From ba42557e2acb526587b07956e75a2a1394882771 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Tue, 28 Feb 2017 10:55:54 +0000
Subject: [PATCH] server upgrade: always fix certmonger tracking request

Fix certmonger tracking requests on every run of ipa-server-upgrade rather
than only when the tracking configuration has changed and the requests have
not yet been updated.

This allows fixing broken tracking requests just by re-running
ipa-server-upgrade.

https://pagure.io/freeipa/issue/5799

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
---
 ipaserver/install/server/upgrade.py | 28 +++++++---------------------
 1 file changed, 7 insertions(+), 21 deletions(-)

diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index 7b0476d442902f2c3dc65819d54953e820f5e560..855056dc1fa20e813d82ecc5090a14cfc4f91831 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -905,8 +905,6 @@ def certificate_renewal_update(ca, ds, http):
     template = paths.CERTMONGER_COMMAND_TEMPLATE
     serverid = installutils.realm_to_serverid(api.env.realm)
 
-    # bump version when requests is changed
-    version = 6
     requests = [
         {
             'cert-database': paths.PKI_TOMCAT_ALIAS_DIR,
@@ -971,25 +969,17 @@ def certificate_renewal_update(ca, ds, http):
         }
     ]
 
-    root_logger.info("[Update certmonger certificate renewal configuration to "
-                     "version %d]" % version)
+    root_logger.info("[Update certmonger certificate renewal configuration]")
     if not ca.is_configured():
         root_logger.info('CA is not configured')
         return False
 
-    state = 'certificate_renewal_update_%d' % version
-    if sysupgrade.get_upgrade_state('dogtag', state):
-        return False
-
     # State not set, lets see if we are already configured
     for request in requests:
         request_id = certmonger.get_request_id(request)
         if request_id is None:
             break
     else:
-        sysupgrade.set_upgrade_state('dogtag', state, True)
-        root_logger.info("Certmonger certificate renewal configuration is "
-                         "already at version %d" % version)
         return False
 
     # Ok, now we need to stop tracking, then we can start tracking them
@@ -998,13 +988,11 @@ def certificate_renewal_update(ca, ds, http):
     ds.stop_tracking_certificates(serverid)
     http.stop_tracking_certificates()
 
-    if not sysupgrade.get_upgrade_state('dogtag',
-                                        'certificate_renewal_update_1'):
-        filename = paths.CERTMONGER_CAS_CA_RENEWAL
-        if os.path.exists(filename):
-            with installutils.stopped_service('certmonger'):
-                root_logger.info("Removing %s" % filename)
-                installutils.remove_file(filename)
+    filename = paths.CERTMONGER_CAS_CA_RENEWAL
+    if os.path.exists(filename):
+        with installutils.stopped_service('certmonger'):
+            root_logger.info("Removing %s" % filename)
+            installutils.remove_file(filename)
 
     ca.configure_certmonger_renewal()
     ca.configure_renewal()
@@ -1013,9 +1001,7 @@ def certificate_renewal_update(ca, ds, http):
     ds.start_tracking_certificates(serverid)
     http.start_tracking_certificates()
 
-    sysupgrade.set_upgrade_state('dogtag', state, True)
-    root_logger.info("Certmonger certificate renewal configuration updated to "
-                     "version %d" % version)
+    root_logger.info("Certmonger certificate renewal configuration updated")
     return True
 
 def copy_crl_file(old_path, new_path=None):
-- 
2.9.3