URL: https://github.com/freeipa/freeipa/pull/1507
Author: tiran
 Title: #1507: ipa-server-upgrade now checks custodia server keys
Action: opened

PR body:
"""
The ipa-server-upgrade command now checks for presence of ipa-custodia's
config and server keys. In case any of the files is missing, it
re-creates both files.

Partly resolves https://pagure.io/freeipa/issue/6893. The upgrader does
not auto-detect broken or mismatching keys yet.

Signed-off-by: Christian Heimes <chei...@redhat.com>
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1507/head:pr1507
git checkout pr1507
From fa8eae176aaa25e3e16af976a1fc9743d56fa89b Mon Sep 17 00:00:00 2001
From: Christian Heimes <chei...@redhat.com>
Date: Wed, 31 Jan 2018 09:57:26 +0100
Subject: [PATCH] ipa-server-upgrade now checks custodia server keys

The ipa-server-upgrade command now checks for presence of ipa-custodia's
config and server keys. In case any of the files is missing, it
re-creates both files.

Partly resolves https://pagure.io/freeipa/issue/6893. The upgrader does
not auto-detect broken or mismatching keys yet.

Signed-off-by: Christian Heimes <chei...@redhat.com>
---
 ipaserver/install/custodiainstance.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/ipaserver/install/custodiainstance.py b/ipaserver/install/custodiainstance.py
index 748f84763a..a1ae7406be 100644
--- a/ipaserver/install/custodiainstance.py
+++ b/ipaserver/install/custodiainstance.py
@@ -92,7 +92,16 @@ def __gen_keys(self):
         keystore.generate_server_keys()
 
     def upgrade_instance(self):
-        if not sysupgrade.get_upgrade_state("custodia", "installed"):
+        installed = sysupgrade.get_upgrade_state("custodia", "installed")
+        if installed:
+            if not os.path.isfile(self.server_keys):
+                logger.warn("Custodia server keys are missing, reinstalling")
+                installed = False
+            if not os.path.isfile(self.config_file):
+                logger.warn("Custodia config is missing, reinstalling")
+                installed = False
+
+        if not installed:
             logger.info("Custodia service is being configured")
             self.create_instance()
         else:
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

Reply via email to