summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthew Harmsen <mharmsen@redhat.com>2012-10-29 22:08:00 -0700
committerAde Lee <alee@redhat.com>2012-10-30 10:56:06 -0400
commita957a3d2960d6ae39a7785cccb0656d5ac230701 (patch)
treeccf5f8acd7af2320cafca4d620ace4cf7d4b1cfa
parent1485a05654211eec7935441b468769298782df6e (diff)
downloadpki-a957a3d2960d6ae39a7785cccb0656d5ac230701.tar.gz
pki-a957a3d2960d6ae39a7785cccb0656d5ac230701.tar.xz
pki-a957a3d2960d6ae39a7785cccb0656d5ac230701.zip
Allow a PKI instance to be installed/configured independently
* TRAC Ticket #286 - Dogtag 10: Create parameter for optionally allowing a user to skip configuration . . .
-rw-r--r--base/deploy/config/pkideployment.cfg2
-rw-r--r--base/deploy/src/scriptlets/configuration.py4
-rw-r--r--base/deploy/src/scriptlets/finalization.py12
-rw-r--r--base/deploy/src/scriptlets/infrastructure_layout.py4
-rw-r--r--base/deploy/src/scriptlets/initialization.py4
-rw-r--r--base/deploy/src/scriptlets/instance_layout.py4
-rw-r--r--base/deploy/src/scriptlets/pkihelper.py19
-rw-r--r--base/deploy/src/scriptlets/pkimessages.py20
-rw-r--r--base/deploy/src/scriptlets/pkiparser.py30
-rw-r--r--base/deploy/src/scriptlets/security_databases.py4
-rw-r--r--base/deploy/src/scriptlets/selinux_setup.py10
-rw-r--r--base/deploy/src/scriptlets/slot_substitution.py4
-rw-r--r--base/deploy/src/scriptlets/subsystem_layout.py4
-rw-r--r--base/deploy/src/scriptlets/webapp_deployment.py5
14 files changed, 123 insertions, 3 deletions
diff --git a/base/deploy/config/pkideployment.cfg b/base/deploy/config/pkideployment.cfg
index 772d35f71..54840c8f3 100644
--- a/base/deploy/config/pkideployment.cfg
+++ b/base/deploy/config/pkideployment.cfg
@@ -63,6 +63,8 @@ pki_security_domain_hostname=
pki_security_domain_https_port=8443
pki_security_domain_name=
pki_security_domain_user=admin
+pki_skip_configuration=False
+pki_skip_installation=False
pki_ssl_server_key_algorithm=SHA256withRSA
pki_ssl_server_key_size=2048
pki_ssl_server_key_type=rsa
diff --git a/base/deploy/src/scriptlets/configuration.py b/base/deploy/src/scriptlets/configuration.py
index f7a9a66e6..6208db46a 100644
--- a/base/deploy/src/scriptlets/configuration.py
+++ b/base/deploy/src/scriptlets/configuration.py
@@ -33,6 +33,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
rv = 0
def spawn(self):
+ if config.str2bool(master['pki_skip_configuration']):
+ config.pki_log.info(log.SKIP_CONFIGURATION_SPAWN_1, __name__,
+ extra=config.PKI_INDENTATION_LEVEL_1)
+ return self.rv
config.pki_log.info(log.CONFIGURATION_SPAWN_1, __name__,
extra=config.PKI_INDENTATION_LEVEL_1)
if not config.pki_dry_run_flag:
diff --git a/base/deploy/src/scriptlets/finalization.py b/base/deploy/src/scriptlets/finalization.py
index 05fd47c63..f327ffb04 100644
--- a/base/deploy/src/scriptlets/finalization.py
+++ b/base/deploy/src/scriptlets/finalization.py
@@ -33,6 +33,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
rv = 0
def spawn(self):
+ if config.str2bool(master['pki_skip_installation']):
+ config.pki_log.info(log.SKIP_FINALIZATION_SPAWN_1, __name__,
+ extra=config.PKI_INDENTATION_LEVEL_1)
+ return self.rv
config.pki_log.info(log.FINALIZATION_SPAWN_1, __name__,
extra=config.PKI_INDENTATION_LEVEL_1)
# For debugging/auditing purposes, save a timestamped copy of
@@ -65,6 +69,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
if config.str2bool(master['pki_client_database_purge']):
if util.directory.exists(master['pki_client_dir']):
util.directory.delete(master['pki_client_dir'])
+ # If instance has not been configured, print the
+ # configuration URL to the log
+ if config.str2bool(master['pki_skip_configuration']):
+ util.configuration_file.log_configuration_url()
# Log final process messages
config.pki_log.info(log.PKISPAWN_END_MESSAGE_2,
master['pki_subsystem'],
@@ -72,6 +80,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
extra=config.PKI_INDENTATION_LEVEL_0)
if not config.pki_dry_run_flag:
util.file.modify(master['pki_spawn_log'], silent=True)
+ # If instance has not been configured, print the
+ # configuration URL to the screen
+ if config.str2bool(master['pki_skip_configuration']):
+ util.configuration_file.display_configuration_url()
return self.rv
def respawn(self):
diff --git a/base/deploy/src/scriptlets/infrastructure_layout.py b/base/deploy/src/scriptlets/infrastructure_layout.py
index 586cc88b7..3faa0b9b9 100644
--- a/base/deploy/src/scriptlets/infrastructure_layout.py
+++ b/base/deploy/src/scriptlets/infrastructure_layout.py
@@ -32,6 +32,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
rv = 0
def spawn(self):
+ if config.str2bool(master['pki_skip_installation']):
+ config.pki_log.info(log.SKIP_ADMIN_DOMAIN_SPAWN_1, __name__,
+ extra=config.PKI_INDENTATION_LEVEL_1)
+ return self.rv
config.pki_log.info(log.ADMIN_DOMAIN_SPAWN_1, __name__,
extra=config.PKI_INDENTATION_LEVEL_1)
# NOTE: It was determined that since the "pkidestroy" command
diff --git a/base/deploy/src/scriptlets/initialization.py b/base/deploy/src/scriptlets/initialization.py
index a5b09812f..6c41ef642 100644
--- a/base/deploy/src/scriptlets/initialization.py
+++ b/base/deploy/src/scriptlets/initialization.py
@@ -37,6 +37,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
master['pki_subsystem'],
master['pki_instance_id'],
extra=config.PKI_INDENTATION_LEVEL_0)
+ if config.str2bool(master['pki_skip_installation']):
+ config.pki_log.info(log.SKIP_INITIALIZATION_SPAWN_1, __name__,
+ extra=config.PKI_INDENTATION_LEVEL_1)
+ return self.rv
config.pki_log.info(log.INITIALIZATION_SPAWN_1, __name__,
extra=config.PKI_INDENTATION_LEVEL_1)
# verify that this type of "subsystem" does NOT yet
diff --git a/base/deploy/src/scriptlets/instance_layout.py b/base/deploy/src/scriptlets/instance_layout.py
index 2f79de83c..219f049c8 100644
--- a/base/deploy/src/scriptlets/instance_layout.py
+++ b/base/deploy/src/scriptlets/instance_layout.py
@@ -37,6 +37,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
rv = 0
def spawn(self):
+ if config.str2bool(master['pki_skip_installation']):
+ config.pki_log.info(log.SKIP_INSTANCE_SPAWN_1, __name__,
+ extra=config.PKI_INDENTATION_LEVEL_1)
+ return self.rv
config.pki_log.info(log.INSTANCE_SPAWN_1, __name__,
extra=config.PKI_INDENTATION_LEVEL_1)
# establish instance logs
diff --git a/base/deploy/src/scriptlets/pkihelper.py b/base/deploy/src/scriptlets/pkihelper.py
index 0ae6ba97e..ecc1df791 100644
--- a/base/deploy/src/scriptlets/pkihelper.py
+++ b/base/deploy/src/scriptlets/pkihelper.py
@@ -416,6 +416,25 @@ class namespace:
# PKI Deployment Configuration File Class
class configuration_file:
+ def log_configuration_url(self):
+ # NOTE: This is the one and only parameter containing a sensitive
+ # parameter that may be stored in a log file.
+ config.pki_log.info(log.PKI_CONFIGURATION_WIZARD_URL_1,
+ sensitive['pki_configuration_url'],
+ extra=config.PKI_INDENTATION_LEVEL_2)
+ config.pki_log.info(log.PKI_CONFIGURATION_WIZARD_RESTART_1,
+ master['pki_registry_initscript_command'],
+ extra=config.PKI_INDENTATION_LEVEL_2)
+
+ def display_configuration_url(self):
+ # NOTE: This is the one and only parameter containing a sensitive
+ # parameter that may be displayed to the screen.
+ print log.PKI_CONFIGURATION_URL_1 % sensitive['pki_configuration_url']
+ print
+ print log.PKI_CONFIGURATION_RESTART_1 %\
+ master['pki_registry_initscript_command']
+ print
+
def verify_sensitive_data(self):
# Silently verify the existence of 'sensitive' data
if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
diff --git a/base/deploy/src/scriptlets/pkimessages.py b/base/deploy/src/scriptlets/pkimessages.py
index 33dd311f5..cce2e8f0e 100644
--- a/base/deploy/src/scriptlets/pkimessages.py
+++ b/base/deploy/src/scriptlets/pkimessages.py
@@ -55,6 +55,12 @@ PKI_VERBOSITY=\
# PKI Deployment Error Messages
PKI_BADZIPFILE_ERROR_1 = "zipfile.BadZipFile: %s!"
+PKI_CONFIGURATION_RESTART_1 = "After configuration, the server can be "\
+ "operated by the command:\n\n%s"
+PKI_CONFIGURATION_URL_1 = "Please start the configuration by accessing:\n\n%s"
+PKI_CONFIGURATION_WIZARD_RESTART_1 = "After configuration, the server can be "\
+ "operated by the command:\n%s"
+PKI_CONFIGURATION_WIZARD_URL_1 = "Configuration Wizard listening on\n%s"
PKI_DIRECTORY_ALREADY_EXISTS_1 = "Directory '%s' already exists!"
PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1 = "Directory '%s' already "\
"exists BUT it is NOT a "\
@@ -329,6 +335,9 @@ RESIDUAL_SPAWN_1 = "populating '%s'"
SECURITY_DATABASES_DESTROY_1 = "removing '%s'"
SECURITY_DATABASES_RESPAWN_1 = "regenerating '%s'"
SECURITY_DATABASES_SPAWN_1 = "generating '%s'"
+SELINUX_DESTROY_1 = "depopulating '%s'"
+SELINUX_RESPAWN_1 = "repopulating '%s'"
+SELINUX_SPAWN_1 = "populating '%s'"
SLOT_ASSIGNMENT_DESTROY_1 = "unassigning slots for '%s'"
SLOT_ASSIGNMENT_RESPAWN_1 = "reassigning slots for '%s'"
SLOT_ASSIGNMENT_SPAWN_1 = "assigning slots for '%s'"
@@ -338,3 +347,14 @@ SUBSYSTEM_SPAWN_1 = "populating '%s'"
WEBAPP_DEPLOYMENT_DESTROY_1 = "removing '%s'"
WEBAPP_DEPLOYMENT_RESPAWN_1 = "redeploying '%s'"
WEBAPP_DEPLOYMENT_SPAWN_1 = "deploying '%s'"
+SKIP_ADMIN_DOMAIN_SPAWN_1 = "skip populating '%s'"
+SKIP_CONFIGURATION_SPAWN_1 = "skip configuring '%s'"
+SKIP_FINALIZATION_SPAWN_1 = "skip finalizing '%s'"
+SKIP_INITIALIZATION_SPAWN_1 = "skip initializing '%s'"
+SKIP_INSTANCE_SPAWN_1 = "skip populating '%s'"
+SKIP_RESIDUAL_SPAWN_1 = "skip populating '%s'"
+SKIP_SECURITY_DATABASES_SPAWN_1 = "skip generating '%s'"
+SKIP_SELINUX_SPAWN_1 = "skip populating '%s'"
+SKIP_SLOT_ASSIGNMENT_SPAWN_1 = "skip assigning slots for '%s'"
+SKIP_SUBSYSTEM_SPAWN_1 = "skip populating '%s'"
+SKIP_WEBAPP_DEPLOYMENT_SPAWN_1 = "skip deploying '%s'"
diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py
index cb419031f..d8fc6d98b 100644
--- a/base/deploy/src/scriptlets/pkiparser.py
+++ b/base/deploy/src/scriptlets/pkiparser.py
@@ -2266,6 +2266,36 @@ def compose_pki_master_dictionary():
config.pki_master_dict['pki_subsystem_archive_log_path'] + "/" +\
"respawn" + "_" + "manifest" + "." +\
config.pki_master_dict['pki_timestamp']
+ # Construct the configuration URL containing the one-time pin
+ # and add this to the "sensitive" key value pairs read in from
+ # the configuration file
+ #
+ # NOTE: This is the one and only parameter containing a sensitive
+ # parameter that may be stored in a log file and displayed
+ # to the screen.
+ #
+ config.pki_sensitive_dict['pki_configuration_url'] =\
+ "https://{}:{}/{}/{}?pin={}".format(
+ config.pki_master_dict['pki_hostname'],
+ config.pki_master_dict['pki_https_port'],
+ config.pki_master_dict['pki_subsystem'].lower(),
+ "admin/console/config/login",
+ config.pki_sensitive_dict['pki_one_time_pin'])
+ # Compose this "systemd" execution management command
+ if config.pki_master_dict['pki_subsystem'] in\
+ config.PKI_APACHE_SUBSYSTEMS:
+ config.pki_master_dict['pki_registry_initscript_command'] =\
+ "systemctl" + " " +\
+ "restart" + " " +\
+ "pki-apached" + "@" +\
+ config.pki_master_dict['pki_instance_id'] + "." + "service"
+ elif config.pki_master_dict['pki_subsystem'] in\
+ config.PKI_TOMCAT_SUBSYSTEMS:
+ config.pki_master_dict['pki_registry_initscript_command'] =\
+ "systemctl" + " " +\
+ "restart" + " " +\
+ "pki-tomcatd" + "@" +\
+ config.pki_master_dict['pki_instance_id'] + "." + "service"
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
diff --git a/base/deploy/src/scriptlets/security_databases.py b/base/deploy/src/scriptlets/security_databases.py
index 4b55cee14..e60c5f24d 100644
--- a/base/deploy/src/scriptlets/security_databases.py
+++ b/base/deploy/src/scriptlets/security_databases.py
@@ -33,6 +33,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
rv = 0
def spawn(self):
+ if config.str2bool(master['pki_skip_installation']):
+ config.pki_log.info(log.SKIP_SECURITY_DATABASES_SPAWN_1, __name__,
+ extra=config.PKI_INDENTATION_LEVEL_1)
+ return self.rv
config.pki_log.info(log.SECURITY_DATABASES_SPAWN_1, __name__,
extra=config.PKI_INDENTATION_LEVEL_1)
if not config.pki_dry_run_flag:
diff --git a/base/deploy/src/scriptlets/selinux_setup.py b/base/deploy/src/scriptlets/selinux_setup.py
index 0292081be..98bfcd48e 100644
--- a/base/deploy/src/scriptlets/selinux_setup.py
+++ b/base/deploy/src/scriptlets/selinux_setup.py
@@ -40,7 +40,11 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
selinux.restorecon(master['pki_instance_configuration_path'], True)
def spawn(self):
- config.pki_log.info(log.SUBSYSTEM_SPAWN_1, __name__,
+ if config.str2bool(master['pki_skip_installation']):
+ config.pki_log.info(log.SKIP_SELINUX_SPAWN_1, __name__,
+ extra=config.PKI_INDENTATION_LEVEL_1)
+ return self.rv
+ config.pki_log.info(log.SELINUX_SPAWN_1, __name__,
extra=config.PKI_INDENTATION_LEVEL_1)
# check first if any transactions are required
@@ -98,13 +102,13 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
return self.rv
def respawn(self):
- config.pki_log.info(log.SUBSYSTEM_RESPAWN_1, __name__,
+ config.pki_log.info(log.SELINUX_RESPAWN_1, __name__,
extra=config.PKI_INDENTATION_LEVEL_1)
self.restore_context()
return self.rv
def destroy(self):
- config.pki_log.info(log.SUBSYSTEM_DESTROY_1, __name__,
+ config.pki_log.info(log.SELINUX_DESTROY_1, __name__,
extra=config.PKI_INDENTATION_LEVEL_1)
# check first if any transactions are required
diff --git a/base/deploy/src/scriptlets/slot_substitution.py b/base/deploy/src/scriptlets/slot_substitution.py
index 39887611a..dcd367ac6 100644
--- a/base/deploy/src/scriptlets/slot_substitution.py
+++ b/base/deploy/src/scriptlets/slot_substitution.py
@@ -33,6 +33,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
rv = 0
def spawn(self):
+ if config.str2bool(master['pki_skip_installation']):
+ config.pki_log.info(log.SKIP_SLOT_ASSIGNMENT_SPAWN_1, __name__,
+ extra=config.PKI_INDENTATION_LEVEL_1)
+ return self.rv
config.pki_log.info(log.SLOT_ASSIGNMENT_SPAWN_1, __name__,
extra=config.PKI_INDENTATION_LEVEL_1)
util.file.copy_with_slot_substitution(master['pki_source_cs_cfg'],
diff --git a/base/deploy/src/scriptlets/subsystem_layout.py b/base/deploy/src/scriptlets/subsystem_layout.py
index 207cd022b..fde69b093 100644
--- a/base/deploy/src/scriptlets/subsystem_layout.py
+++ b/base/deploy/src/scriptlets/subsystem_layout.py
@@ -32,6 +32,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
rv = 0
def spawn(self):
+ if config.str2bool(master['pki_skip_installation']):
+ config.pki_log.info(log.SKIP_SUBSYSTEM_SPAWN_1, __name__,
+ extra=config.PKI_INDENTATION_LEVEL_1)
+ return self.rv
config.pki_log.info(log.SUBSYSTEM_SPAWN_1, __name__,
extra=config.PKI_INDENTATION_LEVEL_1)
# establish instance-based subsystem logs
diff --git a/base/deploy/src/scriptlets/webapp_deployment.py b/base/deploy/src/scriptlets/webapp_deployment.py
index cc2086fc7..507d23c32 100644
--- a/base/deploy/src/scriptlets/webapp_deployment.py
+++ b/base/deploy/src/scriptlets/webapp_deployment.py
@@ -37,6 +37,11 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
def spawn(self):
if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
+ if config.str2bool(master['pki_skip_installation']):
+ config.pki_log.info(log.SKIP_WEBAPP_DEPLOYMENT_SPAWN_1,
+ __name__,
+ extra=config.PKI_INDENTATION_LEVEL_1)
+ return self.rv
config.pki_log.info(log.WEBAPP_DEPLOYMENT_SPAWN_1, __name__,
extra=config.PKI_INDENTATION_LEVEL_1)
# deploy war file