Track CA certificate using dogtag-ipa-ca-renew-agent.

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
author: Jan Cholasta <jcholast@redhat.com> 2014-03-12 11:33:18 +0100
committer: Petr Viktorin <pviktori@redhat.com> 2014-07-30 16:04:21 +0200
commit: 2f6990c256bc04389a9653094bc15bb94832bffa (patch)
tree: ae85b49307f2c6b4d5ece5bcaabc72662f99970b /install/tools/ipa-upgradeconfig
parent: 9393c3978e1dc2beaa88331db1f30021c44f526b (diff)
download: freeipa-2f6990c256bc04389a9653094bc15bb94832bffa.tar.gz
freeipa-2f6990c256bc04389a9653094bc15bb94832bffa.tar.xz
freeipa-2f6990c256bc04389a9653094bc15bb94832bffa.zip
1 files changed, 17 insertions, 2 deletions
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
index 54193e9e6..11ed69b59 100644
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -627,7 +627,7 @@ def certificate_renewal_update(ca):
     dogtag_constants = dogtag.configured_constants()
 
     # bump version when requests is changed
-    version = 1
+    version = 2
     requests = (
         (
             dogtag_constants.ALIAS_DIR,
@@ -635,6 +635,7 @@ def certificate_renewal_update(ca):
             'dogtag-ipa-ca-renew-agent',
             'stop_pkicad',
             'renew_ca_cert',
+            None,
         ),
         (
             dogtag_constants.ALIAS_DIR,
@@ -642,6 +643,7 @@ def certificate_renewal_update(ca):
             'dogtag-ipa-ca-renew-agent',
             'stop_pkicad',
             'renew_ca_cert',
+            None,
         ),
         (
             dogtag_constants.ALIAS_DIR,
@@ -649,6 +651,15 @@ def certificate_renewal_update(ca):
             'dogtag-ipa-ca-renew-agent',
             'stop_pkicad',
             'renew_ca_cert',
+            None,
+        ),
+        (
+            dogtag_constants.ALIAS_DIR,
+            'caSigningCert cert-pki-ca',
+            'dogtag-ipa-ca-renew-agent',
+            'stop_pkicad',
+            'renew_ca_cert',
+            'ipaCACertRenewal',
         ),
         (
             paths.HTTPD_ALIAS_DIR,
@@ -656,6 +667,7 @@ def certificate_renewal_update(ca):
             'dogtag-ipa-ca-renew-agent',
             None,
             'renew_ra_cert',
+            None,
         ),
         (
             dogtag_constants.ALIAS_DIR,
@@ -663,6 +675,7 @@ def certificate_renewal_update(ca):
             'dogtag-ipa-renew-agent',
             None,
             None,
+            None,
         ),
     )
 
@@ -677,11 +690,13 @@ def certificate_renewal_update(ca):
         return False
 
     # State not set, lets see if we are already configured
-    for nss_dir, nickname, ca_name, pre_command, post_command in requests:
+    for request in requests:
+        nss_dir, nickname, ca_name, pre_command, post_command, profile = request
         criteria = (
             ('cert_storage_location', nss_dir, certmonger.NPATH),
             ('cert_nickname', nickname, None),
             ('ca_name', ca_name, None),
+            ('template_profile', profile, None),
         )
         request_id = certmonger.get_request_id(criteria)
         if request_id is None:
author	Jan Cholasta <jcholast@redhat.com>	2014-03-12 11:33:18 +0100
committer	Petr Viktorin <pviktori@redhat.com>	2014-07-30 16:04:21 +0200
commit	2f6990c256bc04389a9653094bc15bb94832bffa (patch)
tree	ae85b49307f2c6b4d5ece5bcaabc72662f99970b /install/tools/ipa-upgradeconfig
parent	9393c3978e1dc2beaa88331db1f30021c44f526b (diff)
download	freeipa-2f6990c256bc04389a9653094bc15bb94832bffa.tar.gz freeipa-2f6990c256bc04389a9653094bc15bb94832bffa.tar.xz freeipa-2f6990c256bc04389a9653094bc15bb94832bffa.zip