diff options
author | Jan Cholasta <jcholast@redhat.com> | 2017-01-06 10:49:41 +0100 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2017-01-16 14:37:25 +0100 |
commit | 926fe2049a1839fd7e68c9fa55f64154ee83c841 (patch) | |
tree | d9e1e3c2c276bce75eab38657c6ff70aa79e47a6 /ipaserver | |
parent | ad49bda907b3c2ec5b98946a2c4000bb6edaf835 (diff) | |
download | freeipa-926fe2049a1839fd7e68c9fa55f64154ee83c841.tar.gz freeipa-926fe2049a1839fd7e68c9fa55f64154ee83c841.tar.xz freeipa-926fe2049a1839fd7e68c9fa55f64154ee83c841.zip |
cainstance: do not configure renewal guard
Do not configure renewal guard for dogtag-ipa-renew-agent, as it is not
used in IPA anymore.
https://fedorahosted.org/freeipa/ticket/5959
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/cainstance.py | 52 | ||||
-rw-r--r-- | ipaserver/install/server/upgrade.py | 2 |
2 files changed, 15 insertions, 39 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index f933479df..423aa3f15 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -32,8 +32,6 @@ import sys import syslog import time import tempfile -import shlex -import pipes # pylint: disable=import-error from six.moves.configparser import ConfigParser, RawConfigParser @@ -950,16 +948,6 @@ class CAInstance(DogtagInstance): if path: iface.remove_known_ca(path) - helper = self.restore_state('certmonger_dogtag_helper') - if helper: - path = iface.find_ca_by_nickname('dogtag-ipa-renew-agent') - if path: - ca_obj = bus.get_object('org.fedorahosted.certmonger', path) - ca_iface = dbus.Interface(ca_obj, - 'org.freedesktop.DBus.Properties') - ca_iface.Set('org.fedorahosted.certmonger.ca', - 'external-helper', helper) - cmonger.stop() # remove CRL files @@ -990,35 +978,23 @@ class CAInstance(DogtagInstance): fd.close() os.chmod(location, 0o444) - - def configure_certmonger_renewal(self): - super(CAInstance, self).configure_certmonger_renewal() - - self.configure_certmonger_renewal_guard() - - def configure_certmonger_renewal_guard(self): + def unconfigure_certmonger_renewal_guard(self): if not self.is_configured(): return - bus = dbus.SystemBus() - obj = bus.get_object('org.fedorahosted.certmonger', - '/org/fedorahosted/certmonger') - iface = dbus.Interface(obj, 'org.fedorahosted.certmonger') - path = iface.find_ca_by_nickname('dogtag-ipa-renew-agent') - if path: - ca_obj = bus.get_object('org.fedorahosted.certmonger', path) - ca_iface = dbus.Interface(ca_obj, - 'org.freedesktop.DBus.Properties') - helper = ca_iface.Get('org.fedorahosted.certmonger.ca', - 'external-helper') - if helper: - args = shlex.split(helper) - if args[0] != paths.IPA_SERVER_GUARD: - self.backup_state('certmonger_dogtag_helper', helper) - args = [paths.IPA_SERVER_GUARD] + args - helper = ' '.join(pipes.quote(a) for a in args) - ca_iface.Set('org.fedorahosted.certmonger.ca', - 'external-helper', helper) + helper = self.restore_state('certmonger_dogtag_helper') + if helper: + bus = dbus.SystemBus() + obj = bus.get_object('org.fedorahosted.certmonger', + '/org/fedorahosted/certmonger') + iface = dbus.Interface(obj, 'org.fedorahosted.certmonger') + path = iface.find_ca_by_nickname('dogtag-ipa-renew-agent') + if path: + ca_obj = bus.get_object('org.fedorahosted.certmonger', path) + ca_iface = dbus.Interface(ca_obj, + 'org.freedesktop.DBus.Properties') + ca_iface.Set('org.fedorahosted.certmonger.ca', + 'external-helper', helper) def configure_agent_renewal(self): try: diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index 10f2e3d19..068db2152 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -1613,7 +1613,7 @@ def upgrade_configuration(): if ca.is_configured() and not certmonger_service.is_running(): certmonger_service.start() - ca.configure_certmonger_renewal_guard() + ca.unconfigure_certmonger_renewal_guard() update_dbmodules(api.env.realm) uninstall_ipa_kpasswd() |