Fixed KRA install problem.

Currently when installing an additional subsystem to an existing instance the install tool always generates a new random password in the pki_pin property which would not work with the existing NSS database. The code has been modified to load the existing NSS database password from the instance if the instance already exists. The PKIInstance class has been modified to allow loading partially created instance to help the installation. https://fedorahosted.org/pki/ticket/2247
author: Endi S. Dewata <edewata@redhat.com> 2016-03-30 17:23:06 +0200
committer: Endi S. Dewata <edewata@redhat.com> 2016-03-30 22:37:17 +0200
commit: 061bec70264c2c7a601ffe80846ef1fa5497c15c (patch)
tree: 5816472442408259e2b3409d212bba574ea98d11
parent: 58b78bd1602e3efeb33a73f8d07a6edaaee104ba (diff)
download: pki-061bec70264c2c7a601ffe80846ef1fa5497c15c.tar.gz
pki-061bec70264c2c7a601ffe80846ef1fa5497c15c.tar.xz
pki-061bec70264c2c7a601ffe80846ef1fa5497c15c.zip
2 files changed, 44 insertions, 28 deletions
diff --git a/base/server/python/pki/server/__init__.py b/base/server/python/pki/server/__init__.py
index b046f177e..64688b3c4 100644
--- a/base/server/python/pki/server/__init__.py
+++ b/base/server/python/pki/server/__init__.py
@@ -449,42 +449,46 @@ class PKIInstance(object):
 
     def load(self):
         # load UID and GID
-        with open(self.registry_file, 'r') as registry:
-            lines = registry.readlines()
+        if os.path.exists(self.registry_file):
 
-        for line in lines:
+            with open(self.registry_file, 'r') as registry:
+                lines = registry.readlines()
 
-            m = re.search('^PKI_USER=(.*)$', line)
-            if m:
-                self.user = m.group(1)
-                self.uid = pwd.getpwnam(self.user).pw_uid
+            for line in lines:
+                m = re.search('^PKI_USER=(.*)$', line)
+                if m:
+                    self.user = m.group(1)
+                    self.uid = pwd.getpwnam(self.user).pw_uid
 
-            m = re.search('^PKI_GROUP=(.*)$', line)
-            if m:
-                self.group = m.group(1)
-                self.gid = grp.getgrnam(self.group).gr_gid
+                m = re.search('^PKI_GROUP=(.*)$', line)
+                if m:
+                    self.group = m.group(1)
+                    self.gid = grp.getgrnam(self.group).gr_gid
 
         # load passwords
         self.passwords.clear()
-        lines = open(self.password_conf).read().splitlines()
+        if os.path.exists(self.password_conf):
 
-        for line in lines:
-            parts = line.split('=', 1)
-            name = parts[0]
-            value = parts[1]
-            self.passwords[name] = value
+            lines = open(self.password_conf).read().splitlines()
+
+            for line in lines:
+                parts = line.split('=', 1)
+                name = parts[0]
+                value = parts[1]
+                self.passwords[name] = value
 
         self.load_external_certs(self.external_certs_conf)
 
         # load subsystems
-        for subsystem_name in os.listdir(self.registry_dir):
-            if subsystem_name in SUBSYSTEM_TYPES:
-                if subsystem_name in SUBSYSTEM_CLASSES:
-                    subsystem = SUBSYSTEM_CLASSES[subsystem_name](self)
-                else:
-                    subsystem = PKISubsystem(self, subsystem_name)
-                subsystem.load()
-                self.subsystems.append(subsystem)
+        if os.path.exists(self.registry_dir):
+            for subsystem_name in os.listdir(self.registry_dir):
+                if subsystem_name in SUBSYSTEM_TYPES:
+                    if subsystem_name in SUBSYSTEM_CLASSES:
+                        subsystem = SUBSYSTEM_CLASSES[subsystem_name](self)
+                    else:
+                        subsystem = PKISubsystem(self, subsystem_name)
+                    subsystem.load()
+                    self.subsystems.append(subsystem)
 
     def load_external_certs(self, conf_file):
         self.external_certs = PKIInstance.read_external_certs(conf_file)
diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py
index 273b5ac30..4d6e0185e 100644
--- a/base/server/python/pki/server/deployment/pkiparser.py
+++ b/base/server/python/pki/server/deployment/pkiparser.py
@@ -582,9 +582,21 @@ class PKIConfigParser:
             pin_low = 100000000000
             pin_high = 999999999999
 
-            # use user-provided PIN if specified
-            if 'pki_pin' not in self.mdict:
-                # otherwise generate a random password
+            instance = pki.server.PKIInstance(self.mdict['pki_instance_name'])
+            instance.load()
+
+            internal_password = self.mdict['pki_self_signed_token']
+
+            # if instance already exists and has password, reuse the password
+            if internal_password in instance.passwords:
+                self.mdict['pki_pin'] = instance.passwords.get(internal_password)
+
+            # otherwise, use user-provided password if specified
+            elif 'pki_pin' in self.mdict:
+                pass
+
+            # otherwise, generate a random password
+            else:
                 self.mdict['pki_pin'] = \
                     random.randint(pin_low, pin_high)
author	Endi S. Dewata <edewata@redhat.com>	2016-03-30 17:23:06 +0200
committer	Endi S. Dewata <edewata@redhat.com>	2016-03-30 22:37:17 +0200
commit	061bec70264c2c7a601ffe80846ef1fa5497c15c (patch)
tree	5816472442408259e2b3409d212bba574ea98d11
parent	58b78bd1602e3efeb33a73f8d07a6edaaee104ba (diff)
download	pki-061bec70264c2c7a601ffe80846ef1fa5497c15c.tar.gz pki-061bec70264c2c7a601ffe80846ef1fa5497c15c.tar.xz pki-061bec70264c2c7a601ffe80846ef1fa5497c15c.zip