Add PKIDeployer.update_sslserver_cert_nickname()

The code that updates the SSL server cert nickname has been
moved into PKIDeployer.update_sslserver_cert_nickname().

base/server/python/pki/server/deployment/__init__.py

@@ -2153,11 +2153,6 @@ def import_system_certs(self, nssdb, subsystem):
             self.import_system_cert(nssdb, subsystem, 'signing')
             self.import_admin_cert()
 
-        sslserver = subsystem.get_subsystem_cert('sslserver')
-        nickname = sslserver['nickname']
-        token = sslserver['token']
-        subsystem.instance.set_sslserver_cert_nickname(nickname, token)
-
         self.import_system_cert(nssdb, subsystem, 'sslserver')
         self.import_system_cert(nssdb, subsystem, 'subsystem')
         self.import_system_cert(nssdb, subsystem, 'audit_signing', ',,P')
@@ -2954,7 +2949,7 @@ def create_cert_request(self, nssdb, tag, request):
         finally:
             shutil.rmtree(tmpdir)
 
-    def create_temp_sslserver_cert(self, instance):
+    def create_temp_sslserver_cert(self):
 
         hostname = self.mdict['pki_hostname']
 
@@ -2971,10 +2966,10 @@ def create_temp_sslserver_cert(self, instance):
         validity = self.mdict.get('pki_self_signed_validity_period')
         trust_attributes = self.mdict.get('pki_self_signed_trustargs')
 
-        instance.set_sslserver_cert_nickname(nickname)
+        self.instance.set_sslserver_cert_nickname(nickname)
 
         tmpdir = tempfile.mkdtemp()
-        nssdb = instance.open_nssdb(
+        nssdb = self.instance.open_nssdb(
             user=self.mdict['pki_user'],
             group=self.mdict['pki_group']
         )
@@ -3040,12 +3035,12 @@ def create_temp_sslserver_cert(self, instance):
             nssdb.close()
             shutil.rmtree(tmpdir)
 
-    def remove_temp_sslserver_cert(self, instance):
+    def remove_temp_sslserver_cert(self):
 
         nickname = self.mdict['pki_self_signed_nickname']
         logger.info('Removing temp SSL server cert: %s', nickname)
 
-        nssdb = instance.open_nssdb(
+        nssdb = self.instance.open_nssdb(
             user=self.mdict['pki_user'],
             group=self.mdict['pki_group']
         )
@@ -3057,6 +3052,13 @@ def remove_temp_sslserver_cert(self, instance):
         finally:
             nssdb.close()
 
+    def update_sslserver_cert_nickname(self, subsystem):
+
+        sslserver = subsystem.get_subsystem_cert('sslserver')
+        nickname = sslserver['nickname']
+        token = sslserver['token']
+        self.instance.set_sslserver_cert_nickname(nickname, token)
+
     def create_cert(self, subsystem, tag, request):
 
         cert_id_generator = subsystem.config.get('dbs.cert.id.generator', 'legacy')

base/server/python/pki/server/deployment/scriptlets/configuration.py

@@ -69,6 +69,8 @@ def spawn(self, deployer):
             deployer.update_system_certs(nssdb, subsystem)
             subsystem.save()
 
+            deployer.update_sslserver_cert_nickname(subsystem)
+
             if len(subsystems) > 1:
 
                 for s in subsystems:
@@ -185,7 +187,7 @@ def spawn(self, deployer):
 
             if using_legacy_id_generator:
                 logger.info('Creating temporary SSL server cert')
-                deployer.create_temp_sslserver_cert(instance)
+                deployer.create_temp_sslserver_cert()
 
                 logger.info('Starting PKI server')
                 instance.start(
@@ -252,7 +254,7 @@ def spawn(self, deployer):
                     timeout=deployer.request_timeout)
 
                 # Remove temp SSL server cert.
-                deployer.remove_temp_sslserver_cert(instance)
+                deployer.remove_temp_sslserver_cert()
 
             # Store perm SSL server cert nickname and token
             nickname = system_certs['sslserver']['nickname']