diff options
| author | Petr Viktorin <pviktori@redhat.com> | 2012-11-12 09:49:46 -0500 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2012-11-23 12:19:19 +0100 |
| commit | 17f91dac5501b165615453c79f75f7df88459544 (patch) | |
| tree | 25821227da12d5669d823a30e549551e34528aa5 /ipaserver/install/cainstance.py | |
| parent | 5fa3455764cb475078723eebacffefd2baf08016 (diff) | |
| download | freeipa.git-17f91dac5501b165615453c79f75f7df88459544.tar.gz freeipa.git-17f91dac5501b165615453c79f75f7df88459544.tar.xz freeipa.git-17f91dac5501b165615453c79f75f7df88459544.zip | |
Properly stop tracking certificates on uninstall
Stopping certificate tracking was done as part of the PKI DS uninstall.
Since with the merged DB, thePKI DS is not used any more, this step
was skipped.
Move certificate untracking to a separate step and call it separately.
Also, the post-uninstall check for tracked certificates used the wrong
set of Dogtag constants. Fix the issue.
Diffstat (limited to 'ipaserver/install/cainstance.py')
| -rw-r--r-- | ipaserver/install/cainstance.py | 38 |
1 files changed, 23 insertions, 15 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 2e4375b8..418267f6 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -437,25 +437,33 @@ class CADSInstance(service.Service): # At one time we removed this user on uninstall. That can potentially # orphan files, or worse, if another useradd runs in the intermim, # cause files to have a new owner. - cmonger = ipaservices.knownservices.certmonger - ipaservices.knownservices.messagebus.start() - cmonger.start() - for nickname in ['Server-Cert cert-pki-ca', - 'auditSigningCert cert-pki-ca', - 'ocspSigningCert cert-pki-ca', - 'subsystemCert cert-pki-ca']: - try: - certmonger.stop_tracking( - self.dogtag_constants.ALIAS_DIR, nickname=nickname) - except (ipautil.CalledProcessError, RuntimeError), e: - root_logger.error("certmonger failed to stop tracking certificate: %s" % str(e)) +def stop_tracking_certificates(dogtag_constants): + """Stop tracking our certificates. Called on uninstall. + """ + cmonger = ipaservices.knownservices.certmonger + ipaservices.knownservices.messagebus.start() + cmonger.start() + + for nickname in ['Server-Cert cert-pki-ca', + 'auditSigningCert cert-pki-ca', + 'ocspSigningCert cert-pki-ca', + 'subsystemCert cert-pki-ca']: try: - certmonger.stop_tracking('/etc/httpd/alias', nickname='ipaCert') + certmonger.stop_tracking( + dogtag_constants.ALIAS_DIR, nickname=nickname) except (ipautil.CalledProcessError, RuntimeError), e: - root_logger.error("certmonger failed to stop tracking certificate: %s" % str(e)) - cmonger.stop() + root_logger.error( + "certmonger failed to stop tracking certificate: %s" % str(e)) + + try: + certmonger.stop_tracking('/etc/httpd/alias', nickname='ipaCert') + except (ipautil.CalledProcessError, RuntimeError), e: + root_logger.error( + "certmonger failed to stop tracking certificate: %s" % str(e)) + cmonger.stop() + class CAInstance(service.Service): """ |