From 0f81268ec4a006625c8286ac7c6f5fed5aab7346 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 8 Aug 2014 16:09:42 -0400
Subject: Fix some restart script issues found with certificate renewal.

The restart_dirsrv script wasn't initializing the api so the
startup_timeout wasn't available.

The subsystemCert cert-pki-ca definition was missing so we didn't
know which certificate to update in CS.cfg.

Add some documentation and a pause between restarts for the
renew_ca_cert script so that when the CA subsystem certs are renewed
they don't all try to restart the CA at the same time.

https://fedorahosted.org/freeipa/ticket/3006
---
 install/restart_scripts/restart_dirsrv | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'install/restart_scripts/restart_dirsrv')

diff --git a/install/restart_scripts/restart_dirsrv b/install/restart_scripts/restart_dirsrv
index d6bbbbc3..a9bb897b 100644
--- a/install/restart_scripts/restart_dirsrv
+++ b/install/restart_scripts/restart_dirsrv
@@ -22,12 +22,16 @@
 import sys
 import syslog
 from ipapython import services as ipaservices
+from ipalib import api
 
 try:
     instance = sys.argv[1]
 except IndexError:
     instance = ""
 
+api.bootstrap(context='restart')
+api.finalize()
+
 syslog.syslog(syslog.LOG_NOTICE, "certmonger restarted dirsrv instance '%s'" % instance)
 
 try:
-- 
cgit