PKI service restart after CA renewal failed

Fix both the service restart procedure and registration of old pki-cad well known service name. This patch was adapted from original patch of Jan Cholasta 178 to fix ticket 4092. https://fedorahosted.org/freeipa/ticket/4092
2025-02-25 18:55:28 -06:00 · 2013-10-15 17:47:12 +00:00
parent 4a64a1f18b
commit 911f5e9eb7
6 changed files with 42 additions and 30 deletions
--- a/install/restart_scripts/restart_pkicad
+++ b/install/restart_scripts/restart_pkicad
@@ -33,18 +33,25 @@ api.finalize()

 configured_constants = dogtag.configured_constants(api)
 alias_dir = configured_constants.ALIAS_DIR
+dogtag_service = ipaservices.knownservices[configured_constants.SERVICE_NAME]
 dogtag_instance = configured_constants.PKI_INSTANCE_NAME

 # dogtag opens its NSS database in read/write mode so we need it
 # shut down so certmonger can open it read/write mode. This avoids
 # database corruption. It should already be stopped by the pre-command
 # but lets be sure.
-if ipaservices.knownservices.pki_cad.is_running(dogtag_instance):
+if dogtag_service.is_running(dogtag_instance):
+    syslog.syslog(
+        syslog.LOG_NOTICE, "Stopping %s" % dogtag_service.service_name)
    try:
-        ipaservices.knownservices.pki_cad.stop(dogtag_instance)
+        dogtag_service.stop(dogtag_instance)
    except Exception, e:
-        syslog.syslog(syslog.LOG_ERR, "Cannot stop %sd: %s" %
-                      (dogtag_instance, str(e)))
+        syslog.syslog(
+            syslog.LOG_ERR,
+            "Cannot stop %s: %s" % (dogtag_service.service_name, e))
+    else:
+        syslog.syslog(
+            syslog.LOG_NOTICE, "Stopped %s" % dogtag_service.service_name)

 # Fix permissions on the audit cert if we're updating it
 if nickname == 'auditSigningCert cert-pki-ca':
@@ -55,14 +62,13 @@ if nickname == 'auditSigningCert cert-pki-ca':
           ]
    db.run_certutil(args)

+syslog.syslog(syslog.LOG_NOTICE, 'Starting %s' % dogtag_service.service_name)
 try:
-    if configured_constants.DOGTAG_VERSION == 9:
-        ipaservices.knownservices.pki_cad.start(dogtag_instance)
-    else:
-        ipaservices.knownservices.pki_tomcatd.start(dogtag_instance)
+    dogtag_service.start(dogtag_instance)
 except Exception, e:
-    syslog.syslog(syslog.LOG_ERR, "Cannot start %sd: %s" %
-                  (dogtag_instance, str(e)))
+    syslog.syslog(
+        syslog.LOG_ERR,
+        "Cannot start %s: %s" % (dogtag_service.service_name, e))
 else:
-    syslog.syslog(syslog.LOG_NOTICE, "certmonger started %sd, nickname '%s'" %
-                  (dogtag_instance, nickname))
+    syslog.syslog(
+        syslog.LOG_NOTICE, "Started %s" % dogtag_service.service_name)