On 2016-07-07 14:54, Martin Basti wrote: > Patch needs changes in ipa-4-3 branch
Here are patches for master and ipa-4-3 branch. I have rebased both patches to head. Christian
From e3a99ef8a6245d6e1bca22b3b0cede5d2ff608e8 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Fri, 1 Jul 2016 10:21:06 +0200 Subject: [PATCH] RedHatCAService should wait for local Dogtag instance RedHatCAService.wait_until_running() uses dogtag.ca_status() to make a HTTP(s) request to Dogtag in order to check if /ca/admin/ca/getStatus returns OK. The ca_status() function defaults to api.env.ca_host as host. On a replica without CA ca_host is a remote host (e.g. master's FQDN). ipa-ca-install waits for master:8080 instead of replica:8080, which might be blocked by a firewall. https://fedorahosted.org/freeipa/ticket/6016 --- ipaplatform/redhat/services.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ipaplatform/redhat/services.py b/ipaplatform/redhat/services.py index 849737059d54df5af47ae288ef97b933d9e869fe..24325347c7d9183e2ecdd8d00bfa52729463fea3 100644 --- a/ipaplatform/redhat/services.py +++ b/ipaplatform/redhat/services.py @@ -199,7 +199,8 @@ class RedHatCAService(RedHatService): op_timeout = time.time() + timeout while time.time() < op_timeout: try: - status = dogtag.ca_status() + # check status of CA instance on this host, not remote ca_host + status = dogtag.ca_status(api.env.host) except Exception as e: status = 'check interrupted due to error: %s' % e root_logger.debug('The CA status is: %s' % status) -- 2.7.4
From d5d1aa26085f8580f483d4790faed94d2886b426 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Fri, 1 Jul 2016 10:47:53 +0200 Subject: [PATCH] RedHatCAService should wait for local Dogtag instance RedHatCAService.wait_until_running() uses dogtag.ca_status() to make a HTTP(s) request to Dogtag in order to check if /ca/admin/ca/getStatus returns OK. The ca_status() function defaults to api.env.ca_host as host. On a replica without CA ca_host is a remote host (e.g. master's FQDN). ipa-ca-install waits for master:8080 instead of replica:8080, which might be blocked by a firewall. https://fedorahosted.org/freeipa/ticket/6016 --- ipaplatform/redhat/services.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ipaplatform/redhat/services.py b/ipaplatform/redhat/services.py index 4774dbf0deb3df50e1a3284353e47b2fb0bebc75..e8ad31b0bbcf2d1441363b49a1e2ef52284a823a 100644 --- a/ipaplatform/redhat/services.py +++ b/ipaplatform/redhat/services.py @@ -205,10 +205,10 @@ class RedHatCAService(RedHatService): # # status = dogtag.ca_status(use_proxy=use_proxy) # + # check status of CA instance on this host, not remote ca_host port = 8443 - url = "https://%(host_port)s%(path)s" % { - "host_port": ipautil.format_netloc(api.env.ca_host, port), + "host_port": ipautil.format_netloc(api.env.host, port), "path": "/ca/admin/ca/getStatus" } -- 2.7.4
signature.asc
Description: OpenPGP digital signature
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
