Ticket: https://fedorahosted.org/freeipa/ticket/4676 Replaces current workaround. Should go to 4.1.3. Patch attached.
-- Martin Basti
From aceecd06d3174101dd1f7d63f2b22eb1d1447fa1 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 18 Nov 2014 19:49:15 +0100 Subject: [PATCH] Using wget to get status of CA This is just workaround Ticket: https://fedorahosted.org/freeipa/ticket/4676 --- install/tools/ipa-upgradeconfig | 4 ---- ipaplatform/redhat/services.py | 28 +++++++++++++++++++++++++++- ipapython/dogtag.py | 18 +++++++++++------- 3 files changed, 38 insertions(+), 12 deletions(-) diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig index 02bfe3a79f83e65f428fe2220d940eb39fdbd928..b81a474b2bb14f1582dabd649400c13f7ce6d369 100644 --- a/install/tools/ipa-upgradeconfig +++ b/install/tools/ipa-upgradeconfig @@ -1473,10 +1473,6 @@ def main(): ca.restart(dogtag.configured_constants().PKI_INSTANCE_NAME) except ipautil.CalledProcessError, e: root_logger.error("Failed to restart %s: %s", ca.service_name, e) - # FIXME https://fedorahosted.org/freeipa/ticket/4676 - # workaround - except RuntimeError as e: - root_logger.warning(str(e)) set_sssd_domain_option('ipa_server_mode', 'True') diff --git a/ipaplatform/redhat/services.py b/ipaplatform/redhat/services.py index 58ffebc48477193c7203161d2578b3040862b4e6..a2ff10824edde8832c48613dcc456092441b3097 100644 --- a/ipaplatform/redhat/services.py +++ b/ipaplatform/redhat/services.py @@ -24,6 +24,7 @@ Contains Red Hat OS family-specific service class implementations. import os import time +import xml.dom.minidom from ipaplatform.tasks import tasks from ipaplatform.base import services as base_services @@ -185,7 +186,32 @@ class RedHatCAService(RedHatService): op_timeout = time.time() + timeout while time.time() < op_timeout: try: - status = dogtag.ca_status(use_proxy=use_proxy) + # FIXME https://fedorahosted.org/freeipa/ticket/4716 + # workaround + # + # status = dogtag.ca_status(use_proxy=use_proxy) + # + port = 8443 + if use_proxy: + port = 443 + + url = "https://%(host)s:%(port)s%(path)s" % { + "host": api.env.ca_host, + "port": port, + "path": "/ca/admin/ca/getStatus", + } + + args = [ + paths.BIN_WGET, + '-S', '-O', '-', + '--timeout=30', + url + ] + + stdout, stderr, returncode = ipautil.run(args) + + status = dogtag._parse_ca_status(stdout) + # end of workaround except Exception: status = 'check interrupted' root_logger.debug('The CA status is: %s' % status) diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py index 14824b99431e85dd73613befd72e500d370cfe2c..d03e596146e1ef4f65f616792d90ac2d869c9db4 100644 --- a/ipapython/dogtag.py +++ b/ipapython/dogtag.py @@ -191,6 +191,16 @@ def get_ca_certchain(ca_host=None, dogtag_constants=None): return chain +def _parse_ca_status(body): + doc = xml.dom.minidom.parseString(body) + try: + item_node = doc.getElementsByTagName("XMLResponse")[0] + item_node = item_node.getElementsByTagName("Status")[0] + return item_node.childNodes[0].data + except IndexError: + raise error_from_xml(doc, _("Retrieving CA status failed: %s")) + + def ca_status(ca_host=None, use_proxy=True): """Return the status of the CA, and the httpd proxy in front of it @@ -214,13 +224,7 @@ def ca_status(ca_host=None, use_proxy=True): elif status != 200: raise errors.RemoteRetrieveError( reason=_("Retrieving CA status failed: %s") % reason) - doc = xml.dom.minidom.parseString(body) - try: - item_node = doc.getElementsByTagName("XMLResponse")[0] - item_node = item_node.getElementsByTagName("Status")[0] - return item_node.childNodes[0].data - except IndexError: - raise error_from_xml(doc, _("Retrieving CA status failed: %s")) + return _parse_ca_status(body) def https_request(host, port, url, secdir, password, nickname, **kw): -- 1.8.3.1
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel