diff options
| author | Martin Kosek <mkosek@redhat.com> | 2013-10-16 09:58:23 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2013-10-17 12:07:52 +0200 |
| commit | dd3295ac32c0cae3234723e65175e337761ddf38 (patch) | |
| tree | 826128e048ef4676b96e91d2b9fa88b7a0294643 /ipapython | |
| parent | 096a49766d6706a05231621b0993acd2e734b0f1 (diff) | |
| download | freeipa-dd3295ac32c0cae3234723e65175e337761ddf38.tar.gz freeipa-dd3295ac32c0cae3234723e65175e337761ddf38.tar.xz freeipa-dd3295ac32c0cae3234723e65175e337761ddf38.zip | |
Installer should always wait until CA starts up
Patch for ticket 3964 changed the installer so that it does not
always wait for CA if the proxy is not configured. However,
it was found out that it may freeze an installation when
a step subsequent after CA restart call the CA and receives no
reply.
Change the wait so that it always waits for CA to start up. If
HTTP proxy is already configured, it should wait on port 443.
If not, it should wait on local PKI port 8443.
https://fedorahosted.org/freeipa/ticket/3973
Diffstat (limited to 'ipapython')
| -rw-r--r-- | ipapython/dogtag.py | 10 | ||||
| -rw-r--r-- | ipapython/platform/fedora16/service.py | 7 |
2 files changed, 11 insertions, 6 deletions
diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py index ec3f2beb8..ea769b027 100644 --- a/ipapython/dogtag.py +++ b/ipapython/dogtag.py @@ -184,7 +184,7 @@ def get_ca_certchain(ca_host=None, dogtag_constants=None): return chain -def ca_status(ca_host=None): +def ca_status(ca_host=None, use_proxy=True): """Return the status of the CA, and the httpd proxy in front of it The returned status can be: @@ -194,9 +194,13 @@ def ca_status(ca_host=None): """ if ca_host is None: ca_host = api.env.ca_host - # Use port 443 to test the proxy as well + if use_proxy: + # Use port 443 to test the proxy as well + ca_port = 443 + else: + ca_port = 8443 status, reason, headers, body = unauthenticated_https_request( - ca_host, 443, '/ca/admin/ca/getStatus') + ca_host, ca_port, '/ca/admin/ca/getStatus') if status == 503: # Service temporarily unavailable return reason diff --git a/ipapython/platform/fedora16/service.py b/ipapython/platform/fedora16/service.py index 36e7a31c4..edf2d7ff8 100644 --- a/ipapython/platform/fedora16/service.py +++ b/ipapython/platform/fedora16/service.py @@ -143,17 +143,18 @@ class Fedora16CAService(Fedora16Service): # Unfortunately, knownservices.httpd.is_installed() can return # false positives, so check for existence of our configuration file. # TODO: Use a cleaner solution + use_proxy = True if not (os.path.exists('/etc/httpd/conf.d/ipa.conf') and os.path.exists('/etc/httpd/conf.d/ipa-pki-proxy.conf')): root_logger.debug( - 'The httpd proxy is not installed, skipping wait for CA') - return + 'The httpd proxy is not installed, wait on local port') + use_proxy = False root_logger.debug('Waiting until the CA is running') timeout = api.env.startup_timeout op_timeout = time.time() + timeout while time.time() < op_timeout: try: - status = dogtag.ca_status() + status = dogtag.ca_status(use_proxy=use_proxy) except Exception: status = 'check interrupted' root_logger.debug('The CA status is: %s' % status) |