Tree - rpms/ipa - CentOS Git server

pgreco / rpms / ipa

Forked from forks/areguera/rpms/ipa 4 years ago

Source
Stats

Blame SOURCES/0028-Wait-for-client-certificates.patch

Blob History Raw

		95ea96	`From fb346fab2495a9343ed68131c0ebf071e3e9654f Mon Sep 17 00:00:00 2001`
		2737e7	`From: Christian Heimes <cheimes@redhat.com>`
		2737e7	`Date: Mon, 9 Jul 2018 13:53:44 +0200`
		2737e7	`Subject: [PATCH] Wait for client certificates`
		2737e7
		2737e7	`ipa-client-install --request-cert now waits until certmonger has`
		2737e7	`provided a host certificate. In case of an error, ipa-client-install no`
		2737e7	`longer pretents to success but fails with an error code.`
		2737e7
		2737e7	`The --request-cert option also ensures that certmonger is enabled and`
		2737e7	`running.`
		2737e7
		2737e7	`See: Fixes: https://pagure.io/freeipa/issue/7623`
		2737e7	`Signed-off-by: Christian Heimes <cheimes@redhat.com>`
		95ea96	`Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>`
		2737e7	`---`
		2737e7	`ipaclient/install/client.py \| 25 ++++++++++++++++++-------`
		2737e7	`1 file changed, 18 insertions(+), 7 deletions(-)`
		2737e7
		2737e7	`diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py`
		95ea96	`index 5173d90bfeb61acab6032f2972dcc4a0d1344094..0fbe31b762561b3e2ee2f35a666a93de8857bced 100644`
		2737e7	`--- a/ipaclient/install/client.py`
		2737e7	`+++ b/ipaclient/install/client.py`
		95ea96	`@@ -775,6 +775,7 @@ def configure_certmonger(`
		2737e7	`cmonger = services.knownservices.certmonger`
		2737e7	`try:`
		2737e7	`cmonger.enable()`
		2737e7	`+ cmonger.start()`
		2737e7	`except Exception as e:`
		95ea96	`logger.error(`
		2737e7	`"Failed to configure automatic startup of the %s daemon: %s",`
		95ea96	`@@ -786,14 +787,24 @@ def configure_certmonger(`
		2737e7	`subject = str(DN(('CN', hostname), subject_base))`
		2737e7	`passwd_fname = os.path.join(paths.IPA_NSSDB_DIR, 'pwdfile.txt')`
		2737e7	`try:`
		2737e7	`- certmonger.request_cert(`
		2737e7	`+ certmonger.request_and_wait_for_cert(`
		2737e7	`certpath=paths.IPA_NSSDB_DIR,`
		2737e7	`- nickname='Local IPA host', subject=subject, dns=[hostname],`
		2737e7	`- principal=principal, passwd_fname=passwd_fname)`
		2737e7	`- except Exception as ex:`
		95ea96	`- logger.error(`
		2737e7	`- "%s request for host certificate failed: %s",`
		2737e7	`- cmonger.service_name, ex)`
		2737e7	`+ storage='NSSDB',`
		2737e7	`+ nickname='Local IPA host',`
		2737e7	`+ subject=subject,`
		2737e7	`+ dns=[hostname],`
		2737e7	`+ principal=principal,`
		2737e7	`+ passwd_fname=passwd_fname,`
		2737e7	`+ resubmit_timeout=120,`
		2737e7	`+ )`
		2737e7	`+ except Exception as e:`
		95ea96	`+ logger.exception("certmonger request failed")`
		2737e7	`+ raise ScriptError(`
		2737e7	`+ "{} request for host certificate failed: {}".format(`
		2737e7	`+ cmonger.service_name, e`
		2737e7	`+ ),`
		2737e7	`+ rval=CLIENT_INSTALL_ERROR`
		2737e7	`+ )`
		2737e7
		2737e7
		2737e7	`def configure_sssd_conf(`
		2737e7	`--`
		2737e7	`2.17.1`
		2737e7

pgreco / rpms / ipa

Source Code

Blame SOURCES/0028-Wait-for-client-certificates.patch