From 30b4300eb27ddeca50096687a9a4122e59d9b66d Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Mon, 9 Jul 2018 13:53:44 +0200 Subject: [PATCH] Wait for client certificates ipa-client-install --request-cert now waits until certmonger has provided a host certificate. In case of an error, ipa-client-install no longer pretents to success but fails with an error code. The --request-cert option also ensures that certmonger is enabled and running. See: Fixes: https://pagure.io/freeipa/issue/7623 Signed-off-by: Christian Heimes Reviewed-By: Tibor Dudlak --- ipaclient/install/client.py | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py index c88061320c29faba25374ba71c53407de8e71db2..dbada726280d9a90293842370f303de6a77ceb01 100644 --- a/ipaclient/install/client.py +++ b/ipaclient/install/client.py @@ -771,6 +771,7 @@ def configure_certmonger( cmonger = services.knownservices.certmonger try: cmonger.enable() + cmonger.start() except Exception as e: root_logger.error( "Failed to configure automatic startup of the %s daemon: %s", @@ -782,14 +783,24 @@ def configure_certmonger( subject = str(DN(('CN', hostname), subject_base)) passwd_fname = os.path.join(paths.IPA_NSSDB_DIR, 'pwdfile.txt') try: - certmonger.request_cert( + certmonger.request_and_wait_for_cert( certpath=paths.IPA_NSSDB_DIR, - nickname='Local IPA host', subject=subject, dns=[hostname], - principal=principal, passwd_fname=passwd_fname) - except Exception as ex: - root_logger.error( - "%s request for host certificate failed: %s", - cmonger.service_name, ex) + storage='NSSDB', + nickname='Local IPA host', + subject=subject, + dns=[hostname], + principal=principal, + passwd_fname=passwd_fname, + resubmit_timeout=120, + ) + except Exception as e: + root_logger.exception("certmonger request failed") + raise ScriptError( + "{} request for host certificate failed: {}".format( + cmonger.service_name, e + ), + rval=CLIENT_INSTALL_ERROR + ) def configure_sssd_conf( -- 2.17.1