Installer should always wait until CA starts up

Patch for ticket 3964 changed the installer so that it does not
always wait for CA if the proxy is not configured. However,
it was found out that it may freeze an installation when
a step subsequent after CA restart call the CA and receives no
reply.

Change the wait so that it always waits for CA to start up. If
HTTP proxy is already configured, it should wait on port 443.
If not, it should wait on local PKI port 8443.

https://fedorahosted.org/freeipa/ticket/3973
This commit is contained in:
Martin Kosek 2013-10-16 09:58:23 +02:00
parent 096a49766d
commit dd3295ac32
2 changed files with 11 additions and 6 deletions

View File

@ -184,7 +184,7 @@ def get_ca_certchain(ca_host=None, dogtag_constants=None):
return chain return chain
def ca_status(ca_host=None): def ca_status(ca_host=None, use_proxy=True):
"""Return the status of the CA, and the httpd proxy in front of it """Return the status of the CA, and the httpd proxy in front of it
The returned status can be: The returned status can be:
@ -194,9 +194,13 @@ def ca_status(ca_host=None):
""" """
if ca_host is None: if ca_host is None:
ca_host = api.env.ca_host ca_host = api.env.ca_host
# Use port 443 to test the proxy as well if use_proxy:
# Use port 443 to test the proxy as well
ca_port = 443
else:
ca_port = 8443
status, reason, headers, body = unauthenticated_https_request( status, reason, headers, body = unauthenticated_https_request(
ca_host, 443, '/ca/admin/ca/getStatus') ca_host, ca_port, '/ca/admin/ca/getStatus')
if status == 503: if status == 503:
# Service temporarily unavailable # Service temporarily unavailable
return reason return reason

View File

@ -143,17 +143,18 @@ class Fedora16CAService(Fedora16Service):
# Unfortunately, knownservices.httpd.is_installed() can return # Unfortunately, knownservices.httpd.is_installed() can return
# false positives, so check for existence of our configuration file. # false positives, so check for existence of our configuration file.
# TODO: Use a cleaner solution # TODO: Use a cleaner solution
use_proxy = True
if not (os.path.exists('/etc/httpd/conf.d/ipa.conf') and if not (os.path.exists('/etc/httpd/conf.d/ipa.conf') and
os.path.exists('/etc/httpd/conf.d/ipa-pki-proxy.conf')): os.path.exists('/etc/httpd/conf.d/ipa-pki-proxy.conf')):
root_logger.debug( root_logger.debug(
'The httpd proxy is not installed, skipping wait for CA') 'The httpd proxy is not installed, wait on local port')
return use_proxy = False
root_logger.debug('Waiting until the CA is running') root_logger.debug('Waiting until the CA is running')
timeout = api.env.startup_timeout timeout = api.env.startup_timeout
op_timeout = time.time() + timeout op_timeout = time.time() + timeout
while time.time() < op_timeout: while time.time() < op_timeout:
try: try:
status = dogtag.ca_status() status = dogtag.ca_status(use_proxy=use_proxy)
except Exception: except Exception:
status = 'check interrupted' status = 'check interrupted'
root_logger.debug('The CA status is: %s' % status) root_logger.debug('The CA status is: %s' % status)