From f45e1549f9a492224564accf09cce0c7a7826541 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Wed, 10 Feb 2021 15:49:12 -0500
Subject: [PATCH] Remove the option stop_certmonger from stop_tracking_*

This option was inconsistent between invocations and there is
no need to stop certmonger after stopping tracking. It was also
apparently causing dbus timeout errors, probably due to the amount
of work that certmonger does at startup.

https://pagure.io/freeipa/issue/8506
https://pagure.io/freeipa/issue/8533

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
---
 ipaserver/install/ca.py             | 2 +-
 ipaserver/install/cainstance.py     | 7 ++-----
 ipaserver/install/dogtaginstance.py | 5 +----
 ipaserver/install/server/upgrade.py | 6 +++---
 4 files changed, 7 insertions(+), 13 deletions(-)

diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py
index 53249b498cc..8fb5e3ec91e 100644
--- a/ipaserver/install/ca.py
+++ b/ipaserver/install/ca.py
@@ -425,7 +425,7 @@ def install_step_1(standalone, replica_config, options, custodia):
 
 def uninstall():
     ca_instance = cainstance.CAInstance(api.env.realm)
-    ca_instance.stop_tracking_certificates(stop_certmonger=False)
+    ca_instance.stop_tracking_certificates()
     ipautil.remove_file(paths.RA_AGENT_PEM)
     ipautil.remove_file(paths.RA_AGENT_KEY)
     if ca_instance.is_configured():
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index b4277477f71..0ee647fd57f 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -1075,13 +1075,13 @@ def configure_agent_renewal():
             logger.error(
                 "certmonger failed to start tracking certificate: %s", e)
 
-    def stop_tracking_certificates(self, stop_certmonger=True):
+    def stop_tracking_certificates(self):
         """
         Stop tracking our certificates. Called on uninstall.  Also called
         during upgrade to fix discrepancies.
 
         """
-        super(CAInstance, self).stop_tracking_certificates(False)
+        super(CAInstance, self).stop_tracking_certificates()
 
         # stop tracking lightweight CA signing certs
         for request_id in certmonger.get_requests_for_dir(self.nss_db):
@@ -1095,9 +1095,6 @@ def stop_tracking_certificates(self, stop_certmonger=True):
             logger.error(
                 "certmonger failed to stop tracking certificate: %s", e)
 
-        if stop_certmonger:
-            services.knownservices.certmonger.stop()
-
     def is_renewal_master(self, fqdn=None):
         if fqdn is None:
             fqdn = api.env.host
diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py
index 7f2a4a32e41..1169c448ff4 100644
--- a/ipaserver/install/dogtaginstance.py
+++ b/ipaserver/install/dogtaginstance.py
@@ -453,7 +453,7 @@ def configure_renewal(self):
                 logger.error(
                     "certmonger failed to start tracking certificate: %s", e)
 
-    def stop_tracking_certificates(self, stop_certmonger=True):
+    def stop_tracking_certificates(self):
         """
         Stop tracking our certificates. Called on uninstall.  Also called
         during upgrade to fix discrepancies.
@@ -477,9 +477,6 @@ def stop_tracking_certificates(self, stop_certmonger=True):
                 logger.error(
                     "certmonger failed to stop tracking certificate: %s", e)
 
-        if stop_certmonger:
-            cmonger.stop()
-
     def update_cert_cs_cfg(self, directive, cert):
         """
         When renewing a Dogtag subsystem certificate the configuration file
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index a5f96c8e163..e605240848a 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -648,9 +648,9 @@ def certificate_renewal_update(ca, kra, ds, http):
 
     # Ok, now we need to stop tracking, then we can start tracking them
     # again with new configuration:
-    ca.stop_tracking_certificates(stop_certmonger=False)
+    ca.stop_tracking_certificates()
     if kra.is_installed():
-        kra.stop_tracking_certificates(stop_certmonger=False)
+        kra.stop_tracking_certificates()
     ds.stop_tracking_certificates(serverid)
     http.stop_tracking_certificates()
 
@@ -920,7 +920,7 @@ def uninstall_dogtag_9(ds, http):
     ca = dogtaginstance.DogtagInstance(
         api.env.realm, "CA", "certificate server",
         nss_db=paths.VAR_LIB_PKI_CA_ALIAS_DIR)
-    ca.stop_tracking_certificates(False)
+    ca.stop_tracking_certificates()
 
     if serverid is not None:
         # drop the trailing / off the config_dirname so the directory