areguera / rpms / ipa

Forked from rpms/ipa 5 years ago
Clone

Blame SOURCES/0128-server-upgrade-always-fix-certmonger-tracking-reques.patch

ac7d03
From ba42557e2acb526587b07956e75a2a1394882771 Mon Sep 17 00:00:00 2001
ac7d03
From: Jan Cholasta <jcholast@redhat.com>
ac7d03
Date: Tue, 28 Feb 2017 10:55:54 +0000
ac7d03
Subject: [PATCH] server upgrade: always fix certmonger tracking request
ac7d03
ac7d03
Fix certmonger tracking requests on every run of ipa-server-upgrade rather
ac7d03
than only when the tracking configuration has changed and the requests have
ac7d03
not yet been updated.
ac7d03
ac7d03
This allows fixing broken tracking requests just by re-running
ac7d03
ipa-server-upgrade.
ac7d03
ac7d03
https://pagure.io/freeipa/issue/5799
ac7d03
ac7d03
Reviewed-By: David Kupka <dkupka@redhat.com>
ac7d03
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
ac7d03
---
ac7d03
 ipaserver/install/server/upgrade.py | 28 +++++++---------------------
ac7d03
 1 file changed, 7 insertions(+), 21 deletions(-)
ac7d03
ac7d03
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
ac7d03
index 7b0476d442902f2c3dc65819d54953e820f5e560..855056dc1fa20e813d82ecc5090a14cfc4f91831 100644
ac7d03
--- a/ipaserver/install/server/upgrade.py
ac7d03
+++ b/ipaserver/install/server/upgrade.py
ac7d03
@@ -905,8 +905,6 @@ def certificate_renewal_update(ca, ds, http):
ac7d03
     template = paths.CERTMONGER_COMMAND_TEMPLATE
ac7d03
     serverid = installutils.realm_to_serverid(api.env.realm)
ac7d03
 
ac7d03
-    # bump version when requests is changed
ac7d03
-    version = 6
ac7d03
     requests = [
ac7d03
         {
ac7d03
             'cert-database': paths.PKI_TOMCAT_ALIAS_DIR,
ac7d03
@@ -971,25 +969,17 @@ def certificate_renewal_update(ca, ds, http):
ac7d03
         }
ac7d03
     ]
ac7d03
 
ac7d03
-    root_logger.info("[Update certmonger certificate renewal configuration to "
ac7d03
-                     "version %d]" % version)
ac7d03
+    root_logger.info("[Update certmonger certificate renewal configuration]")
ac7d03
     if not ca.is_configured():
ac7d03
         root_logger.info('CA is not configured')
ac7d03
         return False
ac7d03
 
ac7d03
-    state = 'certificate_renewal_update_%d' % version
ac7d03
-    if sysupgrade.get_upgrade_state('dogtag', state):
ac7d03
-        return False
ac7d03
-
ac7d03
     # State not set, lets see if we are already configured
ac7d03
     for request in requests:
ac7d03
         request_id = certmonger.get_request_id(request)
ac7d03
         if request_id is None:
ac7d03
             break
ac7d03
     else:
ac7d03
-        sysupgrade.set_upgrade_state('dogtag', state, True)
ac7d03
-        root_logger.info("Certmonger certificate renewal configuration is "
ac7d03
-                         "already at version %d" % version)
ac7d03
         return False
ac7d03
 
ac7d03
     # Ok, now we need to stop tracking, then we can start tracking them
ac7d03
@@ -998,13 +988,11 @@ def certificate_renewal_update(ca, ds, http):
ac7d03
     ds.stop_tracking_certificates(serverid)
ac7d03
     http.stop_tracking_certificates()
ac7d03
 
ac7d03
-    if not sysupgrade.get_upgrade_state('dogtag',
ac7d03
-                                        'certificate_renewal_update_1'):
ac7d03
-        filename = paths.CERTMONGER_CAS_CA_RENEWAL
ac7d03
-        if os.path.exists(filename):
ac7d03
-            with installutils.stopped_service('certmonger'):
ac7d03
-                root_logger.info("Removing %s" % filename)
ac7d03
-                installutils.remove_file(filename)
ac7d03
+    filename = paths.CERTMONGER_CAS_CA_RENEWAL
ac7d03
+    if os.path.exists(filename):
ac7d03
+        with installutils.stopped_service('certmonger'):
ac7d03
+            root_logger.info("Removing %s" % filename)
ac7d03
+            installutils.remove_file(filename)
ac7d03
 
ac7d03
     ca.configure_certmonger_renewal()
ac7d03
     ca.configure_renewal()
ac7d03
@@ -1013,9 +1001,7 @@ def certificate_renewal_update(ca, ds, http):
ac7d03
     ds.start_tracking_certificates(serverid)
ac7d03
     http.start_tracking_certificates()
ac7d03
 
ac7d03
-    sysupgrade.set_upgrade_state('dogtag', state, True)
ac7d03
-    root_logger.info("Certmonger certificate renewal configuration updated to "
ac7d03
-                     "version %d" % version)
ac7d03
+    root_logger.info("Certmonger certificate renewal configuration updated")
ac7d03
     return True
ac7d03
 
ac7d03
 def copy_crl_file(old_path, new_path=None):
ac7d03
-- 
ac7d03
2.9.3
ac7d03