diff options
| author | Tomas Babej <tbabej@redhat.com> | 2013-08-01 14:47:52 +0200 |
|---|---|---|
| committer | Petr Viktorin <pviktori@redhat.com> | 2013-08-26 16:21:36 +0200 |
| commit | ab6a6e27d88b44b8c3f07290ae753558705363ee (patch) | |
| tree | cc600b67c7b293bfbadb27aa9f42da688f74b6f1 /install | |
| parent | 6961cf2e77cca8f3784a6d82cebeb0bb8df1f535 (diff) | |
| download | freeipa-ab6a6e27d88b44b8c3f07290ae753558705363ee.tar.gz freeipa-ab6a6e27d88b44b8c3f07290ae753558705363ee.tar.xz freeipa-ab6a6e27d88b44b8c3f07290ae753558705363ee.zip | |
Make CS.cfg edits with CA instance stopped
This patch makes sure that all edits to CS.cfg configuration file
are performed while pki-tomcatd service is stopped.
Introduces a new contextmanager stopped_service for handling
a general problem of performing a task that needs certain service
being stopped.
https://fedorahosted.org/freeipa/ticket/3804
Diffstat (limited to 'install')
| -rw-r--r-- | install/restart_scripts/renew_ca_cert | 1 | ||||
| -rwxr-xr-x | install/tools/ipa-ca-install | 2 | ||||
| -rwxr-xr-x | install/tools/ipa-replica-install | 3 | ||||
| -rwxr-xr-x | install/tools/ipa-server-install | 3 |
4 files changed, 6 insertions, 3 deletions
diff --git a/install/restart_scripts/renew_ca_cert b/install/restart_scripts/renew_ca_cert index 5768db3f..ab394b97 100644 --- a/install/restart_scripts/renew_ca_cert +++ b/install/restart_scripts/renew_ca_cert @@ -83,6 +83,7 @@ except Exception, e: finally: shutil.rmtree(tmpdir) +# Done withing stopped_service context, CA restarted here update_cert_config(nickname, cert) if nickname == 'subsystemCert cert-pki-ca': diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install index 636f63da..4edd26d3 100755 --- a/install/tools/ipa-ca-install +++ b/install/tools/ipa-ca-install @@ -189,8 +189,8 @@ def main(): CA.ldap_enable('CA', config.host_name, config.dirman_password, ipautil.realm_to_suffix(config.realm_name)) + # This is done within stopped_service context, which restarts CA CA.enable_client_auth_to_db() - CA.restart() # Install CA DNS records install_dns_records(config, options) diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index c6d69fca..947c51f6 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -675,8 +675,9 @@ def main(): if CA and config.setup_ca: CA.ldap_enable('CA', config.host_name, config.dirman_password, ipautil.realm_to_suffix(config.realm_name)) + + # This is done within stopped_service context, which restarts CA CA.enable_client_auth_to_db() - CA.restart() krb = install_krb(config, setup_pkinit=options.setup_pkinit) http = install_http(config, auto_redirect=options.ui_redirect) diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 06e99134..86ca3447 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -1054,8 +1054,9 @@ def main(): # We need to ldap_enable the CA now that DS is up and running ca.ldap_enable('CA', host_name, dm_password, ipautil.realm_to_suffix(realm_name)) + + # This is done within stopped_service context, which restarts CA ca.enable_client_auth_to_db() - ca.restart() # Upload the CA cert to the directory ds.upload_ca_cert() |