Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

libexec scripts: ldap conn management #216

Closed
wants to merge 1 commit into from
Closed

libexec scripts: ldap conn management #216

wants to merge 1 commit into from

Conversation

tkrizek
Copy link
Contributor

@tkrizek tkrizek commented Nov 9, 2016
edited by MartinBasti

Certificate renewal scripts require connection to LDAP. Properly
handle connects and disconnects from LDAP.

https://fedorahosted.org/freeipa/ticket/6461

flo-renaud
flo-renaud reviewed Nov 9, 2016
View reviewed changes
Copy link
Contributor

@flo-renaud flo-renaud left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi,

except for minor comments, the code looks good to me. I tested the certificates renewal (CA, ipaCert and http/ldap) and it works as expected.

install/certmonger/dogtag-ipa-ca-renew-agent-submit
@@ -507,6 +508,8 @@ def main():
certs.renewal_lock.release()
shutil.rmtree(tmpdir)

api.Backend.ldap2.disconnect()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You may want to move the disconnect() call in the finally block to make sure it gets executed

install/restart_scripts/renew_ca_cert
@@ -200,6 +201,8 @@ def _main():
syslog.syslog(
syslog.LOG_NOTICE, "Started %s" % dogtag_service.service_name)

api.Backend.ldap2.disconnect()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpick: disconnect() may not always be called

install/restart_scripts/renew_ra_cert
@@ -75,6 +76,7 @@ def _main():
else:
syslog.syslog(syslog.LOG_NOTICE, "Restarted httpd")

api.Backend.ldap2.disconnect()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nitpick: disconnect() may not always be executed

libexec scripts: ldap conn management
8f4e1c5 
Certificate renewal scripts require connection to LDAP. Properly
handle connects and disconnects from LDAP.

https://fedorahosted.org/freeipa/ticket/6461
@flo-renaud flo-renaud added the ack Pull Request approved, can be merged label Nov 9, 2016
@flo-renaud
Copy link
Contributor

Thanks for the update. Works for me.

@MartinBasti
Copy link
Contributor

Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/33f7b8dc32bc95e0db067ac4df49807ee2b5120e

@MartinBasti MartinBasti added the pushed Pull Request has already been pushed label Nov 9, 2016
@MartinBasti MartinBasti closed this Nov 9, 2016
@HonzaCholasta HonzaCholasta mentioned this pull request Nov 9, 2016
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@flo-renaud flo-renaud flo-renaud left review comments

Assignees
No one assigned
Labels
ack Pull Request approved, can be merged pushed Pull Request has already been pushed
Projects
None yet
Milestone
No milestone
3 participants
@tkrizek @flo-renaud @MartinBasti