Log unhandled exceptions in certificate renewal scripts.

https://fedorahosted.org/freeipa/ticket/4093

Reviewed-By: Petr Viktorin <pviktori@redhat.com>

install/certmonger/dogtag-ipa-retrieve-agent-submit

@@ -31,6 +31,8 @@ import sys
 import shutil
 import tempfile
 import syslog
+import base64
+import traceback
 from ipalib import api
 from ipapython.dn import DN
 from ipalib import errors
@@ -39,8 +41,8 @@ from ipapython import services as ipaservices
 from ipapython import ipautil
 from ipaserver.install import certs
 from ipaserver.plugins.ldap2 import ldap2
-import base64
 
+def main():
     # We cheat and pass in the nickname as the CA profile to execute against.
     # Some way is needed to determine which entry to retrieve from LDAP
     operation = os.environ.get('CERTMONGER_OPERATION')
@@ -81,3 +83,10 @@ finally:
         shutil.rmtree(tmpdir)
 
     sys.exit(0)
+
+try:
+    main()
+except Exception:
+    syslog.syslog(syslog.LOG_ERR, traceback.format_exc())
+    print "Internal error"
+    sys.exit(3)

install/restart_scripts/renew_ca_cert

@@ -26,6 +26,7 @@ import tempfile
 import syslog
 import random
 import time
+import traceback
 from ipalib import api
 from ipapython.dn import DN
 from ipalib import errors
@@ -42,6 +43,7 @@ from ipapython import certmonger
 # has renewed a CA subsystem certificate a copy is put into the replicated
 # tree so it can be shared with the other IPA servers.
 
+def main():
     nickname = sys.argv[1]
 
     api.bootstrap(context='restart')
@@ -119,3 +121,8 @@ except Exception, e:
     else:
         syslog.syslog(
             syslog.LOG_NOTICE, "Started %s" % dogtag_service.service_name)
+
+try:
+    main()
+except Exception:
+    syslog.syslog(syslog.LOG_ERR, traceback.format_exc())

install/restart_scripts/renew_ra_cert

@@ -24,6 +24,7 @@ import shutil
 import tempfile
 import syslog
 import time
+import traceback
 from ipapython import services as ipaservices
 from ipapython import ipautil
 from ipaserver.install import certs
@@ -33,6 +34,7 @@ from ipapython.dn import DN
 from ipalib import errors
 from ipaserver.plugins.ldap2 import ldap2
 
+def main():
     api.bootstrap(context='restart')
     api.finalize()
 
@@ -90,3 +92,8 @@ try:
         ipaservices.knownservices.httpd.restart()
     except Exception, e:
         syslog.syslog(syslog.LOG_ERR, "Cannot restart httpd: %s" % str(e))
+
+try:
+    main()
+except Exception:
+    syslog.syslog(syslog.LOG_ERR, traceback.format_exc())

install/restart_scripts/restart_dirsrv

@@ -21,9 +21,11 @@
 
 import sys
 import syslog
+import traceback
 from ipapython import services as ipaservices
 from ipalib import api
 
+def main():
     try:
         instance = sys.argv[1]
     except IndexError:
@@ -38,3 +40,8 @@ try:
         ipaservices.knownservices.dirsrv.restart(instance)
     except Exception, e:
         syslog.syslog(syslog.LOG_ERR, "Cannot restart dirsrv (instance: '%s'): %s" % (instance, str(e)))
+
+try:
+    main()
+except Exception:
+    syslog.syslog(syslog.LOG_ERR, traceback.format_exc())

install/restart_scripts/restart_httpd

@@ -20,11 +20,18 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 import syslog
+import traceback
 from ipapython import services as ipaservices
 
+def main():
     syslog.syslog(syslog.LOG_NOTICE, 'certmonger restarted httpd')
 
     try:
         ipaservices.knownservices.httpd.restart()
     except Exception, e:
         syslog.syslog(syslog.LOG_ERR, "Cannot restart httpd: %s" % str(e))
+
+try:
+    main()
+except Exception:
+    syslog.syslog(syslog.LOG_ERR, traceback.format_exc())

install/restart_scripts/restart_pkicad

@@ -21,11 +21,13 @@
 
 import sys
 import syslog
+import traceback
 from ipapython import services as ipaservices
 from ipapython import dogtag
 from ipaserver.install import certs
 from ipalib import api
 
+def main():
     nickname = sys.argv[1]
 
     api.bootstrap(context='restart')
@@ -72,3 +74,8 @@ except Exception, e:
     else:
         syslog.syslog(
             syslog.LOG_NOTICE, "Started %s" % dogtag_service.service_name)
+
+try:
+    main()
+except Exception:
+    syslog.syslog(syslog.LOG_ERR, traceback.format_exc())

install/restart_scripts/stop_pkicad

@@ -21,10 +21,12 @@
 
 import sys
 import syslog
+import traceback
 from ipapython import services as ipaservices
 from ipapython import dogtag
 from ipalib import api
 
+def main():
     api.bootstrap(context='restart')
     api.finalize()
 
@@ -41,3 +43,8 @@ except Exception, e:
     else:
         syslog.syslog(
             syslog.LOG_NOTICE, "Stopped %s" % dogtag_service.service_name)
+
+try:
+    main()
+except Exception:
+    syslog.syslog(syslog.LOG_ERR, traceback.format_exc())