On Wed, 15 Jan 2014, Jan Cholasta wrote:

the attached patch should fix <https://fedorahosted.org/freeipa/ticket/4078>.

I have also attached patch 179, which fixes a related bug in certificate renewal.

NACK for this part:
This fixes a possible NSS database corruption in renew_ca_cert.
ipaserver/install/installutils.py | 3 ---
1 file changed, 3 deletions(-)

diff --git a/ipaserver/install/installutils.py 
index 67eabc2..0ba9c2e 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -820,9 +820,6 @@ def stopped_service(service, instance_name=""):
        root_logger.debug('Service %s%s is not running, continue.', service,
-        root_logger.debug('Starting %s%s.', service, log_instance_name)
-        ipaservices.knownservices[service].start(instance_name)
-        return
        # Stop the service, do the required stuff and start it again
        root_logger.debug('Stopping %s%s.', service, log_instance_name)
You need to wrap yield into try: finally: block. I have a patch for
similar case in private_cache() few lines above this code.

diff --git a/ipalib/constants.py b/ipalib/constants.py
index d3e61ca..ae08277 100644
--- a/ipalib/constants.py
+++ b/ipalib/constants.py
@@ -119,7 +119,7 @@ DEFAULT_CONFIG = (
    ('rpc_protocol', 'jsonrpc'),

    # Time to wait for a service to start, in seconds
-    ('startup_timeout', 120),
+    ('startup_timeout', 300),

    # Web Application mount points
    ('mount_ipa', '/ipa/'),
ACK for this one.

/ Alexander Bokovoy

Freeipa-devel mailing list

Reply via email to