diff options
| author | John Dennis <jdennis@redhat.com> | 2010-12-29 09:48:22 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2011-01-05 13:11:44 -0500 |
| commit | a7b926420fda10fba7eb372d5341e36168a848b3 (patch) | |
| tree | 30e6ffc060e9eea7b2d489f0b2fd38d3dc82a1ef /ipaserver/install/cainstance.py | |
| parent | b0bca886634c86b9bb021dbc7c3772be4068ab22 (diff) | |
| download | freeipa-a7b926420fda10fba7eb372d5341e36168a848b3.tar.gz freeipa-a7b926420fda10fba7eb372d5341e36168a848b3.tar.xz freeipa-a7b926420fda10fba7eb372d5341e36168a848b3.zip | |
fixes CA install problem in trac ticket 682
Do not call status after pkisilent, it will return non-zero.
Instead restart server after pkisilent so configuration
changes take effect, the check the status.
Diffstat (limited to 'ipaserver/install/cainstance.py')
| -rw-r--r-- | ipaserver/install/cainstance.py | 42 |
1 files changed, 24 insertions, 18 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 7d374370a..dfe036dd7 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -584,27 +584,33 @@ class CAInstance(service.Service): nolog = (self.admin_password, self.dm_password,) ipautil.run(args, nolog=nolog) + except ipautil.CalledProcessError, e: + logging.critical("failed to configure ca instance %s" % e) + raise RuntimeError('Configuration of CA failed') - if self.external == 1: - print "The next step is to get %s signed by your CA and re-run ipa-server-install as:" % self.csr_file - print "ipa-server-install --external_cert_file=/path/to/signed_certificate --external_ca_file=/path/to/external_ca_certificate" - sys.exit(0) - - # pkisilent doesn't return 1 on error so look at the output of - # /sbin/service pki-cad status. It will tell us if the instance - # still needs to be configured. - (stdout, stderr, returncode) = ipautil.run(["/sbin/service", self.service_name, "status"]) - try: - stdout.index("CONFIGURED!") - raise RuntimeError("pkisilent failed to configure instance.") - except ValueError: - # This is raised because the string doesn't exist, we're done - pass + if self.external == 1: + print "The next step is to get %s signed by your CA and re-run ipa-server-install as:" % self.csr_file + print "ipa-server-install --external_cert_file=/path/to/signed_certificate --external_ca_file=/path/to/external_ca_certificate" + sys.exit(0) - logging.debug("completed creating ca instance") + try: + # After configuration the service is running and configured + # but must be restarted for configuration to take effect. + # The service status in this case will be 4. + self.restart() except ipautil.CalledProcessError, e: - logging.critical("failed to restart ca instance %s" % e) - raise RuntimeError('Configuration of CA failed') + logging.critical("failed to restart ca instance after pkisilent configuration %s" % e) + raise RuntimeError('Restarting CA after pkisilent configuration failed') + + # If the configuration was successful status should now be 0. + # We don't call is_running() because we want the exit status for debugging. + try: + ipautil.run(["/sbin/service", self.service_name, "status", PKI_INSTANCE_NAME]) + except ipautil.CalledProcessError, e: + logging.critical("ca instance configuration not successful after restart %s" % e) + raise RuntimeError('CA configuration not successful after restart') + + logging.debug("completed creating ca instance") # Turn off Nonces (again) if installutils.update_file('/var/lib/pki-ca/conf/CS.cfg', 'ca.enableNonces=true', 'ca.enableNonces=false') != 0: |