pgreco / rpms / ipa

Forked from forks/areguera/rpms/ipa 4 years ago
Clone
Source Code
GIT

Blame SOURCES/0070-Wait-for-client-certificates.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client
  1.   6ad8f3f1268e7a09ea9830aea99e7629487c2693
  2.   SOURCES
  3.   0070-Wait-for-client-certificates.patch
Blob History Raw
979ee0 
From 30b4300eb27ddeca50096687a9a4122e59d9b66d Mon Sep 17 00:00:00 2001
979ee0 
From: Christian Heimes <cheimes@redhat.com>
979ee0 
Date: Mon, 9 Jul 2018 13:53:44 +0200
979ee0 
Subject: [PATCH] Wait for client certificates
979ee0
979ee0 
ipa-client-install --request-cert now waits until certmonger has
979ee0 
provided a host certificate. In case of an error, ipa-client-install no
979ee0 
longer pretents to success but fails with an error code.
979ee0
979ee0 
The --request-cert option also ensures that certmonger is enabled and
979ee0 
running.
979ee0
979ee0 
See: Fixes: https://pagure.io/freeipa/issue/7623
979ee0 
Signed-off-by: Christian Heimes <cheimes@redhat.com>
979ee0 
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
979ee0 
---
979ee0 
 ipaclient/install/client.py | 25 ++++++++++++++++++-------
979ee0 
 1 file changed, 18 insertions(+), 7 deletions(-)
979ee0
979ee0 
diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py
979ee0 
index c88061320c29faba25374ba71c53407de8e71db2..dbada726280d9a90293842370f303de6a77ceb01 100644
979ee0 
--- a/ipaclient/install/client.py
979ee0 
+++ b/ipaclient/install/client.py
979ee0 
@@ -771,6 +771,7 @@ def configure_certmonger(
979ee0 
     cmonger = services.knownservices.certmonger
979ee0 
     try:
979ee0 
         cmonger.enable()
979ee0 
+        cmonger.start()
979ee0 
     except Exception as e:
979ee0 
         root_logger.error(
979ee0 
             "Failed to configure automatic startup of the %s daemon: %s",
979ee0 
@@ -782,14 +783,24 @@ def configure_certmonger(
979ee0 
     subject = str(DN(('CN', hostname), subject_base))
979ee0 
     passwd_fname = os.path.join(paths.IPA_NSSDB_DIR, 'pwdfile.txt')
979ee0 
     try:
979ee0 
-        certmonger.request_cert(
979ee0 
+        certmonger.request_and_wait_for_cert(
979ee0 
             certpath=paths.IPA_NSSDB_DIR,
979ee0 
-            nickname='Local IPA host', subject=subject, dns=[hostname],
979ee0 
-            principal=principal, passwd_fname=passwd_fname)
979ee0 
-    except Exception as ex:
979ee0 
-        root_logger.error(
979ee0 
-            "%s request for host certificate failed: %s",
979ee0 
-            cmonger.service_name, ex)
979ee0 
+            storage='NSSDB',
979ee0 
+            nickname='Local IPA host',
979ee0 
+            subject=subject,
979ee0 
+            dns=[hostname],
979ee0 
+            principal=principal,
979ee0 
+            passwd_fname=passwd_fname,
979ee0 
+            resubmit_timeout=120,
979ee0 
+        )
979ee0 
+    except Exception as e:
979ee0 
+        root_logger.exception("certmonger request failed")
979ee0 
+        raise ScriptError(
979ee0 
+            "{} request for host certificate failed: {}".format(
979ee0 
+                cmonger.service_name, e
979ee0 
+            ),
979ee0 
+            rval=CLIENT_INSTALL_ERROR
979ee0 
+        )
979ee0
979ee0
979ee0 
 def configure_sssd_conf(
979ee0 
--
979ee0 
2.17.1
979ee0

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation