diff options
Diffstat (limited to 'base/deploy')
-rw-r--r-- | base/deploy/src/scriptlets/configuration.py | 1 | ||||
-rw-r--r-- | base/deploy/src/scriptlets/initialization.py | 9 |
2 files changed, 9 insertions, 1 deletions
diff --git a/base/deploy/src/scriptlets/configuration.py b/base/deploy/src/scriptlets/configuration.py index 7e99dd4fe..f7a9a66e6 100644 --- a/base/deploy/src/scriptlets/configuration.py +++ b/base/deploy/src/scriptlets/configuration.py @@ -147,7 +147,6 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def destroy(self): config.pki_log.info(log.CONFIGURATION_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - util.security_domain.deregister() if not config.pki_dry_run_flag: if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ util.instance.apache_instance_subsystems() == 1: diff --git a/base/deploy/src/scriptlets/initialization.py b/base/deploy/src/scriptlets/initialization.py index f158592d3..a5b09812f 100644 --- a/base/deploy/src/scriptlets/initialization.py +++ b/base/deploy/src/scriptlets/initialization.py @@ -95,6 +95,15 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): util.identity.set_gid(master['pki_group']) # get ports to remove selinux context util.configuration_file.populate_non_default_ports() + # de-register instance from its Security Domain + # + # NOTE: Since the security domain of an instance must be up + # and running in order to be de-registered, this step + # must be done PRIOR to instance shutdown because this + # instance's security domain may be a part of a + # tightly-coupled shared instance. + # + util.security_domain.deregister() # ALWAYS Stop this Apache/Tomcat PKI Process util.systemd.stop() return self.rv |