mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 07:33:27 -06:00
Only attempt to upgrade ACME configuration files if deployed
This can happen on upgrades from older deployments that lack an ACME installation and don't meet the minimum requirements to deploy one automatically. Also don't consider missing ACME schema a total failure, just log and skip it. https://pagure.io/freeipa/issue/8832 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
This commit is contained in:
parent
1a539984c7
commit
8dac8ad834
@ -1122,7 +1122,8 @@ def ca_upgrade_schema(ca):
|
|||||||
acme_schema_ldif = path
|
acme_schema_ldif = path
|
||||||
break
|
break
|
||||||
else:
|
else:
|
||||||
raise RuntimeError('ACME schema file not found')
|
logger.info('ACME schema is not available')
|
||||||
|
return False
|
||||||
|
|
||||||
schema_files=[
|
schema_files=[
|
||||||
'/usr/share/pki/server/conf/schema-certProfile.ldif',
|
'/usr/share/pki/server/conf/schema-certProfile.ldif',
|
||||||
@ -1530,6 +1531,16 @@ def ca_update_acme_configuration(ca, fqdn):
|
|||||||
"""
|
"""
|
||||||
Re-apply the templates in case anyting has been updated.
|
Re-apply the templates in case anyting has been updated.
|
||||||
"""
|
"""
|
||||||
|
logger.info('[Updating ACME configuration]')
|
||||||
|
if not os.path.isdir(os.path.join(paths.PKI_TOMCAT, 'acme')):
|
||||||
|
logger.info('ACME is not deployed, skipping')
|
||||||
|
return
|
||||||
|
|
||||||
|
if not os.path.exists(paths.PKI_ACME_ISSUER_CONF):
|
||||||
|
logger.info('ACME configuration file %s is missing',
|
||||||
|
paths.PKI_ACME_ISSUER_CONF)
|
||||||
|
return
|
||||||
|
|
||||||
password = directivesetter.get_directive(
|
password = directivesetter.get_directive(
|
||||||
paths.PKI_ACME_ISSUER_CONF,
|
paths.PKI_ACME_ISSUER_CONF,
|
||||||
'password',
|
'password',
|
||||||
|
Loading…
Reference in New Issue
Block a user