summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthew Harmsen <mharmsen@redhat.com>2012-09-13 17:16:53 -0700
committerMatthew Harmsen <mharmsen@redhat.com>2012-09-13 17:48:21 -0700
commit69c06845a7a39c016ab29b0f2758e989b424698b (patch)
treeeb4c8218f75d3a1af8b4aaec392ac8b07a76e6b3
parent951598a0c5ffe4586462c30863526625207407af (diff)
downloadpki-69c06845a7a39c016ab29b0f2758e989b424698b.tar.gz
pki-69c06845a7a39c016ab29b0f2758e989b424698b.tar.xz
pki-69c06845a7a39c016ab29b0f2758e989b424698b.zip
Deregister subsystem in merged instance
* TRAC Ticket #311 - Unable to deregister subsystem in merged instance
-rw-r--r--base/deploy/src/scriptlets/configuration.py1
-rw-r--r--base/deploy/src/scriptlets/initialization.py9
2 files changed, 9 insertions, 1 deletions
diff --git a/base/deploy/src/scriptlets/configuration.py b/base/deploy/src/scriptlets/configuration.py
index 7e99dd4fe..f7a9a66e6 100644
--- a/base/deploy/src/scriptlets/configuration.py
+++ b/base/deploy/src/scriptlets/configuration.py
@@ -147,7 +147,6 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
def destroy(self):
config.pki_log.info(log.CONFIGURATION_DESTROY_1, __name__,
extra=config.PKI_INDENTATION_LEVEL_1)
- util.security_domain.deregister()
if not config.pki_dry_run_flag:
if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\
util.instance.apache_instance_subsystems() == 1:
diff --git a/base/deploy/src/scriptlets/initialization.py b/base/deploy/src/scriptlets/initialization.py
index f158592d3..a5b09812f 100644
--- a/base/deploy/src/scriptlets/initialization.py
+++ b/base/deploy/src/scriptlets/initialization.py
@@ -95,6 +95,15 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
util.identity.set_gid(master['pki_group'])
# get ports to remove selinux context
util.configuration_file.populate_non_default_ports()
+ # de-register instance from its Security Domain
+ #
+ # NOTE: Since the security domain of an instance must be up
+ # and running in order to be de-registered, this step
+ # must be done PRIOR to instance shutdown because this
+ # instance's security domain may be a part of a
+ # tightly-coupled shared instance.
+ #
+ util.security_domain.deregister()
# ALWAYS Stop this Apache/Tomcat PKI Process
util.systemd.stop()
return self.rv