diff options
author | Jan Cholasta <jcholast@redhat.com> | 2015-01-08 09:06:46 +0000 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2015-01-13 18:34:59 +0000 |
commit | b9ae7690489368ead9f4983d386fa210dc265dfa (patch) | |
tree | 25437961e983a3a239541f9482e69ff70941c32c /install/restart_scripts/renew_ca_cert | |
parent | 6a1304324fe94b17e8dc4a418f90bea028160ace (diff) | |
download | freeipa-b9ae7690489368ead9f4983d386fa210dc265dfa.tar.gz freeipa-b9ae7690489368ead9f4983d386fa210dc265dfa.tar.xz freeipa-b9ae7690489368ead9f4983d386fa210dc265dfa.zip |
Make certificate renewal process synchronized
Synchronization is achieved using a global renewal lock.
https://fedorahosted.org/freeipa/ticket/4803
Reviewed-By: David Kupka <dkupka@redhat.com>
Diffstat (limited to 'install/restart_scripts/renew_ca_cert')
-rw-r--r-- | install/restart_scripts/renew_ca_cert | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/install/restart_scripts/renew_ca_cert b/install/restart_scripts/renew_ca_cert index a205b0e36..c7bd5d74c 100644 --- a/install/restart_scripts/renew_ca_cert +++ b/install/restart_scripts/renew_ca_cert @@ -35,7 +35,7 @@ from ipaplatform import services from ipaplatform.paths import paths -def main(): +def _main(): nickname = sys.argv[1] api.bootstrap(context='restart') @@ -210,6 +210,14 @@ def main(): syslog.syslog( syslog.LOG_NOTICE, "Started %s" % dogtag_service.service_name) + +def main(): + try: + _main() + finally: + certs.renewal_lock.release('renew_ca_cert') + + try: main() except Exception: |