Do not call status after pkisilent, it will return non-zero.
Instead restart server after pkisilent so configuration
changes take effect, the check the status.
--
John Dennis <jden...@redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
From 4272f4401da22fed0d280dd3e21737a63333c945 Mon Sep 17 00:00:00 2001
From: John Dennis <jden...@redhat.com>
Date: Wed, 29 Dec 2010 09:48:22 -0500
Subject: [PATCH 21/21] fixes CA install problem in trac ticket 682
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Do not call status after pkisilent, it will return non-zero.
Instead restart server after pkisilent so configuration
changes take effect, the check the status.
---
ipaserver/install/cainstance.py | 42 ++++++++++++++++++++++----------------
1 files changed, 24 insertions(+), 18 deletions(-)
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 7d37437..dfe036d 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -584,27 +584,33 @@ class CAInstance(service.Service):
nolog = (self.admin_password, self.dm_password,)
ipautil.run(args, nolog=nolog)
+ except ipautil.CalledProcessError, e:
+ logging.critical("failed to configure ca instance %s" % e)
+ raise RuntimeError('Configuration of CA failed')
- if self.external == 1:
- print "The next step is to get %s signed by your CA and re-run ipa-server-install as:" % self.csr_file
- print "ipa-server-install --external_cert_file=/path/to/signed_certificate --external_ca_file=/path/to/external_ca_certificate"
- sys.exit(0)
-
- # pkisilent doesn't return 1 on error so look at the output of
- # /sbin/service pki-cad status. It will tell us if the instance
- # still needs to be configured.
- (stdout, stderr, returncode) = ipautil.run(["/sbin/service", self.service_name, "status"])
- try:
- stdout.index("CONFIGURED!")
- raise RuntimeError("pkisilent failed to configure instance.")
- except ValueError:
- # This is raised because the string doesn't exist, we're done
- pass
+ if self.external == 1:
+ print "The next step is to get %s signed by your CA and re-run ipa-server-install as:" % self.csr_file
+ print "ipa-server-install --external_cert_file=/path/to/signed_certificate --external_ca_file=/path/to/external_ca_certificate"
+ sys.exit(0)
- logging.debug("completed creating ca instance")
+ try:
+ # After configuration the service is running and configured
+ # but must be restarted for configuration to take effect.
+ # The service status in this case will be 4.
+ self.restart()
except ipautil.CalledProcessError, e:
- logging.critical("failed to restart ca instance %s" % e)
- raise RuntimeError('Configuration of CA failed')
+ logging.critical("failed to restart ca instance after pkisilent configuration %s" % e)
+ raise RuntimeError('Restarting CA after pkisilent configuration failed')
+
+ # If the configuration was successful status should now be 0.
+ # We don't call is_running() because we want the exit status for debugging.
+ try:
+ ipautil.run(["/sbin/service", self.service_name, "status", PKI_INSTANCE_NAME])
+ except ipautil.CalledProcessError, e:
+ logging.critical("ca instance configuration not successful after restart %s" % e)
+ raise RuntimeError('CA configuration not successful after restart')
+
+ logging.debug("completed creating ca instance")
# Turn off Nonces (again)
if installutils.update_file('/var/lib/pki-ca/conf/CS.cfg', 'ca.enableNonces=true', 'ca.enableNonces=false') != 0:
--
1.7.2.3
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
