Dogtag opens not only the insecure port (8080 or 9180, for d10 or
d9 respectively), but also secure ports (8443 or 9443&9444).
Wait for them when starting.


Part of the fix for https://fedorahosted.org/freeipa/ticket/3084. I found that if we don't wait for the secure port, /ca/admin/ca/getStatus will give a service unavailable error.

I'm working on a patch to utilize the new status information. I'll submit it after the updated Dogtag builds get in.

--
PetrĀ³
From ea4aafc88b90458d1d1e058fd76ee10fa4e97e83 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pvikt...@redhat.com>
Date: Tue, 25 Sep 2012 09:48:47 -0400
Subject: [PATCH] Wait for secure Dogtag ports when starting the pki services

Dogtag opens not only the insecure port (8080 or 9180, for d10 and
d9 respectively), but also secure ports (8443 or 9443&9444).
Wait for them when starting.

Part of the fix for https://fedorahosted.org/freeipa/ticket/3084
---
 ipapython/platform/base.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ipapython/platform/base.py b/ipapython/platform/base.py
index a1e6b4e0771b4125c6283507af029e8a7c1c2d11..2d39d216991c08c4d439a34af99b67b250058889 100644
--- a/ipapython/platform/base.py
+++ b/ipapython/platform/base.py
@@ -34,10 +34,10 @@
     'dirsrv@PKI-IPA.service': [7389],
     'PKI-IPA': [7389],
     'dirsrv': [389], # this is only used if the incoming instance name is blank
-    'pki-cad': [9180],
-    'pki-tomcatd@pki-tomcat.service': [8080],
-    'pki-tomcat': [8080],
-    'pki-tomcatd': [8080], # used if the incoming instance name is blank
+    'pki-cad': [9180, 9443, 9444],
+    'pki-tomcatd@pki-tomcat.service': [8080, 8443],
+    'pki-tomcat': [8080, 8443],
+    'pki-tomcatd': [8080, 8443],  # used if the incoming instance name is blank
 }
 
 class AuthConfig(object):
-- 
1.7.11.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to