Please review the attached patch for: * Bugizilla Bug #1450143 - CA installation with HSM in FIPS mode fails <https://bugzilla.redhat.com/show_bug.cgi?id=1450143>
Thanks, -- Matt
From 20ae6dad5c8bd30eb016d7680a1ad48defff629a Mon Sep 17 00:00:00 2001 From: Matthew Harmsen <mharm...@redhat.com> Date: Fri, 12 May 2017 13:00:54 -0600 Subject: [PATCH] Fix CA installation with HSM in FIPS mode Bugzilla Bug #1450143 - CA installation with HSM in FIPS mode fails dogtagpki Pagure Issue #2684 - CA installation with HSM in FIPS mode fails --- base/server/python/pki/server/deployment/pkihelper.py | 19 ++++++++++++++----- .../pki/server/deployment/scriptlets/finalization.py | 3 ++- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index 051778d..e503bbc 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -1017,11 +1017,20 @@ class Instance: extra=config.PKI_INDENTATION_LEVEL_2) raise - def get_instance_status(self): + def get_instance_status(self, secure_connection=True): + pki_protocol = None + pki_port = None + if secure_connection: + pki_protocol = "https" + pki_port = self.mdict['pki_https_port'] + else: + pki_protocol = "http" + pki_port = self.mdict['pki_http_port'] + connection = pki.client.PKIConnection( - protocol='https', + protocol=pki_protocol, hostname=self.mdict['pki_hostname'], - port=self.mdict['pki_https_port'], + port=pki_port, subsystem=self.mdict['pki_subsystem_type'], accept='application/xml', trust_env=False) @@ -1049,11 +1058,11 @@ class Instance: extra=config.PKI_INDENTATION_LEVEL_3) return None - def wait_for_startup(self, timeout): + def wait_for_startup(self, timeout, secure_connection=True): start_time = datetime.today() status = None while status != "running": - status = self.get_instance_status() + status = self.get_instance_status(secure_connection) time.sleep(1) stop_time = datetime.today() if (stop_time - start_time).total_seconds() >= timeout: diff --git a/base/server/python/pki/server/deployment/scriptlets/finalization.py b/base/server/python/pki/server/deployment/scriptlets/finalization.py index 941691c..75bb80e 100644 --- a/base/server/python/pki/server/deployment/scriptlets/finalization.py +++ b/base/server/python/pki/server/deployment/scriptlets/finalization.py @@ -58,7 +58,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): if config.str2bool(deployer.mdict['pki_restart_configured_instance']): deployer.systemd.restart() # wait for startup - status = deployer.instance.wait_for_startup(60) + # (must use 'http' protocol due to potential FIPS configuration) + status = deployer.instance.wait_for_startup(60, False) if status is None: config.pki_log.error( "server failed to restart", -- 2.9.3
_______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel