Make sure the CA is running when starting services

- Provide a function for determinig the CA status using Dogtag 10's new
  getStatus endpoint.
  This must be done over HTTPS, but since our client certificate may not be set
  up yet, we need HTTPS without client authentication.
  Rather than copying from the existing http_request and https_request
  function, shared code is factored out to a common helper.
- Call the new function when restarting the CA service. Since our Service
  can only be extended in platform-specific code, do this for Fedora only.
  Also, the status is only checked with Dogtag 10+.
- When a restart call in cainstance failed, users were refered to the
  installation log, but no info was actually logged. Log the exception.

https://fedorahosted.org/freeipa/ticket/3084
This commit is contained in:
Petr Viktorin
2012-09-25 09:57:03 -04:00
committed by Rob Crittenden
parent e4853ebc59
commit d6fbbd530e
3 changed files with 162 additions and 61 deletions

View File

@@ -41,6 +41,7 @@ from ipapython import certmonger
from ipalib import pkcs10, x509
from ipapython.dn import DN
import subprocess
import traceback
from nss.error import NSPRError
import nss.nss as nss
@@ -395,6 +396,7 @@ class CADSInstance(service.Service):
sys.exit(1)
except Exception:
# TODO: roll back here?
root_logger.debug(traceback.format_exc())
root_logger.critical("Failed to restart the directory server. See the installation log for details.")
def uninstall(self):
@@ -867,6 +869,7 @@ class CAInstance(service.Service):
self.restart(self.dogtag_constants.PKI_INSTANCE_NAME)
except Exception:
# TODO: roll back here?
root_logger.debug(traceback.format_exc())
root_logger.critical("Failed to restart the certificate server. See the installation log for details.")
def __disable_nonce(self):
@@ -1551,6 +1554,11 @@ def install_replica_ca(config, postinstall=False):
master_host=config.master_host_name,
subject_base=config.subject_base)
if postinstall:
# Restart httpd since we changed its config
ipaservices.knownservices.httpd.restart()
# The dogtag DS instance needs to be restarted after installation.
# The procedure for this is: stop dogtag, stop DS, start DS, start
# dogtag