summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEndi S. Dewata <edewata@redhat.com>2016-04-27 17:52:58 +0200
committerEndi S. Dewata <edewata@redhat.com>2016-05-03 22:43:12 +0200
commitc1e6cfa9c50e2c0d2ef9bc0b1e680a9b6e224d02 (patch)
treeec3d88d63db5f068a4432242f7aba318ae081e6b
parentcf42fbf54a2611a3d15b14fca9476342f435cc3b (diff)
downloadpki-c1e6cfa9c50e2c0d2ef9bc0b1e680a9b6e224d02.tar.gz
pki-c1e6cfa9c50e2c0d2ef9bc0b1e680a9b6e224d02.tar.xz
pki-c1e6cfa9c50e2c0d2ef9bc0b1e680a9b6e224d02.zip
Refactored initialization scriptlets.
-rw-r--r--base/server/python/pki/server/deployment/pkihelper.py13
-rw-r--r--base/server/python/pki/server/deployment/scriptlets/configuration.py2
-rw-r--r--base/server/python/pki/server/deployment/scriptlets/initialization.py52
-rw-r--r--base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py1
-rwxr-xr-xbase/server/sbin/pkispawn2
5 files changed, 43 insertions, 27 deletions
diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py
index 2898d7fe0..ad9a88e63 100644
--- a/base/server/python/pki/server/deployment/pkihelper.py
+++ b/base/server/python/pki/server/deployment/pkihelper.py
@@ -4650,6 +4650,19 @@ class PKIDeployer:
self.tps_connector = TPSConnector(self)
self.config_client = ConfigClient(self)
+ def init(self):
+
+ # ALWAYS initialize 'uid' and 'gid'
+ self.identity.add_uid_and_gid(self.mdict['pki_user'],
+ self.mdict['pki_group'])
+
+ # ALWAYS establish 'uid' and 'gid'
+ self.identity.set_uid(self.mdict['pki_user'])
+ self.identity.set_gid(self.mdict['pki_group'])
+
+ # ALWAYS initialize HSMs (when and if present)
+ self.hsm.initialize()
+
def deploy_webapp(self, name, doc_base, descriptor):
"""
Deploy a web application into a Tomcat instance.
diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py
index a0734b150..d8cf1145a 100644
--- a/base/server/python/pki/server/deployment/scriptlets/configuration.py
+++ b/base/server/python/pki/server/deployment/scriptlets/configuration.py
@@ -46,6 +46,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
config.pki_log.info(log.CONFIGURATION_SPAWN_1, __name__,
extra=config.PKI_INDENTATION_LEVEL_1)
+ deployer.instance.verify_subsystem_exists()
+
instance = pki.server.PKIInstance(deployer.mdict['pki_instance_name'])
instance.load()
diff --git a/base/server/python/pki/server/deployment/scriptlets/initialization.py b/base/server/python/pki/server/deployment/scriptlets/initialization.py
index 0e315431f..5217ffa10 100644
--- a/base/server/python/pki/server/deployment/scriptlets/initialization.py
+++ b/base/server/python/pki/server/deployment/scriptlets/initialization.py
@@ -31,49 +31,47 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
def spawn(self, deployer):
+ if config.str2bool(deployer.mdict['pki_skip_installation']):
+ config.pki_log.info(log.SKIP_INITIALIZATION_SPAWN_1, __name__,
+ extra=config.PKI_INDENTATION_LEVEL_1)
+ return
+
# begin official logging
config.pki_log.info(log.PKISPAWN_BEGIN_MESSAGE_2,
deployer.mdict['pki_subsystem'],
deployer.mdict['pki_instance_name'],
extra=config.PKI_INDENTATION_LEVEL_0)
- # ALWAYS initialize 'uid' and 'gid'
- deployer.identity.add_uid_and_gid(deployer.mdict['pki_user'],
- deployer.mdict['pki_group'])
- # ALWAYS establish 'uid' and 'gid'
- deployer.identity.set_uid(deployer.mdict['pki_user'])
- deployer.identity.set_gid(deployer.mdict['pki_group'])
- # ALWAYS initialize HSMs (when and if present)
- deployer.hsm.initialize()
- if config.str2bool(deployer.mdict['pki_skip_installation']):
- config.pki_log.info(log.SKIP_INITIALIZATION_SPAWN_1, __name__,
- extra=config.PKI_INDENTATION_LEVEL_1)
- return
+
+ config.pki_log.info(log.INITIALIZATION_SPAWN_1, __name__,
+ extra=config.PKI_INDENTATION_LEVEL_1)
+
+ if (deployer.mdict['pki_subsystem'] == "CA" or
+ config.str2bool(deployer.mdict['pki_standalone'])) and \
+ config.str2bool(deployer.mdict['pki_external_step_two']):
+ # verify that this External CA (Step 2), or Stand-alone PKI
+ # (Step 2) currently EXISTS for this "instance"
+ deployer.mdict['pki_skip_installation'] = "True"
else:
- config.pki_log.info(log.INITIALIZATION_SPAWN_1, __name__,
- extra=config.PKI_INDENTATION_LEVEL_1)
- if (deployer.mdict['pki_subsystem'] == "CA" or
- config.str2bool(deployer.mdict['pki_standalone'])) and \
- config.str2bool(deployer.mdict['pki_external_step_two']):
- # verify that this External CA (Step 2), or Stand-alone PKI
- # (Step 2) currently EXISTS for this "instance"
- deployer.instance.verify_subsystem_exists()
- deployer.mdict['pki_skip_installation'] = "True"
- else:
- # verify that this type of "subsystem" does NOT yet
- # exist for this "instance"
- deployer.instance.verify_subsystem_does_not_exist()
- # detect and avoid any namespace collisions
- deployer.namespace.collision_detection()
+ # verify that this type of "subsystem" does NOT yet
+ # exist for this "instance"
+ deployer.instance.verify_subsystem_does_not_exist()
+ # detect and avoid any namespace collisions
+ deployer.namespace.collision_detection()
+
# verify existence of SENSITIVE configuration file data
deployer.configuration_file.verify_sensitive_data()
+
# verify existence of MUTUALLY EXCLUSIVE configuration file data
deployer.configuration_file.verify_mutually_exclusive_data()
+
# verify existence of PREDEFINED configuration file data
deployer.configuration_file.verify_predefined_configuration_file_data()
+
# verify selinux context of selected ports
deployer.configuration_file.populate_non_default_ports()
deployer.configuration_file.verify_selinux_ports()
+
# If secure DS connection is required, verify parameters
deployer.configuration_file.verify_ds_secure_connection_data()
diff --git a/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py b/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py
index 2b2246a72..612081c98 100644
--- a/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py
+++ b/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py
@@ -38,6 +38,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
config.pki_log.info(log.SUBSYSTEM_SPAWN_1, __name__,
extra=config.PKI_INDENTATION_LEVEL_1)
+
# establish instance-based subsystem logs
deployer.directory.create(deployer.mdict['pki_subsystem_log_path'])
deployer.directory.create(
diff --git a/base/server/sbin/pkispawn b/base/server/sbin/pkispawn
index f75fa43ae..7c38cf915 100755
--- a/base/server/sbin/pkispawn
+++ b/base/server/sbin/pkispawn
@@ -514,7 +514,9 @@ def main(argv):
# Process the various "scriptlets" to create the specified PKI subsystem.
pki_subsystem_scriptlets = parser.mdict['spawn_scriplets'].split()
+
deployer = util.PKIDeployer(parser.mdict, parser.slots_dict)
+ deployer.init()
try:
for scriptlet_name in pki_subsystem_scriptlets: