def server_track_lightweight_ca(self, entry): nickname = "{} {}".format(IPA_CA_NICKNAME, entry['ipacaid'][0]) criteria = { 'cert-database': paths.PKI_TOMCAT_ALIAS_DIR, 'cert-nickname': nickname, 'ca-name': RENEWAL_CA_NAME, } request_id = certmonger.get_request_id(criteria) if request_id is None: try: certmonger.dogtag_start_tracking( secdir=paths.PKI_TOMCAT_ALIAS_DIR, pin=certmonger.get_pin('internal'), pinfile=None, nickname=nickname, ca=RENEWAL_CA_NAME, pre_command='stop_pkicad', post_command='renew_ca_cert "%s"' % nickname, ) request_id = certmonger.get_request_id(criteria) certmonger.modify(request_id, profile='ipaCACertRenewal') self.log.debug( 'Lightweight CA renewal: ' 'added tracking request for "%s"', nickname) except RuntimeError as e: self.log.error( 'Lightweight CA renewal: Certmonger failed to ' 'start tracking certificate: %s', e) else: self.log.debug( 'Lightweight CA renewal: ' 'already tracking certificate "%s"', nickname)
def resubmit_request(self, ca, profile): timeout = api.env.startup_timeout + 60 self.log.debug("resubmitting certmonger request '%s'", self.request_id) certmonger.resubmit_request(self.request_id, profile=profile) try: state = certmonger.wait_for_request(self.request_id, timeout) except RuntimeError: raise admintool.ScriptError( "Resubmitting certmonger request '%s' timed out, " "please check the request manually" % self.request_id) ca_error = certmonger.get_request_value(self.request_id, 'ca-error') if state != 'MONITORING' or ca_error: raise admintool.ScriptError( "Error resubmitting certmonger request '%s', " "please check the request manually" % self.request_id) self.log.debug("modifying certmonger request '%s'", self.request_id) certmonger.modify(self.request_id, profile='ipaCACertRenewal')
def update_server(self, certs): instance = '-'.join(api.env.realm.split('.')) self.update_db( paths.ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE % instance, certs) if services.knownservices.dirsrv.is_running(): services.knownservices.dirsrv.restart(instance) self.update_db(paths.HTTPD_ALIAS_DIR, certs) if services.knownservices.httpd.is_running(): services.knownservices.httpd.restart() dogtag_constants = dogtag.configured_constants() nickname = 'caSigningCert cert-pki-ca' criteria = { 'cert-database': dogtag_constants.ALIAS_DIR, 'cert-nickname': nickname, 'ca-name': 'dogtag-ipa-ca-renew-agent', } request_id = certmonger.get_request_id(criteria) if request_id is not None: timeout = api.env.startup_timeout + 60 self.log.debug("resubmitting certmonger request '%s'", request_id) certmonger.resubmit_request( request_id, profile='ipaRetrievalOrReuse') try: state = certmonger.wait_for_request(request_id, timeout) except RuntimeError: raise admintool.ScriptError( "Resubmitting certmonger request '%s' timed out, " "please check the request manually" % request_id) ca_error = certmonger.get_request_value(request_id, 'ca-error') if state != 'MONITORING' or ca_error: raise admintool.ScriptError( "Error resubmitting certmonger request '%s', " "please check the request manually" % request_id) self.log.debug("modifying certmonger request '%s'", request_id) certmonger.modify(request_id, profile='ipaCACertRenewal') self.update_file(paths.CA_CRT, certs)