diff options
author | Matthew Harmsen <mharmsen@redhat.com> | 2017-05-12 13:00:54 -0600 |
---|---|---|
committer | Matthew Harmsen <mharmsen@redhat.com> | 2017-05-12 17:38:08 -0600 |
commit | ee5af05036e87a9dad821c9dd8bc0198dac9bd65 (patch) | |
tree | d4890832a606dc17aeb73220d32fe9f675a6d445 /base/server/python | |
parent | 4f9978f7c6641590dec6bbbc4ce9987f798974d4 (diff) | |
download | pki-ee5af05036e87a9dad821c9dd8bc0198dac9bd65.tar.gz pki-ee5af05036e87a9dad821c9dd8bc0198dac9bd65.tar.xz pki-ee5af05036e87a9dad821c9dd8bc0198dac9bd65.zip |
Fix CA installation with HSM in FIPS mode
Bugzilla Bug #1450143 - CA installation with HSM in FIPS mode fails
dogtagpki Pagure Issue #2684 - CA installation with HSM in FIPS mode fails
Diffstat (limited to 'base/server/python')
-rw-r--r-- | base/server/python/pki/server/deployment/pkihelper.py | 19 | ||||
-rw-r--r-- | base/server/python/pki/server/deployment/scriptlets/finalization.py | 3 |
2 files changed, 16 insertions, 6 deletions
diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index 051778d09..a1345de2c 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -1017,11 +1017,20 @@ class Instance: extra=config.PKI_INDENTATION_LEVEL_2) raise - def get_instance_status(self): + def get_instance_status(self, secure_connection=True): + pki_protocol = None + pki_port = None + if secure_connection: + pki_protocol = "https" + pki_port = self.mdict['pki_https_port'] + else: + pki_protocol = "http" + pki_port = self.mdict['pki_http_port'] + connection = pki.client.PKIConnection( - protocol='https', + protocol=pki_protocol, hostname=self.mdict['pki_hostname'], - port=self.mdict['pki_https_port'], + port=pki_port, subsystem=self.mdict['pki_subsystem_type'], accept='application/xml', trust_env=False) @@ -1049,11 +1058,11 @@ class Instance: extra=config.PKI_INDENTATION_LEVEL_3) return None - def wait_for_startup(self, timeout): + def wait_for_startup(self, timeout, secure_connection=True): start_time = datetime.today() status = None while status != "running": - status = self.get_instance_status() + status = self.get_instance_status(secure_connection) time.sleep(1) stop_time = datetime.today() if (stop_time - start_time).total_seconds() >= timeout: diff --git a/base/server/python/pki/server/deployment/scriptlets/finalization.py b/base/server/python/pki/server/deployment/scriptlets/finalization.py index 941691c42..75bb80e2b 100644 --- a/base/server/python/pki/server/deployment/scriptlets/finalization.py +++ b/base/server/python/pki/server/deployment/scriptlets/finalization.py @@ -58,7 +58,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): if config.str2bool(deployer.mdict['pki_restart_configured_instance']): deployer.systemd.restart() # wait for startup - status = deployer.instance.wait_for_startup(60) + # (must use 'http' protocol due to potential FIPS configuration) + status = deployer.instance.wait_for_startup(60, False) if status is None: config.pki_log.error( "server failed to restart", |