From 13fec89bb4a2ddfda7d1ad0da18c6c4be77373d6 Mon Sep 17 00:00:00 2001

From: Jan Cholasta <jcholast@redhat.com>

Date: Tue, 20 Jan 2015 09:38:43 +0000

Subject: [PATCH] Do not assume certmonger is running in httpinstance

https://fedorahosted.org/freeipa/ticket/4835

Reviewed-By: David Kupka <dkupka@redhat.com>

---

 ipaserver/install/httpinstance.py | 48 +++++++++++++++++++++++----------------

 1 file changed, 29 insertions(+), 19 deletions(-)

diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py

index 2fb315b6b822343860a9c31b016d6a0a22388488..cda85ab02b8054748e671935fcfbc3993257c53e 100644

--- a/ipaserver/install/httpinstance.py

+++ b/ipaserver/install/httpinstance.py

@@ -39,6 +39,7 @@ from ipaserver.install import sysupgrade

 from ipalib import api

 from ipaplatform.tasks import tasks

 from ipaplatform.paths import paths

+from ipaplatform import services

 SELINUX_BOOLEAN_SETTINGS = dict(

@@ -228,25 +229,34 @@ class HTTPInstance(service.Service):

             print "Adding Include conf.d/ipa-rewrite to %s failed." % paths.HTTPD_NSS_CONF

     def configure_certmonger_renewal_guard(self):

-        bus = dbus.SystemBus()

-        obj = bus.get_object('org.fedorahosted.certmonger',

-                             '/org/fedorahosted/certmonger')

-        iface = dbus.Interface(obj, 'org.fedorahosted.certmonger')

-        path = iface.find_ca_by_nickname('IPA')

-        if path:

-            ca_obj = bus.get_object('org.fedorahosted.certmonger', path)

-            ca_iface = dbus.Interface(ca_obj,

-                                      'org.freedesktop.DBus.Properties')

-            helper = ca_iface.Get('org.fedorahosted.certmonger.ca',

-                                  'external-helper')

-            if helper:

-                args = shlex.split(helper)

-                if args[0] != paths.IPA_SERVER_GUARD:

-                    self.backup_state('certmonger_ipa_helper', helper)

-                    args = [paths.IPA_SERVER_GUARD] + args

-                    helper = ' '.join(pipes.quote(a) for a in args)

-                    ca_iface.Set('org.fedorahosted.certmonger.ca',

-                                 'external-helper', helper)

+        certmonger = services.knownservices.certmonger

+        certmonger_stopped = not certmonger.is_running()

+

+        if certmonger_stopped:

+            certmonger.start()

+        try:

+            bus = dbus.SystemBus()

+            obj = bus.get_object('org.fedorahosted.certmonger',

+                                 '/org/fedorahosted/certmonger')

+            iface = dbus.Interface(obj, 'org.fedorahosted.certmonger')

+            path = iface.find_ca_by_nickname('IPA')

+            if path:

+                ca_obj = bus.get_object('org.fedorahosted.certmonger', path)

+                ca_iface = dbus.Interface(ca_obj,

+                                          'org.freedesktop.DBus.Properties')

+                helper = ca_iface.Get('org.fedorahosted.certmonger.ca',

+                                      'external-helper')

+                if helper:

+                    args = shlex.split(helper)

+                    if args[0] != paths.IPA_SERVER_GUARD:

+                        self.backup_state('certmonger_ipa_helper', helper)

+                        args = [paths.IPA_SERVER_GUARD] + args

+                        helper = ' '.join(pipes.quote(a) for a in args)

+                        ca_iface.Set('org.fedorahosted.certmonger.ca',

+                                     'external-helper', helper)

+        finally:

+            if certmonger_stopped:

+                certmonger.stop()

     def __setup_ssl(self):

         fqdn = self.fqdn

-- 

2.1.0