From 22a90c2508a13068fa3d8ce4d8cf6f0d26bc870d Mon Sep 17 00:00:00 2001
From: Grzegorz Grasza <xek@redhat.com>
Date: Tue, 4 Dec 2018 16:54:33 +0100
Subject: [PATCH] Workaround
 https://bugzilla.redhat.com/show_bug.cgi?id=1624606

This is a workaround for a nss-3.40/certmonger/389-ds/p11-proxy
issue in Fedora.

Change-Id: I3ff7324d4878b64c2e2af75b3a465710a33655b5
---
 roles/configure-freeipa/tasks/main.yaml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/roles/configure-freeipa/tasks/main.yaml b/roles/configure-freeipa/tasks/main.yaml
index ad22966..b2fe7f9 100644
--- a/roles/configure-freeipa/tasks/main.yaml
+++ b/roles/configure-freeipa/tasks/main.yaml
@@ -51,6 +51,19 @@
     state: stopped
   become: true
 
+- name: Workaround https://bugzilla.redhat.com/show_bug.cgi?id=1624606
+  file:
+    path: /etc/crypto-policies/local.d/nss-p11-kit.config
+    state: absent
+  register: nss_policy_workaround
+  ignore_errors: yes
+  become: true
+
+- name: Update crypto policies
+  command: update-crypto-policies
+  become: true
+  when: nss_policy_workaround.changed
+
 - name: Configure FreeIPA
   command: >
     ipa-server-install -U -r EXAMPLE.TEST