Add create_identity and initialize_server_bpki, teach yamltest to use

them, and teach Zookeeper.write_bpki_files() to tolerate being called
with rootd enabled but not yet configured.  See #466.

svn path=/trunk/; revision=5211

1 files changed, 9 insertions, 6 deletions

diff --git a/rpkid/rpki/irdb/zookeeper.py b/rpkid/rpki/irdb/zookeeper.py
index ff05ae2d..8f884723 100644
--- a/rpkid/rpki/irdb/zookeeper.py
+++ b/rpkid/rpki/irdb/zookeeper.py
@@ -405,12 +405,15 @@ class Zookeeper(object):
              self.server_ca.ee_certificates.get(purpose = "irbe").certificate)
 
     if self.run_rootd:
-      rootd = rpki.irdb.ResourceHolderCA.objects.get(handle = self.cfg.get("handle", section = myrpki_section)).rootd
-      writer(self.cfg.get("bpki-ta",         section = rootd_section), self.server_ca.certificate)
-      writer(self.cfg.get("rootd-bpki-crl",  section = rootd_section), self.server_ca.latest_crl)
-      writer(self.cfg.get("rootd-bpki-key",  section = rootd_section), rootd.private_key)
-      writer(self.cfg.get("rootd-bpki-cert", section = rootd_section), rootd.certificate)
-      writer(self.cfg.get("child-bpki-cert", section = rootd_section), rootd.issuer.certificate)
+      try:
+        rootd = rpki.irdb.ResourceHolderCA.objects.get(handle = self.cfg.get("handle", section = myrpki_section)).rootd
+        writer(self.cfg.get("bpki-ta",         section = rootd_section), self.server_ca.certificate)
+        writer(self.cfg.get("rootd-bpki-crl",  section = rootd_section), self.server_ca.latest_crl)
+        writer(self.cfg.get("rootd-bpki-key",  section = rootd_section), rootd.private_key)
+        writer(self.cfg.get("rootd-bpki-cert", section = rootd_section), rootd.certificate)
+        writer(self.cfg.get("child-bpki-cert", section = rootd_section), rootd.issuer.certificate)
+      except rpki.irdb.ResourceHolderCA.DoesNotExist:
+        self.log("rootd enabled but resource holding entity not yet configured, skipping rootd setup")
 
 
   @django.db.transaction.commit_on_success