Fixed missing sslserver and subsystem certs

When installing an additional subsystem into an instance, the deployment scriptlet has been modified to copy the cert and request data for sslserver and subsystem certs from the existing subsystem. https://bugzilla.redhat.com/show_bug.cgi?id=1869893
dogtagpki · Aug 27, 2020 · 7abe19e · 7abe19e
1 parent bed231d
commit 7abe19e
Showing 1 changed file with 30 additions and 0 deletions.
diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py
@@ -568,6 +568,7 @@ def spawn(self, deployer):
         instance = self.instance
         instance.load()
 
+        subsystems = instance.get_subsystems()
         subsystem = instance.get_subsystem(deployer.mdict['pki_subsystem'].lower())
 
         # configure internal database
@@ -654,6 +655,35 @@ def spawn(self, deployer):
 
                 self.validate_system_certs(deployer, nssdb, subsystem)
 
+            elif len(subsystems) > 1:
+
+                for s in subsystems:
+
+                    # find a subsystem that is already installed
+                    if s.name == subsystem.name:
+                        continue
+
+                    # import cert/request data from the existing subsystem
+                    # into the new subsystem being installed
+
+                    logger.info('Importing sslserver cert data from %s', s.type)
+                    subsystem.config['%s.sslserver.cert' % subsystem.name] = \
+                        s.config['%s.sslserver.cert' % s.name]
+
+                    logger.info('Importing subsystem cert data from %s', s.type)
+                    subsystem.config['%s.subsystem.cert' % subsystem.name] = \
+                        s.config['%s.subsystem.cert' % s.name]
+
+                    logger.info('Importing sslserver request data from %s', s.type)
+                    subsystem.config['%s.sslserver.certreq' % subsystem.name] = \
+                        s.config['%s.sslserver.certreq' % s.name]
+
+                    logger.info('Importing subsystem request data from %s', s.type)
+                    subsystem.config['%s.subsystem.certreq' % subsystem.name] = \
+                        s.config['%s.subsystem.certreq' % s.name]
+
+                    break
+
             else:  # self-signed CA
 
                 # To be implemented in ticket #1692.