diff options
Diffstat (limited to 'install/restart_scripts/restart_pkicad')
-rw-r--r-- | install/restart_scripts/restart_pkicad | 77 |
1 files changed, 42 insertions, 35 deletions
diff --git a/install/restart_scripts/restart_pkicad b/install/restart_scripts/restart_pkicad index 9a3d48057..4e14577ae 100644 --- a/install/restart_scripts/restart_pkicad +++ b/install/restart_scripts/restart_pkicad @@ -21,54 +21,61 @@ import sys import syslog +import traceback from ipapython import services as ipaservices from ipapython import dogtag from ipaserver.install import certs from ipalib import api -nickname = sys.argv[1] +def main(): + nickname = sys.argv[1] -api.bootstrap(context='restart') -api.finalize() + api.bootstrap(context='restart') + api.finalize() -configured_constants = dogtag.configured_constants(api) -alias_dir = configured_constants.ALIAS_DIR -dogtag_service = ipaservices.knownservices[configured_constants.SERVICE_NAME] -dogtag_instance = configured_constants.PKI_INSTANCE_NAME + configured_constants = dogtag.configured_constants(api) + alias_dir = configured_constants.ALIAS_DIR + dogtag_service = ipaservices.knownservices[configured_constants.SERVICE_NAME] + dogtag_instance = configured_constants.PKI_INSTANCE_NAME -# dogtag opens its NSS database in read/write mode so we need it -# shut down so certmonger can open it read/write mode. This avoids -# database corruption. It should already be stopped by the pre-command -# but lets be sure. -if dogtag_service.is_running(dogtag_instance): - syslog.syslog( - syslog.LOG_NOTICE, "Stopping %s" % dogtag_service.service_name) + # dogtag opens its NSS database in read/write mode so we need it + # shut down so certmonger can open it read/write mode. This avoids + # database corruption. It should already be stopped by the pre-command + # but lets be sure. + if dogtag_service.is_running(dogtag_instance): + syslog.syslog( + syslog.LOG_NOTICE, "Stopping %s" % dogtag_service.service_name) + try: + dogtag_service.stop(dogtag_instance) + except Exception, e: + syslog.syslog( + syslog.LOG_ERR, + "Cannot stop %s: %s" % (dogtag_service.service_name, e)) + else: + syslog.syslog( + syslog.LOG_NOTICE, "Stopped %s" % dogtag_service.service_name) + + # Fix permissions on the audit cert if we're updating it + if nickname == 'auditSigningCert cert-pki-ca': + db = certs.CertDB(api.env.realm, nssdir=alias_dir) + args = ['-M', + '-n', nickname, + '-t', 'u,u,Pu', + ] + db.run_certutil(args) + + syslog.syslog(syslog.LOG_NOTICE, 'Starting %s' % dogtag_service.service_name) try: - dogtag_service.stop(dogtag_instance) + dogtag_service.start(dogtag_instance) except Exception, e: syslog.syslog( syslog.LOG_ERR, - "Cannot stop %s: %s" % (dogtag_service.service_name, e)) + "Cannot start %s: %s" % (dogtag_service.service_name, e)) else: syslog.syslog( - syslog.LOG_NOTICE, "Stopped %s" % dogtag_service.service_name) - -# Fix permissions on the audit cert if we're updating it -if nickname == 'auditSigningCert cert-pki-ca': - db = certs.CertDB(api.env.realm, nssdir=alias_dir) - args = ['-M', - '-n', nickname, - '-t', 'u,u,Pu', - ] - db.run_certutil(args) + syslog.LOG_NOTICE, "Started %s" % dogtag_service.service_name) -syslog.syslog(syslog.LOG_NOTICE, 'Starting %s' % dogtag_service.service_name) try: - dogtag_service.start(dogtag_instance) -except Exception, e: - syslog.syslog( - syslog.LOG_ERR, - "Cannot start %s: %s" % (dogtag_service.service_name, e)) -else: - syslog.syslog( - syslog.LOG_NOTICE, "Started %s" % dogtag_service.service_name) + main() +except Exception: + syslog.syslog(syslog.LOG_ERR, traceback.format_exc()) |