summaryrefslogtreecommitdiffstats
path: root/ipapython
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2009-07-10 16:18:16 -0400
committerRob Crittenden <rcritten@redhat.com>2009-07-15 09:00:01 -0400
commit8d164569d0e4ee79089ae224ac6f5a569c291cdb (patch)
treea75db1b23693315d1b35bad891ea6c86019d7149 /ipapython
parent904e55540438cfd88507fa747daa585605b90bdb (diff)
downloadfreeipa-8d164569d0e4ee79089ae224ac6f5a569c291cdb.tar.gz
freeipa-8d164569d0e4ee79089ae224ac6f5a569c291cdb.tar.xz
freeipa-8d164569d0e4ee79089ae224ac6f5a569c291cdb.zip
Allow replicas of an IPA server using an internal dogtag server as the CA
This involves creating a new CA instance on the replica and using pkisilent to create a clone of the master CA. Also generally fixes IPA to work with the latest dogtag SVN tip. A lot of changes to ports and configuration have been done recently.
Diffstat (limited to 'ipapython')
-rw-r--r--ipapython/dogtag.py10
1 files changed, 6 insertions, 4 deletions
diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py
index 684754f4..75ecbf6d 100644
--- a/ipapython/dogtag.py
+++ b/ipapython/dogtag.py
@@ -21,12 +21,14 @@ from ipalib import api, errors
import httplib
import xml.dom.minidom
-def get_ca_certchain():
+def get_ca_certchain(ca_host=None):
"""
Retrieve the CA Certificate chain from the configured Dogtag server.
"""
+ if ca_host is None:
+ ca_host = api.env.ca_host
chain = None
- conn = httplib.HTTPConnection(api.env.ca_host, 9180)
+ conn = httplib.HTTPConnection(ca_host, 9180)
conn.request("GET", "/ca/ee/ca/getCertChain")
res = conn.getresponse()
if res.status == 200:
@@ -42,8 +44,8 @@ def get_ca_certchain():
item_node = doc.getElementsByTagName("Error")
reason = item_node[0].childNodes[0].data
raise errors.RemoteRetrieveError(reason=reason)
- except:
- raise errors.RemoteRetrieveError(reason="Retrieving CA cert chain failed")
+ except Exception, e:
+ raise errors.RemoteRetrieveError(reason="Retrieving CA cert chain failed: %s" % str(e))
finally:
doc.unlink()