From ba4df6449aaa0843ab43a1a2b3cb1df8bb022c24 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka Date: Nov 11 2016 11:17:25 +0000 Subject: Move the pki-tomcat restart to cainstance creation pki-tomcat would have been restarted in install and replicainstall for backward compatibility reasons. As Dogtag 9 is not supported anymore, we can move this restart only for DL0 replica installation. https://fedorahosted.org/freeipa/ticket/6392 Reviewed-By: Martin Basti Reviewed-By: Jan Cholasta --- diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 9a42d8e..7a46094 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -423,6 +423,10 @@ class CAInstance(DogtagInstance): configure_lightweight_ca_acls) self.step("Ensure lightweight CAs container exists", ensure_lightweight_cas_container) + if self.clone and not promote: + self.step( + "Ensuring backward compatibility", + self.__dogtag10_migration) self.step("configure certificate renewals", self.configure_renewal) self.step("configure Server-Cert certificate renewal", self.track_servercert) self.step("Configure HTTP to proxy connections", @@ -1276,6 +1280,15 @@ class CAInstance(DogtagInstance): root_logger.warning( "Did not find any lightweight CAs; nothing to track") + def __dogtag10_migration(self): + ld = ldapupdate.LDAPUpdate(ldapi=True, sub_dict={ + 'SUFFIX': api.env.basedn, + 'FQDN': self.fqdn, + }) + ld.update([os.path.join(paths.UPDATES_DIR, + '50-dogtag10-migration.update')] + ) + def replica_ca_install_check(config, promote): if promote: diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py index 60d38dc..b510ec2 100644 --- a/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py @@ -854,9 +854,6 @@ def install(installer): service.print_msg("Restarting the KDC") krb.restart() - if setup_ca: - services.knownservices['pki_tomcatd'].restart('pki-tomcat') - if options.setup_dns: dns.install(False, False, options) else: diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index fb71889..21bcd86 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -935,9 +935,6 @@ def install(installer): service.print_msg("Restarting the KDC") krb.restart() - if config.setup_ca: - services.knownservices['pki_tomcatd'].restart('pki-tomcat') - if options.setup_dns: dns.install(False, True, options) else: