diff options
author | Rob Crittenden <rcritten@redhat.com> | 2012-04-10 21:21:08 +0200 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2012-04-10 01:08:41 -0400 |
commit | 717bbcd2bf624ad68ea1cdf08216ab4f06e8bc4d (patch) | |
tree | c322f49a4d11e13bd69ee1f7db69b377f62c93c4 /ipapython/certmonger.py | |
parent | e9b79cc1e111bbdc91675f8a2f48a92baa4266c9 (diff) | |
download | freeipa-717bbcd2bf624ad68ea1cdf08216ab4f06e8bc4d.tar.gz freeipa-717bbcd2bf624ad68ea1cdf08216ab4f06e8bc4d.tar.xz freeipa-717bbcd2bf624ad68ea1cdf08216ab4f06e8bc4d.zip |
Configure certmonger to execute restart scripts on renewal.
certmonger now has the ability to execute a script when it renews a
certificate. This can be used to automatically restart servers so
the certificate doesn't expire in the running server.
https://fedorahosted.org/freeipa/ticket/2050
Diffstat (limited to 'ipapython/certmonger.py')
-rw-r--r-- | ipapython/certmonger.py | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/ipapython/certmonger.py b/ipapython/certmonger.py index fda539b34..22a599ae6 100644 --- a/ipapython/certmonger.py +++ b/ipapython/certmonger.py @@ -189,11 +189,15 @@ def cert_exists(nickname, secdir): else: return False -def start_tracking(nickname, secdir, password_file=None): +def start_tracking(nickname, secdir, password_file=None, command=None): """ Tell certmonger to track the given certificate nickname in NSS database in secdir protected by optional password file password_file. + command is an optional parameter which specifies a command for + certmonger to run when it renews a certificate. This command must + reside in /usr/lib/ipa/certmonger to work with SELinux. + Returns the stdout, stderr and returncode from running ipa-getcert This assumes that certmonger is already running. @@ -206,6 +210,9 @@ def start_tracking(nickname, secdir, password_file=None): if password_file: args.append("-p") args.append(os.path.abspath(password_file)) + if command: + args.append("-C") + args.append(command) (stdout, stderr, returncode) = ipautil.run(args) |