From 337faf506462a01c6dbcd00f2039ed5627691864 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Tue, 18 Nov 2014 19:49:15 +0100 Subject: Using wget to get status of CA This is just workaround Ticket: https://fedorahosted.org/freeipa/ticket/4676 Reviewed-By: Jan Cholasta --- freeipa.spec.in | 1 + install/tools/ipa-upgradeconfig | 4 ---- ipaplatform/redhat/services.py | 27 ++++++++++++++++++++++++++- ipapython/dogtag.py | 18 +++++++++++------- 4 files changed, 38 insertions(+), 12 deletions(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index 9b12c2089..c2793987b 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -287,6 +287,7 @@ Requires: python-qrcode-core >= 5.0.0 Requires: python-pyasn1 Requires: python-dateutil Requires: python-yubico +Requires: wget Conflicts: %{alt_name}-python Obsoletes: %{alt_name}-python < %{version} diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig index 887d3ce99..c25ab5431 100644 --- a/install/tools/ipa-upgradeconfig +++ b/install/tools/ipa-upgradeconfig @@ -1426,10 +1426,6 @@ def main(): ca.restart(dogtag.configured_constants().PKI_INSTANCE_NAME) except ipautil.CalledProcessError, e: root_logger.error("Failed to restart %s: %s", ca.service_name, e) - # FIXME https://fedorahosted.org/freeipa/ticket/4676 - # workaround - except RuntimeError as e: - root_logger.warning(str(e)) set_sssd_domain_option('ipa_server_mode', 'True') diff --git a/ipaplatform/redhat/services.py b/ipaplatform/redhat/services.py index 58ffebc48..20d0adec4 100644 --- a/ipaplatform/redhat/services.py +++ b/ipaplatform/redhat/services.py @@ -24,6 +24,7 @@ Contains Red Hat OS family-specific service class implementations. import os import time +import xml.dom.minidom from ipaplatform.tasks import tasks from ipaplatform.base import services as base_services @@ -185,7 +186,31 @@ class RedHatCAService(RedHatService): op_timeout = time.time() + timeout while time.time() < op_timeout: try: - status = dogtag.ca_status(use_proxy=use_proxy) + # FIXME https://fedorahosted.org/freeipa/ticket/4716 + # workaround + # + # status = dogtag.ca_status(use_proxy=use_proxy) + # + port = 8443 + if use_proxy: + port = 443 + + url = "https://%(host_port)s%(path)s" % { + "host_port": ipautil.format_netloc(api.env.ca_host, port), + "path": "/ca/admin/ca/getStatus" + } + + args = [ + paths.BIN_WGET, + '-S', '-O', '-', + '--timeout=30', + url + ] + + stdout, stderr, returncode = ipautil.run(args) + + status = dogtag._parse_ca_status(stdout) + # end of workaround except Exception: status = 'check interrupted' root_logger.debug('The CA status is: %s' % status) diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py index 67180d59b..3d70bccfc 100644 --- a/ipapython/dogtag.py +++ b/ipapython/dogtag.py @@ -193,6 +193,16 @@ def get_ca_certchain(ca_host=None, dogtag_constants=None): return chain +def _parse_ca_status(body): + doc = xml.dom.minidom.parseString(body) + try: + item_node = doc.getElementsByTagName("XMLResponse")[0] + item_node = item_node.getElementsByTagName("Status")[0] + return item_node.childNodes[0].data + except IndexError: + raise error_from_xml(doc, _("Retrieving CA status failed: %s")) + + def ca_status(ca_host=None, use_proxy=True): """Return the status of the CA, and the httpd proxy in front of it @@ -216,13 +226,7 @@ def ca_status(ca_host=None, use_proxy=True): elif status != 200: raise errors.RemoteRetrieveError( reason=_("Retrieving CA status failed: %s") % reason) - doc = xml.dom.minidom.parseString(body) - try: - item_node = doc.getElementsByTagName("XMLResponse")[0] - item_node = item_node.getElementsByTagName("Status")[0] - return item_node.childNodes[0].data - except IndexError: - raise error_from_xml(doc, _("Retrieving CA status failed: %s")) + return _parse_ca_status(body) def https_request(host, port, url, secdir, password, nickname, **kw): -- cgit