diff options
| author | Tomas Krizek <tkrizek@redhat.com> | 2016-11-09 09:52:28 +0100 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2016-11-09 15:32:45 +0100 |
| commit | 33f7b8dc32bc95e0db067ac4df49807ee2b5120e (patch) | |
| tree | e1f618c363c372f46b35f39523a7e23967354e98 | |
| parent | c0674e89d1e6b5abd82cf3b7bf8054eec0fa6418 (diff) | |
libexec scripts: ldap conn management
Certificate renewal scripts require connection to LDAP. Properly
handle connects and disconnects from LDAP.
https://fedorahosted.org/freeipa/ticket/6461
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
| -rwxr-xr-x | install/certmonger/dogtag-ipa-ca-renew-agent-submit | 3 | ||||
| -rw-r--r-- | install/restart_scripts/renew_ca_cert | 2 | ||||
| -rw-r--r-- | install/restart_scripts/renew_ra_cert | 2 |
3 files changed, 7 insertions, 0 deletions
diff --git a/install/certmonger/dogtag-ipa-ca-renew-agent-submit b/install/certmonger/dogtag-ipa-ca-renew-agent-submit index f2b15cfa2..6f5841ee3 100755 --- a/install/certmonger/dogtag-ipa-ca-renew-agent-submit +++ b/install/certmonger/dogtag-ipa-ca-renew-agent-submit @@ -476,6 +476,7 @@ def main(): api.bootstrap(in_server=True, context='renew') api.finalize() + api.Backend.ldap2.connect() operation = os.environ.get('CERTMONGER_OPERATION') if operation not in ('SUBMIT', 'POLL'): @@ -506,6 +507,8 @@ def main(): finally: certs.renewal_lock.release() shutil.rmtree(tmpdir) + api.Backend.ldap2.disconnect() + try: sys.exit(main()) diff --git a/install/restart_scripts/renew_ca_cert b/install/restart_scripts/renew_ca_cert index 7b3c8bdc6..0f0a69031 100644 --- a/install/restart_scripts/renew_ca_cert +++ b/install/restart_scripts/renew_ca_cert @@ -40,6 +40,7 @@ def _main(): api.bootstrap(in_server=True, context='restart') api.finalize() + api.Backend.ldap2.connect() dogtag_service = services.knownservices['pki_tomcatd'] @@ -182,6 +183,7 @@ def _main(): conn.disconnect() finally: shutil.rmtree(tmpdir) + api.Backend.ldap2.disconnect() # Now we can start the CA. Using the services start should fire # off the servlet to verify that the CA is actually up and responding so diff --git a/install/restart_scripts/renew_ra_cert b/install/restart_scripts/renew_ra_cert index 62c5aa62c..d71d6e2ac 100644 --- a/install/restart_scripts/renew_ra_cert +++ b/install/restart_scripts/renew_ra_cert @@ -39,6 +39,7 @@ def _main(): api.bootstrap(in_server=True, context='restart') api.finalize() + api.Backend.ldap2.connect() tmpdir = tempfile.mkdtemp(prefix="tmp-") try: @@ -65,6 +66,7 @@ def _main(): krainstance.export_kra_agent_pem() finally: shutil.rmtree(tmpdir) + api.Backend.ldap2.disconnect() # Now restart Apache so the new certificate is available syslog.syslog(syslog.LOG_NOTICE, "Restarting httpd") |