Please review the attached patch which addresses the following bug:
* Bugzilla Bug #1454603 - Unable to install IPA server due to pkispawn
error <https://bugzilla.redhat.com/show_bug.cgi?id=1454603>
It was given a quick smoke test to determine if it eliminated the Python
KeyError of 'pki_fips_mode_enabled' not being set which previously
occurred whenever 'pki_restart_configured_instance' had been overridden
to be False (which it is on certain FreeIPA deployments).
From 3249ddc2c19f6f5ded11823b345c9c58bae4750b Mon Sep 17 00:00:00 2001
From: Matthew Harmsen <mharm...@redhat.com>
Date: Tue, 23 May 2017 11:46:41 -0600
Subject: [PATCH] Always check FIPS mode at installation time
- Bugzilla Bug #1454603 - Unable to install IPA server due to pkispawn error
---
base/server/python/pki/server/deployment/scriptlets/initialization.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/base/server/python/pki/server/deployment/scriptlets/initialization.py b/base/server/python/pki/server/deployment/scriptlets/initialization.py
index 0e31543..4dc4e9a 100644
--- a/base/server/python/pki/server/deployment/scriptlets/initialization.py
+++ b/base/server/python/pki/server/deployment/scriptlets/initialization.py
@@ -42,6 +42,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
# ALWAYS establish 'uid' and 'gid'
deployer.identity.set_uid(deployer.mdict['pki_user'])
deployer.identity.set_gid(deployer.mdict['pki_group'])
+ # ALWAYS check FIPS mode
+ deployer.fips.is_fips_enabled()
# ALWAYS initialize HSMs (when and if present)
deployer.hsm.initialize()
if config.str2bool(deployer.mdict['pki_skip_installation']):
--
1.8.3.1
_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel