On 12/05/15 16:54, David Kupka wrote:
On 05/12/2015 02:16 PM, Martin Basti wrote:
On 12/05/15 13:53, David Kupka wrote:
DogtagInstance.enable() overrides Service.enable() and does nothing
usefulll. Also removing it solves bug discovered recently in uninstall
procedure.
NACK
1)
this is used in step() call, which means the tomcatd will be enabled in
systemd, and we do not want this.
Services should be disabled and managed just by ipactl.
2)
Which method now store state of tomcatd before IPA changes it?
To solve this please rename method to, for example, store_state(), and
add appropriate description, or put backup_state() call into different
appropriate step.
Martin^2
Thanks for catching that, updated patch attached.
I discussed this with Honza, and would be better to remove the enable
sysrestore status at all, because it is just IPA instance of CA, and
instance with the same name cannot be there otherwise installation will
fail, so there is no reason to store status.
Patch attached, untested.
--
Martin Basti
From 90b13b8017e2abb1985d79979dd934abb4798a77 Mon Sep 17 00:00:00 2001
From: David Kupka <dku...@redhat.com>
Date: Tue, 12 May 2015 16:47:29 +0200
Subject: [PATCH] Do not store state if CA is enabled
IPA creates own instance of CA, so there is no need to check if previous
instance was enabled, because there could not be any.
---
ipaserver/install/cainstance.py | 9 ++-------
ipaserver/install/dogtaginstance.py | 8 --------
2 files changed, 2 insertions(+), 15 deletions(-)
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 7ba992bef7861d3c964df728ecc64adc958ade61..5133940687204b615eec56b6a89542ddd5617539 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -464,8 +464,6 @@ class CAInstance(DogtagInstance):
self.step("enabling Subject Alternative Name", self.enable_subject_alternative_name)
self.step("enabling CRL and OCSP extensions for certificates", self.__set_crl_ocsp_extensions)
self.step("setting audit signing renewal to 2 years", self.set_audit_renewal)
- self.step("configuring certificate server to start on boot",
- self.enable)
if not self.clone:
self.step("restarting certificate server", self.restart_instance)
self.step("requesting RA certificate from CA", self.__request_ra_certificate)
@@ -1271,11 +1269,8 @@ class CAInstance(DogtagInstance):
print "Updating subject_base in CA template failed"
def uninstall(self):
- enabled = self.restore_state("enabled")
-
- # disabled by default, by ldap_enable()
- if enabled:
- self.enable()
+ # just eat state
+ self.restore_state("enabled")
if self.dogtag_constants.DOGTAG_VERSION >= 10:
DogtagInstance.uninstall(self)
diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py
index 98929b8640fc91f1c520ddc4c21630464779f2df..33f39f7930b4151200f2880d02a0bc2c152c0025 100644
--- a/ipaserver/install/dogtaginstance.py
+++ b/ipaserver/install/dogtaginstance.py
@@ -178,14 +178,6 @@ class DogtagInstance(service.Service):
except ipautil.CalledProcessError, e:
self.handle_setup_error(e)
- def enable(self):
- self.backup_state("enabled", self.is_enabled())
- # We do not let the system start IPA components on its own,
- # Instead we reply on the IPA init script to start only enabled
- # components as found in our LDAP configuration tree
- # We need to install DS before we can actually ldap_enable a service.
- # so actual enablement is delayed.
-
def restart_instance(self):
try:
self.restart(self.dogtag_constants.PKI_INSTANCE_NAME)
--
2.1.0
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
