forked from freeipa/freeipa-container
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathticket-5269.patch
33 lines (27 loc) · 1.42 KB
/
ticket-5269.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
commit a8a666416201a7a7d6739f60854c5e5223b9ceb5
Author: Fraser Tweedale <[email protected]>
Date: Fri Nov 20 15:59:11 2015 +1100
Avoid race condition caused by profile delete and recreate
When importing IPA-managed certificate profiles into Dogtag,
profiles with the same name (usually caIPAserviceCert) are removed,
then immediately recreated with the new profile data. This causes a
race condition - Dogtag's LDAPProfileSystem profileChangeMonitor
thread could observe and process the deletion after the profile was
recreated, disappearing it again.
Update the profile instead of deleting and recreating it to avoid
this race condition.
Fixes: https://fedorahosted.org/freeipa/ticket/5269
Reviewed-By: Jan Cholasta <[email protected]>
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index d230c9b..3e3dce9 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -1812,8 +1812,7 @@ def _create_dogtag_profile(profile_id, profile_data):
root_logger.debug(
"Failed to disable profile '%s' "
"(it is probably already disabled)")
- profile_api.delete_profile(profile_id)
- profile_api.create_profile(profile_data)
+ profile_api.update_profile(profile_id, profile_data)
# enable the profile
try: