def server_track_lightweight_ca(self, entry): nickname = "{} {}".format(IPA_CA_NICKNAME, entry['ipacaid'][0]) criteria = { 'cert-database': paths.PKI_TOMCAT_ALIAS_DIR, 'cert-nickname': nickname, 'ca-name': RENEWAL_CA_NAME, } request_id = certmonger.get_request_id(criteria) if request_id is None: try: certmonger.dogtag_start_tracking( secdir=paths.PKI_TOMCAT_ALIAS_DIR, pin=certmonger.get_pin('internal'), pinfile=None, nickname=nickname, ca=RENEWAL_CA_NAME, pre_command='stop_pkicad', post_command='renew_ca_cert "%s"' % nickname, ) request_id = certmonger.get_request_id(criteria) certmonger.modify(request_id, profile='ipaCACertRenewal') self.log.debug( 'Lightweight CA renewal: ' 'added tracking request for "%s"', nickname) except RuntimeError as e: self.log.error( 'Lightweight CA renewal: Certmonger failed to ' 'start tracking certificate: %s', e) else: self.log.debug( 'Lightweight CA renewal: ' 'already tracking certificate "%s"', nickname)
def configure_renewal(self): """ Configure certmonger to renew system certs """ pin = self.__get_pin() for nickname, profile in self.tracking_reqs: try: certmonger.dogtag_start_tracking( ca='dogtag-ipa-ca-renew-agent', nickname=nickname, pin=pin, pinfile=None, secdir=self.nss_db, pre_command='stop_pkicad', post_command='renew_ca_cert "%s"' % nickname, profile=profile) except RuntimeError as e: self.log.error( "certmonger failed to start tracking certificate: %s", e)
def configure_renewal(self): """ Configure certmonger to renew system certs """ pin = self.__get_pin() for nickname, profile in self.tracking_reqs: try: certmonger.dogtag_start_tracking( ca='dogtag-ipa-ca-renew-agent', nickname=nickname, pin=pin, pinfile=None, secdir=self.dogtag_constants.ALIAS_DIR, pre_command='stop_pkicad', post_command='renew_ca_cert "%s"' % nickname, profile=profile) except RuntimeError, e: self.log.error( "certmonger failed to start tracking certificate: %s", e)
def track_servercert(self): """ Specifically do not tell certmonger to restart the CA. This will be done by the renewal script, renew_ca_cert once all the subsystem certificates are renewed. """ pin = self.__get_pin() try: certmonger.dogtag_start_tracking( ca='dogtag-ipa-renew-agent', nickname=self.server_cert_name, pin=pin, pinfile=None, secdir=self.nss_db, pre_command='stop_pkicad', post_command='renew_ca_cert "%s"' % self.server_cert_name) except RuntimeError as e: self.log.error( "certmonger failed to start tracking certificate: %s" % e)
def track_servercert(self): """ Specifically do not tell certmonger to restart the CA. This will be done by the renewal script, renew_ca_cert once all the subsystem certificates are renewed. """ pin = self.__get_pin() try: certmonger.dogtag_start_tracking( ca='dogtag-ipa-renew-agent', nickname=self.server_cert_name, pin=pin, pinfile=None, secdir=self.dogtag_constants.ALIAS_DIR, pre_command='stop_pkicad', post_command='renew_ca_cert "%s"' % self.server_cert_name) except RuntimeError, e: self.log.error( "certmonger failed to start tracking certificate: %s" % e)