diff options
author | Jan Cholasta <jcholast@redhat.com> | 2013-10-15 17:47:12 +0000 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-01-08 09:47:23 +0100 |
commit | 911f5e9eb76099f8e5cfcff1232c1b10ad05b45a (patch) | |
tree | cdb649813d809697b55e409794b547f45f26d260 /install | |
parent | 4a64a1f18bd51c65bf34a13fd7541e1d6b4b75fd (diff) | |
download | freeipa-911f5e9eb76099f8e5cfcff1232c1b10ad05b45a.tar.gz freeipa-911f5e9eb76099f8e5cfcff1232c1b10ad05b45a.tar.xz freeipa-911f5e9eb76099f8e5cfcff1232c1b10ad05b45a.zip |
PKI service restart after CA renewal failed
Fix both the service restart procedure and registration of old
pki-cad well known service name.
This patch was adapted from original patch of Jan Cholasta 178 to
fix ticket 4092.
https://fedorahosted.org/freeipa/ticket/4092
Diffstat (limited to 'install')
-rw-r--r-- | install/restart_scripts/renew_ca_cert | 16 | ||||
-rwxr-xr-x[-rw-r--r--] | install/restart_scripts/restart_pkicad | 30 | ||||
-rwxr-xr-x[-rw-r--r--] | install/restart_scripts/stop_pkicad | 16 |
3 files changed, 35 insertions, 27 deletions
diff --git a/install/restart_scripts/renew_ca_cert b/install/restart_scripts/renew_ca_cert index 714a79d7c..da2253b4c 100644 --- a/install/restart_scripts/renew_ca_cert +++ b/install/restart_scripts/renew_ca_cert @@ -49,6 +49,7 @@ api.finalize() configured_constants = dogtag.configured_constants(api) alias_dir = configured_constants.ALIAS_DIR +dogtag_service = ipaservices.knownservices[configured_constants.SERVICE_NAME] dogtag_instance = configured_constants.PKI_INSTANCE_NAME # Fetch the new certificate @@ -106,12 +107,13 @@ if nickname == 'auditSigningCert cert-pki-ca': # off the servlet to verify that the CA is actually up and responding so # when this returns it should be good-to-go. The CA was stopped in the # pre-save state. -syslog.syslog(syslog.LOG_NOTICE, 'Starting %sd' % dogtag_instance) +syslog.syslog(syslog.LOG_NOTICE, 'Starting %s' % dogtag_service.service_name) try: - if configured_constants.DOGTAG_VERSION == 9: - ipaservices.knownservices.pki_cad.start(dogtag_instance) - else: - ipaservices.knownservices.pki_tomcatd.start(dogtag_instance) + dogtag_service.start(dogtag_instance) except Exception, e: - syslog.syslog(syslog.LOG_ERR, "Cannot start %sd: %s" % - (dogtag_instance, str(e))) + syslog.syslog( + syslog.LOG_ERR, + "Cannot start %s: %s" % (dogtag_service.service_name, e)) +else: + syslog.syslog( + syslog.LOG_NOTICE, "Started %s" % dogtag_service.service_name) diff --git a/install/restart_scripts/restart_pkicad b/install/restart_scripts/restart_pkicad index 3fe09e7ac..9a3d48057 100644..100755 --- a/install/restart_scripts/restart_pkicad +++ b/install/restart_scripts/restart_pkicad @@ -33,18 +33,25 @@ api.finalize() configured_constants = dogtag.configured_constants(api) alias_dir = configured_constants.ALIAS_DIR +dogtag_service = ipaservices.knownservices[configured_constants.SERVICE_NAME] dogtag_instance = configured_constants.PKI_INSTANCE_NAME # dogtag opens its NSS database in read/write mode so we need it # shut down so certmonger can open it read/write mode. This avoids # database corruption. It should already be stopped by the pre-command # but lets be sure. -if ipaservices.knownservices.pki_cad.is_running(dogtag_instance): +if dogtag_service.is_running(dogtag_instance): + syslog.syslog( + syslog.LOG_NOTICE, "Stopping %s" % dogtag_service.service_name) try: - ipaservices.knownservices.pki_cad.stop(dogtag_instance) + dogtag_service.stop(dogtag_instance) except Exception, e: - syslog.syslog(syslog.LOG_ERR, "Cannot stop %sd: %s" % - (dogtag_instance, str(e))) + syslog.syslog( + syslog.LOG_ERR, + "Cannot stop %s: %s" % (dogtag_service.service_name, e)) + else: + syslog.syslog( + syslog.LOG_NOTICE, "Stopped %s" % dogtag_service.service_name) # Fix permissions on the audit cert if we're updating it if nickname == 'auditSigningCert cert-pki-ca': @@ -55,14 +62,13 @@ if nickname == 'auditSigningCert cert-pki-ca': ] db.run_certutil(args) +syslog.syslog(syslog.LOG_NOTICE, 'Starting %s' % dogtag_service.service_name) try: - if configured_constants.DOGTAG_VERSION == 9: - ipaservices.knownservices.pki_cad.start(dogtag_instance) - else: - ipaservices.knownservices.pki_tomcatd.start(dogtag_instance) + dogtag_service.start(dogtag_instance) except Exception, e: - syslog.syslog(syslog.LOG_ERR, "Cannot start %sd: %s" % - (dogtag_instance, str(e))) + syslog.syslog( + syslog.LOG_ERR, + "Cannot start %s: %s" % (dogtag_service.service_name, e)) else: - syslog.syslog(syslog.LOG_NOTICE, "certmonger started %sd, nickname '%s'" % - (dogtag_instance, nickname)) + syslog.syslog( + syslog.LOG_NOTICE, "Started %s" % dogtag_service.service_name) diff --git a/install/restart_scripts/stop_pkicad b/install/restart_scripts/stop_pkicad index 9c24a99e4..c275eaee4 100644..100755 --- a/install/restart_scripts/stop_pkicad +++ b/install/restart_scripts/stop_pkicad @@ -29,15 +29,15 @@ api.bootstrap(context='restart') api.finalize() configured_constants = dogtag.configured_constants(api) +dogtag_service = ipaservices.knownservices[configured_constants.SERVICE_NAME] dogtag_instance = configured_constants.PKI_INSTANCE_NAME -syslog.syslog(syslog.LOG_NOTICE, "certmonger stopping %sd" % dogtag_instance) - +syslog.syslog(syslog.LOG_NOTICE, "Stopping %s" % dogtag_service.service_name) try: - if configured_constants.DOGTAG_VERSION == 9: - ipaservices.knownservices.pki_cad.stop(dogtag_instance) - else: - ipaservices.knownservices.pki_tomcatd.stop(dogtag_instance) + dogtag_service.stop(dogtag_instance) except Exception, e: - syslog.syslog(syslog.LOG_ERR, "Cannot stop %sd: %s" % - (dogtag_instance, str(e))) + syslog.syslog( + syslog.LOG_ERR, "Cannot stop %s: %s" % (dogtag_service.service_name, e)) +else: + syslog.syslog( + syslog.LOG_NOTICE, "Stopped %s" % dogtag_service.service_name) |