The Identity, Policy and Audit system
Johnny Hughes
2018-05-14 ab4b7f7ca4a3a477df1cf61418f2d63755652dcc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
From accc490a5f1db734c94e739d9b9638d44d60d21c Mon Sep 17 00:00:00 2001
From: Aleksei Slaikovskii <aslaikov@redhat.com>
Date: Mon, 23 Oct 2017 11:17:32 +0200
Subject: [PATCH] Add a notice to restart ipa services after certs are
 installed
 
Adding notice for user to restart services after
ipa-server-certinstall.
 
https://pagure.io/freeipa/issue/7016
 
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
---
 install/tools/man/ipa-server-certinstall.1  | 3 ++-
 ipaserver/install/ipa_server_certinstall.py | 5 +++++
 2 files changed, 7 insertions(+), 1 deletion(-)
 
diff --git a/install/tools/man/ipa-server-certinstall.1 b/install/tools/man/ipa-server-certinstall.1
index 35cd8c6c711119d7c782c6a89ac78b4894cec073..00fd03b6bc2184ec2bbc099fd9799551c07d2390 100644
--- a/install/tools/man/ipa-server-certinstall.1
+++ b/install/tools/man/ipa-server-certinstall.1
@@ -28,7 +28,8 @@ PKCS#12 is a file format used to safely transport SSL certificates and public/pr
 
 They may be generated and managed using the NSS pk12util command or the OpenSSL pkcs12 command.
 
-The service(s) are not automatically restarted. In order to use the newly installed certificate(s) you will need to manually restart the Directory and/or Apache servers.
+The service(s) are not automatically restarted. In order to use the newly installed certificate(s) you will need to manually restart the Directory, Apache and/or Krb5kdc servers.
+
 .SH "OPTIONS"
 .TP 
 \fB\-d\fR, \fB\-\-dirsrv\fR
diff --git a/ipaserver/install/ipa_server_certinstall.py b/ipaserver/install/ipa_server_certinstall.py
index 9c8f6e81a802e1a87bab1fd15f729e10676fe3a3..ec283705a4038239ddf0c6bacaac200936ed04e8 100644
--- a/ipaserver/install/ipa_server_certinstall.py
+++ b/ipaserver/install/ipa_server_certinstall.py
@@ -17,6 +17,7 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
+from __future__ import print_function
 
 import os
 import os.path
@@ -121,6 +122,10 @@ class ServerCertInstall(admintool.AdminTool):
         if self.options.kdc:
             self.install_kdc_cert()
 
+        print(
+            "Please restart ipa services after installing certificate "
+            "(ipactl restart)")
+
         api.Backend.ldap2.disconnect()
 
     def install_dirsrv_cert(self):
-- 
2.14.3