Make certificate renewal process synchronized

Synchronization is achieved using a global renewal lock. https://fedorahosted.org/freeipa/ticket/4803 Reviewed-By: David Kupka <dkupka@redhat.com>
author: Jan Cholasta <jcholast@redhat.com> 2015-01-08 09:06:46 +0000
committer: Jan Cholasta <jcholast@redhat.com> 2015-01-13 18:34:59 +0000
commit: b9ae7690489368ead9f4983d386fa210dc265dfa (patch)
tree: 25437961e983a3a239541f9482e69ff70941c32c /install/restart_scripts/renew_ca_cert
parent: 6a1304324fe94b17e8dc4a418f90bea028160ace (diff)
download: freeipa-b9ae7690489368ead9f4983d386fa210dc265dfa.tar.gz
freeipa-b9ae7690489368ead9f4983d386fa210dc265dfa.tar.xz
freeipa-b9ae7690489368ead9f4983d386fa210dc265dfa.zip
1 files changed, 9 insertions, 1 deletions
diff --git a/install/restart_scripts/renew_ca_cert b/install/restart_scripts/renew_ca_cert
index a205b0e36..c7bd5d74c 100644
--- a/install/restart_scripts/renew_ca_cert
+++ b/install/restart_scripts/renew_ca_cert
@@ -35,7 +35,7 @@ from ipaplatform import services
 from ipaplatform.paths import paths
 
 
-def main():
+def _main():
     nickname = sys.argv[1]
 
     api.bootstrap(context='restart')
@@ -210,6 +210,14 @@ def main():
         syslog.syslog(
             syslog.LOG_NOTICE, "Started %s" % dogtag_service.service_name)
 
+
+def main():
+    try:
+        _main()
+    finally:
+        certs.renewal_lock.release('renew_ca_cert')
+
+
 try:
     main()
 except Exception:
author	Jan Cholasta <jcholast@redhat.com>	2015-01-08 09:06:46 +0000
committer	Jan Cholasta <jcholast@redhat.com>	2015-01-13 18:34:59 +0000
commit	b9ae7690489368ead9f4983d386fa210dc265dfa (patch)
tree	25437961e983a3a239541f9482e69ff70941c32c /install/restart_scripts/renew_ca_cert
parent	6a1304324fe94b17e8dc4a418f90bea028160ace (diff)
download	freeipa-b9ae7690489368ead9f4983d386fa210dc265dfa.tar.gz freeipa-b9ae7690489368ead9f4983d386fa210dc265dfa.tar.xz freeipa-b9ae7690489368ead9f4983d386fa210dc265dfa.zip