What were you trying to do that didn't work?

Installing an IPA server against a slow HSM may cause installation to fail with:

  [21/32]: configure certificate renewals
  [error] DBusException: org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.

How reproducible is this bug?:

It depends on the speed of the HSM. certmonger needs to access the token to verify that the requested certificate is available. There is a very short 5 second timeout on this operation.

Here is a candidate fix. I don't think this needs to be user-configurable.

--- /tmp/certmonger.py  2025-01-02 15:22:13.354386507 -0500
+++ /usr/lib/python3.9/site-packages/ipalib/install/certmonger.py       2025-01-02 15:22:42.319386507 -0500
@@ -477,7 +477,7 @@
         request_parameters['cert-perms'] = perms[0]
         request_parameters['key-perms'] = perms[1]
 
-    result = cm.obj_if.add_request(request_parameters)
+    result = cm.obj_if.add_request(request_parameters, timeout=30)
     try:
         if result[0]:
             request = _cm_dbus_object(cm.bus, cm, result[1], DBUS_CM_REQUEST_IF,
@@ -581,7 +581,7 @@
     if nss_user:
         params['nss-user'] = nss_user
 
-    result = cm.obj_if.add_request(params)
+    result = cm.obj_if.add_request(params, timeout=30)
     try:
         if result[0]:
             request = _cm_dbus_object(cm.bus, cm, result[1], DBUS_CM_REQUEST_IF,