diff options
author | Jan Cholasta <jcholast@redhat.com> | 2014-03-12 11:33:18 +0100 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-07-30 16:04:21 +0200 |
commit | 2f6990c256bc04389a9653094bc15bb94832bffa (patch) | |
tree | ae85b49307f2c6b4d5ece5bcaabc72662f99970b /install | |
parent | 9393c3978e1dc2beaa88331db1f30021c44f526b (diff) | |
download | freeipa-2f6990c256bc04389a9653094bc15bb94832bffa.tar.gz freeipa-2f6990c256bc04389a9653094bc15bb94832bffa.tar.xz freeipa-2f6990c256bc04389a9653094bc15bb94832bffa.zip |
Track CA certificate using dogtag-ipa-ca-renew-agent.
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Diffstat (limited to 'install')
-rw-r--r-- | install/tools/ipa-upgradeconfig | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig index 54193e9e6..11ed69b59 100644 --- a/install/tools/ipa-upgradeconfig +++ b/install/tools/ipa-upgradeconfig @@ -627,7 +627,7 @@ def certificate_renewal_update(ca): dogtag_constants = dogtag.configured_constants() # bump version when requests is changed - version = 1 + version = 2 requests = ( ( dogtag_constants.ALIAS_DIR, @@ -635,6 +635,7 @@ def certificate_renewal_update(ca): 'dogtag-ipa-ca-renew-agent', 'stop_pkicad', 'renew_ca_cert', + None, ), ( dogtag_constants.ALIAS_DIR, @@ -642,6 +643,7 @@ def certificate_renewal_update(ca): 'dogtag-ipa-ca-renew-agent', 'stop_pkicad', 'renew_ca_cert', + None, ), ( dogtag_constants.ALIAS_DIR, @@ -649,6 +651,15 @@ def certificate_renewal_update(ca): 'dogtag-ipa-ca-renew-agent', 'stop_pkicad', 'renew_ca_cert', + None, + ), + ( + dogtag_constants.ALIAS_DIR, + 'caSigningCert cert-pki-ca', + 'dogtag-ipa-ca-renew-agent', + 'stop_pkicad', + 'renew_ca_cert', + 'ipaCACertRenewal', ), ( paths.HTTPD_ALIAS_DIR, @@ -656,6 +667,7 @@ def certificate_renewal_update(ca): 'dogtag-ipa-ca-renew-agent', None, 'renew_ra_cert', + None, ), ( dogtag_constants.ALIAS_DIR, @@ -663,6 +675,7 @@ def certificate_renewal_update(ca): 'dogtag-ipa-renew-agent', None, None, + None, ), ) @@ -677,11 +690,13 @@ def certificate_renewal_update(ca): return False # State not set, lets see if we are already configured - for nss_dir, nickname, ca_name, pre_command, post_command in requests: + for request in requests: + nss_dir, nickname, ca_name, pre_command, post_command, profile = request criteria = ( ('cert_storage_location', nss_dir, certmonger.NPATH), ('cert_nickname', nickname, None), ('ca_name', ca_name, None), + ('template_profile', profile, None), ) request_id = certmonger.get_request_id(criteria) if request_id is None: |