diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2015-11-09 10:53:02 +0100 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2015-11-19 13:06:12 +0100 |
| commit | f3076c6ab37e081ba9b0ec9f0502379f60dfbd10 (patch) | |
| tree | f2813f84f5ac1e7114df75cbe99a43e1e22f1ddf /ipaserver | |
| parent | 164fb7b1d19ef316d2ec55a8f85876ccf310544f (diff) | |
| download | freeipa-f3076c6ab37e081ba9b0ec9f0502379f60dfbd10.tar.gz freeipa-f3076c6ab37e081ba9b0ec9f0502379f60dfbd10.tar.xz freeipa-f3076c6ab37e081ba9b0ec9f0502379f60dfbd10.zip | |
cert renewal: make renewal of ipaCert atomic
This prevents errors when renewing other certificates during the renewal of
ipaCert.
https://fedorahosted.org/freeipa/ticket/5436
Reviewed-By: David Kupka <dkupka@redhat.com>
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/install/cainstance.py | 2 | ||||
| -rw-r--r-- | ipaserver/install/server/upgrade.py | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 23fdf3014..1cbc0d03b 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -1339,7 +1339,7 @@ class CAInstance(DogtagInstance): pin=None, pinfile=paths.ALIAS_PWDFILE_TXT, secdir=paths.HTTPD_ALIAS_DIR, - pre_command=None, + pre_command='renew_ra_cert_pre', post_command='renew_ra_cert') except RuntimeError as e: self.log.error( diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index 4337995ac..b9621a39d 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -806,7 +806,7 @@ def certificate_renewal_update(ca): dogtag_constants = dogtag.configured_constants() # bump version when requests is changed - version = 3 + version = 4 requests = ( ( dogtag_constants.ALIAS_DIR, @@ -844,7 +844,7 @@ def certificate_renewal_update(ca): paths.HTTPD_ALIAS_DIR, 'ipaCert', 'dogtag-ipa-ca-renew-agent', - None, + 'renew_ra_cert_pre', 'renew_ra_cert', None, ), |