         return False
 
     # Ok, now we need to stop tracking, then we can start tracking them
@@ -998,13 +988,11 @@ def certificate_renewal_update(ca, ds, http):
     ds.stop_tracking_certificates(serverid)
     http.stop_tracking_certificates()
 
-    if not sysupgrade.get_upgrade_state('dogtag',
+    filename = paths.CERTMONGER_CAS_CA_RENEWAL
-                                        'certificate_renewal_update_1'):
+    if os.path.exists(filename):
-        filename = paths.CERTMONGER_CAS_CA_RENEWAL
+        with installutils.stopped_service('certmonger'):
-        if os.path.exists(filename):
+            root_logger.info("Removing %s" % filename)
-            with installutils.stopped_service('certmonger'):
+            installutils.remove_file(filename)
-                root_logger.info("Removing %s" % filename)
-                installutils.remove_file(filename)
 
     ca.configure_certmonger_renewal()
     ca.configure_renewal()
@@ -1013,9 +1001,7 @@ def certificate_renewal_update(ca, ds, http):
     ds.start_tracking_certificates(serverid)
     http.start_tracking_certificates()
 
-    sysupgrade.set_upgrade_state('dogtag', state, True)
+    root_logger.info("Certmonger certificate renewal configuration updated")
-    root_logger.info("Certmonger certificate renewal configuration updated to "
-                     "version %d" % version)
     return True
 
 def copy_crl_file(old_path, new_path=None):