rpms / ipa

Clone
Source Code
GIT

Blame SOURCES/0180-always-start-certmonger-during-IPA-server-configurat.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client c8s-stream-DL1 c8s-stream-client c9 c9-beta
  1.   aa60fb364aa859659fdb242b66651eeb82dd656d
  2.   SOURCES
  3.   0180-always-start-certmonger-during-IPA-server-configurat.patch
Blob History Raw
e0ab38 
From 80115a38d78db0c2a31dea06786af41eafb234f0 Mon Sep 17 00:00:00 2001
e0ab38 
From: Martin Babinsky <mbabinsk@redhat.com>
e0ab38 
Date: Mon, 1 Feb 2016 12:59:04 +0100
e0ab38 
Subject: [PATCH] always start certmonger during IPA server configuration
e0ab38 
 upgrade
e0ab38
e0ab38 
This patch fixes a regression introduced by commit
e0ab38 
bef0f4c5c38e7ff6415e8f8c96dc306ef7f0ce56. Instead of checking whether
e0ab38 
there is CA installed in the topology, we should always start certmonger
e0ab38 
service during upgrade regardless when CA was configured.
e0ab38
e0ab38 
https://fedorahosted.org/freeipa/ticket/5655
e0ab38
e0ab38 
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
e0ab38 
Reviewed-By: Martin Basti <mbasti@redhat.com>
e0ab38 
---
e0ab38 
 ipaserver/install/server/upgrade.py | 33 +++++----------------------------
e0ab38 
 1 file changed, 5 insertions(+), 28 deletions(-)
e0ab38
e0ab38 
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
e0ab38 
index 616fba5c1a5b3737481aecbb09ab5344641a3b04..1f1cfeb672809c0298c69c121ac38d6c7a482d11 100644
e0ab38 
--- a/ipaserver/install/server/upgrade.py
e0ab38 
+++ b/ipaserver/install/server/upgrade.py
e0ab38 
@@ -292,24 +292,6 @@ def setup_firefox_extension(fstore):
e0ab38 
     http.setup_firefox_extension(realm, domain)
e0ab38
e0ab38
e0ab38 
-def is_ca_enabled():
e0ab38 
-    """
e0ab38 
-    check whether there is an active CA master
e0ab38 
-    :return: True if there is an active CA in topology, False otherwise
e0ab38 
-    """
e0ab38 
-    ldap2 = api.Backend.ldap2
e0ab38 
-    was_connected = ldap2.isconnected()
e0ab38 
-
e0ab38 
-    if not was_connected:
e0ab38 
-        ldap2.connect()
e0ab38 
-
e0ab38 
-    try:
e0ab38 
-        return api.Command.ca_is_enabled()['result']
e0ab38 
-    finally:
e0ab38 
-        if not was_connected:
e0ab38 
-            ldap2.disconnect()
e0ab38 
-
e0ab38 
-
e0ab38 
 def ca_configure_profiles_acl(ca):
e0ab38 
     root_logger.info('[Authorizing RA Agent to modify profiles]')
e0ab38
e0ab38 
@@ -1420,6 +1402,10 @@ def upgrade_configuration():
e0ab38 
             )
e0ab38 
         upgrade_pki(ca, fstore)
e0ab38
e0ab38 
+    certmonger_service = services.knownservices.certmonger
e0ab38 
+    if ca.is_configured() and not certmonger_service.is_running():
e0ab38 
+        certmonger_service.start()
e0ab38 
+
e0ab38 
     ca.configure_certmonger_renewal_guard()
e0ab38
e0ab38 
     update_dbmodules(api.env.realm)
e0ab38 
@@ -1435,8 +1421,7 @@ def upgrade_configuration():
e0ab38 
     http.configure_selinux_for_httpd()
e0ab38 
     http.change_mod_nss_port_from_http()
e0ab38
e0ab38 
-    if is_ca_enabled():
e0ab38 
-        http.configure_certmonger_renewal_guard()
e0ab38 
+    http.configure_certmonger_renewal_guard()
e0ab38
e0ab38 
     ds.configure_dirsrv_ccache()
e0ab38
e0ab38 
@@ -1582,14 +1567,6 @@ def upgrade_check(options):
e0ab38 
         print unicode(e)
e0ab38 
         sys.exit(1)
e0ab38
e0ab38 
-    try:
e0ab38 
-        ca_is_enabled = is_ca_enabled()
e0ab38 
-    except Exception as e:
e0ab38 
-        raise RuntimeError("Cannot connect to LDAP server: {0}".format(e))
e0ab38 
-
e0ab38 
-    if not services.knownservices.certmonger.is_running() and ca_is_enabled:
e0ab38 
-        raise RuntimeError('Certmonger is not running. Start certmonger and run upgrade again.')
e0ab38 
-
e0ab38 
     if not options.skip_version_check:
e0ab38 
         # check IPA version and data version
e0ab38 
         try:
e0ab38 
--
e0ab38 
2.5.0
e0ab38

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation