Jan Cholasta wrote:
> On 9.11.2015 16:51, Rob Crittenden wrote:
>> Jan Cholasta wrote:
>>> Hi,
>>>
>>> the attached patch fixes <https://fedorahosted.org/freeipa/ticket/5436>.
>>>
>>> Honza
>>>
>>>
>>>
>>
>> There be a note in renew_ra_cert that the lock is obtained in advance by
>> renew_ra_cert_pre.
> 
> Added comment.
> 
>>
>> It looks like it will silently fail if the lock cannot be acquired. Is
>> that desired?
> 
> All unhandled exceptions are logged to syslog in both renew_ra_cert_pre
> and renew_ra_cert:
> 
>     try:
>         main()
>     except Exception:
>         syslog.syslog(syslog.LOG_ERR, traceback.format_exc())
> 
> Updated patch attached.
> 

My confusion was with the auto-expiration. I guess this is ok. When
debugging this sort of thing via logs the more the merrier, so I guess
I'd have added a syslog to say "obtaining lock" or "locked" and then
something when the renewal actually starts, so one can try to piece
together what happened after the fact if something goes wrong.

I guess certmonger already logs when a pre/post command is executed so
that may already be available.

rob

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to