diff options
Diffstat (limited to 'base')
-rw-r--r-- | base/server/python/pki/server/deployment/scriptlets/configuration.py | 28 | ||||
-rw-r--r-- | base/server/python/pki/server/deployment/scriptlets/finalization.py | 21 |
2 files changed, 28 insertions, 21 deletions
diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py index 8c6b52368..8086f1c50 100644 --- a/base/server/python/pki/server/deployment/scriptlets/configuration.py +++ b/base/server/python/pki/server/deployment/scriptlets/configuration.py @@ -490,6 +490,34 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): admin_cert = response['adminCert']['cert'] deployer.config_client.process_admin_cert(admin_cert) + if len(deployer.instance.tomcat_instance_subsystems()) == 1: + # Modify contents of 'serverCertNick.conf' (if necessary) + deployer.servercertnick_conf.modify() + + # Optionally, programmatically 'restart' the configured PKI instance + if not config.str2bool(deployer.mdict['pki_restart_configured_instance']): + return + + deployer.systemd.restart() + + # wait for startup + status = None + + if deployer.fips.is_fips_enabled(): + # must use 'http' protocol when FIPS mode is enabled + status = deployer.instance.wait_for_startup( + 60, secure_connection=False) + + else: + status = deployer.instance.wait_for_startup( + 60, secure_connection=True) + + if not status: + config.pki_log.error( + "server failed to restart", + extra=config.PKI_INDENTATION_LEVEL_1) + raise RuntimeError("server failed to restart") + def destroy(self, deployer): config.pki_log.info(log.CONFIGURATION_DESTROY_1, __name__, diff --git a/base/server/python/pki/server/deployment/scriptlets/finalization.py b/base/server/python/pki/server/deployment/scriptlets/finalization.py index ef750b95d..e62051f13 100644 --- a/base/server/python/pki/server/deployment/scriptlets/finalization.py +++ b/base/server/python/pki/server/deployment/scriptlets/finalization.py @@ -50,27 +50,6 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): deployer.systemd.disable() else: deployer.systemd.enable() - if len(deployer.instance.tomcat_instance_subsystems()) == 1: - # Modify contents of 'serverCertNick.conf' (if necessary) - deployer.servercertnick_conf.modify() - - # Optionally, programmatically 'restart' the configured PKI instance - if config.str2bool(deployer.mdict['pki_restart_configured_instance']): - deployer.systemd.restart() - # wait for startup - status = None - if deployer.fips.is_fips_enabled(): - # must use 'http' protocol when FIPS mode is enabled - status = deployer.instance.wait_for_startup( - 60, secure_connection=False) - else: - status = deployer.instance.wait_for_startup( - 60, secure_connection=True) - if status is None: - config.pki_log.error( - "server failed to restart", - extra=config.PKI_INDENTATION_LEVEL_1) - raise RuntimeError("server failed to restart") # Optionally, 'purge' the entire temporary client infrastructure # including the client NSS security databases and password files |