mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-26 16:16:31 -06:00
198cd5fab3
- Make sure that the file /var/run/ipa/renewal.lock is deleted upon uninstallation, in order to avoid subsequent installation issues. - Modify certmonger renewal script: restart the http/dirsrv services only if they were already running - Cleanup certmonger ra renewal script: no need to restart httpd - Reorder during http install: request the SSL cert before adding ipa-service-guard Rationale: when a CA helper is modified, certmonger launches the helper with various operations (FETCH_ROOTS, ...) If the CA helper is once again modified, the on-going helper is killed. This can lead to ipa-service-guard being killed and not releasing the renew lock. If the SSL cert is requested with IPA helper before ipa-service-guard is added, we avoid this locking issue. Part of the refactoring effort, certificates sub-effort. https://fedorahosted.org/freeipa/ticket/6433 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com> |
||
|---|---|---|
| .. | ||
| Makefile.am | ||
| README | ||
| renew_ca_cert | ||
| renew_ra_cert | ||
| renew_ra_cert_pre | ||
| restart_dirsrv | ||
| restart_httpd | ||
| stop_pkicad | ||
This directory contains scripts to be used by the command (-C) option of certmonger to restart services when the certificates are renewed.