On 19.11.2015 13:01, David Kupka wrote:
On 18/11/15 14:10, Jan Cholasta wrote:
On 10.11.2015 19:19, Rob Crittenden wrote:
Jan Cholasta wrote:
On 9.11.2015 16:51, Rob Crittenden wrote:
Jan Cholasta wrote:
Hi,
the attached patch fixes
<https://fedorahosted.org/freeipa/ticket/5436>.
Honza
There be a note in renew_ra_cert that the lock is obtained in
advance by
renew_ra_cert_pre.
Added comment.
It looks like it will silently fail if the lock cannot be acquired. Is
that desired?
All unhandled exceptions are logged to syslog in both renew_ra_cert_pre
and renew_ra_cert:
try:
main()
except Exception:
syslog.syslog(syslog.LOG_ERR, traceback.format_exc())
Updated patch attached.
My confusion was with the auto-expiration. I guess this is ok. When
debugging this sort of thing via logs the more the merrier, so I guess
I'd have added a syslog to say "obtaining lock" or "locked" and then
something when the renewal actually starts, so one can try to piece
together what happened after the fact if something goes wrong.
I guess certmonger already logs when a pre/post command is executed so
that may already be available.
Yes. The ticket is not related to logging anyway.
Is the last patch OK, then?
Thanks for the patch. Works for me, ACK.
Pushed to:
master: f3076c6ab37e081ba9b0ec9f0502379f60dfbd10
ipa-4-2: f831cb6a3da0c5f2a3e71004ae327273b25723fa
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
