Re: [Freeipa-devel] [PATCH 0053] upgrade: Raise error when certmonger is not running.
On 06/29/2015 11:05 AM, Petr Spacek wrote: On 29.6.2015 09:22, David Kupka wrote: On 26/06/15 19:45, Rob Crittenden wrote: Petr Vobornik wrote: On 06/26/2015 10:54 AM, David Kupka wrote: https://fedorahosted.org/freeipa/ticket/5080 ACK Is there a reason we don't simply start certmonger and quit if it fails to start? Woudln't that be friendlier? rob Yes. The certmonger is configured to be started on boot and should always run. If it is not running then: a) user turned it off and we don't know why. b) there is bug in certmonger and it crashed. In either case I think it's better not to start certmonger. For the record, I agree with David. Pushed to master: e3d3938f44a2444e18620b43b5734a8f27bb2c8b -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0053] upgrade: Raise error when certmonger is not running.
On 26/06/15 19:45, Rob Crittenden wrote: Petr Vobornik wrote: On 06/26/2015 10:54 AM, David Kupka wrote: https://fedorahosted.org/freeipa/ticket/5080 ACK Is there a reason we don't simply start certmonger and quit if it fails to start? Woudln't that be friendlier? rob Yes. The certmonger is configured to be started on boot and should always run. If it is not running then: a) user turned it off and we don't know why. b) there is bug in certmonger and it crashed. In either case I think it's better not to start certmonger. -- David Kupka -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0053] upgrade: Raise error when certmonger is not running.
On 29.6.2015 09:22, David Kupka wrote: On 26/06/15 19:45, Rob Crittenden wrote: Petr Vobornik wrote: On 06/26/2015 10:54 AM, David Kupka wrote: https://fedorahosted.org/freeipa/ticket/5080 ACK Is there a reason we don't simply start certmonger and quit if it fails to start? Woudln't that be friendlier? rob Yes. The certmonger is configured to be started on boot and should always run. If it is not running then: a) user turned it off and we don't know why. b) there is bug in certmonger and it crashed. In either case I think it's better not to start certmonger. For the record, I agree with David. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [PATCH 0053] upgrade: Raise error when certmonger is not running.
https://fedorahosted.org/freeipa/ticket/5080 -- David Kupka From f5467b5a338647a20aef5e5657b9e21be5b0a2f5 Mon Sep 17 00:00:00 2001 From: David Kupka dku...@redhat.com Date: Fri, 26 Jun 2015 10:42:23 +0200 Subject: [PATCH] upgrade: Raise error when certmonger is not running. Certmonger should be running (should be started on system boot). Either user decided to stop it or it crashed. We should just error out and let user check fix it. https://fedorahosted.org/freeipa/ticket/5080 --- ipaserver/install/server/upgrade.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index 43beb6799befcad8d512d15409b363f02c3bad08..784a03b195ab99c865935b6e51cc86a3b81842ee 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -1477,6 +1477,9 @@ def upgrade_check(options): print unicode(e) sys.exit(1) +if not services.knownservices.certmonger.is_running(): +raise RuntimeError('Certmonger is not running. Start certmonger and run upgrade again.') + if not options.skip_version_check: # check IPA version and data version try: -- 2.4.3 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0053] upgrade: Raise error when certmonger is not running.
On 06/26/2015 10:54 AM, David Kupka wrote: https://fedorahosted.org/freeipa/ticket/5080 ACK -- Petr Vobornik -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0053] upgrade: Raise error when certmonger is not running.
Petr Vobornik wrote: On 06/26/2015 10:54 AM, David Kupka wrote: https://fedorahosted.org/freeipa/ticket/5080 ACK Is there a reason we don't simply start certmonger and quit if it fails to start? Woudln't that be friendlier? rob -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code