rpms / ipa

Clone
Source Code
GIT

Blame SOURCES/0007-Catch-and-log-errors-when-adding-CA-profiles_rhbz#1999142.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client c8s-stream-DL1 c8s-stream-client c9 c9-beta
  1.   c14a06da6433ddb5ba3c4e092a050a2e04cba2a9
  2.   SOURCES
  3.   0007-Catch-and-log-errors-when-adding-CA-profiles_rhbz#1999142.patch
Blob History Raw
c14a06 
From a6e708ab4006d6623c37de1692de5362fcdb5dd6 Mon Sep 17 00:00:00 2001
c14a06 
From: Rob Crittenden <rcritten@redhat.com>
c14a06 
Date: Mon, 30 Aug 2021 16:44:47 -0400
c14a06 
Subject: [PATCH] Catch and log errors when adding CA profiles
c14a06
c14a06 
Rather than stopping the installer entirely, catch and report
c14a06 
errors adding new certificate profiles, and remove the
c14a06 
broken profile entry from LDAP so it may be re-added later.
c14a06
c14a06 
It was discovered that installing a newer IPA that has the
c14a06 
ACME profile which requires sanToCNDefault will fail when
c14a06 
installing a new server against a very old one that lacks
c14a06 
this class.
c14a06
c14a06 
Running ipa-server-upgrade post-install will add the profile
c14a06 
and generate the missing ipa-ca SAN record so that ACME
c14a06 
can work.
c14a06
c14a06 
https://pagure.io/freeipa/issue/8974
c14a06
c14a06 
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
c14a06 
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
c14a06 
---
c14a06 
 ipaserver/install/cainstance.py | 13 +++++++++++--
c14a06 
 1 file changed, 11 insertions(+), 2 deletions(-)
c14a06
c14a06 
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
c14a06 
index 9e842b33e..8c8bf1b3a 100644
c14a06 
--- a/ipaserver/install/cainstance.py
c14a06 
+++ b/ipaserver/install/cainstance.py
c14a06 
@@ -1973,8 +1973,17 @@ def import_included_profiles():
c14a06
c14a06 
             # Create the profile, replacing any existing profile of same name
c14a06 
             profile_data = __get_profile_config(profile_id)
c14a06 
-            _create_dogtag_profile(profile_id, profile_data, overwrite=True)
c14a06 
-            logger.debug("Imported profile '%s'", profile_id)
c14a06 
+            try:
c14a06 
+                _create_dogtag_profile(profile_id, profile_data,
c14a06 
+                                       overwrite=True)
c14a06 
+            except errors.HTTPRequestError as e:
c14a06 
+                logger.warning("Failed to import profile '%s': %s. Running "
c14a06 
+                               "ipa-server-upgrade when installation is "
c14a06 
+                               "completed may resolve this issue.",
c14a06 
+                               profile_id, e)
c14a06 
+                conn.delete_entry(entry)
c14a06 
+            else:
c14a06 
+                logger.debug("Imported profile '%s'", profile_id)
c14a06 
         else:
c14a06 
             logger.debug(
c14a06 
                 "Profile '%s' is already in LDAP; skipping", profile_id
c14a06 
--
c14a06 
2.31.1
c14a06

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation