Hi, the attached patch fixes <https://fedorahosted.org/freeipa/ticket/4727>.
Honza -- Jan Cholasta
>From 2cf85ec35cf4618279af81ba16d4a4805e8c590e Mon Sep 17 00:00:00 2001 From: Jan Cholasta <jchol...@redhat.com> Date: Thu, 20 Nov 2014 13:57:46 +0000 Subject: [PATCH] Stop tracking certificates before restoring them in ipa-restore https://fedorahosted.org/freeipa/ticket/4727 --- ipaserver/install/ipa_restore.py | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py index 7276ed3..a9a3cbf 100644 --- a/ipaserver/install/ipa_restore.py +++ b/ipaserver/install/ipa_restore.py @@ -26,7 +26,7 @@ import pwd from ConfigParser import SafeConfigParser from ipalib import api, errors -from ipapython import version, ipautil, certdb +from ipapython import version, ipautil, certdb, dogtag from ipapython.ipautil import run, user_input from ipapython import admintool from ipapython.dn import DN @@ -36,7 +36,7 @@ from ipaserver.install.cainstance import PKI_USER, create_ca_user from ipaserver.install.replication import (wait_for_task, ReplicationManager, get_cs_replication_manager) from ipaserver.install import installutils -from ipaserver.install import httpinstance +from ipaserver.install import dsinstance, httpinstance, cainstance from ipapython import ipaldap import ipapython.errors from ipaplatform.tasks import tasks @@ -663,6 +663,12 @@ class Restore(admintool.AdminTool): self.log.error('%s', e) def cert_restore_prepare(self): + cainstance.CAInstance().stop_tracking_certificates( + dogtag.configured_constants()) + httpinstance.HTTPInstance().stop_tracking_certificates() + dsinstance.DsInstance().stop_tracking_certificates( + realm_to_serverid(api.env.realm)) + for basename in ('cert8.db', 'key3.db', 'secmod.db', 'pwdfile.txt'): filename = os.path.join(paths.IPA_NSSDB_DIR, basename) try: @@ -692,3 +698,5 @@ class Restore(admintool.AdminTool): (nickname, paths.IPA_NSSDB_DIR, e)) tasks.reload_systemwide_ca_store() + + services.knownservices.certmonger.restart() -- 2.1.0
>From 70bfeade55dd359f722b6d6cfb5efd6842e5c1ba Mon Sep 17 00:00:00 2001 From: Jan Cholasta <jchol...@redhat.com> Date: Thu, 20 Nov 2014 13:57:46 +0000 Subject: [PATCH] Stop tracking certificates before restoring them in ipa-restore https://fedorahosted.org/freeipa/ticket/4727 --- ipaserver/install/ipa_restore.py | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py index 8b1e80f..bf1e5fd 100644 --- a/ipaserver/install/ipa_restore.py +++ b/ipaserver/install/ipa_restore.py @@ -26,7 +26,7 @@ import pwd from ConfigParser import SafeConfigParser from ipalib import api, errors -from ipapython import version, ipautil, certdb +from ipapython import version, ipautil, certdb, dogtag from ipapython.ipautil import run, user_input from ipapython import admintool from ipapython.dn import DN @@ -36,7 +36,7 @@ from ipaserver.install.cainstance import PKI_USER, create_ca_user from ipaserver.install.replication import (wait_for_task, ReplicationManager, get_cs_replication_manager) from ipaserver.install import installutils -from ipaserver.install import httpinstance +from ipaserver.install import dsinstance, httpinstance, cainstance from ipapython import ipaldap import ipapython.errors from ipaplatform.tasks import tasks @@ -664,6 +664,12 @@ class Restore(admintool.AdminTool): self.log.error('%s', e) def cert_restore_prepare(self): + cainstance.stop_tracking_certificates( + dogtag.configured_constants()) + httpinstance.HTTPInstance().stop_tracking_certificates() + dsinstance.DsInstance().stop_tracking_certificates( + realm_to_serverid(api.env.realm)) + for basename in ('cert8.db', 'key3.db', 'secmod.db', 'pwdfile.txt'): filename = os.path.join(paths.IPA_NSSDB_DIR, basename) try: @@ -693,3 +699,5 @@ class Restore(admintool.AdminTool): (nickname, paths.IPA_NSSDB_DIR, e)) tasks.reload_systemwide_ca_store() + + services.knownservices.certmonger.restart() -- 2.1.0
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel