diff options
author | Jan Cholasta <jcholast@redhat.com> | 2015-11-09 10:53:02 +0100 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2015-11-19 13:06:12 +0100 |
commit | f3076c6ab37e081ba9b0ec9f0502379f60dfbd10 (patch) | |
tree | f2813f84f5ac1e7114df75cbe99a43e1e22f1ddf /install/restart_scripts | |
parent | 164fb7b1d19ef316d2ec55a8f85876ccf310544f (diff) | |
download | freeipa-f3076c6ab37e081ba9b0ec9f0502379f60dfbd10.tar.gz freeipa-f3076c6ab37e081ba9b0ec9f0502379f60dfbd10.tar.xz freeipa-f3076c6ab37e081ba9b0ec9f0502379f60dfbd10.zip |
cert renewal: make renewal of ipaCert atomic
This prevents errors when renewing other certificates during the renewal of
ipaCert.
https://fedorahosted.org/freeipa/ticket/5436
Reviewed-By: David Kupka <dkupka@redhat.com>
Diffstat (limited to 'install/restart_scripts')
-rw-r--r-- | install/restart_scripts/Makefile.am | 1 | ||||
-rw-r--r-- | install/restart_scripts/renew_ra_cert | 5 | ||||
-rwxr-xr-x | install/restart_scripts/renew_ra_cert_pre | 18 |
3 files changed, 23 insertions, 1 deletions
diff --git a/install/restart_scripts/Makefile.am b/install/restart_scripts/Makefile.am index 58057aa31..c4bf8195e 100644 --- a/install/restart_scripts/Makefile.am +++ b/install/restart_scripts/Makefile.am @@ -7,6 +7,7 @@ app_DATA = \ renew_ca_cert \ renew_ra_cert \ stop_pkicad \ + renew_ra_cert_pre \ $(NULL) EXTRA_DIST = \ diff --git a/install/restart_scripts/renew_ra_cert b/install/restart_scripts/renew_ra_cert index cf770a94c..9b5e231b5 100644 --- a/install/restart_scripts/renew_ra_cert +++ b/install/restart_scripts/renew_ra_cert @@ -77,8 +77,11 @@ def _main(): def main(): - with certs.renewal_lock: + try: _main() + finally: + # lock acquired in renew_ra_cert_pre + certs.renewal_lock.release('renew_ra_cert') try: diff --git a/install/restart_scripts/renew_ra_cert_pre b/install/restart_scripts/renew_ra_cert_pre new file mode 100755 index 000000000..d0f743c09 --- /dev/null +++ b/install/restart_scripts/renew_ra_cert_pre @@ -0,0 +1,18 @@ +#!/usr/bin/python2 -E +# +# Copyright (C) 2015 FreeIPA Contributors see COPYING for license +# + +import syslog +import traceback + +from ipaserver.install import certs + + +def main(): + certs.renewal_lock.acquire('renew_ra_cert') + +try: + main() +except Exception: + syslog.syslog(syslog.LOG_ERR, traceback.format_exc()) |