Fix pki_ds_setup param

pkispawn has been updated to set up the internal database only
if the pki_ds_setup param is set to True.

base/server/python/pki/server/deployment/__init__.py

@@ -209,7 +209,10 @@ def ds_init(self):
 
         if ds_url is None:
 
-            ds_hostname = self.mdict['pki_ds_hostname']
+            ds_hostname = self.mdict.get('pki_ds_hostname')
+
+            if not ds_hostname:
+                return
 
             if config.str2bool(self.mdict['pki_ds_secure_connection']):
                 ds_protocol = 'ldaps'
@@ -1482,9 +1485,8 @@ def configure_tps(self, subsystem):
                 'op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.scheme',
                 'GenerateNewKey')
 
-    def configure_subsystem(self, subsystem):
+    def configure_internal_database(self, subsystem):
 
-        # configure internal database
         if self.ds_url.scheme == 'ldaps':
             subsystem.set_config('internaldb.ldapconn.secureConn', 'true')
 
@@ -1501,6 +1503,8 @@ def configure_subsystem(self, subsystem):
         subsystem.set_config('internaldb.basedn', self.mdict['pki_ds_base_dn'])
         subsystem.set_config('internaldb.database', self.mdict['pki_ds_database'])
 
+    def configure_subsystem(self, subsystem):
+
         if subsystem.type == 'CA':
             self.configure_ca(subsystem)
 

base/server/python/pki/server/deployment/scriptlets/configuration.py

@@ -52,6 +52,9 @@ def spawn(self, deployer):
 
         subsystem = instance.get_subsystem(deployer.subsystem_type.lower())
 
+        if deployer.ds_url:
+            deployer.configure_internal_database(subsystem)
+
         deployer.configure_subsystem(subsystem)
         subsystem.save()
 

base/server/python/pki/server/deployment/scriptlets/initialization.py

@@ -156,8 +156,10 @@ def spawn(self, deployer):
         # verify selinux context of selected ports
         deployer.configuration_file.populate_non_default_ports()
         deployer.configuration_file.verify_selinux_ports()
-        # If secure DS connection is required, verify parameters
-        deployer.configuration_file.verify_ds_secure_connection_data()
+
+        if config.str2bool(deployer.mdict['pki_ds_setup']):
+            # if secure DS connection is required, verify parameters
+            deployer.configuration_file.verify_ds_secure_connection_data()
 
     def destroy(self, deployer):
 

base/server/python/pki/server/deployment/scriptlets/security_databases.py

@@ -39,5 +39,8 @@ def spawn(self, deployer):
         deployer.import_server_pkcs12()
         deployer.import_clone_pkcs12()
         deployer.install_cert_chain()
-        deployer.import_ds_ca_cert()
+
+        if config.str2bool(deployer.mdict['pki_ds_setup']):
+            deployer.import_ds_ca_cert()
+
         deployer.init_client_nssdb()

base/server/python/pki/server/pkispawn.py

@@ -584,7 +584,8 @@ def main(argv):
 
     if not interactive and \
             not config.str2bool(parser.mdict['pki_skip_configuration']):
-        check_ds()
+        if config.str2bool(parser.mdict['pki_ds_setup']):
+            check_ds()
         if config.str2bool(parser.mdict['pki_security_domain_setup']):
             check_security_domain()