Currently we wait for open ports to see if services are up. But, Dogtag uses a proxy that opens the ports before the CA is fully initialized.
https://fedorahosted.org/pki/ticket/314 will provide a way to check pki itself. Use that to make sure the CA is really up.
The latest dogtag developer builds for dogtag 10 have a mechanism that has been checked in. This will be available in the next dogtag 9/10 koji builds which will likely happen this week.
The mechanism is as follows:
<XMLResponse> <State>1</State> <Type>CA</Type> <Status>running</Status> </XMLResponse>
If status is "running", the CA is up and ready. If status is "starting", then its in the process of starting up -- and is not ready yet.
You'll need to modify your proxy config to allow the exposing of that servlet most likely, as well as ipactl to test and parse the results.
As a part of this effort, we are now also waiting on secure ports when (re)starting CA:
master: 9c0426c[[BR]] ipa-3-0: 8201ffe
master: d6fbbd5
ipa-3-0: 00b34a9
Metadata Update from @pviktori: - Issue assigned to pviktori - Issue set to the milestone: FreeIPA 3.0.1 (bug fixing)
Login to comment on this ticket.