From 161c5b2f048b577404b8a28f662fda6f72ba5c12 Mon Sep 17 00:00:00 2001
From: Ade Lee <alee@redhat.com>
Date: Wed, 29 Apr 2015 10:57:09 -0400
Subject: Code cleanup - simplify pkispawn code

All subsystems are now tomcat instances.  Conditionals based on
whether the subsystem is a tomcat instance or not are no longer required.
---
 .../python/pki/server/deployment/pkihelper.py      | 448 ++++++------
 .../python/pki/server/deployment/pkiparser.py      | 753 ++++++++++-----------
 .../server/deployment/scriptlets/configuration.py  |  26 +-
 .../server/deployment/scriptlets/finalization.py   |   3 +-
 .../deployment/scriptlets/instance_layout.py       |   9 +-
 .../deployment/scriptlets/security_databases.py    |   3 +-
 .../server/deployment/scriptlets/selinux_setup.py  |  10 +-
 .../deployment/scriptlets/slot_substitution.py     |  33 +-
 .../deployment/scriptlets/subsystem_layout.py      | 103 +--
 .../deployment/scriptlets/webapp_deployment.py     |  77 +--
 10 files changed, 716 insertions(+), 749 deletions(-)

(limited to 'base/server/python/pki')

diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py
index 884215e85..b9d48eea3 100644
--- a/base/server/python/pki/server/deployment/pkihelper.py
+++ b/base/server/python/pki/server/deployment/pkihelper.py
@@ -425,19 +425,19 @@ class Namespace:
                 log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (
                     self.mdict['pki_instance_name'],
                     self.mdict['pki_instance_configuration_path']))
-        if self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
-            # Top-Level Tomcat PKI registry path reserved name collision
-            if self.mdict['pki_instance_name'] in\
-               config.PKI_TOMCAT_REGISTRY_RESERVED_NAMES:
-                config.pki_log.error(
-                    log.PKIHELPER_NAMESPACE_RESERVED_NAME_2,
+
+        # Top-Level Tomcat PKI registry path reserved name collision
+        if self.mdict['pki_instance_name'] in\
+           config.PKI_TOMCAT_REGISTRY_RESERVED_NAMES:
+            config.pki_log.error(
+                log.PKIHELPER_NAMESPACE_RESERVED_NAME_2,
+                self.mdict['pki_instance_name'],
+                self.mdict['pki_instance_registry_path'],
+                extra=config.PKI_INDENTATION_LEVEL_2)
+            raise Exception(
+                log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (
                     self.mdict['pki_instance_name'],
-                    self.mdict['pki_instance_registry_path'],
-                    extra=config.PKI_INDENTATION_LEVEL_2)
-                raise Exception(
-                    log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (
-                        self.mdict['pki_instance_name'],
-                        self.mdict['pki_instance_registry_path']))
+                    self.mdict['pki_instance_registry_path']))
 
 
 class ConfigurationFile:
@@ -551,95 +551,93 @@ class ConfigurationFile:
 
     def verify_sensitive_data(self):
         # Silently verify the existence of 'sensitive' data
-        if self.subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
-            # Verify existence of Directory Server Password
-            # (unless configuration will not be automatically executed)
-            if not self.skip_configuration:
-                self.confirm_data_exists("pki_ds_password")
-            # Verify existence of Admin Password (except for Clones)
-            if not self.clone:
-                self.confirm_data_exists("pki_admin_password")
-            # If required, verify existence of Backup Password
-            if config.str2bool(self.mdict['pki_backup_keys']):
-                self.confirm_data_exists("pki_backup_password")
-            # Verify existence of Client Pin for NSS client security databases
-            self.confirm_data_exists("pki_client_database_password")
-            # Verify existence of Client PKCS #12 Password for Admin Cert
-            self.confirm_data_exists("pki_client_pkcs12_password")
-            # Verify existence of PKCS #12 Password (ONLY for Clones)
-            if self.clone:
-                self.confirm_data_exists("pki_clone_pkcs12_password")
-            # Verify existence of Security Domain Password
-            # (ONLY for PKI KRA, PKI OCSP, PKI TKS, PKI TPS, Clones, or
-            #  Subordinate CA that will be automatically configured and
-            #  are not Stand-alone PKI)
-            if (self.subsystem == "KRA" or
-                    self.subsystem == "OCSP" or
-                    self.subsystem == "TKS" or
-                    self.subsystem == "TPS" or
-                    self.clone or
-                    self.subordinate):
-                if not self.skip_configuration and not self.standalone:
-                    self.confirm_data_exists("pki_security_domain_password")
-            # If required, verify existence of Token Password
-            if config.str2bool(self.mdict['pki_hsm_enable']):
-                self.confirm_data_exists("pki_hsm_libfile")
-                self.confirm_data_exists("pki_hsm_modulename")
-                self.confirm_data_exists("pki_token_name")
-                if self.mdict['pki_token_name'] == "internal":
-                    config.pki_log.error(
-                        log.PKIHELPER_UNDEFINED_HSM_TOKEN,
-                        extra=config.PKI_INDENTATION_LEVEL_2)
-                    raise Exception(log.PKIHELPER_UNDEFINED_HSM_TOKEN)
-            if not self.mdict['pki_token_name'] == "internal":
-                self.confirm_data_exists("pki_token_password")
-        return
+
+        # Verify existence of Directory Server Password
+        # (unless configuration will not be automatically executed)
+        if not self.skip_configuration:
+            self.confirm_data_exists("pki_ds_password")
+        # Verify existence of Admin Password (except for Clones)
+        if not self.clone:
+            self.confirm_data_exists("pki_admin_password")
+        # If required, verify existence of Backup Password
+        if config.str2bool(self.mdict['pki_backup_keys']):
+            self.confirm_data_exists("pki_backup_password")
+        # Verify existence of Client Pin for NSS client security databases
+        self.confirm_data_exists("pki_client_database_password")
+        # Verify existence of Client PKCS #12 Password for Admin Cert
+        self.confirm_data_exists("pki_client_pkcs12_password")
+        # Verify existence of PKCS #12 Password (ONLY for Clones)
+        if self.clone:
+            self.confirm_data_exists("pki_clone_pkcs12_password")
+        # Verify existence of Security Domain Password
+        # (ONLY for PKI KRA, PKI OCSP, PKI TKS, PKI TPS, Clones, or
+        #  Subordinate CA that will be automatically configured and
+        #  are not Stand-alone PKI)
+        if (self.subsystem == "KRA" or
+                self.subsystem == "OCSP" or
+                self.subsystem == "TKS" or
+                self.subsystem == "TPS" or
+                self.clone or
+                self.subordinate):
+            if not self.skip_configuration and not self.standalone:
+                self.confirm_data_exists("pki_security_domain_password")
+        # If required, verify existence of Token Password
+        if config.str2bool(self.mdict['pki_hsm_enable']):
+            self.confirm_data_exists("pki_hsm_libfile")
+            self.confirm_data_exists("pki_hsm_modulename")
+            self.confirm_data_exists("pki_token_name")
+            if self.mdict['pki_token_name'] == "internal":
+                config.pki_log.error(
+                    log.PKIHELPER_UNDEFINED_HSM_TOKEN,
+                    extra=config.PKI_INDENTATION_LEVEL_2)
+                raise Exception(log.PKIHELPER_UNDEFINED_HSM_TOKEN)
+        if not self.mdict['pki_token_name'] == "internal":
+            self.confirm_data_exists("pki_token_password")
 
     def verify_mutually_exclusive_data(self):
         # Silently verify the existence of 'mutually exclusive' data
-        if self.subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
-            if self.subsystem == "CA":
-                if self.clone and self.external and self.subordinate:
-                    config.pki_log.error(
-                        log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_SUB_CA,
-                        self.mdict['pki_user_deployment_cfg'],
-                        extra=config.PKI_INDENTATION_LEVEL_2)
-                    raise Exception(
-                        log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_SUB_CA %
-                        self.mdict['pki_user_deployment_cfg'])
-                elif self.clone and self.external:
-                    config.pki_log.error(
-                        log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_CA,
-                        self.mdict['pki_user_deployment_cfg'],
-                        extra=config.PKI_INDENTATION_LEVEL_2)
-                    raise Exception(
-                        log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_CA %
-                        self.mdict['pki_user_deployment_cfg'])
-                elif self.clone and self.subordinate:
-                    config.pki_log.error(
-                        log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_SUB_CA,
-                        self.mdict['pki_user_deployment_cfg'],
-                        extra=config.PKI_INDENTATION_LEVEL_2)
-                    raise Exception(
-                        log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_SUB_CA %
-                        self.mdict['pki_user_deployment_cfg'])
-                elif self.external and self.subordinate:
-                    config.pki_log.error(
-                        log.PKIHELPER_MUTUALLY_EXCLUSIVE_EXTERNAL_SUB_CA,
-                        self.mdict['pki_user_deployment_cfg'],
-                        extra=config.PKI_INDENTATION_LEVEL_2)
-                    raise Exception(
-                        log.PKIHELPER_MUTUALLY_EXCLUSIVE_EXTERNAL_SUB_CA %
-                        self.mdict['pki_user_deployment_cfg'])
-            elif self.standalone:
-                if self.clone:
-                    config.pki_log.error(
-                        log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_STANDALONE_PKI,
-                        self.mdict['pki_user_deployment_cfg'],
-                        extra=config.PKI_INDENTATION_LEVEL_2)
-                    raise Exception(
-                        log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_STANDALONE_PKI %
-                        self.mdict['pki_user_deployment_cfg'])
+        if self.subsystem == "CA":
+            if self.clone and self.external and self.subordinate:
+                config.pki_log.error(
+                    log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_SUB_CA,
+                    self.mdict['pki_user_deployment_cfg'],
+                    extra=config.PKI_INDENTATION_LEVEL_2)
+                raise Exception(
+                    log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_SUB_CA %
+                    self.mdict['pki_user_deployment_cfg'])
+            elif self.clone and self.external:
+                config.pki_log.error(
+                    log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_CA,
+                    self.mdict['pki_user_deployment_cfg'],
+                    extra=config.PKI_INDENTATION_LEVEL_2)
+                raise Exception(
+                    log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_CA %
+                    self.mdict['pki_user_deployment_cfg'])
+            elif self.clone and self.subordinate:
+                config.pki_log.error(
+                    log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_SUB_CA,
+                    self.mdict['pki_user_deployment_cfg'],
+                    extra=config.PKI_INDENTATION_LEVEL_2)
+                raise Exception(
+                    log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_SUB_CA %
+                    self.mdict['pki_user_deployment_cfg'])
+            elif self.external and self.subordinate:
+                config.pki_log.error(
+                    log.PKIHELPER_MUTUALLY_EXCLUSIVE_EXTERNAL_SUB_CA,
+                    self.mdict['pki_user_deployment_cfg'],
+                    extra=config.PKI_INDENTATION_LEVEL_2)
+                raise Exception(
+                    log.PKIHELPER_MUTUALLY_EXCLUSIVE_EXTERNAL_SUB_CA %
+                    self.mdict['pki_user_deployment_cfg'])
+        elif self.standalone:
+            if self.clone:
+                config.pki_log.error(
+                    log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_STANDALONE_PKI,
+                    self.mdict['pki_user_deployment_cfg'],
+                    extra=config.PKI_INDENTATION_LEVEL_2)
+                raise Exception(
+                    log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_STANDALONE_PKI %
+                    self.mdict['pki_user_deployment_cfg'])
 
     def verify_predefined_configuration_file_data(self):
         # Silently verify the existence of any required 'predefined' data
@@ -652,127 +650,125 @@ class ConfigurationFile:
         #          etc.), and "correctness" (e. g. - file, directory, boolean
         #          'True' or 'False', etc.) of ALL required "value" parameters.
         #
-        if self.subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
-            self.confirm_external()
-            self.confirm_standalone()
-            self.confirm_subordinate()
-            self.confirm_external_step_two()
-            if self.clone:
-                # Verify existence of clone parameters
-                #
-                #     NOTE:  Although this will be checked prior to getting to
-                #            this method, this clone's 'pki_instance_name' MUST
-                #            be different from the master's 'pki_instance_name'
-                #            IF AND ONLY IF the master and clone are located on
-                #            the same host!
-                #
-                self.confirm_data_exists("pki_ds_base_dn")
-                # FUTURE:  Check for unused port value(s)
-                #          (e. g. - must be different from master if the
-                #                   master is located on the same host)
-                self.confirm_data_exists("pki_ds_ldap_port")
-                self.confirm_data_exists("pki_ds_ldaps_port")
-                self.confirm_data_exists("pki_ajp_port")
-                self.confirm_data_exists("pki_http_port")
-                self.confirm_data_exists("pki_https_port")
-                self.confirm_data_exists("pki_tomcat_server_port")
-                self.confirm_data_exists("pki_clone_pkcs12_path")
-                self.confirm_file_exists("pki_clone_pkcs12_path")
-                self.confirm_data_exists("pki_clone_replication_security")
-                self.confirm_data_exists("pki_clone_uri")
-            elif self.external:
-                # External CA
-                if not self.external_step_two:
-                    # External CA (Step 1)
-                    self.confirm_data_exists("pki_external_csr_path")
-                    self.confirm_missing_file("pki_external_csr_path")
-                    # generic extension support in CSR - for external CA
-                    if self.add_req_ext:
-                        self.confirm_data_exists("pki_req_ext_oid")
-                        self.confirm_data_exists("pki_req_ext_critical")
-                        self.confirm_data_exists("pki_req_ext_data")
-                else:
-                    # External CA (Step 2)
-                    self.confirm_data_exists("pki_external_ca_cert_chain_path")
-                    self.confirm_file_exists("pki_external_ca_cert_chain_path")
-                    self.confirm_data_exists("pki_external_ca_cert_path")
-                    self.confirm_file_exists("pki_external_ca_cert_path")
-            elif not self.skip_configuration and self.standalone:
-                if not self.external_step_two:
-                    # Stand-alone PKI Admin CSR (Step 1)
-                    self.confirm_data_exists("pki_external_admin_csr_path")
-                    self.confirm_missing_file("pki_external_admin_csr_path")
-                    # Stand-alone PKI Audit Signing CSR (Step 1)
+        self.confirm_external()
+        self.confirm_standalone()
+        self.confirm_subordinate()
+        self.confirm_external_step_two()
+        if self.clone:
+            # Verify existence of clone parameters
+            #
+            #     NOTE:  Although this will be checked prior to getting to
+            #            this method, this clone's 'pki_instance_name' MUST
+            #            be different from the master's 'pki_instance_name'
+            #            IF AND ONLY IF the master and clone are located on
+            #            the same host!
+            #
+            self.confirm_data_exists("pki_ds_base_dn")
+            # FUTURE:  Check for unused port value(s)
+            #          (e. g. - must be different from master if the
+            #                   master is located on the same host)
+            self.confirm_data_exists("pki_ds_ldap_port")
+            self.confirm_data_exists("pki_ds_ldaps_port")
+            self.confirm_data_exists("pki_ajp_port")
+            self.confirm_data_exists("pki_http_port")
+            self.confirm_data_exists("pki_https_port")
+            self.confirm_data_exists("pki_tomcat_server_port")
+            self.confirm_data_exists("pki_clone_pkcs12_path")
+            self.confirm_file_exists("pki_clone_pkcs12_path")
+            self.confirm_data_exists("pki_clone_replication_security")
+            self.confirm_data_exists("pki_clone_uri")
+        elif self.external:
+            # External CA
+            if not self.external_step_two:
+                # External CA (Step 1)
+                self.confirm_data_exists("pki_external_csr_path")
+                self.confirm_missing_file("pki_external_csr_path")
+                # generic extension support in CSR - for external CA
+                if self.add_req_ext:
+                    self.confirm_data_exists("pki_req_ext_oid")
+                    self.confirm_data_exists("pki_req_ext_critical")
+                    self.confirm_data_exists("pki_req_ext_data")
+            else:
+                # External CA (Step 2)
+                self.confirm_data_exists("pki_external_ca_cert_chain_path")
+                self.confirm_file_exists("pki_external_ca_cert_chain_path")
+                self.confirm_data_exists("pki_external_ca_cert_path")
+                self.confirm_file_exists("pki_external_ca_cert_path")
+        elif not self.skip_configuration and self.standalone:
+            if not self.external_step_two:
+                # Stand-alone PKI Admin CSR (Step 1)
+                self.confirm_data_exists("pki_external_admin_csr_path")
+                self.confirm_missing_file("pki_external_admin_csr_path")
+                # Stand-alone PKI Audit Signing CSR (Step 1)
+                self.confirm_data_exists(
+                    "pki_external_audit_signing_csr_path")
+                self.confirm_missing_file(
+                    "pki_external_audit_signing_csr_path")
+                # Stand-alone PKI SSL Server CSR (Step 1)
+                self.confirm_data_exists("pki_external_sslserver_csr_path")
+                self.confirm_missing_file("pki_external_sslserver_csr_path")
+                # Stand-alone PKI Subsystem CSR (Step 1)
+                self.confirm_data_exists("pki_external_subsystem_csr_path")
+                self.confirm_missing_file("pki_external_subsystem_csr_path")
+                # Stand-alone PKI KRA CSRs
+                if self.subsystem == "KRA":
+                    # Stand-alone PKI KRA Storage CSR (Step 1)
                     self.confirm_data_exists(
-                        "pki_external_audit_signing_csr_path")
+                        "pki_external_storage_csr_path")
                     self.confirm_missing_file(
-                        "pki_external_audit_signing_csr_path")
-                    # Stand-alone PKI SSL Server CSR (Step 1)
-                    self.confirm_data_exists("pki_external_sslserver_csr_path")
-                    self.confirm_missing_file("pki_external_sslserver_csr_path")
-                    # Stand-alone PKI Subsystem CSR (Step 1)
-                    self.confirm_data_exists("pki_external_subsystem_csr_path")
-                    self.confirm_missing_file("pki_external_subsystem_csr_path")
-                    # Stand-alone PKI KRA CSRs
-                    if self.subsystem == "KRA":
-                        # Stand-alone PKI KRA Storage CSR (Step 1)
-                        self.confirm_data_exists(
-                            "pki_external_storage_csr_path")
-                        self.confirm_missing_file(
-                            "pki_external_storage_csr_path")
-                        # Stand-alone PKI KRA Transport CSR (Step 1)
-                        self.confirm_data_exists(
-                            "pki_external_transport_csr_path")
-                        self.confirm_missing_file(
-                            "pki_external_transport_csr_path")
-                    # Stand-alone PKI OCSP CSRs
-                    if self.subsystem == "OCSP":
-                        # Stand-alone PKI OCSP OCSP Signing CSR (Step 1)
-                        self.confirm_data_exists(
-                            "pki_external_signing_csr_path")
-                        self.confirm_missing_file(
-                            "pki_external_signing_csr_path")
-                else:
-                    # Stand-alone PKI External CA Certificate Chain (Step 2)
-                    self.confirm_data_exists("pki_external_ca_cert_chain_path")
-                    self.confirm_file_exists("pki_external_ca_cert_chain_path")
-                    # Stand-alone PKI External CA Certificate (Step 2)
-                    self.confirm_data_exists("pki_external_ca_cert_path")
-                    self.confirm_file_exists("pki_external_ca_cert_path")
-                    # Stand-alone PKI Admin Certificate (Step 2)
-                    self.confirm_data_exists("pki_external_admin_cert_path")
-                    self.confirm_file_exists("pki_external_admin_cert_path")
-                    # Stand-alone PKI Audit Signing Certificate (Step 2)
+                        "pki_external_storage_csr_path")
+                    # Stand-alone PKI KRA Transport CSR (Step 1)
+                    self.confirm_data_exists(
+                        "pki_external_transport_csr_path")
+                    self.confirm_missing_file(
+                        "pki_external_transport_csr_path")
+                # Stand-alone PKI OCSP CSRs
+                if self.subsystem == "OCSP":
+                    # Stand-alone PKI OCSP OCSP Signing CSR (Step 1)
                     self.confirm_data_exists(
-                        "pki_external_audit_signing_cert_path")
+                        "pki_external_signing_csr_path")
+                    self.confirm_missing_file(
+                        "pki_external_signing_csr_path")
+            else:
+                # Stand-alone PKI External CA Certificate Chain (Step 2)
+                self.confirm_data_exists("pki_external_ca_cert_chain_path")
+                self.confirm_file_exists("pki_external_ca_cert_chain_path")
+                # Stand-alone PKI External CA Certificate (Step 2)
+                self.confirm_data_exists("pki_external_ca_cert_path")
+                self.confirm_file_exists("pki_external_ca_cert_path")
+                # Stand-alone PKI Admin Certificate (Step 2)
+                self.confirm_data_exists("pki_external_admin_cert_path")
+                self.confirm_file_exists("pki_external_admin_cert_path")
+                # Stand-alone PKI Audit Signing Certificate (Step 2)
+                self.confirm_data_exists(
+                    "pki_external_audit_signing_cert_path")
+                self.confirm_file_exists(
+                    "pki_external_audit_signing_cert_path")
+                # Stand-alone PKI SSL Server Certificate (Step 2)
+                self.confirm_data_exists("pki_external_sslserver_cert_path")
+                self.confirm_file_exists("pki_external_sslserver_cert_path")
+                # Stand-alone PKI Subsystem Certificate (Step 2)
+                self.confirm_data_exists("pki_external_subsystem_cert_path")
+                self.confirm_file_exists("pki_external_subsystem_cert_path")
+                # Stand-alone PKI KRA Certificates
+                if self.subsystem == "KRA":
+                    # Stand-alone PKI KRA Storage Certificate (Step 2)
+                    self.confirm_data_exists(
+                        "pki_external_storage_cert_path")
                     self.confirm_file_exists(
-                        "pki_external_audit_signing_cert_path")
-                    # Stand-alone PKI SSL Server Certificate (Step 2)
-                    self.confirm_data_exists("pki_external_sslserver_cert_path")
-                    self.confirm_file_exists("pki_external_sslserver_cert_path")
-                    # Stand-alone PKI Subsystem Certificate (Step 2)
-                    self.confirm_data_exists("pki_external_subsystem_cert_path")
-                    self.confirm_file_exists("pki_external_subsystem_cert_path")
-                    # Stand-alone PKI KRA Certificates
-                    if self.subsystem == "KRA":
-                        # Stand-alone PKI KRA Storage Certificate (Step 2)
-                        self.confirm_data_exists(
-                            "pki_external_storage_cert_path")
-                        self.confirm_file_exists(
-                            "pki_external_storage_cert_path")
-                        # Stand-alone PKI KRA Transport Certificate (Step 2)
-                        self.confirm_data_exists(
-                            "pki_external_transport_cert_path")
-                        self.confirm_file_exists(
-                            "pki_external_transport_cert_path")
-                    # Stand-alone PKI OCSP Certificates
-                    if self.subsystem == "OCSP":
-                        # Stand-alone PKI OCSP OCSP Signing Certificate (Step 2)
-                        self.confirm_data_exists(
-                            "pki_external_signing_cert_path")
-                        self.confirm_file_exists(
-                            "pki_external_signing_cert_path")
-        return
+                        "pki_external_storage_cert_path")
+                    # Stand-alone PKI KRA Transport Certificate (Step 2)
+                    self.confirm_data_exists(
+                        "pki_external_transport_cert_path")
+                    self.confirm_file_exists(
+                        "pki_external_transport_cert_path")
+                # Stand-alone PKI OCSP Certificates
+                if self.subsystem == "OCSP":
+                    # Stand-alone PKI OCSP OCSP Signing Certificate (Step 2)
+                    self.confirm_data_exists(
+                        "pki_external_signing_cert_path")
+                    self.confirm_file_exists(
+                        "pki_external_signing_cert_path")
 
     def populate_non_default_ports(self):
         if (self.mdict['pki_http_port'] !=
@@ -3489,10 +3485,9 @@ class Systemd(object):
             if reload_daemon:
                 self.daemon_reload(critical_failure)
             # Compose this "systemd" execution management command
-            if self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
-                service = "pki-tomcatd" + "@" +\
-                          self.mdict['pki_instance_name'] + "." +\
-                          "service"
+            service = "pki-tomcatd" + "@" +\
+                      self.mdict['pki_instance_name'] + "." +\
+                      "service"
 
             if pki.system.SYSTEM_TYPE == "debian":
                 command = ["/etc/init.d/pki-tomcatd", "start",
@@ -3540,10 +3535,9 @@ class Systemd(object):
         try:
             service = None
             # Compose this "systemd" execution management command
-            if self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
-                service = "pki-tomcatd" + "@" +\
-                          self.mdict['pki_instance_name'] + "." +\
-                          "service"
+            service = "pki-tomcatd" + "@" +\
+                      self.mdict['pki_instance_name'] + "." +\
+                      "service"
 
             if pki.system.SYSTEM_TYPE == "debian":
                 command = ["/etc/init.d/pki-tomcatd", "stop",
@@ -3595,10 +3589,10 @@ class Systemd(object):
             # Execute the "systemd daemon-reload" management lifecycle command
             if reload_daemon:
                 self.daemon_reload(critical_failure)
-            if self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
-                service = "pki-tomcatd" + "@" +\
-                          self.mdict['pki_instance_name'] + "." +\
-                          "service"
+
+            service = "pki-tomcatd" + "@" +\
+                      self.mdict['pki_instance_name'] + "." +\
+                      "service"
 
             if pki.system.SYSTEM_TYPE == "debian":
                 command = ["/etc/init.d/pki-tomcatd", "restart",
diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py
index 3d178ba7c..b39075f6c 100644
--- a/base/server/python/pki/server/deployment/pkiparser.py
+++ b/base/server/python/pki/server/deployment/pkiparser.py
@@ -179,10 +179,9 @@ class PKIConfigParser:
         # workaround for pylint error E1103
         jni_jar_dir = str(jni_jar_dir).strip()
 
-        if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
-            default_instance_name = 'pki-tomcat'
-            default_http_port = '8080'
-            default_https_port = '8443'
+        default_instance_name = 'pki-tomcat'
+        default_http_port = '8080'
+        default_https_port = '8443'
 
         application_version = str(pki.upgrade.Version(
             pki.implementation_version()))
@@ -380,9 +379,8 @@ class PKIConfigParser:
         self.mdict.update(default_dict)
 
         web_server_dict = None
-        if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
-            if self.pki_config.has_section('Tomcat'):
-                web_server_dict = dict(self.pki_config.items('Tomcat'))
+        if self.pki_config.has_section('Tomcat'):
+            web_server_dict = dict(self.pki_config.items('Tomcat'))
 
         if web_server_dict:
             web_server_dict[0] = None
@@ -630,114 +628,115 @@ class PKIConfigParser:
                 self.mdict['pki_one_time_pin'] = \
                     ''.join(random.choice(string.ascii_letters + string.digits)\
                     for x in range(20))
-            if self.mdict['pki_subsystem'] in\
-               config.PKI_TOMCAT_SUBSYSTEMS:
-                self.mdict['pki_target_catalina_properties'] = \
+
+            self.mdict['pki_target_catalina_properties'] = \
+                os.path.join(
+                    self.mdict['pki_instance_configuration_path'],
+                    "catalina.properties")
+            self.mdict['pki_target_servercertnick_conf'] = \
+                os.path.join(
+                    self.mdict['pki_instance_configuration_path'],
+                    "serverCertNick.conf")
+            self.mdict['pki_target_server_xml'] = \
+                os.path.join(
+                    self.mdict['pki_instance_configuration_path'],
+                    "server.xml")
+            self.mdict['pki_target_context_xml'] = \
+                os.path.join(
+                    self.mdict['pki_instance_configuration_path'],
+                    "context.xml")
+            self.mdict['pki_target_tomcat_conf_instance_id'] = \
+                self.mdict['pki_root_prefix'] + \
+                "/etc/sysconfig/" + \
+                self.mdict['pki_instance_name']
+            self.mdict['pki_target_tomcat_conf'] = \
+                os.path.join(
+                    self.mdict['pki_instance_configuration_path'],
+                    "tomcat.conf")
+            # in-place slot substitution name/value pairs
+            self.mdict['pki_target_subsystem_web_xml'] = \
+                os.path.join(
+                    self.mdict['pki_tomcat_webapps_subsystem_path'],
+                    "WEB-INF",
+                    "web.xml")
+            self.mdict['pki_target_subsystem_web_xml_orig'] = \
+                os.path.join(
+                    self.mdict['pki_tomcat_webapps_subsystem_path'],
+                    "WEB-INF",
+                    "web.xml.orig")
+            # subystem-specific slot substitution name/value pairs
+            if self.mdict['pki_subsystem'] == "CA":
+                self.mdict['pki_target_flatfile_txt'] = \
+                    os.path.join(
+                        self.mdict['pki_subsystem_configuration_path'],
+                        "flatfile.txt")
+                self.mdict['pki_target_proxy_conf'] = \
+                    os.path.join(
+                        self.mdict['pki_subsystem_configuration_path'],
+                        "proxy.conf")
+                self.mdict['pki_target_registry_cfg'] = \
                     os.path.join(
-                        self.mdict['pki_instance_configuration_path'],
-                        "catalina.properties")
-                self.mdict['pki_target_servercertnick_conf'] = \
+                        self.mdict['pki_subsystem_configuration_path'],
+                        "registry.cfg")
+                # '*.profile'
+                self.mdict['pki_target_admincert_profile'] = \
                     os.path.join(
-                        self.mdict['pki_instance_configuration_path'],
-                        "serverCertNick.conf")
-                self.mdict['pki_target_server_xml'] = \
+                        self.mdict['pki_subsystem_configuration_path'],
+                        "adminCert.profile")
+                self.mdict['pki_target_caauditsigningcert_profile'] = \
                     os.path.join(
-                        self.mdict['pki_instance_configuration_path'],
-                        "server.xml")
-                self.mdict['pki_target_context_xml'] = \
+                        self.mdict['pki_subsystem_configuration_path'],
+                        "caAuditSigningCert.profile")
+                self.mdict['pki_target_cacert_profile'] = \
                     os.path.join(
-                        self.mdict['pki_instance_configuration_path'],
-                        "context.xml")
-                self.mdict['pki_target_tomcat_conf_instance_id'] = \
-                    self.mdict['pki_root_prefix'] + \
-                    "/etc/sysconfig/" + \
-                    self.mdict['pki_instance_name']
-                self.mdict['pki_target_tomcat_conf'] = \
+                        self.mdict['pki_subsystem_configuration_path'],
+                        "caCert.profile")
+                self.mdict['pki_target_caocspcert_profile'] = \
                     os.path.join(
-                        self.mdict['pki_instance_configuration_path'],
-                        "tomcat.conf")
+                        self.mdict['pki_subsystem_configuration_path'],
+                        "caOCSPCert.profile")
+                self.mdict['pki_target_servercert_profile'] = \
+                    os.path.join(
+                        self.mdict['pki_subsystem_configuration_path'],
+                        "serverCert.profile")
+                self.mdict['pki_target_subsystemcert_profile'] = \
+                    os.path.join(
+                        self.mdict['pki_subsystem_configuration_path'],
+                        "subsystemCert.profile")
                 # in-place slot substitution name/value pairs
-                self.mdict['pki_target_subsystem_web_xml'] = \
+                if config.str2bool(self.mdict['pki_profiles_in_ldap']):
+                    self.mdict['PKI_PROFILE_SUBSYSTEM_SLOT'] = \
+                        'LDAPProfileSubsystem'
+                else:
+                    self.mdict['PKI_PROFILE_SUBSYSTEM_SLOT'] = \
+                        'ProfileSubsystem'
+            elif self.mdict['pki_subsystem'] == "KRA":
+                # '*.profile'
+                self.mdict['pki_target_servercert_profile'] = \
                     os.path.join(
-                        self.mdict['pki_tomcat_webapps_subsystem_path'],
-                        "WEB-INF",
-                        "web.xml")
-                self.mdict['pki_target_subsystem_web_xml_orig'] = \
+                        self.mdict['pki_subsystem_configuration_path'],
+                        "serverCert.profile")
+                self.mdict['pki_target_storagecert_profile'] = \
                     os.path.join(
-                        self.mdict['pki_tomcat_webapps_subsystem_path'],
-                        "WEB-INF",
-                        "web.xml.orig")
-                # subystem-specific slot substitution name/value pairs
-                if self.mdict['pki_subsystem'] == "CA":
-                    self.mdict['pki_target_flatfile_txt'] = \
-                        os.path.join(
-                            self.mdict['pki_subsystem_configuration_path'],
-                            "flatfile.txt")
-                    self.mdict['pki_target_proxy_conf'] = \
-                        os.path.join(
-                            self.mdict['pki_subsystem_configuration_path'],
-                            "proxy.conf")
-                    self.mdict['pki_target_registry_cfg'] = \
-                        os.path.join(
-                            self.mdict['pki_subsystem_configuration_path'],
-                            "registry.cfg")
-                    # '*.profile'
-                    self.mdict['pki_target_admincert_profile'] = \
-                        os.path.join(
-                            self.mdict['pki_subsystem_configuration_path'],
-                            "adminCert.profile")
-                    self.mdict['pki_target_caauditsigningcert_profile'] = \
-                        os.path.join(
-                            self.mdict['pki_subsystem_configuration_path'],
-                            "caAuditSigningCert.profile")
-                    self.mdict['pki_target_cacert_profile'] = \
-                        os.path.join(
-                            self.mdict['pki_subsystem_configuration_path'],
-                            "caCert.profile")
-                    self.mdict['pki_target_caocspcert_profile'] = \
-                        os.path.join(
-                            self.mdict['pki_subsystem_configuration_path'],
-                            "caOCSPCert.profile")
-                    self.mdict['pki_target_servercert_profile'] = \
-                        os.path.join(
-                            self.mdict['pki_subsystem_configuration_path'],
-                            "serverCert.profile")
-                    self.mdict['pki_target_subsystemcert_profile'] = \
-                        os.path.join(
-                            self.mdict['pki_subsystem_configuration_path'],
-                            "subsystemCert.profile")
-                    # in-place slot substitution name/value pairs
-                    if config.str2bool(self.mdict['pki_profiles_in_ldap']):
-                        self.mdict['PKI_PROFILE_SUBSYSTEM_SLOT'] = 'LDAPProfileSubsystem'
-                    else:
-                        self.mdict['PKI_PROFILE_SUBSYSTEM_SLOT'] = 'ProfileSubsystem'
-                elif self.mdict['pki_subsystem'] == "KRA":
-                    # '*.profile'
-                    self.mdict['pki_target_servercert_profile'] = \
-                        os.path.join(
-                            self.mdict['pki_subsystem_configuration_path'],
-                            "serverCert.profile")
-                    self.mdict['pki_target_storagecert_profile'] = \
-                        os.path.join(
-                            self.mdict['pki_subsystem_configuration_path'],
-                            "storageCert.profile")
-                    self.mdict['pki_target_subsystemcert_profile'] = \
-                        os.path.join(
-                            self.mdict['pki_subsystem_configuration_path'],
-                            "subsystemCert.profile")
-                    self.mdict['pki_target_transportcert_profile'] = \
-                        os.path.join(
-                            self.mdict['pki_subsystem_configuration_path'],
-                            "transportCert.profile")
-                elif self.mdict['pki_subsystem'] == "TPS":
-                    self.mdict['pki_target_registry_cfg'] = \
-                        os.path.join(
-                            self.mdict['pki_subsystem_configuration_path'],
-                            "registry.cfg")
-                    self.mdict['pki_target_phone_home_xml'] = \
-                        os.path.join(
-                            self.mdict['pki_subsystem_configuration_path'],
-                            "phoneHome.xml")
+                        self.mdict['pki_subsystem_configuration_path'],
+                        "storageCert.profile")
+                self.mdict['pki_target_subsystemcert_profile'] = \
+                    os.path.join(
+                        self.mdict['pki_subsystem_configuration_path'],
+                        "subsystemCert.profile")
+                self.mdict['pki_target_transportcert_profile'] = \
+                    os.path.join(
+                        self.mdict['pki_subsystem_configuration_path'],
+                        "transportCert.profile")
+            elif self.mdict['pki_subsystem'] == "TPS":
+                self.mdict['pki_target_registry_cfg'] = \
+                    os.path.join(
+                        self.mdict['pki_subsystem_configuration_path'],
+                        "registry.cfg")
+                self.mdict['pki_target_phone_home_xml'] = \
+                    os.path.join(
+                        self.mdict['pki_subsystem_configuration_path'],
+                        "phoneHome.xml")
 
             # Slot assignment name/value pairs
             #     NOTE:  Master key == Slots key; Master value ==> Slots value
@@ -749,280 +748,280 @@ class PKIConfigParser:
             self.mdict['PKI_REGISTRY_FILE_SLOT'] = \
                 os.path.join(self.mdict['pki_subsystem_registry_path'],
                              self.mdict['pki_instance_name'])
-            if self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
-                self.mdict['INSTALL_TIME_SLOT'] = \
-                    self.mdict['pki_install_time']
-                self.mdict['PKI_ADMIN_SECURE_PORT_SLOT'] = \
-                    self.mdict['pki_https_port']
-                self.mdict['PKI_ADMIN_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \
-                    "Unused"
-                self.mdict['PKI_ADMIN_SECURE_PORT_SERVER_COMMENT_SLOT'] = ""
-                self.mdict['PKI_AGENT_CLIENTAUTH_SLOT'] = "want"
-                self.mdict['PKI_AGENT_SECURE_PORT_SLOT'] = \
-                    self.mdict['pki_https_port']
-                self.mdict['PKI_AJP_PORT_SLOT'] = \
-                    self.mdict['pki_ajp_port']
-                self.mdict['PKI_AJP_REDIRECT_PORT_SLOT'] = \
-                    self.mdict['pki_https_port']
-                self.mdict['PKI_CA_HOSTNAME_SLOT'] = \
-                    self.mdict['pki_ca_hostname']
-                self.mdict['PKI_CA_PORT_SLOT'] = \
-                    self.mdict['pki_ca_port']
-                self.mdict['PKI_CERT_DB_PASSWORD_SLOT'] = \
-                    self.mdict['pki_pin']
-                self.mdict['PKI_CFG_PATH_NAME_SLOT'] = \
-                    self.mdict['pki_target_cs_cfg']
-                self.mdict['PKI_CLOSE_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] = \
+
+            self.mdict['INSTALL_TIME_SLOT'] = \
+                self.mdict['pki_install_time']
+            self.mdict['PKI_ADMIN_SECURE_PORT_SLOT'] = \
+                self.mdict['pki_https_port']
+            self.mdict['PKI_ADMIN_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \
+                "Unused"
+            self.mdict['PKI_ADMIN_SECURE_PORT_SERVER_COMMENT_SLOT'] = ""
+            self.mdict['PKI_AGENT_CLIENTAUTH_SLOT'] = "want"
+            self.mdict['PKI_AGENT_SECURE_PORT_SLOT'] = \
+                self.mdict['pki_https_port']
+            self.mdict['PKI_AJP_PORT_SLOT'] = \
+                self.mdict['pki_ajp_port']
+            self.mdict['PKI_AJP_REDIRECT_PORT_SLOT'] = \
+                self.mdict['pki_https_port']
+            self.mdict['PKI_CA_HOSTNAME_SLOT'] = \
+                self.mdict['pki_ca_hostname']
+            self.mdict['PKI_CA_PORT_SLOT'] = \
+                self.mdict['pki_ca_port']
+            self.mdict['PKI_CERT_DB_PASSWORD_SLOT'] = \
+                self.mdict['pki_pin']
+            self.mdict['PKI_CFG_PATH_NAME_SLOT'] = \
+                self.mdict['pki_target_cs_cfg']
+            self.mdict['PKI_CLOSE_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] = \
+                "-->"
+            self.mdict['PKI_CLOSE_SEPARATE_PORTS_WEB_COMMENT_SLOT'] = \
+                "-->"
+            self.mdict['PKI_DS_SECURE_CONNECTION_SLOT'] = \
+                self.mdict['pki_ds_secure_connection'].lower()
+            self.mdict['PKI_EE_SECURE_CLIENT_AUTH_PORT_SLOT'] = \
+                self.mdict['pki_https_port']
+            self.mdict\
+                ['PKI_EE_SECURE_CLIENT_AUTH_PORT_CONNECTOR_NAME_SLOT'] = \
+                "Unused"
+            self.mdict\
+                ['PKI_EE_SECURE_CLIENT_AUTH_PORT_SERVER_COMMENT_SLOT'] = \
+                ""
+            self.mdict['PKI_EE_SECURE_CLIENT_AUTH_PORT_UI_SLOT'] = \
+                self.mdict['pki_https_port']
+            self.mdict['PKI_EE_SECURE_PORT_SLOT'] = \
+                self.mdict['pki_https_port']
+            self.mdict['PKI_EE_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \
+                "Unused"
+            self.mdict['PKI_EE_SECURE_PORT_SERVER_COMMENT_SLOT'] = \
+                ""
+            self.mdict['PKI_GROUP_SLOT'] = \
+                self.mdict['pki_group']
+            self.mdict['PKI_INSTANCE_PATH_SLOT'] = \
+                self.mdict['pki_instance_path']
+            self.mdict['PKI_INSTANCE_ROOT_SLOT'] = \
+                self.mdict['pki_path']
+            self.mdict['PKI_LOCKDIR_SLOT'] = \
+                os.path.join("/var/lock/pki",
+                             "tomcat")
+            self.mdict['PKI_HOSTNAME_SLOT'] = \
+                self.mdict['pki_hostname']
+            self.mdict['PKI_OPEN_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] = \
+                "<!--"
+            self.mdict['PKI_OPEN_SEPARATE_PORTS_WEB_COMMENT_SLOT'] = \
+                "<!--"
+            self.mdict['PKI_PIDDIR_SLOT'] = \
+                os.path.join("/var/run/pki", "tomcat")
+            if config.str2bool(self.mdict['pki_enable_proxy']):
+                self.mdict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] = \
+                    ""
+                self.mdict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] = \
+                    ""
+                self.mdict['PKI_PROXY_SECURE_PORT_SLOT'] = \
+                    self.mdict['pki_proxy_https_port']
+                self.mdict['PKI_PROXY_UNSECURE_PORT_SLOT'] = \
+                    self.mdict['pki_proxy_http_port']
+                self.mdict['PKI_OPEN_AJP_PORT_COMMENT_SLOT'] = \
+                    ""
+                self.mdict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] = \
+                    ""
+            else:
+                self.mdict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] = \
                     "-->"
-                self.mdict['PKI_CLOSE_SEPARATE_PORTS_WEB_COMMENT_SLOT'] = \
+                self.mdict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] = \
                     "-->"
-                self.mdict['PKI_DS_SECURE_CONNECTION_SLOT'] = \
-                    self.mdict['pki_ds_secure_connection'].lower()
-                self.mdict['PKI_EE_SECURE_CLIENT_AUTH_PORT_SLOT'] = \
-                    self.mdict['pki_https_port']
-                self.mdict\
-                    ['PKI_EE_SECURE_CLIENT_AUTH_PORT_CONNECTOR_NAME_SLOT'] = \
-                    "Unused"
-                self.mdict\
-                    ['PKI_EE_SECURE_CLIENT_AUTH_PORT_SERVER_COMMENT_SLOT'] = \
+                self.mdict['PKI_PROXY_SECURE_PORT_SLOT'] = ""
+                self.mdict['PKI_PROXY_UNSECURE_PORT_SLOT'] = ""
+                self.mdict['PKI_OPEN_AJP_PORT_COMMENT_SLOT'] = \
+                    "<!--"
+                self.mdict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] = \
+                    "<!--"
+            if config.str2bool(self.mdict['pki_standalone']):
+                # Stand-alone PKI
+                self.mdict['PKI_CLOSE_STANDALONE_COMMENT_SLOT'] = \
                     ""
-                self.mdict['PKI_EE_SECURE_CLIENT_AUTH_PORT_UI_SLOT'] = \
-                    self.mdict['pki_https_port']
-                self.mdict['PKI_EE_SECURE_PORT_SLOT'] = \
-                    self.mdict['pki_https_port']
-                self.mdict['PKI_EE_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \
-                    "Unused"
-                self.mdict['PKI_EE_SECURE_PORT_SERVER_COMMENT_SLOT'] = \
+                self.mdict['PKI_OPEN_STANDALONE_COMMENT_SLOT'] = \
                     ""
-                self.mdict['PKI_GROUP_SLOT'] = \
-                    self.mdict['pki_group']
-                self.mdict['PKI_INSTANCE_PATH_SLOT'] = \
-                    self.mdict['pki_instance_path']
-                self.mdict['PKI_INSTANCE_ROOT_SLOT'] = \
-                    self.mdict['pki_path']
-                self.mdict['PKI_LOCKDIR_SLOT'] = \
-                    os.path.join("/var/lock/pki",
-                                 "tomcat")
-                self.mdict['PKI_HOSTNAME_SLOT'] = \
-                    self.mdict['pki_hostname']
-                self.mdict['PKI_OPEN_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] = \
-                    "<!--"
-                self.mdict['PKI_OPEN_SEPARATE_PORTS_WEB_COMMENT_SLOT'] = \
+                self.mdict['PKI_STANDALONE_SLOT'] = "true"
+            else:
+                self.mdict['PKI_CLOSE_STANDALONE_COMMENT_SLOT'] = \
+                    "-->"
+                self.mdict['PKI_OPEN_STANDALONE_COMMENT_SLOT'] = \
                     "<!--"
-                self.mdict['PKI_PIDDIR_SLOT'] = \
-                    os.path.join("/var/run/pki", "tomcat")
-                if config.str2bool(self.mdict['pki_enable_proxy']):
-                    self.mdict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] = \
-                        ""
-                    self.mdict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] = \
-                        ""
-                    self.mdict['PKI_PROXY_SECURE_PORT_SLOT'] = \
-                        self.mdict['pki_proxy_https_port']
-                    self.mdict['PKI_PROXY_UNSECURE_PORT_SLOT'] = \
-                        self.mdict['pki_proxy_http_port']
-                    self.mdict['PKI_OPEN_AJP_PORT_COMMENT_SLOT'] = \
-                        ""
-                    self.mdict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] = \
-                        ""
-                else:
-                    self.mdict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] = \
-                        "-->"
-                    self.mdict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] = \
-                        "-->"
-                    self.mdict['PKI_PROXY_SECURE_PORT_SLOT'] = ""
-                    self.mdict['PKI_PROXY_UNSECURE_PORT_SLOT'] = ""
-                    self.mdict['PKI_OPEN_AJP_PORT_COMMENT_SLOT'] = \
-                        "<!--"
-                    self.mdict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] = \
-                        "<!--"
-                if config.str2bool(self.mdict['pki_standalone']):
-                    # Stand-alone PKI
-                    self.mdict['PKI_CLOSE_STANDALONE_COMMENT_SLOT'] = \
-                        ""
-                    self.mdict['PKI_OPEN_STANDALONE_COMMENT_SLOT'] = \
-                        ""
-                    self.mdict['PKI_STANDALONE_SLOT'] = "true"
-                else:
-                    self.mdict['PKI_CLOSE_STANDALONE_COMMENT_SLOT'] = \
-                        "-->"
-                    self.mdict['PKI_OPEN_STANDALONE_COMMENT_SLOT'] = \
-                        "<!--"
-                    self.mdict['PKI_STANDALONE_SLOT'] = "false"
-                if config.str2bool(self.mdict['pki_enable_access_log']):
-                    self.mdict['PKI_CLOSE_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \
-                        ""
-                    self.mdict['PKI_OPEN_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \
-                        ""
-                else:
-                    self.mdict['PKI_CLOSE_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \
-                        "-->"
-                    self.mdict['PKI_OPEN_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \
-                        "<!--"
-                self.mdict['PKI_TMPDIR_SLOT'] = \
-                    self.mdict['pki_tomcat_tmpdir_path']
-                self.mdict['PKI_RESTEASY_LIB_SLOT'] = \
-                    self.mdict['resteasy_lib']
-                self.mdict['PKI_RANDOM_NUMBER_SLOT'] = \
-                    self.mdict['pki_one_time_pin']
-                self.mdict['PKI_SECURE_PORT_SLOT'] = \
-                    self.mdict['pki_https_port']
-                self.mdict['PKI_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \
-                    "Secure"
-                self.mdict['PKI_SECURE_PORT_SERVER_COMMENT_SLOT'] = \
-                    "<!-- " + \
-                    "Shared Ports:  Agent, EE, and Admin Secure Port Connector " + \
+                self.mdict['PKI_STANDALONE_SLOT'] = "false"
+            if config.str2bool(self.mdict['pki_enable_access_log']):
+                self.mdict['PKI_CLOSE_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \
+                    ""
+                self.mdict['PKI_OPEN_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \
+                    ""
+            else:
+                self.mdict['PKI_CLOSE_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \
                     "-->"
-                self.mdict['PKI_SECURITY_MANAGER_SLOT'] = \
-                    self.mdict['pki_security_manager']
-                self.mdict['PKI_SERVER_XML_CONF_SLOT'] = \
-                    self.mdict['pki_target_server_xml']
-                self.mdict['PKI_SSL_SERVER_NICKNAME_SLOT'] = \
-                    self.mdict['pki_ssl_server_nickname']
-                self.mdict['PKI_SUBSYSTEM_TYPE_SLOT'] = \
-                    self.mdict['pki_subsystem'].lower()
-                self.mdict['PKI_SYSTEMD_SERVICENAME_SLOT'] = \
-                    "pki-tomcatd" + "@" + \
-                    self.mdict['pki_instance_name'] + ".service"
-                self.mdict['PKI_UNSECURE_PORT_SLOT'] = \
-                    self.mdict['pki_http_port']
-                self.mdict['PKI_UNSECURE_PORT_CONNECTOR_NAME_SLOT'] = \
-                    "Unsecure"
-                self.mdict['PKI_UNSECURE_PORT_SERVER_COMMENT_SLOT'] = \
-                    "<!-- Shared Ports:  Unsecure Port Connector -->"
-                self.mdict['PKI_USER_SLOT'] = \
-                    self.mdict['pki_user']
-                self.mdict['PKI_WEB_SERVER_TYPE_SLOT'] = \
-                    "tomcat"
-                self.mdict['PKI_WEBAPPS_NAME_SLOT'] = \
-                    "webapps"
-                self.mdict['TOMCAT_CFG_SLOT'] = \
-                    self.mdict['pki_target_tomcat_conf']
-                self.mdict['TOMCAT_INSTANCE_COMMON_LIB_SLOT'] = \
-                    os.path.join(
-                        self.mdict['pki_tomcat_common_lib_path'],
-                        "*.jar")
-                self.mdict['TOMCAT_LOG_DIR_SLOT'] = \
-                    self.mdict['pki_instance_log_path']
-                self.mdict['TOMCAT_PIDFILE_SLOT'] = \
-                    "/var/run/pki/tomcat/" + self.mdict['pki_instance_name'] + \
-                    ".pid"
-                self.mdict['TOMCAT_SERVER_PORT_SLOT'] = \
-                    self.mdict['pki_tomcat_server_port']
-                self.mdict['TOMCAT_SSL_VERSION_RANGE_STREAM_SLOT'] = \
-                    "tls1_0:tls1_2"
-                self.mdict['TOMCAT_SSL_VERSION_RANGE_DATAGRAM_SLOT'] = \
-                    "tls1_1:tls1_2"
-                self.mdict['TOMCAT_SSL_RANGE_CIPHERS_SLOT'] = \
-                    "-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA," + \
-                    "-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA," + \
-                    "+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA," + \
-                    "+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA," + \
-                    "+TLS_ECDH_RSA_WITH_AES_256_CBC_SHA," + \
-                    "-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," + \
-                    "+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," + \
-                    "+TLS_RSA_WITH_3DES_EDE_CBC_SHA," + \
-                    "+TLS_RSA_WITH_AES_128_CBC_SHA," + \
-                    "+TLS_RSA_WITH_AES_256_CBC_SHA," + \
-                    "+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," + \
-                    "+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," + \
-                    "-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," + \
-                    "-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," + \
-                    "-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," + \
-                    "+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA," + \
-                    "+TLS_DHE_DSS_WITH_AES_128_CBC_SHA," + \
-                    "+TLS_DHE_DSS_WITH_AES_256_CBC_SHA," + \
-                    "+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA," + \
-                    "+TLS_DHE_RSA_WITH_AES_128_CBC_SHA," + \
-                    "+TLS_DHE_RSA_WITH_AES_256_CBC_SHA," + \
-                    "+TLS_DHE_RSA_WITH_AES_128_CBC_SHA256," + \
-                    "+TLS_DHE_RSA_WITH_AES_256_CBC_SHA256," + \
-                    "+TLS_RSA_WITH_AES_128_CBC_SHA256," + \
-                    "+TLS_RSA_WITH_AES_256_CBC_SHA256," + \
-                    "+TLS_RSA_WITH_AES_128_GCM_SHA256," + \
-                    "+TLS_DHE_RSA_WITH_AES_128_GCM_SHA256," + \
-                    "+TLS_DHE_DSS_WITH_AES_128_GCM_SHA256," + \
-                    "+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256," + \
-                    "+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256," + \
-                    "+TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256," + \
-                    "+TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256," + \
-                    "+TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256," + \
-                    "+TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"
-                self.mdict['TOMCAT_SSL2_CIPHERS_SLOT'] = \
-                    "-SSL2_RC4_128_WITH_MD5," + \
-                    "-SSL2_RC4_128_EXPORT40_WITH_MD5," + \
-                    "-SSL2_RC2_128_CBC_WITH_MD5," + \
-                    "-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5," + \
-                    "-SSL2_DES_64_CBC_WITH_MD5," + \
-                    "-SSL2_DES_192_EDE3_CBC_WITH_MD5"
-                self.mdict['TOMCAT_SSL3_CIPHERS_SLOT'] = \
-                    "-SSL3_FORTEZZA_DMS_WITH_NULL_SHA," + \
-                    "-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA," + \
-                    "+SSL3_RSA_WITH_RC4_128_SHA," + \
-                    "-SSL3_RSA_EXPORT_WITH_RC4_40_MD5," + \
-                    "+SSL3_RSA_WITH_3DES_EDE_CBC_SHA," + \
-                    "-SSL3_RSA_WITH_DES_CBC_SHA," + \
-                    "-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5," + \
-                    "-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA," + \
-                    "-SSL_RSA_FIPS_WITH_DES_CBC_SHA," + \
-                    "+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA," + \
-                    "-SSL3_RSA_WITH_NULL_MD5," + \
-                    "-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA," + \
-                    "-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," + \
-                    "+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
-                self.mdict['TOMCAT_SSL_OPTIONS_SLOT'] = \
-                    "ssl2=false," + \
-                    "ssl3=false," + \
-                    "tls=true"
-                self.mdict['TOMCAT_TLS_CIPHERS_SLOT'] = \
-                    "-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA," + \
-                    "-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA," + \
-                    "+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA," + \
-                    "+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA," + \
-                    "+TLS_ECDH_RSA_WITH_AES_256_CBC_SHA," + \
-                    "-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," + \
-                    "+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," + \
-                    "+TLS_RSA_WITH_3DES_EDE_CBC_SHA," + \
-                    "+TLS_RSA_WITH_AES_128_CBC_SHA," + \
-                    "+TLS_RSA_WITH_AES_256_CBC_SHA," + \
-                    "+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," + \
-                    "+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," + \
-                    "-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," + \
-                    "-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," + \
-                    "-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," + \
-                    "+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA," + \
-                    "+TLS_DHE_DSS_WITH_AES_128_CBC_SHA," + \
-                    "+TLS_DHE_DSS_WITH_AES_256_CBC_SHA," + \
-                    "+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA," + \
-                    "+TLS_DHE_RSA_WITH_AES_128_CBC_SHA," + \
-                    "+TLS_DHE_RSA_WITH_AES_256_CBC_SHA"
-
-                if config.pki_architecture == 64:
-                    self.mdict['NUXWDOG_JNI_PATH_SLOT'] = (
-                        '/usr/lib64/nuxwdog-jni')
-                else:
-                    self.mdict['NUXWDOG_JNI_PATH_SLOT'] = (
-                        '/usr/lib/nuxwdog-jni')
+                self.mdict['PKI_OPEN_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \
+                    "<!--"
+            self.mdict['PKI_TMPDIR_SLOT'] = \
+                self.mdict['pki_tomcat_tmpdir_path']
+            self.mdict['PKI_RESTEASY_LIB_SLOT'] = \
+                self.mdict['resteasy_lib']
+            self.mdict['PKI_RANDOM_NUMBER_SLOT'] = \
+                self.mdict['pki_one_time_pin']
+            self.mdict['PKI_SECURE_PORT_SLOT'] = \
+                self.mdict['pki_https_port']
+            self.mdict['PKI_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \
+                "Secure"
+            self.mdict['PKI_SECURE_PORT_SERVER_COMMENT_SLOT'] = \
+                "<!-- " + \
+                "Shared Ports:  Agent, EE, and Admin Secure Port Connector " + \
+                "-->"
+            self.mdict['PKI_SECURITY_MANAGER_SLOT'] = \
+                self.mdict['pki_security_manager']
+            self.mdict['PKI_SERVER_XML_CONF_SLOT'] = \
+                self.mdict['pki_target_server_xml']
+            self.mdict['PKI_SSL_SERVER_NICKNAME_SLOT'] = \
+                self.mdict['pki_ssl_server_nickname']
+            self.mdict['PKI_SUBSYSTEM_TYPE_SLOT'] = \
+                self.mdict['pki_subsystem'].lower()
+            self.mdict['PKI_SYSTEMD_SERVICENAME_SLOT'] = \
+                "pki-tomcatd" + "@" + \
+                self.mdict['pki_instance_name'] + ".service"
+            self.mdict['PKI_UNSECURE_PORT_SLOT'] = \
+                self.mdict['pki_http_port']
+            self.mdict['PKI_UNSECURE_PORT_CONNECTOR_NAME_SLOT'] = \
+                "Unsecure"
+            self.mdict['PKI_UNSECURE_PORT_SERVER_COMMENT_SLOT'] = \
+                "<!-- Shared Ports:  Unsecure Port Connector -->"
+            self.mdict['PKI_USER_SLOT'] = \
+                self.mdict['pki_user']
+            self.mdict['PKI_WEB_SERVER_TYPE_SLOT'] = \
+                "tomcat"
+            self.mdict['PKI_WEBAPPS_NAME_SLOT'] = \
+                "webapps"
+            self.mdict['TOMCAT_CFG_SLOT'] = \
+                self.mdict['pki_target_tomcat_conf']
+            self.mdict['TOMCAT_INSTANCE_COMMON_LIB_SLOT'] = \
+                os.path.join(
+                    self.mdict['pki_tomcat_common_lib_path'],
+                    "*.jar")
+            self.mdict['TOMCAT_LOG_DIR_SLOT'] = \
+                self.mdict['pki_instance_log_path']
+            self.mdict['TOMCAT_PIDFILE_SLOT'] = \
+                "/var/run/pki/tomcat/" + self.mdict['pki_instance_name'] + \
+                ".pid"
+            self.mdict['TOMCAT_SERVER_PORT_SLOT'] = \
+                self.mdict['pki_tomcat_server_port']
+            self.mdict['TOMCAT_SSL_VERSION_RANGE_STREAM_SLOT'] = \
+                "tls1_0:tls1_2"
+            self.mdict['TOMCAT_SSL_VERSION_RANGE_DATAGRAM_SLOT'] = \
+                "tls1_1:tls1_2"
+            self.mdict['TOMCAT_SSL_RANGE_CIPHERS_SLOT'] = \
+                "-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA," + \
+                "-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA," + \
+                "+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA," + \
+                "+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA," + \
+                "+TLS_ECDH_RSA_WITH_AES_256_CBC_SHA," + \
+                "-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," + \
+                "+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," + \
+                "+TLS_RSA_WITH_3DES_EDE_CBC_SHA," + \
+                "+TLS_RSA_WITH_AES_128_CBC_SHA," + \
+                "+TLS_RSA_WITH_AES_256_CBC_SHA," + \
+                "+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," + \
+                "+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," + \
+                "-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," + \
+                "-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," + \
+                "-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," + \
+                "+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA," + \
+                "+TLS_DHE_DSS_WITH_AES_128_CBC_SHA," + \
+                "+TLS_DHE_DSS_WITH_AES_256_CBC_SHA," + \
+                "+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA," + \
+                "+TLS_DHE_RSA_WITH_AES_128_CBC_SHA," + \
+                "+TLS_DHE_RSA_WITH_AES_256_CBC_SHA," + \
+                "+TLS_DHE_RSA_WITH_AES_128_CBC_SHA256," + \
+                "+TLS_DHE_RSA_WITH_AES_256_CBC_SHA256," + \
+                "+TLS_RSA_WITH_AES_128_CBC_SHA256," + \
+                "+TLS_RSA_WITH_AES_256_CBC_SHA256," + \
+                "+TLS_RSA_WITH_AES_128_GCM_SHA256," + \
+                "+TLS_DHE_RSA_WITH_AES_128_GCM_SHA256," + \
+                "+TLS_DHE_DSS_WITH_AES_128_GCM_SHA256," + \
+                "+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256," + \
+                "+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256," + \
+                "+TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256," + \
+                "+TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256," + \
+                "+TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256," + \
+                "+TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"
+            self.mdict['TOMCAT_SSL2_CIPHERS_SLOT'] = \
+                "-SSL2_RC4_128_WITH_MD5," + \
+                "-SSL2_RC4_128_EXPORT40_WITH_MD5," + \
+                "-SSL2_RC2_128_CBC_WITH_MD5," + \
+                "-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5," + \
+                "-SSL2_DES_64_CBC_WITH_MD5," + \
+                "-SSL2_DES_192_EDE3_CBC_WITH_MD5"
+            self.mdict['TOMCAT_SSL3_CIPHERS_SLOT'] = \
+                "-SSL3_FORTEZZA_DMS_WITH_NULL_SHA," + \
+                "-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA," + \
+                "+SSL3_RSA_WITH_RC4_128_SHA," + \
+                "-SSL3_RSA_EXPORT_WITH_RC4_40_MD5," + \
+                "+SSL3_RSA_WITH_3DES_EDE_CBC_SHA," + \
+                "-SSL3_RSA_WITH_DES_CBC_SHA," + \
+                "-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5," + \
+                "-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA," + \
+                "-SSL_RSA_FIPS_WITH_DES_CBC_SHA," + \
+                "+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA," + \
+                "-SSL3_RSA_WITH_NULL_MD5," + \
+                "-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA," + \
+                "-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," + \
+                "+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
+            self.mdict['TOMCAT_SSL_OPTIONS_SLOT'] = \
+                "ssl2=false," + \
+                "ssl3=false," + \
+                "tls=true"
+            self.mdict['TOMCAT_TLS_CIPHERS_SLOT'] = \
+                "-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA," + \
+                "-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA," + \
+                "+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA," + \
+                "+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA," + \
+                "+TLS_ECDH_RSA_WITH_AES_256_CBC_SHA," + \
+                "-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," + \
+                "+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," + \
+                "+TLS_RSA_WITH_3DES_EDE_CBC_SHA," + \
+                "+TLS_RSA_WITH_AES_128_CBC_SHA," + \
+                "+TLS_RSA_WITH_AES_256_CBC_SHA," + \
+                "+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," + \
+                "+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," + \
+                "-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," + \
+                "-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," + \
+                "-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," + \
+                "+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA," + \
+                "+TLS_DHE_DSS_WITH_AES_128_CBC_SHA," + \
+                "+TLS_DHE_DSS_WITH_AES_256_CBC_SHA," + \
+                "+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA," + \
+                "+TLS_DHE_RSA_WITH_AES_128_CBC_SHA," + \
+                "+TLS_DHE_RSA_WITH_AES_256_CBC_SHA"
+
+            if config.pki_architecture == 64:
+                self.mdict['NUXWDOG_JNI_PATH_SLOT'] = (
+                    '/usr/lib64/nuxwdog-jni')
+            else:
+                self.mdict['NUXWDOG_JNI_PATH_SLOT'] = (
+                    '/usr/lib/nuxwdog-jni')
 
-                # tps parameters
-                self.mdict['TOKENDB_HOST_SLOT'] = \
-                    self.mdict['pki_ds_hostname']
+            # tps parameters
+            self.mdict['TOKENDB_HOST_SLOT'] = \
+                self.mdict['pki_ds_hostname']
 
-                if config.str2bool(self.mdict['pki_ds_secure_connection']):
-                    self.mdict['TOKENDB_PORT_SLOT'] = \
-                        self.mdict['pki_ds_ldaps_port']
-                else:
-                    self.mdict['TOKENDB_PORT_SLOT'] = \
-                        self.mdict['pki_ds_ldap_port']
+            if config.str2bool(self.mdict['pki_ds_secure_connection']):
+                self.mdict['TOKENDB_PORT_SLOT'] = \
+                    self.mdict['pki_ds_ldaps_port']
+            else:
+                self.mdict['TOKENDB_PORT_SLOT'] = \
+                    self.mdict['pki_ds_ldap_port']
 
-                self.mdict['TOKENDB_ROOT_SLOT'] = \
-                    self.mdict['pki_ds_base_dn']
+            self.mdict['TOKENDB_ROOT_SLOT'] = \
+                self.mdict['pki_ds_base_dn']
 
-                self.mdict['TPS_DIR_SLOT'] = \
-                    self.mdict['pki_source_subsystem_path']
+            self.mdict['TPS_DIR_SLOT'] = \
+                self.mdict['pki_source_subsystem_path']
 
-                if self.mdict['pki_subsystem'] == "CA":
-                    self.mdict['PKI_ENABLE_RANDOM_SERIAL_NUMBERS'] = \
-                        self.mdict['pki_random_serial_numbers_enable'].lower()
+            if self.mdict['pki_subsystem'] == "CA":
+                self.mdict['PKI_ENABLE_RANDOM_SERIAL_NUMBERS'] = \
+                    self.mdict['pki_random_serial_numbers_enable'].lower()
             # Tomcat NSS security database name/value pairs
             self.mdict['pki_shared_pfile'] = \
                 os.path.join(
@@ -1224,12 +1223,11 @@ class PKIConfigParser:
                 "spawn" + "_" + "manifest" + "." + \
                 self.mdict['pki_timestamp']
             # Compose this "systemd" execution management command
-            if self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
-                self.mdict['pki_registry_initscript_command'] = \
-                    "systemctl" + " " + \
-                    "restart" + " " + \
-                    "pki-tomcatd" + "@" + \
-                    self.mdict['pki_instance_name'] + "." + "service"
+            self.mdict['pki_registry_initscript_command'] = \
+                "systemctl" + " " + \
+                "restart" + " " + \
+                "pki-tomcatd" + "@" + \
+                self.mdict['pki_instance_name'] + "." + "service"
 
         except OSError as exc:
             config.pki_log.error(log.PKI_OSERROR_1, exc,
@@ -1257,8 +1255,7 @@ class PKIConfigParser:
             parser.optionxform = str
             parser.read(config.PKI_DEPLOYMENT_SLOTS_CONFIGURATION_FILE)
             # Slots configuration file name/value pairs
-            if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
-                self.slots_dict = dict(parser.items('Tomcat'))
+            self.slots_dict = dict(parser.items('Tomcat'))
         except ConfigParser.ParsingError, err:
             rv = err
         return rv
diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py
index 464473625..fbcb1ccaa 100644
--- a/base/server/python/pki/server/deployment/scriptlets/configuration.py
+++ b/base/server/python/pki/server/deployment/scriptlets/configuration.py
@@ -81,18 +81,17 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
             password_file=deployer.mdict['pki_client_password_conf'])
 
         # Start/Restart this Tomcat PKI Process
-        if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
-            # Optionally prepare to enable a java debugger
-            # (e. g. - 'eclipse'):
-            if config.str2bool(deployer.mdict['pki_enable_java_debugger']):
-                config.prepare_for_an_external_java_debugger(
-                    deployer.mdict['pki_target_tomcat_conf_instance_id'])
-            tomcat_instance_subsystems = \
-                len(deployer.instance.tomcat_instance_subsystems())
-            if tomcat_instance_subsystems == 1:
-                deployer.systemd.start()
-            elif tomcat_instance_subsystems > 1:
-                deployer.systemd.restart()
+        # Optionally prepare to enable a java debugger
+        # (e. g. - 'eclipse'):
+        if config.str2bool(deployer.mdict['pki_enable_java_debugger']):
+            config.prepare_for_an_external_java_debugger(
+                deployer.mdict['pki_target_tomcat_conf_instance_id'])
+        tomcat_instance_subsystems = \
+            len(deployer.instance.tomcat_instance_subsystems())
+        if tomcat_instance_subsystems == 1:
+            deployer.systemd.start()
+        elif tomcat_instance_subsystems > 1:
+            deployer.systemd.restart()
 
         # wait for startup
         status = deployer.instance.wait_for_startup(60)
@@ -122,8 +121,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
 
         config.pki_log.info(log.CONFIGURATION_DESTROY_1, __name__,
                             extra=config.PKI_INDENTATION_LEVEL_1)
-        if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS \
-                and len(deployer.instance.tomcat_instance_subsystems()) == 1:
+        if len(deployer.instance.tomcat_instance_subsystems()) == 1:
             if deployer.directory.exists(deployer.mdict['pki_client_dir']):
                 deployer.directory.delete(deployer.mdict['pki_client_dir'])
             deployer.symlink.delete(deployer.mdict['pki_systemd_service_link'])
diff --git a/base/server/python/pki/server/deployment/scriptlets/finalization.py b/base/server/python/pki/server/deployment/scriptlets/finalization.py
index c8b54097a..f41f1d55a 100644
--- a/base/server/python/pki/server/deployment/scriptlets/finalization.py
+++ b/base/server/python/pki/server/deployment/scriptlets/finalization.py
@@ -96,8 +96,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
            deployer.instance.pki_instance_subsystems() == 0:
             deployer.systemd.disable()
         # Start this Tomcat PKI Process
-        if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS \
-                and len(deployer.instance.tomcat_instance_subsystems()) >= 1:
+        if len(deployer.instance.tomcat_instance_subsystems()) >= 1:
             deployer.systemd.start()
         config.pki_log.info(log.PKIDESTROY_END_MESSAGE_2,
                             deployer.mdict['pki_subsystem'],
diff --git a/base/server/python/pki/server/deployment/scriptlets/instance_layout.py b/base/server/python/pki/server/deployment/scriptlets/instance_layout.py
index 8938057ae..62e387942 100644
--- a/base/server/python/pki/server/deployment/scriptlets/instance_layout.py
+++ b/base/server/python/pki/server/deployment/scriptlets/instance_layout.py
@@ -43,13 +43,13 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
                             extra=config.PKI_INDENTATION_LEVEL_1)
 
         # if this is the first subsystem
-        if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS \
-                and len(deployer.instance.tomcat_instance_subsystems()) == 1:
+        if len(deployer.instance.tomcat_instance_subsystems()) == 1:
 
             # establish instance logs
             deployer.directory.create(deployer.mdict['pki_instance_log_path'])
 
-            # copy /usr/share/pki/server/conf tree into /var/lib/pki/<instance>/conf
+            # copy /usr/share/pki/server/conf tree into
+            # /var/lib/pki/<instance>/conf
             # except common ldif files and theme deployment descriptor
             deployer.directory.copy(
                 deployer.mdict['pki_source_server_path'],
@@ -301,8 +301,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
         if deployer.mdict['pki_subsystem'] == 'TKS':
             deployer.symlink.delete(deployer.mdict['pki_symkey_jar_link'])
 
-        if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS \
-                and len(deployer.instance.tomcat_instance_subsystems()) == 0:
+        if len(deployer.instance.tomcat_instance_subsystems()) == 0:
             # remove Tomcat instance base
             deployer.directory.delete(deployer.mdict['pki_instance_path'])
             # remove Tomcat instance logs
diff --git a/base/server/python/pki/server/deployment/scriptlets/security_databases.py b/base/server/python/pki/server/deployment/scriptlets/security_databases.py
index 83ecdf130..3f8623af1 100644
--- a/base/server/python/pki/server/deployment/scriptlets/security_databases.py
+++ b/base/server/python/pki/server/deployment/scriptlets/security_databases.py
@@ -146,8 +146,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
 
         config.pki_log.info(log.SECURITY_DATABASES_DESTROY_1, __name__,
                             extra=config.PKI_INDENTATION_LEVEL_1)
-        if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS \
-                and len(deployer.instance.tomcat_instance_subsystems()) == 0:
+        if len(deployer.instance.tomcat_instance_subsystems()) == 0:
             deployer.file.delete(deployer.mdict['pki_cert_database'])
             deployer.file.delete(deployer.mdict['pki_key_database'])
             deployer.file.delete(deployer.mdict['pki_secmod_database'])
diff --git a/base/server/python/pki/server/deployment/scriptlets/selinux_setup.py b/base/server/python/pki/server/deployment/scriptlets/selinux_setup.py
index dce5648a0..7075f6e56 100644
--- a/base/server/python/pki/server/deployment/scriptlets/selinux_setup.py
+++ b/base/server/python/pki/server/deployment/scriptlets/selinux_setup.py
@@ -68,10 +68,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
                     return self.rv
 
                 # add SELinux contexts when adding the first subsystem
-                if deployer.mdict['pki_subsystem'] in \
-                        config.PKI_TOMCAT_SUBSYSTEMS and \
-                        len(deployer.instance.tomcat_instance_subsystems()) == 1:
-
+                if len(deployer.instance.tomcat_instance_subsystems()) == 1:
                     trans = seobject.semanageRecords("targeted")
                     trans.start()
                     if deployer.mdict['pki_instance_name'] != \
@@ -163,10 +160,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
         while True:
             try:
                 # remove SELinux contexts when removing the last subsystem
-                if (deployer.mdict['pki_subsystem'] in
-                        config.PKI_TOMCAT_SUBSYSTEMS and
-                        len(deployer.instance.tomcat_instance_subsystems()) == 0):
-
+                if len(deployer.instance.tomcat_instance_subsystems()) == 0:
                     trans = seobject.semanageRecords("targeted")
                     trans.start()
 
diff --git a/base/server/python/pki/server/deployment/scriptlets/slot_substitution.py b/base/server/python/pki/server/deployment/scriptlets/slot_substitution.py
index 3baef04b9..2f2b13567 100644
--- a/base/server/python/pki/server/deployment/scriptlets/slot_substitution.py
+++ b/base/server/python/pki/server/deployment/scriptlets/slot_substitution.py
@@ -70,28 +70,17 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
                 deployer.mdict['pki_target_tomcat_conf'],
                 overwrite_flag=True)
 
-            # Strip "<filter>" section from subsystem "web.xml"
-            # This is ONLY necessary because XML comments cannot be "nested"!
-            # deployer.file.copy(deployer.mdict['pki_target_subsystem_web_xml'],
-            #               deployer.mdict['pki_target_subsystem_web_xml_orig'])
-            # deployer.file.delete(
-            #   deployer.mdict['pki_target_subsystem_web_xml'])
-            # util.xml_file.remove_filter_section_from_web_xml(
-            #    deployer.mdict['pki_target_subsystem_web_xml_orig'],
-            #    deployer.mdict['pki_target_subsystem_web_xml'])
-            # deployer.file.delete(
-            #   deployer.mdict['pki_target_subsystem_web_xml_orig'])
-            if deployer.mdict['pki_subsystem'] == "CA":
-                deployer.file.copy_with_slot_substitution(
-                    deployer.mdict['pki_source_proxy_conf'],
-                    deployer.mdict['pki_target_proxy_conf'])
-            elif deployer.mdict['pki_subsystem'] == "TPS":
-                deployer.file.copy_with_slot_substitution(
-                    deployer.mdict['pki_source_registry_cfg'],
-                    deployer.mdict['pki_target_registry_cfg'])
-                deployer.file.copy_with_slot_substitution(
-                    deployer.mdict['pki_source_phone_home_xml'],
-                    deployer.mdict['pki_target_phone_home_xml'])
+        if deployer.mdict['pki_subsystem'] == "CA":
+            deployer.file.copy_with_slot_substitution(
+                deployer.mdict['pki_source_proxy_conf'],
+                deployer.mdict['pki_target_proxy_conf'])
+        elif deployer.mdict['pki_subsystem'] == "TPS":
+            deployer.file.copy_with_slot_substitution(
+                deployer.mdict['pki_source_registry_cfg'],
+                deployer.mdict['pki_target_registry_cfg'])
+            deployer.file.copy_with_slot_substitution(
+                deployer.mdict['pki_source_phone_home_xml'],
+                deployer.mdict['pki_target_phone_home_xml'])
         return self.rv
 
     def destroy(self, deployer):
diff --git a/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py b/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py
index c3d06c079..2cad0cf4a 100644
--- a/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py
+++ b/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py
@@ -52,57 +52,58 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
         #   deployer.mdict['pki_source_conf_path'],
         #   deployer.mdict['pki_subsystem_configuration_path'])
         # establish instance-based Tomcat specific subsystems
-        if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
-            # establish instance-based Tomcat PKI subsystem base
-            if deployer.mdict['pki_subsystem'] == "CA":
-                deployer.directory.copy(
-                    deployer.mdict['pki_source_emails'],
-                    deployer.mdict['pki_subsystem_emails_path'])
-                deployer.directory.copy(
-                    deployer.mdict['pki_source_profiles'],
-                    deployer.mdict['pki_subsystem_profiles_path'])
-            # establish instance-based Tomcat PKI subsystem logs
-            # establish instance-based Tomcat PKI subsystem configuration
-            if deployer.mdict['pki_subsystem'] == "CA":
-                deployer.file.copy(
-                    deployer.mdict['pki_source_flatfile_txt'],
-                    deployer.mdict['pki_target_flatfile_txt'])
-                deployer.file.copy(
-                    deployer.mdict['pki_source_registry_cfg'],
-                    deployer.mdict['pki_target_registry_cfg'])
-                # '*.profile'
-                deployer.file.copy(
-                    deployer.mdict['pki_source_admincert_profile'],
-                    deployer.mdict['pki_target_admincert_profile'])
-                deployer.file.copy(
-                    deployer.mdict['pki_source_caauditsigningcert_profile'],
-                    deployer.mdict['pki_target_caauditsigningcert_profile'])
-                deployer.file.copy(
-                    deployer.mdict['pki_source_cacert_profile'],
-                    deployer.mdict['pki_target_cacert_profile'])
-                deployer.file.copy(
-                    deployer.mdict['pki_source_caocspcert_profile'],
-                    deployer.mdict['pki_target_caocspcert_profile'])
-                deployer.file.copy(
-                    deployer.mdict['pki_source_servercert_profile'],
-                    deployer.mdict['pki_target_servercert_profile'])
-                deployer.file.copy(
-                    deployer.mdict['pki_source_subsystemcert_profile'],
-                    deployer.mdict['pki_target_subsystemcert_profile'])
-            elif deployer.mdict['pki_subsystem'] == "KRA":
-                # '*.profile'
-                deployer.file.copy(
-                    deployer.mdict['pki_source_servercert_profile'],
-                    deployer.mdict['pki_target_servercert_profile'])
-                deployer.file.copy(
-                    deployer.mdict['pki_source_storagecert_profile'],
-                    deployer.mdict['pki_target_storagecert_profile'])
-                deployer.file.copy(
-                    deployer.mdict['pki_source_subsystemcert_profile'],
-                    deployer.mdict['pki_target_subsystemcert_profile'])
-                deployer.file.copy(
-                    deployer.mdict['pki_source_transportcert_profile'],
-                    deployer.mdict['pki_target_transportcert_profile'])
+
+        # establish instance-based Tomcat PKI subsystem base
+        if deployer.mdict['pki_subsystem'] == "CA":
+            deployer.directory.copy(
+                deployer.mdict['pki_source_emails'],
+                deployer.mdict['pki_subsystem_emails_path'])
+            deployer.directory.copy(
+                deployer.mdict['pki_source_profiles'],
+                deployer.mdict['pki_subsystem_profiles_path'])
+        # establish instance-based Tomcat PKI subsystem logs
+        # establish instance-based Tomcat PKI subsystem configuration
+        if deployer.mdict['pki_subsystem'] == "CA":
+            deployer.file.copy(
+                deployer.mdict['pki_source_flatfile_txt'],
+                deployer.mdict['pki_target_flatfile_txt'])
+            deployer.file.copy(
+                deployer.mdict['pki_source_registry_cfg'],
+                deployer.mdict['pki_target_registry_cfg'])
+            # '*.profile'
+            deployer.file.copy(
+                deployer.mdict['pki_source_admincert_profile'],
+                deployer.mdict['pki_target_admincert_profile'])
+            deployer.file.copy(
+                deployer.mdict['pki_source_caauditsigningcert_profile'],
+                deployer.mdict['pki_target_caauditsigningcert_profile'])
+            deployer.file.copy(
+                deployer.mdict['pki_source_cacert_profile'],
+                deployer.mdict['pki_target_cacert_profile'])
+            deployer.file.copy(
+                deployer.mdict['pki_source_caocspcert_profile'],
+                deployer.mdict['pki_target_caocspcert_profile'])
+            deployer.file.copy(
+                deployer.mdict['pki_source_servercert_profile'],
+                deployer.mdict['pki_target_servercert_profile'])
+            deployer.file.copy(
+                deployer.mdict['pki_source_subsystemcert_profile'],
+                deployer.mdict['pki_target_subsystemcert_profile'])
+        elif deployer.mdict['pki_subsystem'] == "KRA":
+            # '*.profile'
+            deployer.file.copy(
+                deployer.mdict['pki_source_servercert_profile'],
+                deployer.mdict['pki_target_servercert_profile'])
+            deployer.file.copy(
+                deployer.mdict['pki_source_storagecert_profile'],
+                deployer.mdict['pki_target_storagecert_profile'])
+            deployer.file.copy(
+                deployer.mdict['pki_source_subsystemcert_profile'],
+                deployer.mdict['pki_target_subsystemcert_profile'])
+            deployer.file.copy(
+                deployer.mdict['pki_source_transportcert_profile'],
+                deployer.mdict['pki_target_transportcert_profile'])
+
         # establish instance-based subsystem convenience symbolic links
         deployer.symlink.create(
             deployer.mdict['pki_instance_database_link'],
diff --git a/base/server/python/pki/server/deployment/scriptlets/webapp_deployment.py b/base/server/python/pki/server/deployment/scriptlets/webapp_deployment.py
index b0a1113e6..edbfafab3 100644
--- a/base/server/python/pki/server/deployment/scriptlets/webapp_deployment.py
+++ b/base/server/python/pki/server/deployment/scriptlets/webapp_deployment.py
@@ -33,55 +33,52 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
     rv = 0
 
     def spawn(self, deployer):
-
-        if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
-            if config.str2bool(deployer.mdict['pki_skip_installation']):
-                config.pki_log.info(log.SKIP_WEBAPP_DEPLOYMENT_SPAWN_1,
-                                    __name__,
-                                    extra=config.PKI_INDENTATION_LEVEL_1)
-                return self.rv
-
-            config.pki_log.info(log.WEBAPP_DEPLOYMENT_SPAWN_1, __name__,
+        if config.str2bool(deployer.mdict['pki_skip_installation']):
+            config.pki_log.info(log.SKIP_WEBAPP_DEPLOYMENT_SPAWN_1,
+                                __name__,
                                 extra=config.PKI_INDENTATION_LEVEL_1)
+            return self.rv
+
+        config.pki_log.info(log.WEBAPP_DEPLOYMENT_SPAWN_1, __name__,
+                            extra=config.PKI_INDENTATION_LEVEL_1)
 
-            # Create subsystem webapps folder to store custom webapps:
-            # <instance>/<subsystem>/webapps.
-            deployer.directory.create(
-                deployer.mdict['pki_tomcat_subsystem_webapps_path'])
+        # Create subsystem webapps folder to store custom webapps:
+        # <instance>/<subsystem>/webapps.
+        deployer.directory.create(
+            deployer.mdict['pki_tomcat_subsystem_webapps_path'])
 
-            # set ownerships, permissions, and acls
-            deployer.directory.set_mode(
-                deployer.mdict['pki_tomcat_subsystem_webapps_path'])
+        # set ownerships, permissions, and acls
+        deployer.directory.set_mode(
+            deployer.mdict['pki_tomcat_subsystem_webapps_path'])
 
-            # Deploy web application directly from /usr/share/pki.
-            deployer.deploy_webapp(
+        # Deploy web application directly from /usr/share/pki.
+        deployer.deploy_webapp(
+            deployer.mdict['pki_subsystem'].lower(),
+            os.path.join(
+                config.PKI_DEPLOYMENT_SOURCE_ROOT,
                 deployer.mdict['pki_subsystem'].lower(),
-                os.path.join(
-                    config.PKI_DEPLOYMENT_SOURCE_ROOT,
-                    deployer.mdict['pki_subsystem'].lower(),
-                    "webapps",
-                    deployer.mdict['pki_subsystem'].lower()),
-                os.path.join(
-                    config.PKI_DEPLOYMENT_SOURCE_ROOT,
-                    deployer.mdict['pki_subsystem'].lower(),
-                    "conf",
-                    "Catalina",
-                    "localhost",
-                    deployer.mdict['pki_subsystem'].lower() + ".xml"))
+                "webapps",
+                deployer.mdict['pki_subsystem'].lower()),
+            os.path.join(
+                config.PKI_DEPLOYMENT_SOURCE_ROOT,
+                deployer.mdict['pki_subsystem'].lower(),
+                "conf",
+                "Catalina",
+                "localhost",
+                deployer.mdict['pki_subsystem'].lower() + ".xml"))
 
         return self.rv
 
     def destroy(self, deployer):
-        if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
-            config.pki_log.info(log.WEBAPP_DEPLOYMENT_DESTROY_1, __name__,
-                                extra=config.PKI_INDENTATION_LEVEL_1)
+        config.pki_log.info(log.WEBAPP_DEPLOYMENT_DESTROY_1, __name__,
+                            extra=config.PKI_INDENTATION_LEVEL_1)
 
-            # Delete <instance>/conf/Catalina/localhost/<subsystem>.xml
-            deployer.file.delete(
-                os.path.join(
-                    deployer.mdict['pki_instance_configuration_path'],
-                    "Catalina",
-                    "localhost",
-                    deployer.mdict['pki_subsystem'].lower() + ".xml"))
+        # Delete <instance>/conf/Catalina/localhost/<subsystem>.xml
+        deployer.file.delete(
+            os.path.join(
+                deployer.mdict['pki_instance_configuration_path'],
+                "Catalina",
+                "localhost",
+                deployer.mdict['pki_subsystem'].lower() + ".xml"))
 
         return self.rv
-- 
cgit