[Freeipa-devel] [PATCH 0168] Better workaround to get status of CA during upgrade

Jan Cholasta jcholast at redhat.com
Wed Dec 10 18:21:39 UTC 2014 

Dne 10.12.2014 v 18:01 Jan Cholasta napsal(a):
> Dne 1.12.2014 v 16:48 Martin Basti napsal(a):
>> On 01/12/14 08:46, Jan Cholasta wrote:
>>> Hi,
>>>
>>> Dne 27.11.2014 v 14:24 Martin Basti napsal(a):
>>>> Ticket: https://fedorahosted.org/freeipa/ticket/4676
>>>> Replaces current workaround. Should go to 4.1.3.
>>>> Patch attached.
>>>
>>> When constructing URLs with host:port, please use
>>> ipautil.format_netloc().
>>>
>>> wget should be added as a dependency of freeipa-python in the spec file.
>>>
>>> Honza
>>>
>> Updated patch attached.
>>
>
> Thanks, ACK.
>
> Pushed to:
> master: 337faf506462a01c6dbcd00f2039ed5627691864
> ipa-4-1: 5052af773f652bc19e91fe49e15351e5c5c7d976
>

It turns out I messed up the review (sorry). This fixes the upgrade, but 
it also breaks ipa-server-install:

2014-12-10T06:06:44Z DEBUG   [8/27]: starting certificate server instance
2014-12-10T06:06:44Z DEBUG Starting external process
2014-12-10T06:06:44Z DEBUG args='/bin/systemctl' 'start' 
'pki-tomcatd.target'
2014-12-10T06:06:45Z DEBUG Process finished, return code=0
2014-12-10T06:06:45Z DEBUG stdout=
2014-12-10T06:06:45Z DEBUG stderr=
2014-12-10T06:06:45Z DEBUG Starting external process
2014-12-10T06:06:45Z DEBUG args='/bin/systemctl' 'is-active' 
'pki-tomcatd.target'
2014-12-10T06:06:45Z DEBUG Process finished, return code=0
2014-12-10T06:06:45Z DEBUG stdout=active

2014-12-10T06:06:45Z DEBUG stderr=
2014-12-10T06:06:45Z DEBUG wait_for_open_ports: localhost [8080, 8443] 
timeout 300
2014-12-10T06:06:49Z DEBUG The httpd proxy is not installed, wait on 
local port
2014-12-10T06:06:49Z DEBUG Waiting until the CA is running
2014-12-10T06:06:49Z DEBUG Starting external process
2014-12-10T06:06:49Z DEBUG args='/usr/bin/wget' '-S' '-O' '-' 
'--timeout=30' 
'https://vm-088.idm.lab.bos.redhat.com:8443/ca/admin/ca/getStatus'
2014-12-10T06:07:09Z DEBUG Process finished, return code=5
2014-12-10T06:07:09Z DEBUG stdout=
2014-12-10T06:07:09Z DEBUG stderr=--2014-12-10 01:06:49-- 
https://vm-088.idm.lab.bos.redhat.com:8443/ca/admin/ca/getStatus
Resolving vm-088.idm.lab.bos.redhat.com 
(vm-088.idm.lab.bos.redhat.com)... 10.16.78.88
Connecting to vm-088.idm.lab.bos.redhat.com 
(vm-088.idm.lab.bos.redhat.com)|10.16.78.88|:8443... connected.
ERROR: cannot verify vm-088.idm.lab.bos.redhat.com's certificate, issued 
by ‘/O=IDM.LAB.BOS.REDHAT.COM/CN=Certificate Authority’:
   Self-signed certificate encountered.
To connect to vm-088.idm.lab.bos.redhat.com insecurely, use 
`--no-check-certificate'.

2014-12-10T06:07:09Z DEBUG The CA status is: check interrupted


I have reopened the ticket.

-- 
Jan Cholasta

More information about the Freeipa-devel mailing list