URL: https://github.com/freeipa/freeipa/pull/285 Author: flo-renaud Title: #285: Check the result of cert request in replica installer Action: opened
PR body: """ When running ipa-replica-install in domain-level 1, the installer requests the LDAP and HTTP certificates using certmonger but does not check the return code. The installer goes on and fails when restarting dirsrv. Fix: when certmonger was not able to request the certificate, raise an exception and exit from the installer: [28/45]: retrieving DS Certificate [error] RuntimeError: Certificate issuance failed Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR Certificate issuance failed ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information https://fedorahosted.org/freeipa/ticket/6514 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/285/head:pr285 git checkout pr285
From 0f7826cbf3ecd4b42a17ba9e0f83be9a9509b398 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud <f...@redhat.com> Date: Tue, 29 Nov 2016 21:15:29 +0100 Subject: [PATCH] Check the result of cert request in replica installer When running ipa-replica-install in domain-level 1, the installer requests the LDAP and HTTP certificates using certmonger but does not check the return code. The installer goes on and fails when restarting dirsrv. Fix: when certmonger was not able to request the certificate, raise an exception and exit from the installer: [28/45]: retrieving DS Certificate [error] RuntimeError: Certificate issuance failed Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR Certificate issuance failed ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information https://fedorahosted.org/freeipa/ticket/6514 --- ipaserver/install/certs.py | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index ab2379b..45602ba 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -647,13 +647,11 @@ def export_pem_cert(self, nickname, location): def request_service_cert(self, nickname, principal, host, pwdconf=False): if pwdconf: self.create_password_conf() - reqid = certmonger.request_cert(nssdb=self.secdir, - nickname=nickname, - principal=principal, - subject=host, - passwd_fname=self.passwd_fname) - # Now wait for the cert to appear. Check three times then abort - certmonger.wait_for_request(reqid, timeout=60) + certmonger.request_and_wait_for_cert(nssdb=self.secdir, + nickname=nickname, + principal=principal, + subject=host, + passwd_fname=self.passwd_fname) class _CrossProcessLock(object):
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code