summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Kupka <dkupka@redhat.com>2015-07-07 15:49:51 +0200
committerJan Cholasta <jcholast@redhat.com>2015-07-20 14:28:09 +0000
commite384aad729bc0eb75ee42810007ade45669f9305 (patch)
tree5f36f95d51092f1c7dafabe0f0b5802c89316c4f
parent2defc486ab21f371b67bd93061ccc772d2c91282 (diff)
downloadfreeipa-e384aad729bc0eb75ee42810007ade45669f9305.zip
freeipa-e384aad729bc0eb75ee42810007ade45669f9305.tar.gz
freeipa-e384aad729bc0eb75ee42810007ade45669f9305.tar.xz
ipa-client-install: Do not (re)start certmonger and DBus daemons.
When DBus is present in the system it is always running. Starting of certmomger is handled in ipapython/certmonger.py module if necessary. Restarting is no longer needed since freeipa is not changing certmonger's files. https://fedorahosted.org/freeipa/ticket/5095 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
-rwxr-xr-xipa-client/ipa-install/ipa-client-install71
1 files changed, 15 insertions, 56 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 96b30b4..91323ae 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -522,20 +522,7 @@ def uninstall(options, env):
ipa_db = certdb.NSSDatabase(paths.IPA_NSSDB_DIR)
sys_db = certdb.NSSDatabase(paths.NSS_DB_DIR)
- # Always start certmonger. We can't untrack something if it isn't
- # running
- messagebus = services.knownservices.messagebus
- try:
- messagebus.start()
- except Exception, e:
- log_service_error(messagebus.service_name, 'start', e)
-
cmonger = services.knownservices.certmonger
- try:
- cmonger.start()
- except Exception, e:
- log_service_error(cmonger.service_name, 'start', e)
-
if ipa_db.has_nickname('Local IPA host'):
try:
certmonger.stop_tracking(paths.IPA_NSSDB_DIR,
@@ -576,14 +563,14 @@ def uninstall(options, env):
nickname, sys_db.secdir, e)
break
+ # Remove any special principal names we added to the IPA CA helper
+ certmonger.remove_principal_from_cas()
+
try:
cmonger.stop()
except Exception, e:
log_service_error(cmonger.service_name, 'stop', e)
- # Remove any special principal names we added to the IPA CA helper
- certmonger.remove_principal_from_cas()
-
try:
cmonger.disable()
except Exception, e:
@@ -1138,41 +1125,14 @@ def configure_certmonger(fstore, subject_base, cli_realm, hostname, options,
"Not requesting host certificate.")
return
- started = True
principal = 'host/%s@%s' % (hostname, cli_realm)
- messagebus = services.knownservices.messagebus
- try:
- messagebus.start()
- except Exception, e:
- log_service_error(messagebus.service_name, 'start', e)
-
- # Ensure that certmonger has been started at least once to generate the
- # cas files in /var/lib/certmonger/cas.
- cmonger = services.knownservices.certmonger
- try:
- cmonger.restart()
- except Exception, e:
- log_service_error(cmonger.service_name, 'restart', e)
-
if options.hostname:
- # It needs to be stopped if we touch them
- try:
- cmonger.stop()
- except Exception, e:
- log_service_error(cmonger.service_name, 'stop', e)
# If the hostname is explicitly set then we need to tell certmonger
# which principal name to use when requesting certs.
certmonger.add_principal_to_cas(principal)
- try:
- cmonger.restart()
- except Exception, e:
- log_service_error(cmonger.service_name, 'restart', e)
- root_logger.warning(
- "Automatic certificate management will not be available")
- started = False
-
+ cmonger = services.knownservices.certmonger
try:
cmonger.enable()
except Exception, e:
@@ -1183,18 +1143,17 @@ def configure_certmonger(fstore, subject_base, cli_realm, hostname, options,
"Automatic certificate management will not be available")
# Request our host cert
- if started:
- subject = str(DN(('CN', hostname), subject_base))
- passwd_fname = os.path.join(paths.IPA_NSSDB_DIR, 'pwdfile.txt')
- try:
- certmonger.request_cert(nssdb=paths.IPA_NSSDB_DIR,
- nickname='Local IPA host',
- subject=subject,
- principal=principal,
- passwd_fname=passwd_fname)
- except Exception:
- root_logger.error("%s request for host certificate failed",
- cmonger.service_name)
+ subject = str(DN(('CN', hostname), subject_base))
+ passwd_fname = os.path.join(paths.IPA_NSSDB_DIR, 'pwdfile.txt')
+ try:
+ certmonger.request_cert(nssdb=paths.IPA_NSSDB_DIR,
+ nickname='Local IPA host',
+ subject=subject,
+ principal=principal,
+ passwd_fname=passwd_fname)
+ except Exception:
+ root_logger.error("%s request for host certificate failed",
+ cmonger.service_name)
def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options, client_domain, client_hostname):
try: