diff options
author | Martin Kosek <mkosek@redhat.com> | 2012-10-10 12:37:24 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2012-10-10 14:15:46 +0200 |
commit | fff56ee1c8e4513805d838005777b4ade6c32de9 (patch) | |
tree | b319b0645cc25b7a19498c167bb8f422fd1a1d31 /ipapython/dogtag.py | |
parent | eb79f5c955d80b6f6e1522d9d0206c9678b2b9e1 (diff) | |
download | freeipa-fff56ee1c8e4513805d838005777b4ade6c32de9.tar.gz freeipa-fff56ee1c8e4513805d838005777b4ade6c32de9.tar.xz freeipa-fff56ee1c8e4513805d838005777b4ade6c32de9.zip |
Fix CA CRL migration crash in ipa-upgradeconfig
CRL migrate procedure did not check if a CA was actually configured
on an updated master/replica. This caused ipa-upgradeconfig to
crash on replicas without a CA.
Make sure that CRL migrate procedure is not run when CA is not
configured on given master. Also add few try..except clauses to
make the procedure more robust. There is also a small refactoring of
"<service> is not configured" log messages, so that they have matching
log level and message.
dogtag.py constants were updated to have a correct path to new CRL
directory on Fedora 18 (dogtag 10).
https://fedorahosted.org/freeipa/ticket/3159
Diffstat (limited to 'ipapython/dogtag.py')
-rw-r--r-- | ipapython/dogtag.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py index 3bc9e5d5d..907cebc61 100644 --- a/ipapython/dogtag.py +++ b/ipapython/dogtag.py @@ -54,7 +54,7 @@ class Dogtag10Constants(object): SERVER_ROOT = '/var/lib/pki' PKI_INSTANCE_NAME = 'pki-tomcat' PKI_ROOT = '%s/%s' % (SERVER_ROOT, PKI_INSTANCE_NAME) - CRL_PUBLISH_PATH = '%s/ipa/pki-ca/publish' % SERVER_ROOT + CRL_PUBLISH_PATH = '/var/lib/ipa/pki-ca/publish' CS_CFG_PATH = '%s/conf/ca/CS.cfg' % PKI_ROOT PASSWORD_CONF_PATH = '%s/conf/password.conf' % PKI_ROOT SERVICE_PROFILE_DIR = '%s/ca/profiles/ca' % PKI_ROOT @@ -78,7 +78,7 @@ class Dogtag9Constants(object): SERVER_ROOT = '/var/lib' PKI_INSTANCE_NAME = 'pki-ca' PKI_ROOT = '%s/%s' % (SERVER_ROOT, PKI_INSTANCE_NAME) - CRL_PUBLISH_PATH = '%s/ipa/pki-ca/publish' % SERVER_ROOT + CRL_PUBLISH_PATH = '/var/lib/ipa/pki-ca/publish' CS_CFG_PATH = '%s/conf/CS.cfg' % PKI_ROOT PASSWORD_CONF_PATH = '%s/conf/password.conf' % PKI_ROOT SERVICE_PROFILE_DIR = '%s/profiles/ca' % PKI_ROOT |