dogtaginstance: track server certificate with our renew agent #377
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 3 commits
January 9, 2017 08:33
In addition to replicated certificates (Dogtag certificates, RA certificate), handle non-replicated certificates in dogtag-ipa-ca-renew-agent as well. https://fedorahosted.org/freeipa/ticket/5959
Track Dogtag's server certificate with dogtag-ipa-ca-renew-agent instead of dogtag-ipa-renew-agent. https://fedorahosted.org/freeipa/ticket/5959
Do not configure renewal guard for dogtag-ipa-renew-agent, as it is not used in IPA anymore. https://fedorahosted.org/freeipa/ticket/5959
|
Looks very good to me. ACK from my side. |
stlaz
reviewed
Jan 12, 2017
|
|
||
| def is_renewal_master(): | ||
| ca = cainstance.CAInstance(host_name=api.env.host) | ||
| return ca.is_renewal_master() |
There was a problem hiding this comment.
CAInstance.is_renewal_master() does not use any of the instance variables, it might be worth making it static.
|
Works fine. |
|
I made a patch that makes is_renewal_master and set_renewal_master classmethods on @tiran recommendation. Feel free to push it along or leave it, don't let it slow us down if you don't like it. |
|
This PR can be safely pushed, an unknown upstream contributor with the same github nick as me will later create a PR with the proposed classmethod change. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This patchset is intended to make @simo5's life easier when changing the RA agent certificate location in #314.
renew agent: handle non-replicated certificates
In addition to replicated certificates (Dogtag certificates, RA
certificate), handle non-replicated certificates in
dogtag-ipa-ca-renew-agent as well.
dogtaginstance: track server certificate with our renew agent
Track Dogtag's server certificate with dogtag-ipa-ca-renew-agent instead of
dogtag-ipa-renew-agent.
cainstance: do not configure renewal guard
Do not configure renewal guard for dogtag-ipa-renew-agent, as it is not
used in IPA anymore.
https://fedorahosted.org/freeipa/ticket/5959