def server_track_lightweight_ca(self, entry):
nickname = "{} {}".format(IPA_CA_NICKNAME, entry['ipacaid'][0])
criteria = {
'cert-database': paths.PKI_TOMCAT_ALIAS_DIR,
'cert-nickname': nickname,
'ca-name': RENEWAL_CA_NAME,
}
request_id = certmonger.get_request_id(criteria)
if request_id is None:
try:
certmonger.dogtag_start_tracking(
secdir=paths.PKI_TOMCAT_ALIAS_DIR,
pin=certmonger.get_pin('internal'),
pinfile=None,
nickname=nickname,
ca=RENEWAL_CA_NAME,
pre_command='stop_pkicad',
post_command='renew_ca_cert "%s"' % nickname,
)
request_id = certmonger.get_request_id(criteria)
certmonger.modify(request_id, profile='ipaCACertRenewal')
self.log.debug(
'Lightweight CA renewal: '
'added tracking request for "%s"', nickname)
except RuntimeError as e:
self.log.error(
'Lightweight CA renewal: Certmonger failed to '
'start tracking certificate: %s', e)
else:
self.log.debug(
'Lightweight CA renewal: '
'already tracking certificate "%s"', nickname)
def configure_renewal(self):
""" Configure certmonger to renew system certs """
pin = self.__get_pin()
for nickname, profile in self.tracking_reqs:
try:
certmonger.dogtag_start_tracking(
ca='dogtag-ipa-ca-renew-agent',
nickname=nickname,
pin=pin,
pinfile=None,
secdir=self.nss_db,
pre_command='stop_pkicad',
post_command='renew_ca_cert "%s"' % nickname,
profile=profile)
except RuntimeError as e:
self.log.error(
"certmonger failed to start tracking certificate: %s", e)
def configure_renewal(self):
""" Configure certmonger to renew system certs """
pin = self.__get_pin()
for nickname, profile in self.tracking_reqs:
try:
certmonger.dogtag_start_tracking(
ca='dogtag-ipa-ca-renew-agent',
nickname=nickname,
pin=pin,
pinfile=None,
secdir=self.dogtag_constants.ALIAS_DIR,
pre_command='stop_pkicad',
post_command='renew_ca_cert "%s"' % nickname,
profile=profile)
except RuntimeError, e:
self.log.error(
"certmonger failed to start tracking certificate: %s", e)
def track_servercert(self):
"""
Specifically do not tell certmonger to restart the CA. This will be
done by the renewal script, renew_ca_cert once all the subsystem
certificates are renewed.
"""
pin = self.__get_pin()
try:
certmonger.dogtag_start_tracking(
ca='dogtag-ipa-renew-agent',
nickname=self.server_cert_name,
pin=pin,
pinfile=None,
secdir=self.nss_db,
pre_command='stop_pkicad',
post_command='renew_ca_cert "%s"' % self.server_cert_name)
except RuntimeError as e:
self.log.error(
"certmonger failed to start tracking certificate: %s" % e)
def track_servercert(self):
"""
Specifically do not tell certmonger to restart the CA. This will be
done by the renewal script, renew_ca_cert once all the subsystem
certificates are renewed.
"""
pin = self.__get_pin()
try:
certmonger.dogtag_start_tracking(
ca='dogtag-ipa-renew-agent',
nickname=self.server_cert_name,
pin=pin,
pinfile=None,
secdir=self.dogtag_constants.ALIAS_DIR,
pre_command='stop_pkicad',
post_command='renew_ca_cert "%s"' % self.server_cert_name)
except RuntimeError, e:
self.log.error(
"certmonger failed to start tracking certificate: %s" % e)
