On 19.11.2015 13:01, David Kupka wrote:
On 18/11/15 14:10, Jan Cholasta wrote:
On 10.11.2015 19:19, Rob Crittenden wrote:
Jan Cholasta wrote:
On 9.11.2015 16:51, Rob Crittenden wrote:
Jan Cholasta wrote:

the attached patch fixes


There be a note in renew_ra_cert that the lock is obtained in
advance by

Added comment.

It looks like it will silently fail if the lock cannot be acquired. Is
that desired?

All unhandled exceptions are logged to syslog in both renew_ra_cert_pre
and renew_ra_cert:

     except Exception:
         syslog.syslog(syslog.LOG_ERR, traceback.format_exc())

Updated patch attached.

My confusion was with the auto-expiration. I guess this is ok. When
debugging this sort of thing via logs the more the merrier, so I guess
I'd have added a syslog to say "obtaining lock" or "locked" and then
something when the renewal actually starts, so one can try to piece
together what happened after the fact if something goes wrong.

I guess certmonger already logs when a pre/post command is executed so
that may already be available.

Yes. The ticket is not related to logging anyway.

Is the last patch OK, then?

Thanks for the patch. Works for me, ACK.

Pushed to:
master: f3076c6ab37e081ba9b0ec9f0502379f60dfbd10
ipa-4-2: f831cb6a3da0c5f2a3e71004ae327273b25723fa

Jan Cholasta

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to