[Freeipa-devel] [PATCH] 0092 Make sure the CA is running when starting services
Rob Crittenden
rcritten at redhat.com
Fri Oct 19 15:42:59 UTC 2012
Petr Viktorin wrote:
> https://fedorahosted.org/freeipa/ticket/3084
> See ticket & commit message.
>
>
> Please tell me of a better way to extend the Services.
>
>
> What's interesting is that usually the CA is "running" right after the
> ports are opened, but if not, it takes *exactly* one minute between the
> ports being open and the time I stop getting 503 "Service Temporarily
> Unavailable" from ca/admin/ca/getStatus. Is there a sleep somewhere in
> pki? or httpd? or IPΑ?
No sleep that I know of, and I'm not seeing that behavior. In my testing
I got 503 exactly once. Most of the time once the port(s) were open and
the request went through the status was that dogtag was up and ready.
Just a few minor requests.
Can you add a block comment to ca_status? I think particularly
explaining why port 443 and not a CA port directly (I assume so we test
the proxy).
I'm a little confused by the wait variable. It is a boolean in some
cases and a string in others (no-proxy)? Why not just pass in False?
The patch itself looks good. I'm having a replica install problem which
I'm guessing is unrelated.
The configure proxy step is failing to restart httpd. It is failing
because the default mod_nss port is 8443 which is also being used by
dogtag, so httpd fails to restart and the installation blows up.
rob
More information about the Freeipa-devel
mailing list