summaryrefslogtreecommitdiffstats
path: root/install
diff options
context:
space:
mode:
Diffstat (limited to 'install')
-rw-r--r--install/tools/ipa-upgradeconfig50
1 files changed, 27 insertions, 23 deletions
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
index 7f785e614..a1f085be4 100644
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -233,8 +233,10 @@ def upgrade_pki(ca, fstore):
if not installutils.get_directive(configured_constants.CS_CFG_PATH,
'proxy.securePort', '=') and \
os.path.exists(paths.PKI_SETUP_PROXY):
- ipautil.run([paths.PKI_SETUP_PROXY, '-pki_instance_root=/var/lib'
- ,'-pki_instance_name=pki-ca','-subsystem_type=ca'])
+ # update proxy configuration with stopped dogtag to prevent corruption
+ # of CS.cfg
+ ipautil.run([paths.PKI_SETUP_PROXY, '-pki_instance_root=/var/lib',
+ '-pki_instance_name=pki-ca','-subsystem_type=ca'])
root_logger.debug('Proxy configuration updated')
else:
root_logger.debug('Proxy configuration up-to-date')
@@ -1204,28 +1206,30 @@ def main():
ca = cainstance.CAInstance(api.env.realm, certs.NSS_DIR)
ca.backup_config()
- # migrate CRL publish dir before the location in ipa.conf is updated
- ca_restart = migrate_crl_publish_dir(ca)
+ with installutils.stopped_service(configured_constants.SERVICE_NAME,
+ configured_constants.PKI_INSTANCE_NAME):
+ # migrate CRL publish dir before the location in ipa.conf is updated
+ ca_restart = migrate_crl_publish_dir(ca)
+
+ if ca.is_configured():
+ crl = installutils.get_directive(configured_constants.CS_CFG_PATH,
+ 'ca.crl.MasterCRL.enableCRLUpdates', '=')
+ sub_dict['CLONE']='#' if crl.lower() == 'true' else ''
+
+ ds_serverid = dsinstance.realm_to_serverid(api.env.realm)
+ ds_dirname = dsinstance.config_dirname(ds_serverid)
+
+ upgrade(sub_dict, paths.HTTPD_IPA_CONF, ipautil.SHARE_DIR + "ipa.conf")
+ upgrade(sub_dict, paths.HTTPD_IPA_REWRITE_CONF, ipautil.SHARE_DIR + "ipa-rewrite.conf")
+ upgrade(sub_dict, paths.HTTPD_IPA_PKI_PROXY_CONF, ipautil.SHARE_DIR + "ipa-pki-proxy.conf", add=True)
+ if subject_base:
+ upgrade(
+ sub_dict,
+ os.path.join(ds_dirname, "certmap.conf"),
+ os.path.join(ipautil.SHARE_DIR, "certmap.conf.template")
+ )
+ upgrade_pki(ca, fstore)
- if ca.is_configured():
- crl = installutils.get_directive(configured_constants.CS_CFG_PATH,
- 'ca.crl.MasterCRL.enableCRLUpdates',
- '=')
- sub_dict['CLONE']='#' if crl.lower() == 'true' else ''
-
- ds_serverid = dsinstance.realm_to_serverid(api.env.realm)
- ds_dirname = dsinstance.config_dirname(ds_serverid)
-
- upgrade(sub_dict, paths.HTTPD_IPA_CONF, ipautil.SHARE_DIR + "ipa.conf")
- upgrade(sub_dict, paths.HTTPD_IPA_REWRITE_CONF, ipautil.SHARE_DIR + "ipa-rewrite.conf")
- upgrade(sub_dict, paths.HTTPD_IPA_PKI_PROXY_CONF, ipautil.SHARE_DIR + "ipa-pki-proxy.conf", add=True)
- if subject_base:
- upgrade(
- sub_dict,
- os.path.join(ds_dirname, "certmap.conf"),
- os.path.join(ipautil.SHARE_DIR, "certmap.conf.template")
- )
- upgrade_pki(ca, fstore)
update_dbmodules(api.env.realm)
uninstall_ipa_kpasswd()
generated by cgit (git 2.34.1) at 2024-11-16 14:22:06 +0000