From a7b926420fda10fba7eb372d5341e36168a848b3 Mon Sep 17 00:00:00 2001 From: John Dennis Date: Wed, 29 Dec 2010 09:48:22 -0500 Subject: fixes CA install problem in trac ticket 682 Do not call status after pkisilent, it will return non-zero. Instead restart server after pkisilent so configuration changes take effect, the check the status. --- ipaserver/install/cainstance.py | 42 +++++++++++++++++++++++------------------ 1 file changed, 24 insertions(+), 18 deletions(-) diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 7d374370..dfe036dd 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -584,27 +584,33 @@ class CAInstance(service.Service): nolog = (self.admin_password, self.dm_password,) ipautil.run(args, nolog=nolog) + except ipautil.CalledProcessError, e: + logging.critical("failed to configure ca instance %s" % e) + raise RuntimeError('Configuration of CA failed') - if self.external == 1: - print "The next step is to get %s signed by your CA and re-run ipa-server-install as:" % self.csr_file - print "ipa-server-install --external_cert_file=/path/to/signed_certificate --external_ca_file=/path/to/external_ca_certificate" - sys.exit(0) - - # pkisilent doesn't return 1 on error so look at the output of - # /sbin/service pki-cad status. It will tell us if the instance - # still needs to be configured. - (stdout, stderr, returncode) = ipautil.run(["/sbin/service", self.service_name, "status"]) - try: - stdout.index("CONFIGURED!") - raise RuntimeError("pkisilent failed to configure instance.") - except ValueError: - # This is raised because the string doesn't exist, we're done - pass + if self.external == 1: + print "The next step is to get %s signed by your CA and re-run ipa-server-install as:" % self.csr_file + print "ipa-server-install --external_cert_file=/path/to/signed_certificate --external_ca_file=/path/to/external_ca_certificate" + sys.exit(0) - logging.debug("completed creating ca instance") + try: + # After configuration the service is running and configured + # but must be restarted for configuration to take effect. + # The service status in this case will be 4. + self.restart() except ipautil.CalledProcessError, e: - logging.critical("failed to restart ca instance %s" % e) - raise RuntimeError('Configuration of CA failed') + logging.critical("failed to restart ca instance after pkisilent configuration %s" % e) + raise RuntimeError('Restarting CA after pkisilent configuration failed') + + # If the configuration was successful status should now be 0. + # We don't call is_running() because we want the exit status for debugging. + try: + ipautil.run(["/sbin/service", self.service_name, "status", PKI_INSTANCE_NAME]) + except ipautil.CalledProcessError, e: + logging.critical("ca instance configuration not successful after restart %s" % e) + raise RuntimeError('CA configuration not successful after restart') + + logging.debug("completed creating ca instance") # Turn off Nonces (again) if installutils.update_file('/var/lib/pki-ca/conf/CS.cfg', 'ca.enableNonces=true', 'ca.enableNonces=false') != 0: -- cgit