summaryrefslogtreecommitdiffstats
path: root/install/restart_scripts/stop_pkicad
diff options
context:
space:
mode:
authorJan Cholasta <jcholast@redhat.com>2015-01-08 09:06:46 +0000
committerJan Cholasta <jcholast@redhat.com>2015-01-13 18:34:59 +0000
commitb9ae7690489368ead9f4983d386fa210dc265dfa (patch)
tree25437961e983a3a239541f9482e69ff70941c32c /install/restart_scripts/stop_pkicad
parent6a1304324fe94b17e8dc4a418f90bea028160ace (diff)
downloadfreeipa-b9ae7690489368ead9f4983d386fa210dc265dfa.tar.gz
freeipa-b9ae7690489368ead9f4983d386fa210dc265dfa.tar.xz
freeipa-b9ae7690489368ead9f4983d386fa210dc265dfa.zip
Make certificate renewal process synchronized
Synchronization is achieved using a global renewal lock. https://fedorahosted.org/freeipa/ticket/4803 Reviewed-By: David Kupka <dkupka@redhat.com>
Diffstat (limited to 'install/restart_scripts/stop_pkicad')
-rw-r--r--install/restart_scripts/stop_pkicad4
1 files changed, 4 insertions, 0 deletions
diff --git a/install/restart_scripts/stop_pkicad b/install/restart_scripts/stop_pkicad
index b8866f16e..871e5e761 100644
--- a/install/restart_scripts/stop_pkicad
+++ b/install/restart_scripts/stop_pkicad
@@ -25,6 +25,8 @@ import traceback
from ipapython import dogtag
from ipalib import api
from ipaplatform import services
+from ipaserver.install import certs
+
def main():
api.bootstrap(context='restart')
@@ -34,6 +36,8 @@ def main():
dogtag_service = services.knownservices[configured_constants.SERVICE_NAME]
dogtag_instance = configured_constants.PKI_INSTANCE_NAME
+ certs.renewal_lock.acquire('renew_ca_cert')
+
syslog.syslog(syslog.LOG_NOTICE, "Stopping %s" % dogtag_service.service_name)
try:
dogtag_service.stop(dogtag_instance)
generated by cgit (git 2.34.1) at 2026-01-06 11:25:55 +0000