Try multiple times to remove certmonger CAs on uninstall

certmonger would occassionally fail attempting to connect to dbus to remove the IPA-defined certmonger CAs. This was almost, if not entirely, exclusive to PR-CI. During debugging it was seen that the certmonger dbus API was available after a failure. This suggests that the dbus socket needed time to wake up, so try multiple times. In testing it appears to only require one additional attempt with no intervening sleep. https://pagure.io/freeipa/issue/8506 Signed-off-by: Rob Crittenden <rcritten@redhat.com>
freeipa · Feb 10, 2021 · 3813208 · 3813208
1 parent 6484f0d
commit 3813208
Showing 1 changed file with 23 additions and 9 deletions.
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
@@ -996,15 +996,29 @@ def uninstall(self):
         cmonger = services.knownservices.certmonger
         cmonger.start()
 
-        bus = dbus.SystemBus()
-        obj = bus.get_object('org.fedorahosted.certmonger',
-                             '/org/fedorahosted/certmonger')
-        iface = dbus.Interface(obj, 'org.fedorahosted.certmonger')
-        for suffix in ['', '-reuse', '-selfsigned']:
-            name = ipalib.constants.RENEWAL_CA_NAME + suffix
-            path = iface.find_ca_by_nickname(name)
-            if path:
-                iface.remove_known_ca(path)
+        done = False
+        exc = None
+        for i in range(5):
+            logger.debug('Attempt %d to remove certmonger CAs', i + 1)
+            try:
+                bus = dbus.SystemBus()
+                obj = bus.get_object('org.fedorahosted.certmonger',
+                                     '/org/fedorahosted/certmonger')
+                iface = dbus.Interface(obj, 'org.fedorahosted.certmonger')
+                for suffix in ['', '-reuse', '-selfsigned']:
+                    name = ipalib.constants.RENEWAL_CA_NAME + suffix
+                    path = iface.find_ca_by_nickname(name)
+                    if path:
+                        iface.remove_known_ca(path)
+                logger.debug('certmonger CA removal successful')
+                done = True
+                break
+            except dbus.exceptions.DBusException as e:
+                logger.debug(e)
+                exc = e
+
+        if not done:
+            raise exc
 
         cmonger.stop()