URL:
https://github.com/freeipa/freeipa/pull/5290
Author: flo-renaud
Title: #5290: Improve PKI subsystem detection
Action: opened
PR body:
"""
### Improve PKI subsystem detection
The dogtaginstance.is_installed() method currently relies on
the presence of the directory /var/lib/pki/pki-tomcat/{ca|kra},
even if it is empty.
An unwanted consequence is ipa-server-upgrade wrongly assuming the KRA
is installed and crashing when trying to upgrade a not-installed
component.
The fix relies on the command "pki-server subsystem-show {ca|kra}" to
detect if a subsystem is installed. The command does not require PKI
to be running (hence can be called anytime) and is delivered by
the pki-server package which is already required by ipa server pkg.
Fixes:
https://pagure.io/freeipa/issue/8596
### ipatests: add test for PKI subsystem detection
Add a new upgrade test. Scenario:
- create an empty /var/lib/pki/pki-tomcat/kra directory
- call ipa-server-upgrade
With issue 8596, the upgrade fails because it assumes KRA is
installed. With the fix, ipa-server-upgrade completes successfully.
Related:
https://pagure.io/freeipa/issue/8596
"""
To pull the PR as Git branch:
git remote add ghfreeipa
https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5290/head:pr5290
git checkout pr5290