diff options
author | Jan Cholasta <jcholast@redhat.com> | 2013-10-16 08:08:57 +0000 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-03-25 16:54:55 +0100 |
commit | babddaaee84fccca29926a6683347b5b6af8f081 (patch) | |
tree | a8ee791a131ce53d7eb3038de6711f25e24ad13c /ipaserver/install | |
parent | bbb2af501678ba148b0c02daa39995a2b1c38e4e (diff) | |
download | freeipa-babddaaee84fccca29926a6683347b5b6af8f081.tar.gz freeipa-babddaaee84fccca29926a6683347b5b6af8f081.tar.xz freeipa-babddaaee84fccca29926a6683347b5b6af8f081.zip |
Use dogtag-ipa-ca-renew-agent to retrieve renewed certificates from LDAP.
Before, this was done by dogtag-ipa-retrieve-agent-submit.
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Diffstat (limited to 'ipaserver/install')
-rw-r--r-- | ipaserver/install/cainstance.py | 34 |
1 files changed, 24 insertions, 10 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 710caae72..3458b312d 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -917,7 +917,15 @@ class CAInstance(service.Service): On upgrades this needs to be called from ipa-upgradeconfig. """ try: - certmonger.dogtag_start_tracking('dogtag-ipa-retrieve-agent-submit', 'ipaCert', None, '/etc/httpd/alias/pwdfile.txt', '/etc/httpd/alias', None, 'restart_httpd') + certmonger.dogtag_start_tracking( + ca='dogtag-ipa-ca-renew-agent', + nickname='ipaCert', + pin=None, + pinfile='/etc/httpd/alias/pwdfile.txt', + secdir='/etc/httpd/alias', + pre_command=None, + post_command='restart_httpd', + profile='ipaRetrieval') except (ipautil.CalledProcessError, RuntimeError), e: root_logger.error( "certmonger failed to start tracking certificate: %s" % str(e)) @@ -1356,7 +1364,7 @@ class CAInstance(service.Service): obj = bus.get_object('org.fedorahosted.certmonger', '/org/fedorahosted/certmonger') iface = dbus.Interface(obj, 'org.fedorahosted.certmonger') - path = iface.find_ca_by_nickname('dogtag-ipa-retrieve-agent-submit') + path = iface.find_ca_by_nickname('dogtag-ipa-ca-renew-agent') if path: iface.remove_known_ca(path) @@ -1460,11 +1468,11 @@ class CAInstance(service.Service): obj = bus.get_object('org.fedorahosted.certmonger', '/org/fedorahosted/certmonger') iface = dbus.Interface(obj, 'org.fedorahosted.certmonger') - path = iface.find_ca_by_nickname('dogtag-ipa-retrieve-agent-submit') + path = iface.find_ca_by_nickname('dogtag-ipa-ca-renew-agent') if not path: iface.add_known_ca( - 'dogtag-ipa-retrieve-agent-submit', - '/usr/libexec/certmonger/dogtag-ipa-retrieve-agent-submit', []) + 'dogtag-ipa-ca-renew-agent', + '/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit', []) def configure_clone_renewal(self): """ @@ -1481,12 +1489,18 @@ class CAInstance(service.Service): 'subsystemCert cert-pki-ca']: try: certmonger.dogtag_start_tracking( - 'dogtag-ipa-retrieve-agent-submit', nickname, pin, None, - self.dogtag_constants.ALIAS_DIR, 'stop_pkicad', - 'restart_pkicad "%s"' % nickname) + ca='dogtag-ipa-ca-renew-agent', + nickname=nickname, + pin=pin, + pinfile=None, + secdir=self.dogtag_constants.ALIAS_DIR, + pre_command='stop_pkicad', + post_command='restart_pkicad "%s"' % nickname, + profile='ipaRetrieval') except (ipautil.CalledProcessError, RuntimeError), e: - root_logger.error( - "certmonger failed to start tracking certificate: %s" % str(e)) + root_logger.error( + "certmonger failed to start tracking certificate: " + "%s" % e) # The agent renewal is configured in import_ra_cert which is called # after the HTTP instance is created. |