45 lines
1.7 KiB
Diff
45 lines
1.7 KiB
Diff
|
From b9a07b1e97ee4e310b50860103872685da540da4 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Florence Blanc-Renaud <flo@redhat.com>
|
||
|
|
Date: Mon, 19 Jun 2023 15:40:39 +0200
|
||
|
|
Subject: [PATCH] Detection of PKI subsystem
|
||
|
|
|
||
|
|
In order to know if ca/kra is installed locally, the code
|
||
|
|
is calling pki-server subsystem-show _subsystem_
|
||
|
|
and ensures that "Enabled: True" is in the output.
|
||
|
|
|
||
|
|
If a subsystem fails to start, the command returns
|
||
|
|
"Enabled: False" but it doesn't mean that the subsystem
|
||
|
|
is not installed, it just means that it is not active
|
||
|
|
right now.
|
||
|
|
Same output if the subsystem has been disabled with
|
||
|
|
pki-server subsystem-disable _subsystem_.
|
||
|
|
|
||
|
|
The correct way to check if a subsystem is installed is to
|
||
|
|
ensure that subsystem-show does not exit on error and
|
||
|
|
contains "Enabled: ", whatever the value.
|
||
|
|
|
||
|
|
Related: https://pagure.io/freeipa/issue/9330
|
||
|
|
|
||
|
|
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
|
||
|
|
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
||
|
|
---
|
||
|
|
ipaserver/install/dogtaginstance.py | 2 +-
|
||
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||
|
|
|
||
|
|
diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py
|
||
|
|
index 4967aca01807e58dfcc3157af10b92eff5dba206..7fdf2e0ed0f3ed99a6672f527d38dda0ce5ef8bb 100644
|
||
|
|
--- a/ipaserver/install/dogtaginstance.py
|
||
|
|
+++ b/ipaserver/install/dogtaginstance.py
|
||
|
|
@@ -184,7 +184,7 @@ class DogtagInstance(service.Service):
|
||
|
|
['pki-server', 'subsystem-show', self.subsystem.lower()],
|
||
|
|
capture_output=True)
|
||
|
|
# parse the command output
|
||
|
|
- return 'Enabled: True' in result.output
|
||
|
|
+ return 'Enabled: ' in result.output
|
||
|
|
except ipautil.CalledProcessError:
|
||
|
|
return False
|
||
|
|
|
||
|
|
--
|
||
|
|
2.41.0
|
||
|
|
|