[ipa] Collect 'getcert list' only if service certmonger is running

During collection of 'getcert list' is started certmonger service.
That is not wanted behavior, as result should be 'getcert list'
collected only if certmonger is running.

Resolves: #1920

Signed-off-by: Jan Jansky <jjansky@redhat.com>
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>

1 files changed, 6 insertions, 2 deletions

diff --git a/sos/plugins/ipa.py b/sos/plugins/ipa.py
index d3454de9..273d8509 100644
--- a/sos/plugins/ipa.py
+++ b/sos/plugins/ipa.py
@@ -8,7 +8,7 @@
 #
 # See the LICENSE file in the source distribution for further information.
 
-from sos.plugins import Plugin, RedHatPlugin
+from sos.plugins import Plugin, RedHatPlugin, SoSPredicate
 from glob import glob
 from os.path import exists
 
@@ -152,7 +152,6 @@ class Ipa(Plugin, RedHatPlugin):
 
         self.add_cmd_output([
             "ls -la /etc/dirsrv/slapd-*/schema/",
-            "getcert list",
             "certutil -L -d /etc/httpd/alias/",
             "pki-server cert-find --show-all",
             "pki-server subsystem-cert-validate ca",
@@ -161,6 +160,11 @@ class Ipa(Plugin, RedHatPlugin):
             "klist -ket /var/lib/ipa/gssproxy/http.keytab"
         ])
 
+        getcert_pred = SoSPredicate(self,
+                                    services=['certmonger'])
+
+        self.add_cmd_output("getcert list", pred=getcert_pred)
+
         for certdb_directory in glob("/etc/dirsrv/slapd-*/"):
             self.add_cmd_output("certutil -L -d %s" % certdb_directory)
         return