summaryrefslogtreecommitdiffstats
path: root/install/restart_scripts/renew_ra_cert
diff options
context:
space:
mode:
Diffstat (limited to 'install/restart_scripts/renew_ra_cert')
-rw-r--r--install/restart_scripts/renew_ra_cert35
1 files changed, 24 insertions, 11 deletions
diff --git a/install/restart_scripts/renew_ra_cert b/install/restart_scripts/renew_ra_cert
index fb4470588..6d4b81a53 100644
--- a/install/restart_scripts/renew_ra_cert
+++ b/install/restart_scripts/renew_ra_cert
@@ -22,11 +22,15 @@
import sys
import syslog
+import tempfile
+import shutil
import traceback
+from ipapython import ipautil
from ipalib import api
from ipaserver.install import certs, cainstance
from ipaplatform import services
+from ipaplatform.paths import paths
nickname = 'ipaCert'
@@ -34,17 +38,26 @@ def main():
api.bootstrap(context='restart')
api.finalize()
- ca = cainstance.CAInstance(api.env.realm, certs.NSS_DIR)
- if ca.is_renewal_master():
- # Fetch the new certificate
- db = certs.CertDB(api.env.realm)
- dercert = db.get_cert_from_db(nickname, pem=False)
- if not dercert:
- syslog.syslog(syslog.LOG_ERR, 'No certificate %s found.' % nickname)
- sys.exit(1)
-
- # Load it into dogtag
- cainstance.update_people_entry(dercert)
+ tmpdir = tempfile.mkdtemp(prefix="tmp-")
+ try:
+ principal = str('host/%s@%s' % (api.env.host, api.env.realm))
+ ccache = ipautil.kinit_hostprincipal(paths.KRB5_KEYTAB, tmpdir,
+ principal)
+
+ ca = cainstance.CAInstance(host_name=api.env.host, ldapi=False)
+ if ca.is_renewal_master():
+ # Fetch the new certificate
+ db = certs.CertDB(api.env.realm)
+ dercert = db.get_cert_from_db(nickname, pem=False)
+ if not dercert:
+ syslog.syslog(
+ syslog.LOG_ERR, "No certificate %s found." % nickname)
+ sys.exit(1)
+
+ # Load it into dogtag
+ cainstance.update_people_entry(dercert)
+ finally:
+ shutil.rmtree(tmpdir)
# Now restart Apache so the new certificate is available
syslog.syslog(syslog.LOG_NOTICE, "Restarting httpd")
generated by cgit (git 2.34.1) at 2024-06-20 20:56:59 +0000