URL: https://github.com/freeipa/freeipa/pull/216 Author: tomaskrizek Title: #216: libexec scripts: ldap conn management Action: synchronized
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/216/head:pr216 git checkout pr216
From 8f4e1c5f3f90cc31ff4e853e0c228fad2d7e0d24 Mon Sep 17 00:00:00 2001 From: Tomas Krizek <tkri...@redhat.com> Date: Wed, 9 Nov 2016 09:52:28 +0100 Subject: [PATCH] libexec scripts: ldap conn management Certificate renewal scripts require connection to LDAP. Properly handle connects and disconnects from LDAP. https://fedorahosted.org/freeipa/ticket/6461 --- install/certmonger/dogtag-ipa-ca-renew-agent-submit | 3 +++ install/restart_scripts/renew_ca_cert | 2 ++ install/restart_scripts/renew_ra_cert | 2 ++ 3 files changed, 7 insertions(+) diff --git a/install/certmonger/dogtag-ipa-ca-renew-agent-submit b/install/certmonger/dogtag-ipa-ca-renew-agent-submit index f2b15cf..6f5841e 100755 --- a/install/certmonger/dogtag-ipa-ca-renew-agent-submit +++ b/install/certmonger/dogtag-ipa-ca-renew-agent-submit @@ -476,6 +476,7 @@ def main(): api.bootstrap(in_server=True, context='renew') api.finalize() + api.Backend.ldap2.connect() operation = os.environ.get('CERTMONGER_OPERATION') if operation not in ('SUBMIT', 'POLL'): @@ -506,6 +507,8 @@ def main(): finally: certs.renewal_lock.release() shutil.rmtree(tmpdir) + api.Backend.ldap2.disconnect() + try: sys.exit(main()) diff --git a/install/restart_scripts/renew_ca_cert b/install/restart_scripts/renew_ca_cert index 7b3c8bd..0f0a690 100644 --- a/install/restart_scripts/renew_ca_cert +++ b/install/restart_scripts/renew_ca_cert @@ -40,6 +40,7 @@ def _main(): api.bootstrap(in_server=True, context='restart') api.finalize() + api.Backend.ldap2.connect() dogtag_service = services.knownservices['pki_tomcatd'] @@ -182,6 +183,7 @@ def _main(): conn.disconnect() finally: shutil.rmtree(tmpdir) + api.Backend.ldap2.disconnect() # Now we can start the CA. Using the services start should fire # off the servlet to verify that the CA is actually up and responding so diff --git a/install/restart_scripts/renew_ra_cert b/install/restart_scripts/renew_ra_cert index 62c5aa6..d71d6e2 100644 --- a/install/restart_scripts/renew_ra_cert +++ b/install/restart_scripts/renew_ra_cert @@ -39,6 +39,7 @@ def _main(): api.bootstrap(in_server=True, context='restart') api.finalize() + api.Backend.ldap2.connect() tmpdir = tempfile.mkdtemp(prefix="tmp-") try: @@ -65,6 +66,7 @@ def _main(): krainstance.export_kra_agent_pem() finally: shutil.rmtree(tmpdir) + api.Backend.ldap2.disconnect() # Now restart Apache so the new certificate is available syslog.syslog(syslog.LOG_NOTICE, "Restarting httpd")
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code