URL:
https://github.com/freeipa/freeipa/pull/5167
Author: tiran
Title: #5167: Speed up PKI installer steps
Action: opened
PR body:
"""
## Skip duplicate import of cert profiles
All supported Dogtag versions import the cert profiles during pkispawn
when using the LDAP profile backend.
This reduces the installation time by 9 to 14 seconds
## Dogtag: Remove set_audit_renewal step
The step set_audit_renewal modifies Dogtag's caSignedLogCert.cfg to bump
renewal to 2 years. The problem was fixed in Dogtag upstream in 2012 before
Dogtag 10.0 came out, see
https://github.com/dogtagpki/pki/commit/f5b8ea5b087f642a0208c228dce6f700c...
The update step would also no longer work. Profiles have been migrated
to LDAP several FreeIPA releases ago. pkispawn populates LDAP with all
of Dogtag's default profiles. FreeIPA does not overwrite any existing
profiles.
Win: 11 to 50 seconds
## Spawn PKI: Execute more steps early
Move several steps to an earlier phase of CA spawn. RA and ACME agent
ACLs are now configured while the server is down. This avoids yet
another restart and saves between 11 and 50 seconds per installation.
Total: ~30s to ~90s
Related:
https://pagure.io/freeipa/issue/8521
"""
To pull the PR as Git branch:
git remote add ghfreeipa
https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5167/head:pr5167
git checkout pr5167