mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
Make sure the CA is running when starting services
- Provide a function for determinig the CA status using Dogtag 10's new getStatus endpoint. This must be done over HTTPS, but since our client certificate may not be set up yet, we need HTTPS without client authentication. Rather than copying from the existing http_request and https_request function, shared code is factored out to a common helper. - Call the new function when restarting the CA service. Since our Service can only be extended in platform-specific code, do this for Fedora only. Also, the status is only checked with Dogtag 10+. - When a restart call in cainstance failed, users were refered to the installation log, but no info was actually logged. Log the exception. https://fedorahosted.org/freeipa/ticket/3084
This commit is contained in:
committed by
Rob Crittenden
parent
e4853ebc59
commit
d6fbbd530e
@@ -41,6 +41,7 @@ from ipapython import certmonger
|
||||
from ipalib import pkcs10, x509
|
||||
from ipapython.dn import DN
|
||||
import subprocess
|
||||
import traceback
|
||||
|
||||
from nss.error import NSPRError
|
||||
import nss.nss as nss
|
||||
@@ -395,6 +396,7 @@ class CADSInstance(service.Service):
|
||||
sys.exit(1)
|
||||
except Exception:
|
||||
# TODO: roll back here?
|
||||
root_logger.debug(traceback.format_exc())
|
||||
root_logger.critical("Failed to restart the directory server. See the installation log for details.")
|
||||
|
||||
def uninstall(self):
|
||||
@@ -867,6 +869,7 @@ class CAInstance(service.Service):
|
||||
self.restart(self.dogtag_constants.PKI_INSTANCE_NAME)
|
||||
except Exception:
|
||||
# TODO: roll back here?
|
||||
root_logger.debug(traceback.format_exc())
|
||||
root_logger.critical("Failed to restart the certificate server. See the installation log for details.")
|
||||
|
||||
def __disable_nonce(self):
|
||||
@@ -1551,6 +1554,11 @@ def install_replica_ca(config, postinstall=False):
|
||||
master_host=config.master_host_name,
|
||||
subject_base=config.subject_base)
|
||||
|
||||
if postinstall:
|
||||
# Restart httpd since we changed its config
|
||||
ipaservices.knownservices.httpd.restart()
|
||||
|
||||
|
||||
# The dogtag DS instance needs to be restarted after installation.
|
||||
# The procedure for this is: stop dogtag, stop DS, start DS, start
|
||||
# dogtag
|
||||
|
Reference in New Issue
Block a user