From 3dd31a875650c7fe7c67ca6b47f2058c1181dafb Mon Sep 17 00:00:00 2001 From: Ade Lee Date: Wed, 15 Aug 2012 22:53:51 -0400 Subject: Modifications to install scripts for dogtag 10 Dogtag 10 uses a new installer, new directory layout and new default ports. This patch changes the ipa install code to integrate these changes. https://fedorahosted.org/freeipa/ticket/2846 --- install/restart_scripts/renew_ca_cert | 19 ++++++++++++++----- install/restart_scripts/restart_pkicad | 18 +++++++++++++----- 2 files changed, 27 insertions(+), 10 deletions(-) (limited to 'install/restart_scripts') diff --git a/install/restart_scripts/renew_ca_cert b/install/restart_scripts/renew_ca_cert index 6e4d2b789..4c3af9775 100644 --- a/install/restart_scripts/renew_ca_cert +++ b/install/restart_scripts/renew_ca_cert @@ -45,8 +45,14 @@ nickname = sys.argv[1] api.bootstrap(context='restart') api.finalize() +alias_dir = '/etc/pki/pki-tomcat/alias' +dogtag_instance = 'pki-tomcat' +if 'dogtag_version' not in api.env: + alias_dir = '/var/lib/pki-ca/alias' + dogtag_instance = 'pki-ca' + # Fetch the new certificate -db = certs.CertDB(api.env.realm, nssdir='/var/lib/pki-ca/alias') +db = certs.CertDB(api.env.realm, nssdir=alias_dir) cert = db.get_cert_from_db(nickname, pem=False) if not cert: @@ -79,7 +85,7 @@ finally: # Fix permissions on the audit cert if we're updating it if nickname == 'auditSigningCert cert-pki-ca': - db = certs.CertDB(api.env.realm, nssdir='/var/lib/pki-ca/alias') + db = certs.CertDB(api.env.realm, nssdir=alias_dir) args = ['-M', '-n', nickname, '-t', 'u,u,Pu', @@ -91,7 +97,9 @@ if nickname == 'auditSigningCert cert-pki-ca': update_cert_config(nickname, cert) -syslog.syslog(syslog.LOG_NOTICE, 'certmonger restarted pki-cad instance pki-ca to renew %s' % nickname) +syslog.syslog( + syslog.LOG_NOTICE, 'certmonger restarted %sd instance %s to renew %s' % + (dogtag_instance, dogtag_instance, nickname)) # We monitor 3 certs that are all likely to be renewed by certmonger more or # less at the same time. Each cert renewal is going to need to restart @@ -102,6 +110,7 @@ pause = random.randint(10,360) syslog.syslog(syslog.LOG_NOTICE, 'Pausing %d seconds to restart pki-ca' % pause) time.sleep(pause) try: - ipaservices.knownservices.pki_cad.restart('pki-ca') + ipaservices.knownservices.pki_cad.restart(dogtag_instance) except Exception, e: - syslog.syslog(syslog.LOG_ERR, "Cannot restart pki-cad: %s" % str(e)) + syslog.syslog(syslog.LOG_ERR, "Cannot restart %sd: %s" % \ + (dogtag_instance, str(e))) diff --git a/install/restart_scripts/restart_pkicad b/install/restart_scripts/restart_pkicad index 070760b16..c21fb802f 100644 --- a/install/restart_scripts/restart_pkicad +++ b/install/restart_scripts/restart_pkicad @@ -30,11 +30,18 @@ nickname = sys.argv[1] api.bootstrap(context='restart') api.finalize() -syslog.syslog(syslog.LOG_NOTICE, "certmonger restarted pki-cad, nickname '%s'" % nickname) +alias_dir = '/etc/pki/pki-tomcat/alias' +dogtag_instance = 'pki-tomcat' +if 'dogtag_version' not in api.env: + alias_dir = '/var/lib/pki-ca/alias' + dogtag_instance = 'pki-ca' + +syslog.syslog(syslog.LOG_NOTICE, "certmonger restarted %sd, nickname '%s'" % \ + (dogtag_instance, nickname)) # Fix permissions on the audit cert if we're updating it if nickname == 'auditSigningCert cert-pki-ca': - db = certs.CertDB(api.env.realm, nssdir='/var/lib/pki-ca/alias') + db = certs.CertDB(api.env.realm, nssdir = alias_dir ) args = ['-M', '-n', nickname, '-t', 'u,u,Pu', @@ -44,7 +51,8 @@ if nickname == 'auditSigningCert cert-pki-ca': try: # I've seen times where systemd restart does not actually restart # the process. A full stop/start is required. This works around that - ipaservices.knownservices.pki_cad.stop('pki-ca') - ipaservices.knownservices.pki_cad.start('pki-ca') + ipaservices.knownservices.pki_cad.stop(dogtag_instance) + ipaservices.knownservices.pki_cad.start(dogtag_instance) except Exception, e: - syslog.syslog(syslog.LOG_ERR, "Cannot restart pki-cad: %s" % str(e)) + syslog.syslog(syslog.LOG_ERR, "Cannot restart %sd: %s" % \ + (dogtag_instance, str(e))) -- cgit