IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-11 00:31:56 -06:00
Code Issues Packages Projects Releases Wiki Activity

Skip lock and fork in ipa-server-guard on unsupported ops

Browse Source 
On startup certmonger performs a number of options on the
configured CA (IPA, not to be confused with the real dogtag CA)
and the tracking requests.

Break early for operations that are not supported by ipa-submit.
This will save both a fork and a lock call.

https://bugzilla.redhat.com/show_bug.cgi?id=1656519

Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
This commit is contained in:
Rob Crittenden 2019-09-04 13:32:56 -04:00
parent 0770254ce3
commit 65d38af9e2
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
install/certmonger/ipa-server-guard.in
View File

@ -35,11 +35,24 @@ import six
from ipapython import ipautil from ipapython import ipautil
from ipaserver.install import certs from ipaserver.install import certs
# Return codes. Names of the constants are taken from
# https://git.fedorahosted.org/cgit/certmonger.git/tree/src/submit-e.h
OPERATION_NOT_SUPPORTED_BY_HELPER = 6
def main(): def main():
if len(sys.argv) < 2: if len(sys.argv) < 2:
raise RuntimeError("Not enough arguments") raise RuntimeError("Not enough arguments")
# Avoid the lock if the operation is unsupported by ipa-submit
operation = os.environ.get('CERTMONGER_OPERATION')
if operation not in ('IDENTIFY',
'FETCH-ROOTS',
'GET-NEW-REQUEST-REQUIREMENTS',
'SUBMIT',
'POLL'):
return OPERATION_NOT_SUPPORTED_BY_HELPER
with certs.renewal_lock: with certs.renewal_lock:
result = ipautil.run(sys.argv[1:], raiseonerr=False, env=os.environ) result = ipautil.run(sys.argv[1:], raiseonerr=False, env=os.environ)
if six.PY2: if six.PY2: