[Freeipa-devel] [PATCH] 0049 Remove workaround for CA running check

Fraser Tweedale ftweedal at redhat.com
Wed Jan 20 10:03:05 UTC 2016 

On Wed, Jan 20, 2016 at 07:52:32PM +1000, Fraser Tweedale wrote:
> Good pickup on the curl dependency; indeed it is no longer needed.
> Updated patch attached.
>
Whups, that was same patch, different name. *Here* is the new patch.
-------------- next part --------------
From ba5750b7a805841abd8d4795d9c4bcec2a3518a0 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal at redhat.com>
Date: Wed, 20 Jan 2016 18:35:15 +1100
Subject: [PATCH] Remove workaround for CA running check

A workaround was introduced for ticket #4676 that used wget to
perform an (unauthenticated) https request to check the CA status.
Later, wget was changed to curl (the request remained
unauthenticated).

Remove the workaround and use an http request (no TLS) to check the
CA status.  Also remove the now-unused unauthenticated_http_request
method, and update specfile to remove ipalib dependency on curl.

https://fedorahosted.org/freeipa/ticket/4676
---
 freeipa.spec.in                |  2 --
 ipaplatform/redhat/services.py | 25 +------------------------
 ipapython/dogtag.py            | 25 +++----------------------
 3 files changed, 4 insertions(+), 48 deletions(-)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 961d8c38e0dd5f954bfca47e8209a5655eaacc86..ae0887390d623b035734dc5c8da703ba33a37e9f 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -466,7 +466,6 @@ Requires: python-pyasn1
 Requires: python-dateutil
 Requires: python-yubico >= 1.2.3
 Requires: python-sss-murmur
-Requires: curl
 Requires: dbus-python
 Requires: python-setuptools
 Requires: python-six
@@ -510,7 +509,6 @@ Requires: python3-pyasn1
 Requires: python3-dateutil
 Requires: python3-yubico >= 1.2.3
 Requires: python3-sss-murmur
-Requires: curl
 Requires: python3-dbus
 Requires: python3-setuptools
 Requires: python3-six
diff --git a/ipaplatform/redhat/services.py b/ipaplatform/redhat/services.py
index 11292fa4912844db78899d779b84104288e469dc..3c18dbc3c1274ef3852abef5f054b4e37e6b32fa 100644
--- a/ipaplatform/redhat/services.py
+++ b/ipaplatform/redhat/services.py
@@ -199,30 +199,7 @@ class RedHatCAService(RedHatService):
         op_timeout = time.time() + timeout
         while time.time() < op_timeout:
             try:
-                # FIXME https://fedorahosted.org/freeipa/ticket/4716
-                # workaround
-                #
-                # status = dogtag.ca_status(use_proxy=use_proxy)
-                #
-                port = 8443
-
-                url = "https://%(host_port)s%(path)s" % {
-                    "host_port": ipautil.format_netloc(api.env.ca_host, port),
-                    "path": "/ca/admin/ca/getStatus"
-                }
-
-                args = [
-                    paths.BIN_CURL,
-                    '-o', '-',
-                    '--connect-timeout', '30',
-                    '-k',
-                    url
-                ]
-
-                result = ipautil.run(args, capture_output=True)
-
-                status = dogtag._parse_ca_status(result.output)
-                # end of workaround
+                status = dogtag.ca_status()
             except Exception as e:
                 status = 'check interrupted due to error: %s' % e
             root_logger.debug('The CA status is: %s' % status)
diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py
index 1cb74719c4ce2cc97c54dc7bebfa4b32ceee14a1..6f13880026e9e6043649405245c9cd50a826f652 100644
--- a/ipapython/dogtag.py
+++ b/ipapython/dogtag.py
@@ -103,7 +103,7 @@ def _parse_ca_status(body):
         raise error_from_xml(doc, _("Retrieving CA status failed: %s"))
 
 
-def ca_status(ca_host=None, use_proxy=True):
+def ca_status(ca_host=None):
     """Return the status of the CA, and the httpd proxy in front of it
 
     The returned status can be:
@@ -113,13 +113,8 @@ def ca_status(ca_host=None, use_proxy=True):
     """
     if ca_host is None:
         ca_host = api.env.ca_host
-    if use_proxy:
-        # Use port 443 to test the proxy as well
-        ca_port = 443
-    else:
-        ca_port = 8443
-    status, headers, body = unauthenticated_https_request(
-        ca_host, ca_port, '/ca/admin/ca/getStatus')
+    status, headers, body = http_request(
+        ca_host, 8080, '/ca/admin/ca/getStatus')
     if status == 503:
         # Service temporarily unavailable
         return status
@@ -175,20 +170,6 @@ def http_request(host, port, url, **kw):
         'http', host, port, url, httplib.HTTPConnection, body)
 
 
-def unauthenticated_https_request(host, port, url, **kw):
-    """
-    :param url: The path (not complete URL!) to post to.
-    :param kw: Keyword arguments to encode into POST body.
-    :return:   (http_status, http_headers, http_body)
-                as (integer, dict, str)
-
-    Perform an unauthenticated HTTPS request.
-    """
-    body = urlencode(kw)
-    return _httplib_request(
-        'https', host, port, url, httplib.HTTPSConnection, body)
-
-
 def _httplib_request(
         protocol, host, port, path, connection_factory, request_body,
         method='POST', headers=None):
-- 
2.5.0

More information about the Freeipa-devel mailing list