pgreco / rpms / ipa

Forked from forks/areguera/rpms/ipa 4 years ago
Clone
Blob Blame History Raw
From 42353682a3d9e92f4053877d66f54e44f516bb53 Mon Sep 17 00:00:00 2001
From: David Kupka <dkupka@redhat.com>
Date: Tue, 7 Jul 2015 15:49:51 +0200
Subject: [PATCH] ipa-client-install: Do not (re)start certmonger and DBus
 daemons.

When DBus is present in the system it is always running.

Starting of certmomger is handled in ipapython/certmonger.py module if
necessary. Restarting is no longer needed since freeipa is not changing
certmonger's files.

https://fedorahosted.org/freeipa/ticket/5095

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
---
 ipa-client/ipa-install/ipa-client-install | 71 +++++++------------------------
 1 file changed, 15 insertions(+), 56 deletions(-)

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 96b30b486585bc60b0882263cff58292a3538df9..91323ae115a27d221bcbc43fee887c56d99c8635 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -522,20 +522,7 @@ def uninstall(options, env):
     ipa_db = certdb.NSSDatabase(paths.IPA_NSSDB_DIR)
     sys_db = certdb.NSSDatabase(paths.NSS_DB_DIR)
 
-    # Always start certmonger. We can't untrack something if it isn't
-    # running
-    messagebus = services.knownservices.messagebus
-    try:
-        messagebus.start()
-    except Exception, e:
-        log_service_error(messagebus.service_name, 'start', e)
-
     cmonger = services.knownservices.certmonger
-    try:
-        cmonger.start()
-    except Exception, e:
-        log_service_error(cmonger.service_name, 'start', e)
-
     if ipa_db.has_nickname('Local IPA host'):
         try:
             certmonger.stop_tracking(paths.IPA_NSSDB_DIR,
@@ -576,14 +563,14 @@ def uninstall(options, env):
                                   nickname, sys_db.secdir, e)
                 break
 
+    # Remove any special principal names we added to the IPA CA helper
+    certmonger.remove_principal_from_cas()
+
     try:
         cmonger.stop()
     except Exception, e:
         log_service_error(cmonger.service_name, 'stop', e)
 
-    # Remove any special principal names we added to the IPA CA helper
-    certmonger.remove_principal_from_cas()
-
     try:
         cmonger.disable()
     except Exception, e:
@@ -1138,41 +1125,14 @@ def configure_certmonger(fstore, subject_base, cli_realm, hostname, options,
             "Not requesting host certificate.")
         return
 
-    started = True
     principal = 'host/%s@%s' % (hostname, cli_realm)
 
-    messagebus = services.knownservices.messagebus
-    try:
-        messagebus.start()
-    except Exception, e:
-        log_service_error(messagebus.service_name, 'start', e)
-
-    # Ensure that certmonger has been started at least once to generate the
-    # cas files in /var/lib/certmonger/cas.
-    cmonger = services.knownservices.certmonger
-    try:
-        cmonger.restart()
-    except Exception, e:
-        log_service_error(cmonger.service_name, 'restart', e)
-
     if options.hostname:
-        # It needs to be stopped if we touch them
-        try:
-            cmonger.stop()
-        except Exception, e:
-            log_service_error(cmonger.service_name, 'stop', e)
         # If the hostname is explicitly set then we need to tell certmonger
         # which principal name to use when requesting certs.
         certmonger.add_principal_to_cas(principal)
 
-    try:
-        cmonger.restart()
-    except Exception, e:
-        log_service_error(cmonger.service_name, 'restart', e)
-        root_logger.warning(
-            "Automatic certificate management will not be available")
-        started = False
-
+    cmonger = services.knownservices.certmonger
     try:
         cmonger.enable()
     except Exception, e:
@@ -1183,18 +1143,17 @@ def configure_certmonger(fstore, subject_base, cli_realm, hostname, options,
             "Automatic certificate management will not be available")
 
     # Request our host cert
-    if started:
-        subject = str(DN(('CN', hostname), subject_base))
-        passwd_fname = os.path.join(paths.IPA_NSSDB_DIR, 'pwdfile.txt')
-        try:
-            certmonger.request_cert(nssdb=paths.IPA_NSSDB_DIR,
-                                    nickname='Local IPA host',
-                                    subject=subject,
-                                    principal=principal,
-                                    passwd_fname=passwd_fname)
-        except Exception:
-            root_logger.error("%s request for host certificate failed",
-                              cmonger.service_name)
+    subject = str(DN(('CN', hostname), subject_base))
+    passwd_fname = os.path.join(paths.IPA_NSSDB_DIR, 'pwdfile.txt')
+    try:
+        certmonger.request_cert(nssdb=paths.IPA_NSSDB_DIR,
+                                nickname='Local IPA host',
+                                subject=subject,
+                                principal=principal,
+                                passwd_fname=passwd_fname)
+    except Exception:
+        root_logger.error("%s request for host certificate failed",
+                          cmonger.service_name)
 
 def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options, client_domain, client_hostname):
     try:
-- 
2.4.3