Make certificate renewal process synchronized

Synchronization is achieved using a global renewal lock. https://fedorahosted.org/freeipa/ticket/4803 Reviewed-By: David Kupka <dkupka@redhat.com>
author: Jan Cholasta <jcholast@redhat.com> 2015-01-08 09:06:46 +0000
committer: Jan Cholasta <jcholast@redhat.com> 2015-01-13 18:34:59 +0000
commit: b9ae7690489368ead9f4983d386fa210dc265dfa (patch)
tree: 25437961e983a3a239541f9482e69ff70941c32c /install/restart_scripts/renew_ra_cert
parent: 6a1304324fe94b17e8dc4a418f90bea028160ace (diff)
download: freeipa-b9ae7690489368ead9f4983d386fa210dc265dfa.tar.gz
freeipa-b9ae7690489368ead9f4983d386fa210dc265dfa.tar.xz
freeipa-b9ae7690489368ead9f4983d386fa210dc265dfa.zip
1 files changed, 9 insertions, 2 deletions
diff --git a/install/restart_scripts/renew_ra_cert b/install/restart_scripts/renew_ra_cert
index 6d4b81a53..7dae35623 100644
--- a/install/restart_scripts/renew_ra_cert
+++ b/install/restart_scripts/renew_ra_cert
@@ -32,9 +32,10 @@ from ipaserver.install import certs, cainstance
 from ipaplatform import services
 from ipaplatform.paths import paths
 
-nickname = 'ipaCert'
 
-def main():
+def _main():
+    nickname = 'ipaCert'
+
     api.bootstrap(context='restart')
     api.finalize()
 
@@ -68,6 +69,12 @@ def main():
     else:
         syslog.syslog(syslog.LOG_NOTICE, "Restarted httpd")
 
+
+def main():
+    with certs.renewal_lock:
+        _main()
+
+
 try:
     main()
 except Exception:
author	Jan Cholasta <jcholast@redhat.com>	2015-01-08 09:06:46 +0000
committer	Jan Cholasta <jcholast@redhat.com>	2015-01-13 18:34:59 +0000
commit	b9ae7690489368ead9f4983d386fa210dc265dfa (patch)
tree	25437961e983a3a239541f9482e69ff70941c32c /install/restart_scripts/renew_ra_cert
parent	6a1304324fe94b17e8dc4a418f90bea028160ace (diff)
download	freeipa-b9ae7690489368ead9f4983d386fa210dc265dfa.tar.gz freeipa-b9ae7690489368ead9f4983d386fa210dc265dfa.tar.xz freeipa-b9ae7690489368ead9f4983d386fa210dc265dfa.zip