Modifications to install scripts for dogtag 10

Dogtag 10 uses a new installer, new directory layout and new default
ports.  This patch changes the ipa install code to integrate these changes.

https://fedorahosted.org/freeipa/ticket/2846

2 files changed, 27 insertions, 10 deletions

diff --git a/install/restart_scripts/renew_ca_cert b/install/restart_scripts/renew_ca_cert
index 6e4d2b789..4c3af9775 100644
--- a/install/restart_scripts/renew_ca_cert
+++ b/install/restart_scripts/renew_ca_cert
@@ -45,8 +45,14 @@ nickname = sys.argv[1]
 api.bootstrap(context='restart')
 api.finalize()
 
+alias_dir = '/etc/pki/pki-tomcat/alias'
+dogtag_instance = 'pki-tomcat'
+if 'dogtag_version' not in api.env:
+    alias_dir = '/var/lib/pki-ca/alias'
+    dogtag_instance = 'pki-ca'
+
 # Fetch the new certificate
-db = certs.CertDB(api.env.realm, nssdir='/var/lib/pki-ca/alias')
+db = certs.CertDB(api.env.realm, nssdir=alias_dir)
 cert = db.get_cert_from_db(nickname, pem=False)
 
 if not cert:
@@ -79,7 +85,7 @@ finally:
 
 # Fix permissions on the audit cert if we're updating it
 if nickname == 'auditSigningCert cert-pki-ca':
-    db = certs.CertDB(api.env.realm, nssdir='/var/lib/pki-ca/alias')
+    db = certs.CertDB(api.env.realm, nssdir=alias_dir)
     args = ['-M',
             '-n', nickname,
             '-t', 'u,u,Pu',
@@ -91,7 +97,9 @@ if nickname == 'auditSigningCert cert-pki-ca':
 
 update_cert_config(nickname, cert)
 
-syslog.syslog(syslog.LOG_NOTICE, 'certmonger restarted pki-cad instance pki-ca to renew %s' % nickname)
+syslog.syslog(
+    syslog.LOG_NOTICE, 'certmonger restarted %sd instance %s to renew %s' %
+        (dogtag_instance, dogtag_instance, nickname))
 
 # We monitor 3 certs that are all likely to be renewed by certmonger more or
 # less at the same time. Each cert renewal is going to need to restart
@@ -102,6 +110,7 @@ pause = random.randint(10,360)
 syslog.syslog(syslog.LOG_NOTICE, 'Pausing %d seconds to restart pki-ca' % pause)
 time.sleep(pause)
 try:
-    ipaservices.knownservices.pki_cad.restart('pki-ca')
+    ipaservices.knownservices.pki_cad.restart(dogtag_instance)
 except Exception, e:
-    syslog.syslog(syslog.LOG_ERR, "Cannot restart pki-cad: %s" % str(e))
+    syslog.syslog(syslog.LOG_ERR, "Cannot restart %sd: %s" % \
+                  (dogtag_instance, str(e)))
diff --git a/install/restart_scripts/restart_pkicad b/install/restart_scripts/restart_pkicad
index 070760b16..c21fb802f 100644
--- a/install/restart_scripts/restart_pkicad
+++ b/install/restart_scripts/restart_pkicad
@@ -30,11 +30,18 @@ nickname = sys.argv[1]
 api.bootstrap(context='restart')
 api.finalize()
 
-syslog.syslog(syslog.LOG_NOTICE, "certmonger restarted pki-cad, nickname '%s'" % nickname)
+alias_dir = '/etc/pki/pki-tomcat/alias'
+dogtag_instance = 'pki-tomcat'
+if 'dogtag_version' not in api.env:
+    alias_dir = '/var/lib/pki-ca/alias'
+    dogtag_instance = 'pki-ca'
+
+syslog.syslog(syslog.LOG_NOTICE, "certmonger restarted %sd, nickname '%s'" % \
+              (dogtag_instance, nickname))
 
 # Fix permissions on the audit cert if we're updating it
 if nickname == 'auditSigningCert cert-pki-ca':
-    db = certs.CertDB(api.env.realm, nssdir='/var/lib/pki-ca/alias')
+    db = certs.CertDB(api.env.realm, nssdir = alias_dir )
     args = ['-M',
             '-n', nickname,
             '-t', 'u,u,Pu',
@@ -44,7 +51,8 @@ if nickname == 'auditSigningCert cert-pki-ca':
 try:
     # I've seen times where systemd restart does not actually restart
     # the process. A full stop/start is required. This works around that
-    ipaservices.knownservices.pki_cad.stop('pki-ca')
-    ipaservices.knownservices.pki_cad.start('pki-ca')
+    ipaservices.knownservices.pki_cad.stop(dogtag_instance)
+    ipaservices.knownservices.pki_cad.start(dogtag_instance)
 except Exception, e:
-    syslog.syslog(syslog.LOG_ERR, "Cannot restart pki-cad: %s" % str(e))
+    syslog.syslog(syslog.LOG_ERR, "Cannot restart %sd: %s" % \
+                  (dogtag_instance, str(e)))