From f64c36901cf008e1dc2c4f2f5c31dfb7e03f905e Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Thu, 27 Jun 2019 09:46:59 +1000 Subject: [PATCH] upgrade: log missing/misconfigured tracking requests For better diagnostics during upgrade, log the Certmonger tracking requests that were not found (either because they do not exist, or do not have the expected configuration). Part of: https://pagure.io/freeipa/issue/7991 Reviewed-By: Rob Crittenden --- ipaserver/install/server/upgrade.py | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index 6d9b0bdbd..50a6c99de 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -1049,15 +1049,28 @@ def certificate_renewal_update(ca, kra, ds, http): ) # State not set, lets see if we are already configured + missing_or_misconfigured_requests = [] for request in requests: request_id = certmonger.get_request_id(request) if request_id is None: - break - else: + missing_or_misconfigured_requests.append(request) + + if len(missing_or_misconfigured_requests) == 0: logger.info("Certmonger certificate renewal configuration already " "up-to-date") return False + # Print info about missing requests + logger.info("Missing or incorrect tracking request for certificates:") + for request in missing_or_misconfigured_requests: + cert = None + if 'cert-file' in request: + cert = request['cert-file'] + elif 'cert-database' in request and 'cert-nickname' in request: + cert = '{cert-database}:{cert-nickname}'.format(**request) + if cert is not None: + logger.info(" %s", cert) + # Ok, now we need to stop tracking, then we can start tracking them # again with new configuration: ca.stop_tracking_certificates()