On 23.7.2014 10:12, Martin Kosek wrote:
On 07/23/2014 09:56 AM, David Kupka wrote:
While solving ticket #4280 I noticed that we are messing with certmonger's
files right under its hands. That can lead to some unpleasant race condition
Is there any reason why not to call certmonger via DBus and ask it to stop
tracking the requests?

+1 for using the dbus API. When I saw the hacky way of parsing certmonger
internal configuration files in ipapython/certmonger.py, I suggested the dbus
way as IMO it would not be difficult to implement, it would make us more future
proof and it would remove intermittent problems like #4280.

I have already started using the API, e.g. for adding/removing of the CA helper in cainstance. Word of warning, the API apparently does not exercised much and there might be bugs (I found one causing certmonger to segfault which Nalin promptly fixed).

Certmonger API looked complete enough to pull this off:

If I am wrong, please tell me.

IIRC some of the properties in requests might not be accessible using the API. But I'm not sure if this is true or if it affects us.


Jan Cholasta

Freeipa-devel mailing list

Reply via email to