Restart dogtag when its server certificate is renewed

https://fedorahosted.org/freeipa/ticket/4803

Reviewed-By: David Kupka <dkupka@redhat.com>

2 files changed, 5 insertions, 5 deletions

diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
index 71fe5195d..050fd25db 100755
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -783,7 +783,7 @@ def certificate_renewal_update(ca):
     dogtag_constants = dogtag.configured_constants()
 
     # bump version when requests is changed
-    version = 2
+    version = 3
     requests = (
         (
             dogtag_constants.ALIAS_DIR,
@@ -829,8 +829,8 @@ def certificate_renewal_update(ca):
             dogtag_constants.ALIAS_DIR,
             'Server-Cert cert-pki-ca',
             'dogtag-ipa-renew-agent',
-            None,
-            None,
+            'stop_pkicad',
+            'renew_ca_cert',
             None,
         ),
     )
diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py
index c9c34bd0b..2f984b814 100644
--- a/ipaserver/install/dogtaginstance.py
+++ b/ipaserver/install/dogtaginstance.py
@@ -359,8 +359,8 @@ class DogtagInstance(service.Service):
                 pin=pin,
                 pinfile=None,
                 secdir=self.dogtag_constants.ALIAS_DIR,
-                pre_command=None,
-                post_command=None)
+                pre_command='stop_pkicad',
+                post_command='renew_ca_cert "%s"' % self.server_cert_name)
         except RuntimeError, e:
             self.log.error(
                 "certmonger failed to start tracking certificate: %s" % e)