[Freeipa-devel] [PATCH 0083] Make CS.cfg edits with CA instance stopped
Martin Kosek
mkosek at redhat.com
Mon Aug 5 15:43:45 UTC 2013
On 08/02/2013 03:32 PM, Tomas Babej wrote:
> Hi,
>
> This patch makes sure that all edits to CS.cfg configuration file
> are performed while pki-tomcatd service is stopped.
>
> Introduces a new contextmanager stopped_service for handling
> a general problem of performing a task that needs certain service
> being stopped.
>
> https://fedorahosted.org/freeipa/ticket/3804
>
> Tomas
>
1) I think it would make sense to ideally run the steps updating CS.cfg close
together, stop PKI before this group and start it after it finishes. Otherwise,
installer runs many service stops and starts which may be error prone,
especially given the fragile (and sometimes slow) java server handling.
2) I am thinking that stopped_service context manager could be as well defined
in ipaserver/install/service.py, as a context manager of the class. That way,
every installer class could use that like:
class CAInstance():
...
def __some_step(self):
with self.stopped_service(start_when_finished=True):
# do something
That way, context manager could just use self.name to avoid numerous hardcoded
service names like:
...
with stopped_service('pki_tomcatd',
instance_name=self.dogtag_constants.PKI_INSTANCE_NAME):
...
3) After I installed pki-ca, I saw no published CRL files:
# ls -la /var/lib/ipa/pki-ca/publish/
I am not sure what is the root cause, maybe some of the numerous start/restarts
broke the publisher process.
Martin
More information about the Freeipa-devel
mailing list