cainstance: do not configure renewal guard

Do not configure renewal guard for dogtag-ipa-renew-agent, as it is not used in IPA anymore. https://fedorahosted.org/freeipa/ticket/5959 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
author: Jan Cholasta <jcholast@redhat.com> 2017-01-06 10:49:41 +0100
committer: Martin Basti <mbasti@redhat.com> 2017-01-16 14:37:25 +0100
commit: 926fe2049a1839fd7e68c9fa55f64154ee83c841 (patch)
tree: d9e1e3c2c276bce75eab38657c6ff70aa79e47a6 /ipaserver/install
parent: ad49bda907b3c2ec5b98946a2c4000bb6edaf835 (diff)
download: freeipa-926fe2049a1839fd7e68c9fa55f64154ee83c841.tar.gz
freeipa-926fe2049a1839fd7e68c9fa55f64154ee83c841.tar.xz
freeipa-926fe2049a1839fd7e68c9fa55f64154ee83c841.zip
2 files changed, 15 insertions, 39 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index f933479df..423aa3f15 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -32,8 +32,6 @@ import sys
 import syslog
 import time
 import tempfile
-import shlex
-import pipes
 
 # pylint: disable=import-error
 from six.moves.configparser import ConfigParser, RawConfigParser
@@ -950,16 +948,6 @@ class CAInstance(DogtagInstance):
         if path:
             iface.remove_known_ca(path)
 
-        helper = self.restore_state('certmonger_dogtag_helper')
-        if helper:
-            path = iface.find_ca_by_nickname('dogtag-ipa-renew-agent')
-            if path:
-                ca_obj = bus.get_object('org.fedorahosted.certmonger', path)
-                ca_iface = dbus.Interface(ca_obj,
-                                          'org.freedesktop.DBus.Properties')
-                ca_iface.Set('org.fedorahosted.certmonger.ca',
-                             'external-helper', helper)
-
         cmonger.stop()
 
         # remove CRL files
@@ -990,35 +978,23 @@ class CAInstance(DogtagInstance):
         fd.close()
         os.chmod(location, 0o444)
 
-
-    def configure_certmonger_renewal(self):
-        super(CAInstance, self).configure_certmonger_renewal()
-
-        self.configure_certmonger_renewal_guard()
-
-    def configure_certmonger_renewal_guard(self):
+    def unconfigure_certmonger_renewal_guard(self):
         if not self.is_configured():
             return
 
-        bus = dbus.SystemBus()
-        obj = bus.get_object('org.fedorahosted.certmonger',
-                             '/org/fedorahosted/certmonger')
-        iface = dbus.Interface(obj, 'org.fedorahosted.certmonger')
-        path = iface.find_ca_by_nickname('dogtag-ipa-renew-agent')
-        if path:
-            ca_obj = bus.get_object('org.fedorahosted.certmonger', path)
-            ca_iface = dbus.Interface(ca_obj,
-                                      'org.freedesktop.DBus.Properties')
-            helper = ca_iface.Get('org.fedorahosted.certmonger.ca',
-                                  'external-helper')
-            if helper:
-                args = shlex.split(helper)
-                if args[0] != paths.IPA_SERVER_GUARD:
-                    self.backup_state('certmonger_dogtag_helper', helper)
-                    args = [paths.IPA_SERVER_GUARD] + args
-                    helper = ' '.join(pipes.quote(a) for a in args)
-                    ca_iface.Set('org.fedorahosted.certmonger.ca',
-                                 'external-helper', helper)
+        helper = self.restore_state('certmonger_dogtag_helper')
+        if helper:
+            bus = dbus.SystemBus()
+            obj = bus.get_object('org.fedorahosted.certmonger',
+                                 '/org/fedorahosted/certmonger')
+            iface = dbus.Interface(obj, 'org.fedorahosted.certmonger')
+            path = iface.find_ca_by_nickname('dogtag-ipa-renew-agent')
+            if path:
+                ca_obj = bus.get_object('org.fedorahosted.certmonger', path)
+                ca_iface = dbus.Interface(ca_obj,
+                                          'org.freedesktop.DBus.Properties')
+                ca_iface.Set('org.fedorahosted.certmonger.ca',
+                             'external-helper', helper)
 
     def configure_agent_renewal(self):
         try:
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index 10f2e3d19..068db2152 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -1613,7 +1613,7 @@ def upgrade_configuration():
     if ca.is_configured() and not certmonger_service.is_running():
         certmonger_service.start()
 
-    ca.configure_certmonger_renewal_guard()
+    ca.unconfigure_certmonger_renewal_guard()
 
     update_dbmodules(api.env.realm)
     uninstall_ipa_kpasswd()
author	Jan Cholasta <jcholast@redhat.com>	2017-01-06 10:49:41 +0100
committer	Martin Basti <mbasti@redhat.com>	2017-01-16 14:37:25 +0100
commit	926fe2049a1839fd7e68c9fa55f64154ee83c841 (patch)
tree	d9e1e3c2c276bce75eab38657c6ff70aa79e47a6 /ipaserver/install
parent	ad49bda907b3c2ec5b98946a2c4000bb6edaf835 (diff)
download	freeipa-926fe2049a1839fd7e68c9fa55f64154ee83c841.tar.gz freeipa-926fe2049a1839fd7e68c9fa55f64154ee83c841.tar.xz freeipa-926fe2049a1839fd7e68c9fa55f64154ee83c841.zip