diff options
author | Petr Viktorin <pviktori@redhat.com> | 2013-03-26 18:06:50 +0100 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2013-04-15 16:55:27 -0400 |
commit | 4e3c1051d029363a099312eac48f337244a5610c (patch) | |
tree | 81574e96640ac9743ab7088af724233944d9cb62 /ipaserver/install/dsinstance.py | |
parent | fe00788bb439d461e1429ffbd94e42d615e2ddf9 (diff) | |
download | freeipa-4e3c1051d029363a099312eac48f337244a5610c.tar.gz freeipa-4e3c1051d029363a099312eac48f337244a5610c.tar.xz freeipa-4e3c1051d029363a099312eac48f337244a5610c.zip |
Uninstall selfsign CA on upgrade
This will convert a master with a selfsign CA to a CA-less one in
ipa-upgradeconfig.
The relevant files are left in place and can be used to manage certs
manually.
Part of the work for: https://fedorahosted.org/freeipa/ticket/3494
Diffstat (limited to 'ipaserver/install/dsinstance.py')
-rw-r--r-- | ipaserver/install/dsinstance.py | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index be629b198..4b0c580a8 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -709,11 +709,7 @@ class DsInstance(service.Service): serverid = self.restore_state("serverid") if not serverid is None: - # drop the trailing / off the config_dirname so the directory - # will match what is in certmonger - dirname = config_dirname(serverid)[:-1] - dsdb = certs.CertDB(self.realm_name, nssdir=dirname) - dsdb.untrack_server_cert(self.nickname) + self.stop_tracking_certificates(serverid) erase_ds_instance_data(serverid) # At one time we removed this user on uninstall. That can potentially @@ -735,6 +731,16 @@ class DsInstance(service.Service): except Exception, e: root_logger.error('Unable to restart ds instance %s: %s', ds_instance, e) + def stop_tracking_certificates(self, serverid=None): + if serverid is None: + serverid = self.get_state("serverid") + if not serverid is None: + # drop the trailing / off the config_dirname so the directory + # will match what is in certmonger + dirname = config_dirname(serverid)[:-1] + dsdb = certs.CertDB(self.realm_name, nssdir=dirname) + dsdb.untrack_server_cert(self.nickname) + # we could probably move this function into the service.Service # class - it's very generic - all we need is a way to get an # instance of a particular Service |