From 717bbcd2bf624ad68ea1cdf08216ab4f06e8bc4d Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 10 Apr 2012 21:21:08 +0200
Subject: Configure certmonger to execute restart scripts on renewal.

certmonger now has the ability to execute a script when it renews a
certificate. This can be used to automatically restart servers so
the certificate doesn't expire in the running server.

https://fedorahosted.org/freeipa/ticket/2050
---
 ipapython/certmonger.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'ipapython/certmonger.py')

diff --git a/ipapython/certmonger.py b/ipapython/certmonger.py
index fda539b34..22a599ae6 100644
--- a/ipapython/certmonger.py
+++ b/ipapython/certmonger.py
@@ -189,11 +189,15 @@ def cert_exists(nickname, secdir):
     else:
         return False
 
-def start_tracking(nickname, secdir, password_file=None):
+def start_tracking(nickname, secdir, password_file=None, command=None):
     """
     Tell certmonger to track the given certificate nickname in NSS
     database in secdir protected by optional password file password_file.
 
+    command is an optional parameter which specifies a command for
+    certmonger to run when it renews a certificate. This command must
+    reside in /usr/lib/ipa/certmonger to work with SELinux.
+
     Returns the stdout, stderr and returncode from running ipa-getcert
 
     This assumes that certmonger is already running.
@@ -206,6 +210,9 @@ def start_tracking(nickname, secdir, password_file=None):
     if password_file:
         args.append("-p")
         args.append(os.path.abspath(password_file))
+    if command:
+        args.append("-C")
+        args.append(command)
 
     (stdout, stderr, returncode) = ipautil.run(args)
 
-- 
cgit