|
 |
2e9388 |
From 08d26c374ae6198b5a1ec59556ca8814329b845f Mon Sep 17 00:00:00 2001
|
|
|
2e9388 |
From: Fraser Tweedale <ftweedal@redhat.com>
|
|
|
2e9388 |
Date: Fri, 20 Nov 2015 15:59:11 +1100
|
|
|
2e9388 |
Subject: [PATCH] Avoid race condition caused by profile delete and recreate
|
|
|
2e9388 |
|
|
|
2e9388 |
When importing IPA-managed certificate profiles into Dogtag,
|
|
|
2e9388 |
profiles with the same name (usually caIPAserviceCert) are removed,
|
|
|
2e9388 |
then immediately recreated with the new profile data. This causes a
|
|
|
2e9388 |
race condition - Dogtag's LDAPProfileSystem profileChangeMonitor
|
|
|
2e9388 |
thread could observe and process the deletion after the profile was
|
|
|
2e9388 |
recreated, disappearing it again.
|
|
|
2e9388 |
|
|
|
2e9388 |
Update the profile instead of deleting and recreating it to avoid
|
|
|
2e9388 |
this race condition.
|
|
|
2e9388 |
|
|
|
2e9388 |
Fixes: https://fedorahosted.org/freeipa/ticket/5269
|
|
|
2e9388 |
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
2e9388 |
---
|
|
|
2e9388 |
ipaserver/install/cainstance.py | 3 +--
|
|
|
2e9388 |
1 file changed, 1 insertion(+), 2 deletions(-)
|
|
|
2e9388 |
|
|
|
2e9388 |
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
|
|
|
2e9388 |
index d230c9bdcab68f02cce32a2aeb89ca3e2143eefe..3e3dce93de2b8ca48a3fe3ea5994ee92a1b0ce49 100644
|
|
|
2e9388 |
--- a/ipaserver/install/cainstance.py
|
|
|
2e9388 |
+++ b/ipaserver/install/cainstance.py
|
|
|
2e9388 |
@@ -1812,8 +1812,7 @@ def _create_dogtag_profile(profile_id, profile_data):
|
|
|
2e9388 |
root_logger.debug(
|
|
|
2e9388 |
"Failed to disable profile '%s' "
|
|
|
2e9388 |
"(it is probably already disabled)")
|
|
|
2e9388 |
- profile_api.delete_profile(profile_id)
|
|
|
2e9388 |
- profile_api.create_profile(profile_data)
|
|
|
2e9388 |
+ profile_api.update_profile(profile_id, profile_data)
|
|
|
2e9388 |
|
|
|
2e9388 |
# enable the profile
|
|
|
2e9388 |
try:
|
|
|
2e9388 |
--
|
|
|
2e9388 |
2.4.3
|
|
|
2e9388 |
|