[Freeipa-devel] [PATCH] 0019 Stop dogtag when updating its configuration in, ipa-upgradeconfig
Jan Cholasta
jcholast at redhat.com
Tue Oct 14 11:39:05 UTC 2014
Dne 14.10.2014 v 12:47 David Kupka napsal(a):
>
>
> On 10/10/2014 03:24 PM, Jan Cholasta wrote:
>> Dne 8.10.2014 v 12:36 David Kupka napsal(a):
>>> On 10/08/2014 09:29 AM, Jan Cholasta wrote:
>>>> Hi,
>>>>
>>>> Dne 8.10.2014 v 09:09 David Kupka napsal(a):
>>>>> https://fedorahosted.org/freeipa/ticket/4569
>>>>
>>>> In renew_ca_cert and cainstance.py, dogtag should already be stopped in
>>>> the places you modified, so why the change?
>>>
>>> I didn't noticed that it is already stopped, fixed.
>>>>
>>>> Also I don't think it's a good idea to backup CS.cfg when dogtag is
>>>> still running (in cainstance.py). If the file is being modified by
>>>> dogtag at the time it is backed up, the backup may be corrupted.
>>>>
>>> Fixed, thanks.
>>
>> CAInstance.backup_config should be called only when Dogtag is stopped as
>> well, you don't need to change it.
>>
>
> backup_config is callable from outside of cainstance.py so it's safer to
> check that dogtag is stopped and stop it if necessary. When dogtag is
> already stopped it won't do anything.
If dogtag is not stopped in backup_config, it's an error, so an
exception should be raised.
You should use stopped_service only in places where you actually want
dogtag to become stopped. If there were multiple consecutive
stopped_service calls when dogtag should be stopped but isn't, it would
cause multiple dogtag restarts, which would work, but it would waste
time and be hard to debug.
>
>>>
>>>> Honza
>>>>
>>>
>>
>> It would be better to stop and start dogtag only once in
>> ipa-upgradeconfig, not every time there is a modification to CS.cfg.
>>
> OK.
>
>
>
--
Jan Cholasta
More information about the Freeipa-devel
mailing list