Refactor PKIDeployer.setup_security_domain()

The code that configures the security domain type and name
in PKIDeployer.setup_security_domain() has been moved into
setup_security_domain_manager().

base/server/python/pki/server/deployment/__init__.py

@@ -2469,50 +2469,44 @@ def setup_security_domain(self, subsystem):
 
         if self.mdict['pki_security_domain_type'] == 'existing':
 
-            logger.info('Joining existing domain')
+            sd_url = self.mdict['pki_security_domain_uri']
+            logger.info('Joining security domain at %s', sd_url)
 
             self.join_security_domain()
 
-            sd_type = 'existing'
-            sd_name = self.domain_info.id
             sd_hostname = self.sd_host.Hostname
             sd_port = self.sd_host.Port
             sd_secure_port = self.sd_host.SecurePort
 
-        elif config.str2bool(self.mdict['pki_subordinate']) and \
-                config.str2bool(self.mdict['pki_subordinate_create_new_security_domain']):
+        else:  # self.mdict['pki_security_domain_type'] == 'new'
 
-            logger.info('Creating new subordinate security domain')
+            if config.str2bool(self.mdict['pki_subordinate']) and \
+                    config.str2bool(self.mdict['pki_subordinate_create_new_security_domain']):
 
-            self.join_security_domain()
+                logger.info('Creating new subordinate security domain')
 
-            sd_type = 'new'
-            sd_name = self.mdict['pki_subordinate_security_domain_name']
-            sd_hostname = self.mdict['pki_hostname']
-            sd_port = unsecurePort
-            sd_secure_port = securePort
+                self.join_security_domain()
 
-        else:
+                sd_hostname = self.mdict['pki_hostname']
+                sd_port = unsecurePort
+                sd_secure_port = securePort
 
-            logger.info('Creating new security domain')
+            else:
+
+                logger.info('Creating new security domain')
 
-            sd_type = 'new'
-            sd_name = self.mdict['pki_security_domain_name']
-            sd_hostname = self.mdict['pki_hostname']
-            sd_port = unsecurePort
-            sd_secure_port = securePort
+                sd_hostname = self.mdict['pki_hostname']
+                sd_port = unsecurePort
+                sd_secure_port = securePort
 
         subsystem.configure_security_domain(
-            sd_type,
-            sd_name,
             sd_hostname,
             sd_port,
             sd_secure_port)
 
     def setup_security_domain_manager(self, subsystem):
 
         clone = self.configuration_file.clone
-        sd_name = subsystem.config['securitydomain.name']
 
         server_config = self.instance.get_server_config()
         unsecurePort = server_config.get_unsecure_port()
@@ -2543,6 +2537,10 @@ def setup_security_domain_manager(self, subsystem):
 
             sd_url = self.mdict['pki_security_domain_uri']
             logger.info('Joining security domain at %s', sd_url)
+
+            subsystem.config['securitydomain.select'] = 'existing'
+            subsystem.config['securitydomain.name'] = self.domain_info.id
+
             subsystem.join_security_domain(
                 sd_url,
                 self.mdict['pki_subsystem_name'],
@@ -2553,8 +2551,21 @@ def setup_security_domain_manager(self, subsystem):
                 clone=clone,
                 session_id=self.install_token.token)
 
-        else:
-            logger.info('Creating security domain')
+        else:  # self.mdict['pki_security_domain_type'] == 'new'
+
+            if config.str2bool(self.mdict['pki_subordinate']) and \
+                    config.str2bool(self.mdict['pki_subordinate_create_new_security_domain']):
+
+                logger.info('Creating new subordinate security domain')
+                sd_name = self.mdict['pki_subordinate_security_domain_name']
+
+            else:
+                logger.info('Creating new security domain')
+                sd_name = self.mdict['pki_security_domain_name']
+
+            subsystem.config['securitydomain.select'] = 'new'
+            subsystem.config['securitydomain.name'] = sd_name
+
             subsystem.create_security_domain(name=sd_name)
 
             logger.info('Adding security domain manager')

base/server/python/pki/server/deployment/scriptlets/configuration.py

@@ -195,16 +195,16 @@ def spawn(self, deployer):
             logger.info('Setting up subsystem user')
             deployer.setup_subsystem_user(subsystem, system_certs['subsystem'])
 
+        if config.str2bool(deployer.mdict['pki_security_domain_setup']):
+            deployer.setup_security_domain_manager(subsystem)
+
         if config.str2bool(deployer.mdict['pki_admin_setup']) and not clone:
             logger.info('Setting up admin cert')
             admin_cert = deployer.setup_admin_cert(subsystem)
 
             logger.info('Setting up admin user')
             deployer.setup_admin_user(subsystem, admin_cert)
 
-        if config.str2bool(deployer.mdict['pki_security_domain_setup']):
-            deployer.setup_security_domain_manager(subsystem)
-
         if not config.str2bool(deployer.mdict['pki_share_db']) and not clone:
             logger.info('Setting up database user')
             deployer.setup_database_user(subsystem)

base/server/python/pki/server/subsystem.py

@@ -1437,14 +1437,10 @@ def import_master_config(self, properties):
 
     def configure_security_domain(
             self,
-            sd_type,
-            name,
             hostname,
             port,
             secure_port):
 
-        self.config['securitydomain.select'] = sd_type
-        self.config['securitydomain.name'] = name
         self.config['securitydomain.host'] = hostname
         self.config['securitydomain.httpport'] = port
         self.config['securitydomain.httpsadminport'] = secure_port