Merge restart_httpd functionality to renew_ra_cert.

Reviewed-By: Petr Viktorin <pviktori@redhat.com>

2 files changed, 12 insertions, 10 deletions

diff --git a/install/restart_scripts/renew_ra_cert b/install/restart_scripts/renew_ra_cert
index 7dc2c57e7..79bc4cf58 100644
--- a/install/restart_scripts/renew_ra_cert
+++ b/install/restart_scripts/renew_ra_cert
@@ -34,15 +34,17 @@ def main():
     api.bootstrap(context='restart')
     api.finalize()
 
-    # Fetch the new certificate
-    db = certs.CertDB(api.env.realm)
-    dercert = db.get_cert_from_db(nickname, pem=False)
-    if not dercert:
-        syslog.syslog(syslog.LOG_ERR, 'No certificate %s found.' % nickname)
-        sys.exit(1)
-
-    # Load it into dogtag
-    cainstance.update_people_entry(dercert)
+    ca = cainstance.CAInstance(api.env.realm, certs.NSS_DIR)
+    if ca.is_renewal_master():
+        # Fetch the new certificate
+        db = certs.CertDB(api.env.realm)
+        dercert = db.get_cert_from_db(nickname, pem=False)
+        if not dercert:
+            syslog.syslog(syslog.LOG_ERR, 'No certificate %s found.' % nickname)
+            sys.exit(1)
+
+        # Load it into dogtag
+        cainstance.update_people_entry(dercert)
 
     # Now restart Apache so the new certificate is available
     syslog.syslog(syslog.LOG_NOTICE, "Restarting httpd")
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 7e2b53a20..69842831d 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -925,7 +925,7 @@ class CAInstance(service.Service):
                 pinfile='/etc/httpd/alias/pwdfile.txt',
                 secdir='/etc/httpd/alias',
                 pre_command=None,
-                post_command='restart_httpd')
+                post_command='renew_ra_cert')
         except (ipautil.CalledProcessError, RuntimeError), e:
             root_logger.error(
                 "certmonger failed to start tracking certificate: %s" % str(e))