[Freeipa-devel] [PATCH 0168] Better workaround to get status of CA during upgrade
Jan Cholasta
jcholast at redhat.com
Wed Dec 10 18:21:39 UTC 2014
Dne 10.12.2014 v 18:01 Jan Cholasta napsal(a):
> Dne 1.12.2014 v 16:48 Martin Basti napsal(a):
>> On 01/12/14 08:46, Jan Cholasta wrote:
>>> Hi,
>>>
>>> Dne 27.11.2014 v 14:24 Martin Basti napsal(a):
>>>> Ticket: https://fedorahosted.org/freeipa/ticket/4676
>>>> Replaces current workaround. Should go to 4.1.3.
>>>> Patch attached.
>>>
>>> When constructing URLs with host:port, please use
>>> ipautil.format_netloc().
>>>
>>> wget should be added as a dependency of freeipa-python in the spec file.
>>>
>>> Honza
>>>
>> Updated patch attached.
>>
>
> Thanks, ACK.
>
> Pushed to:
> master: 337faf506462a01c6dbcd00f2039ed5627691864
> ipa-4-1: 5052af773f652bc19e91fe49e15351e5c5c7d976
>
It turns out I messed up the review (sorry). This fixes the upgrade, but
it also breaks ipa-server-install:
2014-12-10T06:06:44Z DEBUG [8/27]: starting certificate server instance
2014-12-10T06:06:44Z DEBUG Starting external process
2014-12-10T06:06:44Z DEBUG args='/bin/systemctl' 'start'
'pki-tomcatd.target'
2014-12-10T06:06:45Z DEBUG Process finished, return code=0
2014-12-10T06:06:45Z DEBUG stdout=
2014-12-10T06:06:45Z DEBUG stderr=
2014-12-10T06:06:45Z DEBUG Starting external process
2014-12-10T06:06:45Z DEBUG args='/bin/systemctl' 'is-active'
'pki-tomcatd.target'
2014-12-10T06:06:45Z DEBUG Process finished, return code=0
2014-12-10T06:06:45Z DEBUG stdout=active
2014-12-10T06:06:45Z DEBUG stderr=
2014-12-10T06:06:45Z DEBUG wait_for_open_ports: localhost [8080, 8443]
timeout 300
2014-12-10T06:06:49Z DEBUG The httpd proxy is not installed, wait on
local port
2014-12-10T06:06:49Z DEBUG Waiting until the CA is running
2014-12-10T06:06:49Z DEBUG Starting external process
2014-12-10T06:06:49Z DEBUG args='/usr/bin/wget' '-S' '-O' '-'
'--timeout=30'
'https://vm-088.idm.lab.bos.redhat.com:8443/ca/admin/ca/getStatus'
2014-12-10T06:07:09Z DEBUG Process finished, return code=5
2014-12-10T06:07:09Z DEBUG stdout=
2014-12-10T06:07:09Z DEBUG stderr=--2014-12-10 01:06:49--
https://vm-088.idm.lab.bos.redhat.com:8443/ca/admin/ca/getStatus
Resolving vm-088.idm.lab.bos.redhat.com
(vm-088.idm.lab.bos.redhat.com)... 10.16.78.88
Connecting to vm-088.idm.lab.bos.redhat.com
(vm-088.idm.lab.bos.redhat.com)|10.16.78.88|:8443... connected.
ERROR: cannot verify vm-088.idm.lab.bos.redhat.com's certificate, issued
by ‘/O=IDM.LAB.BOS.REDHAT.COM/CN=Certificate Authority’:
Self-signed certificate encountered.
To connect to vm-088.idm.lab.bos.redhat.com insecurely, use
`--no-check-certificate'.
2014-12-10T06:07:09Z DEBUG The CA status is: check interrupted
I have reopened the ticket.
--
Jan Cholasta
More information about the Freeipa-devel
mailing list