summaryrefslogtreecommitdiffstats
path: root/install
diff options
context:
space:
mode:
authorTomas Babej <tbabej@redhat.com>2013-08-01 14:47:52 +0200
committerPetr Viktorin <pviktori@redhat.com>2013-08-26 16:21:36 +0200
commitab6a6e27d88b44b8c3f07290ae753558705363ee (patch)
treecc600b67c7b293bfbadb27aa9f42da688f74b6f1 /install
parent6961cf2e77cca8f3784a6d82cebeb0bb8df1f535 (diff)
downloadfreeipa-ab6a6e27d88b44b8c3f07290ae753558705363ee.tar.gz
freeipa-ab6a6e27d88b44b8c3f07290ae753558705363ee.tar.xz
freeipa-ab6a6e27d88b44b8c3f07290ae753558705363ee.zip
Make CS.cfg edits with CA instance stopped
This patch makes sure that all edits to CS.cfg configuration file are performed while pki-tomcatd service is stopped. Introduces a new contextmanager stopped_service for handling a general problem of performing a task that needs certain service being stopped. https://fedorahosted.org/freeipa/ticket/3804
Diffstat (limited to 'install')
-rw-r--r--install/restart_scripts/renew_ca_cert1
-rwxr-xr-xinstall/tools/ipa-ca-install2
-rwxr-xr-xinstall/tools/ipa-replica-install3
-rwxr-xr-xinstall/tools/ipa-server-install3
4 files changed, 6 insertions, 3 deletions
diff --git a/install/restart_scripts/renew_ca_cert b/install/restart_scripts/renew_ca_cert
index 5768db3f..ab394b97 100644
--- a/install/restart_scripts/renew_ca_cert
+++ b/install/restart_scripts/renew_ca_cert
@@ -83,6 +83,7 @@ except Exception, e:
finally:
shutil.rmtree(tmpdir)
+# Done withing stopped_service context, CA restarted here
update_cert_config(nickname, cert)
if nickname == 'subsystemCert cert-pki-ca':
diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install
index 636f63da..4edd26d3 100755
--- a/install/tools/ipa-ca-install
+++ b/install/tools/ipa-ca-install
@@ -189,8 +189,8 @@ def main():
CA.ldap_enable('CA', config.host_name, config.dirman_password,
ipautil.realm_to_suffix(config.realm_name))
+ # This is done within stopped_service context, which restarts CA
CA.enable_client_auth_to_db()
- CA.restart()
# Install CA DNS records
install_dns_records(config, options)
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index c6d69fca..947c51f6 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -675,8 +675,9 @@ def main():
if CA and config.setup_ca:
CA.ldap_enable('CA', config.host_name, config.dirman_password,
ipautil.realm_to_suffix(config.realm_name))
+
+ # This is done within stopped_service context, which restarts CA
CA.enable_client_auth_to_db()
- CA.restart()
krb = install_krb(config, setup_pkinit=options.setup_pkinit)
http = install_http(config, auto_redirect=options.ui_redirect)
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 06e99134..86ca3447 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -1054,8 +1054,9 @@ def main():
# We need to ldap_enable the CA now that DS is up and running
ca.ldap_enable('CA', host_name, dm_password,
ipautil.realm_to_suffix(realm_name))
+
+ # This is done within stopped_service context, which restarts CA
ca.enable_client_auth_to_db()
- ca.restart()
# Upload the CA cert to the directory
ds.upload_ca_cert()