URL: https://github.com/freeipa/freeipa/pull/5995 Author: rcritten Title: #5995: Catch and log errors when adding CA profiles Action: opened
PR body: """ Rather than stopping the installer entirely, catch and report errors adding new certificate profiles. It was discovered that installing a newer IPA that has the ACME profile which requires sanToCNDefault will fail when installing a new server against a very old one that lacks this class. Deleting the LDAP profile in cn=certprofiles,cn=ca,$SUFFIX and then running ipa-server-install on the newer server will add the missing profile. https://pagure.io/freeipa/issue/8974 Signed-off-by: Rob Crittenden <rcrit...@redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5995/head:pr5995 git checkout pr5995
From b4029e3e41eb235cb4f5519fb814e1e1dcdecc5d Mon Sep 17 00:00:00 2001 From: Rob Crittenden <rcrit...@redhat.com> Date: Mon, 30 Aug 2021 16:44:47 -0400 Subject: [PATCH] Catch and log errors when adding CA profiles Rather than stopping the installer entirely, catch and report errors adding new certificate profiles. It was discovered that installing a newer IPA that has the ACME profile which requires sanToCNDefault will fail when installing a new server against a very old one that lacks this class. Deleting the LDAP profile in cn=certprofiles,cn=ca,$SUFFIX and then running ipa-server-install on the newer server will add the missing profile. https://pagure.io/freeipa/issue/8974 Signed-off-by: Rob Crittenden <rcrit...@redhat.com> --- ipaserver/install/cainstance.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 9e842b33e51..b2787aed06c 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -1973,7 +1973,12 @@ def import_included_profiles(): # Create the profile, replacing any existing profile of same name profile_data = __get_profile_config(profile_id) - _create_dogtag_profile(profile_id, profile_data, overwrite=True) + try: + _create_dogtag_profile(profile_id, profile_data, + overwrite=True) + except errors.HTTPRequestError as e: + logger.error("Failed to import profile '%s': %s", + profile_id, e) logger.debug("Imported profile '%s'", profile_id) else: logger.debug(
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
