On 01/12/14 08:46, Jan Cholasta wrote:
Hi,

Dne 27.11.2014 v 14:24 Martin Basti napsal(a):
Ticket: https://fedorahosted.org/freeipa/ticket/4676
Replaces current workaround. Should go to 4.1.3.
Patch attached.

When constructing URLs with host:port, please use ipautil.format_netloc().

wget should be added as a dependency of freeipa-python in the spec file.

Honza

Updated patch attached.

--
Martin Basti

From daf56e4e4a0126f0dd528876a209f0687ca3ad06 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Tue, 18 Nov 2014 19:49:15 +0100
Subject: [PATCH] Using wget to get status of CA

This is just workaround

Ticket: https://fedorahosted.org/freeipa/ticket/4676
---
 freeipa.spec.in                 |  1 +
 install/tools/ipa-upgradeconfig |  4 ----
 ipaplatform/redhat/services.py  | 27 ++++++++++++++++++++++++++-
 ipapython/dogtag.py             | 18 +++++++++++-------
 4 files changed, 38 insertions(+), 12 deletions(-)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 95ec6210a157fd158d81d97efbd46f3d35facbc6..39166057ecd0d5a4bacef4e79bed49135f72fff4 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -292,6 +292,7 @@ Requires: python-qrcode-core >= 5.0.0
 Requires: python-pyasn1
 Requires: python-dateutil
 Requires: python-yubico
+Requires: wget
 
 Conflicts: %{alt_name}-python
 Obsoletes: %{alt_name}-python < %{version}
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
index 32fea4d0a42ac7607fffaa17339b23267f2760f6..628fe20d7c7dbdc5aaae5cd60eb357694a3b51a5 100644
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -1486,10 +1486,6 @@ def main():
             ca.restart(dogtag.configured_constants().PKI_INSTANCE_NAME)
         except ipautil.CalledProcessError, e:
             root_logger.error("Failed to restart %s: %s", ca.service_name, e)
-        # FIXME https://fedorahosted.org/freeipa/ticket/4676
-        # workaround
-        except RuntimeError as e:
-            root_logger.warning(str(e))
 
     set_sssd_domain_option('ipa_server_mode', 'True')
 
diff --git a/ipaplatform/redhat/services.py b/ipaplatform/redhat/services.py
index 58ffebc48477193c7203161d2578b3040862b4e6..20d0adec421ecd3285464e2a51b9d5c61a0e3d92 100644
--- a/ipaplatform/redhat/services.py
+++ b/ipaplatform/redhat/services.py
@@ -24,6 +24,7 @@ Contains Red Hat OS family-specific service class implementations.
 
 import os
 import time
+import xml.dom.minidom
 
 from ipaplatform.tasks import tasks
 from ipaplatform.base import services as base_services
@@ -185,7 +186,31 @@ class RedHatCAService(RedHatService):
         op_timeout = time.time() + timeout
         while time.time() < op_timeout:
             try:
-                status = dogtag.ca_status(use_proxy=use_proxy)
+                # FIXME https://fedorahosted.org/freeipa/ticket/4716
+                # workaround
+                #
+                # status = dogtag.ca_status(use_proxy=use_proxy)
+                #
+                port = 8443
+                if use_proxy:
+                    port = 443
+
+                url = "https://%(host_port)s%(path)s" % {
+                    "host_port": ipautil.format_netloc(api.env.ca_host, port),
+                    "path": "/ca/admin/ca/getStatus"
+                }
+
+                args = [
+                    paths.BIN_WGET,
+                    '-S', '-O', '-',
+                    '--timeout=30',
+                    url
+                ]
+
+                stdout, stderr, returncode = ipautil.run(args)
+
+                status = dogtag._parse_ca_status(stdout)
+                # end of workaround
             except Exception:
                 status = 'check interrupted'
             root_logger.debug('The CA status is: %s' % status)
diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py
index 0e0aacca798377517244075ed6b07dff63e87358..675d2a77fe30b9109c17089f129b189282ffa57b 100644
--- a/ipapython/dogtag.py
+++ b/ipapython/dogtag.py
@@ -191,6 +191,16 @@ def get_ca_certchain(ca_host=None, dogtag_constants=None):
     return chain
 
 
+def _parse_ca_status(body):
+    doc = xml.dom.minidom.parseString(body)
+    try:
+        item_node = doc.getElementsByTagName("XMLResponse")[0]
+        item_node = item_node.getElementsByTagName("Status")[0]
+        return item_node.childNodes[0].data
+    except IndexError:
+        raise error_from_xml(doc, _("Retrieving CA status failed: %s"))
+
+
 def ca_status(ca_host=None, use_proxy=True):
     """Return the status of the CA, and the httpd proxy in front of it
 
@@ -214,13 +224,7 @@ def ca_status(ca_host=None, use_proxy=True):
     elif status != 200:
         raise errors.RemoteRetrieveError(
             reason=_("Retrieving CA status failed: %s") % reason)
-    doc = xml.dom.minidom.parseString(body)
-    try:
-        item_node = doc.getElementsByTagName("XMLResponse")[0]
-        item_node = item_node.getElementsByTagName("Status")[0]
-        return item_node.childNodes[0].data
-    except IndexError:
-        raise error_from_xml(doc, _("Retrieving CA status failed: %s"))
+    return _parse_ca_status(body)
 
 
 def https_request(host, port, url, secdir, password, nickname, **kw):
-- 
1.8.3.1

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to