Fixed two-step subordinate CA installation.

The initialization scriptlet has been fixed to verify the subsystem
existence properly when running the second step of the two-step
subordinate CA installation.

https://pagure.io/dogtagpki/issue/2707

Change-Id: I0cc8ca21fda8637b4b34f4c5a1c108d213f638f8

1 files changed, 9 insertions, 3 deletions

diff --git a/base/server/python/pki/server/deployment/scriptlets/initialization.py b/base/server/python/pki/server/deployment/scriptlets/initialization.py
index 4dc4e9a80..1ae77e429 100644
--- a/base/server/python/pki/server/deployment/scriptlets/initialization.py
+++ b/base/server/python/pki/server/deployment/scriptlets/initialization.py
@@ -54,13 +54,19 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
         else:
             config.pki_log.info(log.INITIALIZATION_SPAWN_1, __name__,
                                 extra=config.PKI_INDENTATION_LEVEL_1)
+
+            # Verify that the subsystem already exists for the following cases:
+            # - External CA (Step 2)
+            # - Stand-alone PKI (Step 2)
+            # - Two-step installation (Step 2)
+
             if (deployer.mdict['pki_subsystem'] == "CA" or
                 config.str2bool(deployer.mdict['pki_standalone'])) and \
-                    config.str2bool(deployer.mdict['pki_external_step_two']):
-                # verify that this External CA (Step 2), or Stand-alone PKI
-                # (Step 2) currently EXISTS for this "instance"
+                    config.str2bool(deployer.mdict['pki_external_step_two']) or \
+               config.str2bool(deployer.mdict['pki_skip_installation']):
                 deployer.instance.verify_subsystem_exists()
                 deployer.mdict['pki_skip_installation'] = "True"
+
             else:
                 # verify that this type of "subsystem" does NOT yet
                 # exist for this "instance"