summaryrefslogtreecommitdiffstats
path: root/install/restart_scripts/restart_pkicad
diff options
context:
space:
mode:
Diffstat (limited to 'install/restart_scripts/restart_pkicad')
-rw-r--r--install/restart_scripts/restart_pkicad77
1 files changed, 42 insertions, 35 deletions
diff --git a/install/restart_scripts/restart_pkicad b/install/restart_scripts/restart_pkicad
index 9a3d48057..4e14577ae 100644
--- a/install/restart_scripts/restart_pkicad
+++ b/install/restart_scripts/restart_pkicad
@@ -21,54 +21,61 @@
import sys
import syslog
+import traceback
from ipapython import services as ipaservices
from ipapython import dogtag
from ipaserver.install import certs
from ipalib import api
-nickname = sys.argv[1]
+def main():
+ nickname = sys.argv[1]
-api.bootstrap(context='restart')
-api.finalize()
+ api.bootstrap(context='restart')
+ api.finalize()
-configured_constants = dogtag.configured_constants(api)
-alias_dir = configured_constants.ALIAS_DIR
-dogtag_service = ipaservices.knownservices[configured_constants.SERVICE_NAME]
-dogtag_instance = configured_constants.PKI_INSTANCE_NAME
+ configured_constants = dogtag.configured_constants(api)
+ alias_dir = configured_constants.ALIAS_DIR
+ dogtag_service = ipaservices.knownservices[configured_constants.SERVICE_NAME]
+ dogtag_instance = configured_constants.PKI_INSTANCE_NAME
-# dogtag opens its NSS database in read/write mode so we need it
-# shut down so certmonger can open it read/write mode. This avoids
-# database corruption. It should already be stopped by the pre-command
-# but lets be sure.
-if dogtag_service.is_running(dogtag_instance):
- syslog.syslog(
- syslog.LOG_NOTICE, "Stopping %s" % dogtag_service.service_name)
+ # dogtag opens its NSS database in read/write mode so we need it
+ # shut down so certmonger can open it read/write mode. This avoids
+ # database corruption. It should already be stopped by the pre-command
+ # but lets be sure.
+ if dogtag_service.is_running(dogtag_instance):
+ syslog.syslog(
+ syslog.LOG_NOTICE, "Stopping %s" % dogtag_service.service_name)
+ try:
+ dogtag_service.stop(dogtag_instance)
+ except Exception, e:
+ syslog.syslog(
+ syslog.LOG_ERR,
+ "Cannot stop %s: %s" % (dogtag_service.service_name, e))
+ else:
+ syslog.syslog(
+ syslog.LOG_NOTICE, "Stopped %s" % dogtag_service.service_name)
+
+ # Fix permissions on the audit cert if we're updating it
+ if nickname == 'auditSigningCert cert-pki-ca':
+ db = certs.CertDB(api.env.realm, nssdir=alias_dir)
+ args = ['-M',
+ '-n', nickname,
+ '-t', 'u,u,Pu',
+ ]
+ db.run_certutil(args)
+
+ syslog.syslog(syslog.LOG_NOTICE, 'Starting %s' % dogtag_service.service_name)
try:
- dogtag_service.stop(dogtag_instance)
+ dogtag_service.start(dogtag_instance)
except Exception, e:
syslog.syslog(
syslog.LOG_ERR,
- "Cannot stop %s: %s" % (dogtag_service.service_name, e))
+ "Cannot start %s: %s" % (dogtag_service.service_name, e))
else:
syslog.syslog(
- syslog.LOG_NOTICE, "Stopped %s" % dogtag_service.service_name)
-
-# Fix permissions on the audit cert if we're updating it
-if nickname == 'auditSigningCert cert-pki-ca':
- db = certs.CertDB(api.env.realm, nssdir=alias_dir)
- args = ['-M',
- '-n', nickname,
- '-t', 'u,u,Pu',
- ]
- db.run_certutil(args)
+ syslog.LOG_NOTICE, "Started %s" % dogtag_service.service_name)
-syslog.syslog(syslog.LOG_NOTICE, 'Starting %s' % dogtag_service.service_name)
try:
- dogtag_service.start(dogtag_instance)
-except Exception, e:
- syslog.syslog(
- syslog.LOG_ERR,
- "Cannot start %s: %s" % (dogtag_service.service_name, e))
-else:
- syslog.syslog(
- syslog.LOG_NOTICE, "Started %s" % dogtag_service.service_name)
+ main()
+except Exception:
+ syslog.syslog(syslog.LOG_ERR, traceback.format_exc())