diff options
| author | Petr Viktorin <pviktori@redhat.com> | 2012-09-25 09:57:03 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2012-10-23 22:02:21 -0400 |
| commit | d6fbbd530ee94bc4cdd00c9106fd789e50fb81cf (patch) | |
| tree | f1042737da4ef5784943222be87b97a550371461 /ipaserver | |
| parent | e4853ebc5910a526c74cc422fd3c1806708bc7aa (diff) | |
| download | freeipa-d6fbbd530ee94bc4cdd00c9106fd789e50fb81cf.tar.gz freeipa-d6fbbd530ee94bc4cdd00c9106fd789e50fb81cf.tar.xz freeipa-d6fbbd530ee94bc4cdd00c9106fd789e50fb81cf.zip | |
Make sure the CA is running when starting services
- Provide a function for determinig the CA status using Dogtag 10's new
getStatus endpoint.
This must be done over HTTPS, but since our client certificate may not be set
up yet, we need HTTPS without client authentication.
Rather than copying from the existing http_request and https_request
function, shared code is factored out to a common helper.
- Call the new function when restarting the CA service. Since our Service
can only be extended in platform-specific code, do this for Fedora only.
Also, the status is only checked with Dogtag 10+.
- When a restart call in cainstance failed, users were refered to the
installation log, but no info was actually logged. Log the exception.
https://fedorahosted.org/freeipa/ticket/3084
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/install/cainstance.py | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 5a23e35d1..1f950b990 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -41,6 +41,7 @@ from ipapython import certmonger from ipalib import pkcs10, x509 from ipapython.dn import DN import subprocess +import traceback from nss.error import NSPRError import nss.nss as nss @@ -395,6 +396,7 @@ class CADSInstance(service.Service): sys.exit(1) except Exception: # TODO: roll back here? + root_logger.debug(traceback.format_exc()) root_logger.critical("Failed to restart the directory server. See the installation log for details.") def uninstall(self): @@ -867,6 +869,7 @@ class CAInstance(service.Service): self.restart(self.dogtag_constants.PKI_INSTANCE_NAME) except Exception: # TODO: roll back here? + root_logger.debug(traceback.format_exc()) root_logger.critical("Failed to restart the certificate server. See the installation log for details.") def __disable_nonce(self): @@ -1551,6 +1554,11 @@ def install_replica_ca(config, postinstall=False): master_host=config.master_host_name, subject_base=config.subject_base) + if postinstall: + # Restart httpd since we changed its config + ipaservices.knownservices.httpd.restart() + + # The dogtag DS instance needs to be restarted after installation. # The procedure for this is: stop dogtag, stop DS, start DS, start # dogtag |