freeipa.git/install/restart_scripts, branch 4084

Revert restart scripts file permissions change

2014-01-08T08:54:53+00:00

Previous commit accidentally added executable permission to
restart_pkicad and stop_pkicad.

PKI service restart after CA renewal failed

2014-01-08T08:47:23+00:00

Fix both the service restart procedure and registration of old
pki-cad well known service name.

This patch was adapted from original patch of Jan Cholasta 178 to
fix ticket 4092.

https://fedorahosted.org/freeipa/ticket/4092

Use /usr/bin/python2

2014-01-03T08:46:05+00:00

Part of the effort to port FreeIPA to Arch Linux,
where Python 3 is the default.

FreeIPA hasn't been ported to Python 3, so the code must be modified to
run /usr/bin/python2

https://fedorahosted.org/freeipa/ticket/3438

Updated by pviktori@redhat.com

Make CS.cfg edits with CA instance stopped

2013-08-26T14:21:36+00:00

This patch makes sure that all edits to CS.cfg configuration file
are performed while pki-tomcatd service is stopped.

Introduces a new contextmanager stopped_service for handling
a general problem of performing a task that needs certain service
being stopped.

https://fedorahosted.org/freeipa/ticket/3804

Do actually stop pki_cad in stop_pkicad instead of starting it.

2013-04-09T14:22:23+00:00

https://fedorahosted.org/freeipa/ticket/3554

Remove support for DN normalization from LDAPClient.

2013-03-01T15:59:47+00:00

Remove some unused imports

2013-03-01T15:59:42+00:00

Remove all unused LDAP-related imports, plus some other ones.

This should make it easier to quickly check what uses which LDAP wrapper

Remove unused krbV imports

2013-02-01T07:13:17+00:00

https://fedorahosted.org/freeipa/ticket/3381

Use new certmonger locking to prevent NSS database corruption.

2013-01-29T16:16:38+00:00

dogtag opens its NSS database in read/write mode so we need to be very
careful during renewal that we don't also open it up read/write. We
basically need to serialize access to the database. certmonger does the
majority of this work via internal locking from the point where it generates
a new key/submits a rewewal through the pre_save and releases the lock after
the post_save command. This lock is held per NSS database so we're save
from certmonger. dogtag needs to be shutdown in the pre_save state so
certmonger can safely add the certificate and we can manipulate trust
in the post_save command.

Fix a number of bugs in renewal. The CA wasn't actually being restarted
at all due to a naming change upstream. In python we need to reference
services using python-ish names but the service is pki-cad. We need a
translation for non-Fedora systems as well.

Update the CA ou=People entry when he CA subsystem certificate is
renewed. This certificate is used as an identity certificate to bind
to the DS instance.

https://fedorahosted.org/freeipa/ticket/3292
https://fedorahosted.org/freeipa/ticket/3322

Wait for the directory server to come up when updating the agent certificate.

2012-11-01T17:36:52+00:00

It is possible that either or both of the LDAP instances are being restarted
during the renewal process. Make the script retry if this is the case.

It is also safe to re-run this script if it fails. It will take the current
ipaCert certificate and attempt to update the agent information in LDAP.

https://fedorahosted.org/freeipa/ticket/3179