URL: https://github.com/freeipa/freeipa/pull/5167 Author: tiran Title: #5167: Speed up PKI installer steps Action: opened PR body: """ ## Skip duplicate import of cert profiles All supported Dogtag versions import the cert profiles during pkispawn when using the LDAP profile backend. This reduces the installation time by 9 to 14 seconds ## Dogtag: Remove set_audit_renewal step The step set_audit_renewal modifies Dogtag's caSignedLogCert.cfg to bump renewal to 2 years. The problem was fixed in Dogtag upstream in 2012 before Dogtag 10.0 came out, see https://github.com/dogtagpki/pki/commit/f5b8ea5b087f642a0208c228dce6f700c... The update step would also no longer work. Profiles have been migrated to LDAP several FreeIPA releases ago. pkispawn populates LDAP with all of Dogtag's default profiles. FreeIPA does not overwrite any existing profiles. Win: 11 to 50 seconds ## Spawn PKI: Execute more steps early Move several steps to an earlier phase of CA spawn. RA and ACME agent ACLs are now configured while the server is down. This avoids yet another restart and saves between 11 and 50 seconds per installation. Total: ~30s to ~90s Related: https://pagure.io/freeipa/issue/8521 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5167/head:pr5167 git checkout pr5167