Handle a 501 in cert-find from dogtag as a "not supported"

Upgrading from d9 -> d10 does not set up the RESTful interface
in dogtag, they just never coded it. Rather than trying to backport
things they have decided to not support upgrades.

We need to catch this and report a more reasonable error. They are
returning a 501 (HTTP method unimplemented) in this case.

https://fedorahosted.org/freeipa/ticket/3549
This commit is contained in:
Rob Crittenden 2013-04-23 17:05:59 -04:00
parent 252de46ebf
commit 6e2c3a45a1
2 changed files with 8 additions and 1 deletions

View File

@ -136,7 +136,7 @@ Requires(post): systemd-units
Requires: selinux-policy >= 3.11.1-86
Requires(post): selinux-policy-base
Requires: slapi-nis >= 0.44
Requires: pki-ca >= 10.0.0-0.54.b3
Requires: pki-ca >= 10.0.2
Requires: dogtag-pki-server-theme
%if 0%{?rhel}
Requires: subscription-manager
@ -839,6 +839,9 @@ fi
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
%changelog
* Fri May 3 2013 Rob Crittenden <rcritten@redhat.com> - 3.1.99-10
- Require pki-ca 10.0.2 for 501 response code on find for d9 -> d10 upgrades
* Tue Apr 30 2013 Rob Crittenden <rcritten@redhat.com> - 3.1.99-9
- Add Conflicts on nss-pam-ldapd < 0.8.4. The mapping from uniqueMember to
member is now done automatically and having it in the config file raises

View File

@ -1828,6 +1828,10 @@ class ra(rabase.rabase):
try:
response = opener.open(req)
except urllib2.HTTPError, e:
self.debug('HTTP Response code: %d' % e.getcode())
if e.getcode() == 501:
self.raise_certificate_operation_error('find',
detail=_('find not supported on CAs upgraded from 9 to 10'))
self.raise_certificate_operation_error('find',
detail=e.msg)
except urllib2.URLError, e: