From 42353682a3d9e92f4053877d66f54e44f516bb53 Mon Sep 17 00:00:00 2001

From: David Kupka <dkupka@redhat.com>

Date: Tue, 7 Jul 2015 15:49:51 +0200

Subject: [PATCH] ipa-client-install: Do not (re)start certmonger and DBus

 daemons.

When DBus is present in the system it is always running.

Starting of certmomger is handled in ipapython/certmonger.py module if

necessary. Restarting is no longer needed since freeipa is not changing

certmonger's files.

https://fedorahosted.org/freeipa/ticket/5095

Reviewed-By: Jan Cholasta <jcholast@redhat.com>

---

 ipa-client/ipa-install/ipa-client-install | 71 +++++++------------------------

 1 file changed, 15 insertions(+), 56 deletions(-)

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install

index 96b30b486585bc60b0882263cff58292a3538df9..91323ae115a27d221bcbc43fee887c56d99c8635 100755

--- a/ipa-client/ipa-install/ipa-client-install

+++ b/ipa-client/ipa-install/ipa-client-install

@@ -522,20 +522,7 @@ def uninstall(options, env):

     ipa_db = certdb.NSSDatabase(paths.IPA_NSSDB_DIR)

     sys_db = certdb.NSSDatabase(paths.NSS_DB_DIR)

-    # Always start certmonger. We can't untrack something if it isn't

-    # running

-    messagebus = services.knownservices.messagebus

-    try:

-        messagebus.start()

-    except Exception, e:

-        log_service_error(messagebus.service_name, 'start', e)

-

     cmonger = services.knownservices.certmonger

-    try:

-        cmonger.start()

-    except Exception, e:

-        log_service_error(cmonger.service_name, 'start', e)

-

     if ipa_db.has_nickname('Local IPA host'):

         try:

             certmonger.stop_tracking(paths.IPA_NSSDB_DIR,

@@ -576,14 +563,14 @@ def uninstall(options, env):

                                   nickname, sys_db.secdir, e)

                 break

+    # Remove any special principal names we added to the IPA CA helper

+    certmonger.remove_principal_from_cas()

+

     try:

         cmonger.stop()

     except Exception, e:

         log_service_error(cmonger.service_name, 'stop', e)

-    # Remove any special principal names we added to the IPA CA helper

-    certmonger.remove_principal_from_cas()

-

     try:

         cmonger.disable()

     except Exception, e:

@@ -1138,41 +1125,14 @@ def configure_certmonger(fstore, subject_base, cli_realm, hostname, options,

             "Not requesting host certificate.")

         return

-    started = True

     principal = 'host/%s@%s' % (hostname, cli_realm)

-    messagebus = services.knownservices.messagebus

-    try:

-        messagebus.start()

-    except Exception, e:

-        log_service_error(messagebus.service_name, 'start', e)

-

-    # Ensure that certmonger has been started at least once to generate the

-    # cas files in /var/lib/certmonger/cas.

-    cmonger = services.knownservices.certmonger

-    try:

-        cmonger.restart()

-    except Exception, e:

-        log_service_error(cmonger.service_name, 'restart', e)

-

     if options.hostname:

-        # It needs to be stopped if we touch them

-        try:

-            cmonger.stop()

-        except Exception, e:

-            log_service_error(cmonger.service_name, 'stop', e)

         # If the hostname is explicitly set then we need to tell certmonger

         # which principal name to use when requesting certs.

         certmonger.add_principal_to_cas(principal)

-    try:

-        cmonger.restart()

-    except Exception, e:

-        log_service_error(cmonger.service_name, 'restart', e)

-        root_logger.warning(

-            "Automatic certificate management will not be available")

-        started = False

-

+    cmonger = services.knownservices.certmonger

     try:

         cmonger.enable()

     except Exception, e:

@@ -1183,18 +1143,17 @@ def configure_certmonger(fstore, subject_base, cli_realm, hostname, options,

             "Automatic certificate management will not be available")

     # Request our host cert

-    if started:

-        subject = str(DN(('CN', hostname), subject_base))

-        passwd_fname = os.path.join(paths.IPA_NSSDB_DIR, 'pwdfile.txt')

-        try:

-            certmonger.request_cert(nssdb=paths.IPA_NSSDB_DIR,

-                                    nickname='Local IPA host',

-                                    subject=subject,

-                                    principal=principal,

-                                    passwd_fname=passwd_fname)

-        except Exception:

-            root_logger.error("%s request for host certificate failed",

-                              cmonger.service_name)

+    subject = str(DN(('CN', hostname), subject_base))

+    passwd_fname = os.path.join(paths.IPA_NSSDB_DIR, 'pwdfile.txt')

+    try:

+        certmonger.request_cert(nssdb=paths.IPA_NSSDB_DIR,

+                                nickname='Local IPA host',

+                                subject=subject,

+                                principal=principal,

+                                passwd_fname=passwd_fname)

+    except Exception:

+        root_logger.error("%s request for host certificate failed",

+                          cmonger.service_name)

 def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options, client_domain, client_hostname):

     try:

-- 

2.4.3