summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEndi S. Dewata <edewata@redhat.com>2016-03-30 17:23:06 +0200
committerEndi S. Dewata <edewata@redhat.com>2016-04-02 08:24:57 +0200
commit7ea76edd0bf1af7607cae13c6ce6d60675c361a4 (patch)
tree51b31628005f843f4d1575dbeef00b7b070f4232
parent1bbb28fb2f0cbc023b7182d42b3def0891d34b47 (diff)
downloadpki-branch-10.2.7-dev1.tar.gz
pki-branch-10.2.7-dev1.tar.xz
pki-branch-10.2.7-dev1.zip
Fixed KRA install problem.branch-10.2.7-dev1
Currently when installing an additional subsystem to an existing instance the install tool always generates a new random password in the pki_pin property which would not work with the existing NSS database. The code has been modified to load the existing NSS database password from the instance if the instance already exists. The PKIInstance class has been modified to allow loading partially created instance to help the installation. https://fedorahosted.org/pki/ticket/2247
-rw-r--r--base/server/python/pki/server/__init__.py54
-rw-r--r--base/server/python/pki/server/deployment/pkiparser.py18
2 files changed, 44 insertions, 28 deletions
diff --git a/base/server/python/pki/server/__init__.py b/base/server/python/pki/server/__init__.py
index 27746cf25..ee237b673 100644
--- a/base/server/python/pki/server/__init__.py
+++ b/base/server/python/pki/server/__init__.py
@@ -425,42 +425,46 @@ class PKIInstance(object):
def load(self):
# load UID and GID
- with open(self.registry_file, 'r') as registry:
- lines = registry.readlines()
+ if os.path.exists(self.registry_file):
- for line in lines:
+ with open(self.registry_file, 'r') as registry:
+ lines = registry.readlines()
- m = re.search('^PKI_USER=(.*)$', line)
- if m:
- self.user = m.group(1)
- self.uid = pwd.getpwnam(self.user).pw_uid
+ for line in lines:
+ m = re.search('^PKI_USER=(.*)$', line)
+ if m:
+ self.user = m.group(1)
+ self.uid = pwd.getpwnam(self.user).pw_uid
- m = re.search('^PKI_GROUP=(.*)$', line)
- if m:
- self.group = m.group(1)
- self.gid = grp.getgrnam(self.group).gr_gid
+ m = re.search('^PKI_GROUP=(.*)$', line)
+ if m:
+ self.group = m.group(1)
+ self.gid = grp.getgrnam(self.group).gr_gid
# load passwords
self.passwords.clear()
- lines = open(self.password_conf).read().splitlines()
+ if os.path.exists(self.password_conf):
- for line in lines:
- parts = line.split('=', 1)
- name = parts[0]
- value = parts[1]
- self.passwords[name] = value
+ lines = open(self.password_conf).read().splitlines()
+
+ for line in lines:
+ parts = line.split('=', 1)
+ name = parts[0]
+ value = parts[1]
+ self.passwords[name] = value
self.load_external_certs(self.external_certs_conf)
# load subsystems
- for subsystem_name in os.listdir(self.registry_dir):
- if subsystem_name in SUBSYSTEM_TYPES:
- if subsystem_name in SUBSYSTEM_CLASSES:
- subsystem = SUBSYSTEM_CLASSES[subsystem_name](self)
- else:
- subsystem = PKISubsystem(self, subsystem_name)
- subsystem.load()
- self.subsystems.append(subsystem)
+ if os.path.exists(self.registry_dir):
+ for subsystem_name in os.listdir(self.registry_dir):
+ if subsystem_name in SUBSYSTEM_TYPES:
+ if subsystem_name in SUBSYSTEM_CLASSES:
+ subsystem = SUBSYSTEM_CLASSES[subsystem_name](self)
+ else:
+ subsystem = PKISubsystem(self, subsystem_name)
+ subsystem.load()
+ self.subsystems.append(subsystem)
def load_external_certs(self, conf_file):
self.external_certs = PKIInstance.read_external_certs(conf_file)
diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py
index 7749c5888..31d93d0f6 100644
--- a/base/server/python/pki/server/deployment/pkiparser.py
+++ b/base/server/python/pki/server/deployment/pkiparser.py
@@ -571,9 +571,21 @@ class PKIConfigParser:
pin_low = 100000000000
pin_high = 999999999999
- # use user-provided PIN if specified
- if 'pki_pin' not in self.mdict:
- # otherwise generate a random password
+ instance = pki.server.PKIInstance(self.mdict['pki_instance_name'])
+ instance.load()
+
+ internal_password = self.mdict['pki_self_signed_token']
+
+ # if instance already exists and has password, reuse the password
+ if internal_password in instance.passwords:
+ self.mdict['pki_pin'] = instance.passwords.get(internal_password)
+
+ # otherwise, use user-provided password if specified
+ elif 'pki_pin' in self.mdict:
+ pass
+
+ # otherwise, generate a random password
+ else:
self.mdict['pki_pin'] = \
random.randint(pin_low, pin_high)