From ba42557e2acb526587b07956e75a2a1394882771 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Tue, 28 Feb 2017 10:55:54 +0000
Subject: [PATCH] server upgrade: always fix certmonger tracking request
Fix certmonger tracking requests on every run of ipa-server-upgrade rather
than only when the tracking configuration has changed and the requests have
not yet been updated.
This allows fixing broken tracking requests just by re-running
ipa-server-upgrade.
https://pagure.io/freeipa/issue/5799
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
---
ipaserver/install/server/upgrade.py | 28 +++++++---------------------
1 file changed, 7 insertions(+), 21 deletions(-)
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index 7b0476d442902f2c3dc65819d54953e820f5e560..855056dc1fa20e813d82ecc5090a14cfc4f91831 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -905,8 +905,6 @@ def certificate_renewal_update(ca, ds, http):
template = paths.CERTMONGER_COMMAND_TEMPLATE
serverid = installutils.realm_to_serverid(api.env.realm)
- # bump version when requests is changed
- version = 6
requests = [
{
'cert-database': paths.PKI_TOMCAT_ALIAS_DIR,
@@ -971,25 +969,17 @@ def certificate_renewal_update(ca, ds, http):
}
]
- root_logger.info("[Update certmonger certificate renewal configuration to "
- "version %d]" % version)
+ root_logger.info("[Update certmonger certificate renewal configuration]")
if not ca.is_configured():
root_logger.info('CA is not configured')
return False
- state = 'certificate_renewal_update_%d' % version
- if sysupgrade.get_upgrade_state('dogtag', state):
- return False
-
# State not set, lets see if we are already configured
for request in requests:
request_id = certmonger.get_request_id(request)
if request_id is None:
break
else:
- sysupgrade.set_upgrade_state('dogtag', state, True)
- root_logger.info("Certmonger certificate renewal configuration is "
- "already at version %d" % version)
return False
# Ok, now we need to stop tracking, then we can start tracking them
@@ -998,13 +988,11 @@ def certificate_renewal_update(ca, ds, http):
ds.stop_tracking_certificates(serverid)
http.stop_tracking_certificates()
- if not sysupgrade.get_upgrade_state('dogtag',
- 'certificate_renewal_update_1'):
- filename = paths.CERTMONGER_CAS_CA_RENEWAL
- if os.path.exists(filename):
- with installutils.stopped_service('certmonger'):
- root_logger.info("Removing %s" % filename)
- installutils.remove_file(filename)
+ filename = paths.CERTMONGER_CAS_CA_RENEWAL
+ if os.path.exists(filename):
+ with installutils.stopped_service('certmonger'):
+ root_logger.info("Removing %s" % filename)
+ installutils.remove_file(filename)
ca.configure_certmonger_renewal()
ca.configure_renewal()
@@ -1013,9 +1001,7 @@ def certificate_renewal_update(ca, ds, http):
ds.start_tracking_certificates(serverid)
http.start_tracking_certificates()
- sysupgrade.set_upgrade_state('dogtag', state, True)
- root_logger.info("Certmonger certificate renewal configuration updated to "
- "version %d" % version)
+ root_logger.info("Certmonger certificate renewal configuration updated")
return True
def copy_crl_file(old_path, new_path=None):
--
2.9.3