Fix CA CRL migration crash in ipa-upgradeconfig

CRL migrate procedure did not check if a CA was actually configured
on an updated master/replica. This caused ipa-upgradeconfig to
crash on replicas without a CA.

Make sure that CRL migrate procedure is not run when CA is not
configured on given master. Also add few try..except clauses to
make the procedure more robust. There is also a small refactoring of
"<service> is not configured" log messages, so that they have matching
log level and message.

dogtag.py constants were updated to have a correct path to new CRL
directory on Fedora 18 (dogtag 10).

https://fedorahosted.org/freeipa/ticket/3159

1 files changed, 2 insertions, 2 deletions

diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py
index 3bc9e5d5d..907cebc61 100644
--- a/ipapython/dogtag.py
+++ b/ipapython/dogtag.py
@@ -54,7 +54,7 @@ class Dogtag10Constants(object):
     SERVER_ROOT = '/var/lib/pki'
     PKI_INSTANCE_NAME = 'pki-tomcat'
     PKI_ROOT = '%s/%s' % (SERVER_ROOT, PKI_INSTANCE_NAME)
-    CRL_PUBLISH_PATH = '%s/ipa/pki-ca/publish' % SERVER_ROOT
+    CRL_PUBLISH_PATH = '/var/lib/ipa/pki-ca/publish'
     CS_CFG_PATH = '%s/conf/ca/CS.cfg' % PKI_ROOT
     PASSWORD_CONF_PATH = '%s/conf/password.conf' % PKI_ROOT
     SERVICE_PROFILE_DIR = '%s/ca/profiles/ca' % PKI_ROOT
@@ -78,7 +78,7 @@ class Dogtag9Constants(object):
     SERVER_ROOT = '/var/lib'
     PKI_INSTANCE_NAME = 'pki-ca'
     PKI_ROOT = '%s/%s' % (SERVER_ROOT, PKI_INSTANCE_NAME)
-    CRL_PUBLISH_PATH = '%s/ipa/pki-ca/publish' % SERVER_ROOT
+    CRL_PUBLISH_PATH = '/var/lib/ipa/pki-ca/publish'
     CS_CFG_PATH = '%s/conf/CS.cfg' % PKI_ROOT
     PASSWORD_CONF_PATH = '%s/conf/password.conf' % PKI_ROOT
     SERVICE_PROFILE_DIR = '%s/profiles/ca' % PKI_ROOT