From d6fbbd530ee94bc4cdd00c9106fd789e50fb81cf Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Tue, 25 Sep 2012 09:57:03 -0400
Subject: Make sure the CA is running when starting services

- Provide a function for determinig the CA status using Dogtag 10's new
  getStatus endpoint.
  This must be done over HTTPS, but since our client certificate may not be set
  up yet, we need HTTPS without client authentication.
  Rather than copying from the existing http_request and https_request
  function, shared code is factored out to a common helper.
- Call the new function when restarting the CA service. Since our Service
  can only be extended in platform-specific code, do this for Fedora only.
  Also, the status is only checked with Dogtag 10+.
- When a restart call in cainstance failed, users were refered to the
  installation log, but no info was actually logged. Log the exception.

https://fedorahosted.org/freeipa/ticket/3084
---
 ipaserver/install/cainstance.py | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'ipaserver')

diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 5a23e35d1..1f950b990 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -41,6 +41,7 @@ from ipapython import certmonger
 from ipalib import pkcs10, x509
 from ipapython.dn import DN
 import subprocess
+import traceback
 
 from nss.error import NSPRError
 import nss.nss as nss
@@ -395,6 +396,7 @@ class CADSInstance(service.Service):
                 sys.exit(1)
         except Exception:
             # TODO: roll back here?
+            root_logger.debug(traceback.format_exc())
             root_logger.critical("Failed to restart the directory server. See the installation log for details.")
 
     def uninstall(self):
@@ -867,6 +869,7 @@ class CAInstance(service.Service):
             self.restart(self.dogtag_constants.PKI_INSTANCE_NAME)
         except Exception:
             # TODO: roll back here?
+            root_logger.debug(traceback.format_exc())
             root_logger.critical("Failed to restart the certificate server. See the installation log for details.")
 
     def __disable_nonce(self):
@@ -1551,6 +1554,11 @@ def install_replica_ca(config, postinstall=False):
                           master_host=config.master_host_name,
                           subject_base=config.subject_base)
 
+    if postinstall:
+        # Restart httpd since we changed its config
+        ipaservices.knownservices.httpd.restart()
+
+
     # The dogtag DS instance needs to be restarted after installation.
     # The procedure for this is: stop dogtag, stop DS, start DS, start
     # dogtag
-- 
cgit