Petr Viktorin wrote:
See ticket & commit message.

Please tell me of a better way to extend the Services.

What's interesting is that usually the CA is "running" right after the
ports are opened, but if not, it takes *exactly* one minute between the
ports being open and the time I stop getting 503 "Service Temporarily
Unavailable" from ca/admin/ca/getStatus. Is there a sleep somewhere in
pki? or httpd? or IPΑ?

No sleep that I know of, and I'm not seeing that behavior. In my testing I got 503 exactly once. Most of the time once the port(s) were open and the request went through the status was that dogtag was up and ready.

Just a few minor requests.

Can you add a block comment to ca_status? I think particularly explaining why port 443 and not a CA port directly (I assume so we test the proxy).

I'm a little confused by the wait variable. It is a boolean in some cases and a string in others (no-proxy)? Why not just pass in False?

The patch itself looks good. I'm having a replica install problem which I'm guessing is unrelated.

The configure proxy step is failing to restart httpd. It is failing because the default mod_nss port is 8443 which is also being used by dogtag, so httpd fails to restart and the installation blows up.


Freeipa-devel mailing list

Reply via email to