On 18/11/15 14:10, Jan Cholasta wrote:
On 10.11.2015 19:19, Rob Crittenden wrote:
Jan Cholasta wrote:
On 9.11.2015 16:51, Rob Crittenden wrote:
Jan Cholasta wrote:

the attached patch fixes


There be a note in renew_ra_cert that the lock is obtained in
advance by

Added comment.

It looks like it will silently fail if the lock cannot be acquired. Is
that desired?

All unhandled exceptions are logged to syslog in both renew_ra_cert_pre
and renew_ra_cert:

     except Exception:
         syslog.syslog(syslog.LOG_ERR, traceback.format_exc())

Updated patch attached.

My confusion was with the auto-expiration. I guess this is ok. When
debugging this sort of thing via logs the more the merrier, so I guess
I'd have added a syslog to say "obtaining lock" or "locked" and then
something when the renewal actually starts, so one can try to piece
together what happened after the fact if something goes wrong.

I guess certmonger already logs when a pre/post command is executed so
that may already be available.

Yes. The ticket is not related to logging anyway.

Is the last patch OK, then?

Thanks for the patch. Works for me, ACK.

David Kupka

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to