diff options
author | Jan Cholasta <jcholast@redhat.com> | 2015-01-06 13:08:54 +0000 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2015-01-13 18:34:59 +0000 |
commit | 6a1304324fe94b17e8dc4a418f90bea028160ace (patch) | |
tree | 257b0db6aea97377906dff6ca9dafef1a334f375 | |
parent | 5bf1c9a6f7d734c296c8eb987cfc4f7e2a345130 (diff) | |
download | freeipa-6a1304324fe94b17e8dc4a418f90bea028160ace.tar.gz freeipa-6a1304324fe94b17e8dc4a418f90bea028160ace.tar.xz freeipa-6a1304324fe94b17e8dc4a418f90bea028160ace.zip |
Restart dogtag when its server certificate is renewed
https://fedorahosted.org/freeipa/ticket/4803
Reviewed-By: David Kupka <dkupka@redhat.com>
-rwxr-xr-x | install/tools/ipa-upgradeconfig | 6 | ||||
-rw-r--r-- | ipaserver/install/dogtaginstance.py | 4 |
2 files changed, 5 insertions, 5 deletions
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig index 71fe5195d..050fd25db 100755 --- a/install/tools/ipa-upgradeconfig +++ b/install/tools/ipa-upgradeconfig @@ -783,7 +783,7 @@ def certificate_renewal_update(ca): dogtag_constants = dogtag.configured_constants() # bump version when requests is changed - version = 2 + version = 3 requests = ( ( dogtag_constants.ALIAS_DIR, @@ -829,8 +829,8 @@ def certificate_renewal_update(ca): dogtag_constants.ALIAS_DIR, 'Server-Cert cert-pki-ca', 'dogtag-ipa-renew-agent', - None, - None, + 'stop_pkicad', + 'renew_ca_cert', None, ), ) diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py index c9c34bd0b..2f984b814 100644 --- a/ipaserver/install/dogtaginstance.py +++ b/ipaserver/install/dogtaginstance.py @@ -359,8 +359,8 @@ class DogtagInstance(service.Service): pin=pin, pinfile=None, secdir=self.dogtag_constants.ALIAS_DIR, - pre_command=None, - post_command=None) + pre_command='stop_pkicad', + post_command='renew_ca_cert "%s"' % self.server_cert_name) except RuntimeError, e: self.log.error( "certmonger failed to start tracking certificate: %s" % e) |