[Freeipa-devel] [PATCH 0477] upgrade: always start CA

Thu, 12 May 2016 07:36:09 -0700 

Patch attached.

https://fedorahosted.org/freeipa/ticket/5868


From 9730518ea4b10806fb340008138a72be98b43748 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Thu, 12 May 2016 15:39:30 +0200
Subject: [PATCH] Upgrade: always start CA

Some CA upgrade steps in upgrader requires running CA. We have to always
start CA and wait for running status using http, because systemd may
return false positive result that CA is running even if CA is just
starting and unable to serve.

https://fedorahosted.org/freeipa/ticket/5868
---
 ipaserver/install/server/upgrade.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index 38fe2c3e89da55faa30c624983cb8f9c630357b3..6956f51b3ca38ae4daf5775c4d5fb2c8fb34c772 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -1448,6 +1448,7 @@ def upgrade_configuration():
         sub_dict['SUBJECT_BASE'] = subject_base
 
     ca = cainstance.CAInstance(api.env.realm, certs.NSS_DIR)
+    ca_running = ca.is_running()
 
     with installutils.stopped_service('pki-tomcatd', 'pki-tomcat'):
         # Dogtag must be stopped to be able to backup CS.cfg config
@@ -1634,6 +1635,11 @@ def upgrade_configuration():
         except ipautil.CalledProcessError as e:
             root_logger.error("Failed to restart %s: %s", ca.service_name, e)
 
+    # following upgrade steps require running CA
+    # always run ca.start() because we need to wait until CA is really ready
+    # by checking status using http
+    ca.start('pki-tomcat')
+
     ca_enable_ldap_profile_subsystem(ca)
 
     # This step MUST be done after ca_enable_ldap_profile_subsystem and
@@ -1650,6 +1656,11 @@ def upgrade_configuration():
     elif not ds_running and ds.is_running():
         ds.stop(ds_serverid)
 
+    if ca_running and not ca.is_running():
+        ca.stop('pki-tomcat')
+    elif not ca_running and ca.is_running():
+        ca.start('pki-tomcat')
+
 
 def upgrade_check(options):
     try:
-- 
2.5.5


-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to