Petr Viktorin wrote:
https://fedorahosted.org/freeipa/ticket/3084
See ticket & commit message.
Please tell me of a better way to extend the Services.
What's interesting is that usually the CA is "running" right after the
ports are opened, but if not, it takes *exactly* one minute between the
ports being open and the time I stop getting 503 "Service Temporarily
Unavailable" from ca/admin/ca/getStatus. Is there a sleep somewhere in
pki? or httpd? or IPΑ?
No sleep that I know of, and I'm not seeing that behavior. In my testing
I got 503 exactly once. Most of the time once the port(s) were open and
the request went through the status was that dogtag was up and ready.
Just a few minor requests.
Can you add a block comment to ca_status? I think particularly
explaining why port 443 and not a CA port directly (I assume so we test
the proxy).
I'm a little confused by the wait variable. It is a boolean in some
cases and a string in others (no-proxy)? Why not just pass in False?
The patch itself looks good. I'm having a replica install problem which
I'm guessing is unrelated.
The configure proxy step is failing to restart httpd. It is failing
because the default mod_nss port is 8443 which is also being used by
dogtag, so httpd fails to restart and the installation blows up.
rob
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
