summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEndi Sukma Dewata <edewata@redhat.com>2012-12-18 14:46:41 -0500
committerEndi Sukma Dewata <edewata@redhat.com>2012-12-18 14:46:41 -0500
commit6260aca7bf54b5406db24ff368b52363a3c9ea28 (patch)
treed2ba8cb388facb4f963cfd890914cd935389bbe0
parent6e77f338ca848ec204a666b1a39bfcbc6c05301c (diff)
downloadpki-ticket-380.zip
pki-ticket-380.tar.gz
pki-ticket-380.tar.xz
-rw-r--r--base/deploy/etc/default.cfg12
-rwxr-xr-xbase/deploy/src/pkidestroy10
-rwxr-xr-xbase/deploy/src/pkispawn58
-rw-r--r--base/deploy/src/scriptlets/infrastructure_layout.py12
-rw-r--r--base/deploy/src/scriptlets/pkiconfig.py9
-rw-r--r--base/deploy/src/scriptlets/pkihelper.py4
-rw-r--r--base/deploy/src/scriptlets/pkiparser.py138
7 files changed, 155 insertions, 88 deletions
diff --git a/base/deploy/etc/default.cfg b/base/deploy/etc/default.cfg
index abd0fb4..9c5484a 100644
--- a/base/deploy/etc/default.cfg
+++ b/base/deploy/etc/default.cfg
@@ -69,7 +69,7 @@ destroy_scriplets=
pki_admin_cert_request_type=crmf
pki_admin_dualkey=False
pki_admin_keysize=2048
-pki_admin_password=
+# pki_admin_password=
pki_audit_group=pkiaudit
pki_audit_signing_key_algorithm=SHA256withRSA
pki_audit_signing_key_size=2048
@@ -77,16 +77,16 @@ pki_audit_signing_key_type=rsa
pki_audit_signing_signing_algorithm=SHA256withRSA
pki_audit_signing_token=Internal Key Storage Token
pki_backup_keys=False
-pki_backup_password=
-pki_client_database_dir=
-pki_client_database_password=
+# pki_backup_password=
+# pki_client_database_dir=
+# pki_client_database_password=
pki_client_database_purge=True
pki_client_dir=
-pki_client_pkcs12_password=
+pki_client_pkcs12_password=%(pki_admin_password)s
pki_ds_bind_dn=cn=Directory Manager
pki_ds_ldap_port=389
pki_ds_ldaps_port=636
-pki_ds_password=
+# pki_ds_password=
pki_ds_remove_data=True
pki_ds_secure_connection=False
pki_group=pkiuser
diff --git a/base/deploy/src/pkidestroy b/base/deploy/src/pkidestroy
index 7d30d74..f9c04b7 100755
--- a/base/deploy/src/pkidestroy
+++ b/base/deploy/src/pkidestroy
@@ -95,7 +95,7 @@ def main(argv):
log.PKIDESTROY_EPILOG)
parser.mandatory.add_argument('-i',
- dest='pki_deployed_instance_name',
+ dest='pki_instance_name',
action='store',
nargs=1, required=True, metavar='<instance>',
help='FORMAT: ${pki_instance_name}')
@@ -103,13 +103,13 @@ def main(argv):
args = parser.process_command_line_arguments(argv)
# -i <instance name>
- config.pki_deployed_instance_name =\
- str(args.pki_deployed_instance_name).strip('[\']')
+ config.pki_instance_name =\
+ str(args.pki_instance_name).strip('[\']')
# verify that previously deployed instance exists
deployed_pki_instance_path = config.pki_root_prefix +\
config.PKI_DEPLOYMENT_BASE_ROOT + "/" +\
- config.pki_deployed_instance_name
+ config.pki_instance_name
if not os.path.exists(deployed_pki_instance_path):
print "ERROR: " + log.PKI_INSTANCE_DOES_NOT_EXIST_1 %\
deployed_pki_instance_path
@@ -137,7 +137,7 @@ def main(argv):
config.pki_subsystem.lower() + "/" +\
config.USER_DEPLOYMENT_CONFIGURATION
- parser.validate()
+ parser.initialize()
# Enable 'pkidestroy' logging.
config.pki_log_dir = config.pki_root_prefix +\
diff --git a/base/deploy/src/pkispawn b/base/deploy/src/pkispawn
index f64d795..5b1d871 100755
--- a/base/deploy/src/pkispawn
+++ b/base/deploy/src/pkispawn
@@ -52,6 +52,10 @@ error was:
def main(argv):
"main entry point"
+ print "Dogtag 10.0.0 Subsystem Installation"
+ print "------------------------------------"
+ print
+
config.pki_deployment_executable = os.path.basename(argv[0])
# Only run this program as "root".
@@ -96,7 +100,7 @@ def main(argv):
parser.mandatory.add_argument('-f',
dest='user_deployment_cfg', action='store',
- nargs=1, required=True, metavar='<file>',
+ nargs=1, metavar='<file>',
help='configuration filename '
'(MUST specify complete path)')
@@ -109,12 +113,32 @@ def main(argv):
config.default_deployment_cfg = config.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE
# -f <user deployment config>
- config.user_deployment_cfg = str(args.user_deployment_cfg).strip('[\']')
+ if not args.user_deployment_cfg is None:
+ config.user_deployment_cfg = str(args.user_deployment_cfg).strip('[\']')
# -u
config.pki_update_flag = args.pki_update_flag
- parser.validate()
+ if config.user_deployment_cfg is None:
+ config.pki_subsystem = 'CA'
+ value = raw_input('Subsystem type [' + config.pki_subsystem + ']: ')
+ if len(value) > 0:
+ config.pki_subsystem = value
+
+ parser.initialize()
+
+ if config.user_deployment_cfg is None:
+ parser.read_text('pki_instance_name', 'Instance name')
+ parser.read_text('pki_http_port', 'HTTP Port')
+ parser.read_text('pki_https_port', 'Secure HTTP port')
+ parser.read_text('pki_admin_uid', config.pki_subsystem + ' admin UID')
+ parser.read_password('pki_admin_password', config.pki_subsystem + ' admin password')
+ parser.read_text('pki_security_domain_name', 'Security domain name')
+ parser.read_text('pki_ds_hostname', 'Directory server hostname')
+ parser.read_text('pki_ds_ldap_port', 'Directory server port')
+ parser.read_text('pki_ds_base_dn', 'Directory server base DN')
+ parser.read_text('pki_ds_bind_dn', 'Directory server bind DN')
+ parser.read_password('pki_ds_password', 'Directory server password')
if not os.path.exists(config.PKI_DEPLOYMENT_SOURCE_ROOT +\
"/" + config.pki_subsystem.lower()):
@@ -162,18 +186,18 @@ def main(argv):
sys.exit(1)
# NEVER print out 'sensitive' name/value pairs!!!
- config.pki_log.debug(log.PKI_DICTIONARY_DEFAULT,
- extra=config.PKI_INDENTATION_LEVEL_0)
- config.pki_log.debug(pkilogging.format(config.pki_default_dict),
- extra=config.PKI_INDENTATION_LEVEL_0)
- config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER,
- extra=config.PKI_INDENTATION_LEVEL_0)
- config.pki_log.debug(pkilogging.format(config.pki_web_server_dict),
- extra=config.PKI_INDENTATION_LEVEL_0)
- config.pki_log.debug(log.PKI_DICTIONARY_SUBSYSTEM,
- extra=config.PKI_INDENTATION_LEVEL_0)
- config.pki_log.debug(pkilogging.format(config.pki_subsystem_dict),
- extra=config.PKI_INDENTATION_LEVEL_0)
+ #config.pki_log.debug(log.PKI_DICTIONARY_DEFAULT,
+ # extra=config.PKI_INDENTATION_LEVEL_0)
+ #config.pki_log.debug(pkilogging.format(config.pki_default_dict),
+ # extra=config.PKI_INDENTATION_LEVEL_0)
+ #config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER,
+ # extra=config.PKI_INDENTATION_LEVEL_0)
+ #config.pki_log.debug(pkilogging.format(config.pki_web_server_dict),
+ # extra=config.PKI_INDENTATION_LEVEL_0)
+ #config.pki_log.debug(log.PKI_DICTIONARY_SUBSYSTEM,
+ # extra=config.PKI_INDENTATION_LEVEL_0)
+ #config.pki_log.debug(pkilogging.format(config.pki_subsystem_dict),
+ # extra=config.PKI_INDENTATION_LEVEL_0)
# Read in the PKI slots configuration file.
parser.compose_pki_slots_dictionary()
@@ -184,6 +208,7 @@ def main(argv):
# Combine the various sectional dictionaries into a PKI master dictionary
parser.compose_pki_master_dictionary()
+
if not config.pki_update_flag:
config.pki_master_dict['pki_spawn_log'] = config.pki_log_dir + "/" +\
config.pki_log_name
@@ -214,6 +239,9 @@ def main(argv):
config.pki_log.debug(pkilogging.format(config.pki_master_dict),
extra=config.PKI_INDENTATION_LEVEL_0)
+ print
+ print "Installation complete."
+
# PKI Deployment Entry Point
if __name__ == "__main__":
diff --git a/base/deploy/src/scriptlets/infrastructure_layout.py b/base/deploy/src/scriptlets/infrastructure_layout.py
index 947fbcd..5d0924f 100644
--- a/base/deploy/src/scriptlets/infrastructure_layout.py
+++ b/base/deploy/src/scriptlets/infrastructure_layout.py
@@ -58,8 +58,16 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
util.directory.create(master['pki_subsystem_registry_path'])
util.file.copy(master['pki_default_deployment_cfg'],
master['pki_default_deployment_cfg_replica'])
- util.file.copy(master['pki_user_deployment_cfg'],
- master['pki_user_deployment_cfg_replica'])
+ if master['pki_user_deployment_cfg']:
+ util.file.copy(master['pki_user_deployment_cfg'],
+ master['pki_user_deployment_cfg_replica'])
+ else:
+ with open(master['pki_user_deployment_cfg_replica'], 'w') as f:
+ f.write('[' + master['pki_subsystem'] + ']\n')
+ f.write('pki_instance_name=' + master['pki_instance_name'] + '\n')
+ f.write('pki_admin_password=' + master['pki_admin_password'] + '\n')
+ f.write('pki_ds_password=' + master['pki_ds_password'] + '\n')
+
# establish top-level infrastructure, instance, and subsystem
# base directories and create the "registry" symbolic link that
# the "pkidestroy" executable relies upon
diff --git a/base/deploy/src/scriptlets/pkiconfig.py b/base/deploy/src/scriptlets/pkiconfig.py
index 7b20e47..d85c4f1 100644
--- a/base/deploy/src/scriptlets/pkiconfig.py
+++ b/base/deploy/src/scriptlets/pkiconfig.py
@@ -125,15 +125,18 @@ pki_deployment_executable = None
# PKI Deployment "Mandatory" Command-Line Variables
pki_subsystem = None
-# 'pkispawn' ONLY
default_deployment_cfg = None
user_deployment_cfg = None
-# 'pkidestroy' ONLY
-pki_deployed_instance_name = None
+pki_instance_name = None
# PKI Deployment "Optional" Command-Line Variables
# 'pkispawn' ONLY
pki_update_flag = False
+pki_http_port = None
+pki_https_port = None
+pki_admin_user_name = None
+pki_admin_password = None
+pki_security_domain_name = None
# PKI Deployment "Test" Command-Line Variables
pki_root_prefix = None
diff --git a/base/deploy/src/scriptlets/pkihelper.py b/base/deploy/src/scriptlets/pkihelper.py
index 1eb7b51..ca0227f 100644
--- a/base/deploy/src/scriptlets/pkihelper.py
+++ b/base/deploy/src/scriptlets/pkihelper.py
@@ -792,11 +792,11 @@ class configuration_file:
# Silently verify that the command-line parameters match the values
# that are present in the corresponding configuration file
if master['pki_deployment_executable'] == 'pkidestroy':
- if master['pki_deployed_instance_name'] !=\
+ if master['pki_instance_name'] !=\
master['pki_instance_id']:
config.pki_log.error(
log.PKIHELPER_COMMAND_LINE_PARAMETER_MISMATCH_2,
- master['pki_deployed_instance_name'],
+ master['pki_instance_name'],
master['pki_instance_id'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py
index 558873d..390d19a 100644
--- a/base/deploy/src/scriptlets/pkiparser.py
+++ b/base/deploy/src/scriptlets/pkiparser.py
@@ -22,6 +22,7 @@
# System Imports
import ConfigParser
import argparse
+import getpass
import logging
import os
import random
@@ -57,7 +58,7 @@ class PKIConfigParser:
self.mandatory.add_argument('-s',
dest='pki_subsystem', action='store',
nargs=1, choices=config.PKI_SUBSYSTEMS,
- required=True, metavar='<subsystem>',
+ metavar='<subsystem>',
help='where <subsystem> is '
'CA, KRA, OCSP, RA, TKS, or TPS')
# Establish 'Optional' command-line options
@@ -122,7 +123,7 @@ class PKIConfigParser:
return args
- def validate(self):
+ def initialize(self):
# Validate command-line options
if len(config.pki_root_prefix) > 0:
@@ -145,16 +146,45 @@ class PKIConfigParser:
self.arg_parser.print_help()
self.arg_parser.exit(-1);
- # verify user configuration file exists
- if not os.path.exists(config.user_deployment_cfg) or\
- not os.path.isfile(config.user_deployment_cfg):
- print "ERROR: " +\
- log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 %\
- config.user_deployment_cfg
- print
- self.arg_parser.print_help()
- self.arg_parser.exit(-1);
+ if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
+ default_instance_name = 'pki-tomcat'
+ default_http_port = '8080'
+ default_https_port = '8443'
+ else:
+ default_instance_name = 'pki-apache'
+ default_http_port = '80'
+ default_https_port = '443'
+ self.pki_config = ConfigParser.SafeConfigParser({
+ 'pki_instance_name': default_instance_name,
+ 'pki_http_port': default_http_port,
+ 'pki_https_port': default_https_port,
+ 'pki_dns_domainname': config.pki_dns_domainname,
+ 'pki_subsystem' : config.pki_subsystem,
+ 'pki_hostname': config.pki_hostname})
+
+ # Make keys case-sensitive!
+ self.pki_config.optionxform = str
+ with open(config.default_deployment_cfg) as f:
+ self.pki_config.readfp(f)
+
+ config.pki_master_dict = dict(self.pki_config.items('DEFAULT'))
+ if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
+ config.pki_master_dict.update(dict(self.pki_config.items('Tomcat')))
+ else:
+ config.pki_master_dict.update(dict(self.pki_config.items('Apache')))
+ config.pki_master_dict.update(dict(self.pki_config.items(config.pki_subsystem)))
+
+ if config.user_deployment_cfg:
+ # verify user configuration file exists
+ if not os.path.exists(config.user_deployment_cfg) or\
+ not os.path.isfile(config.user_deployment_cfg):
+ print "ERROR: " +\
+ log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 %\
+ config.user_deployment_cfg
+ print
+ parser.arg_parser.print_help()
+ parser.arg_parser.exit(-1);
# The following code is based heavily upon
# "http://www.decalage.info/en/python/configparser"
@@ -179,53 +209,46 @@ class PKIConfigParser:
f.close()
return values
+ def read_text(self, property, message):
+ default = config.pki_master_dict[property]
+ if default:
+ message = message + ' [' + default + ']'
+ value = raw_input(message + ': ')
+ if len(value) == 0:
+ value = default
+ config.pki_master_dict[property] = value
+
+ def read_password(self, property, message):
+ value = ''
+ while len(value) == 0:
+ value = getpass.getpass(prompt=message + ': ')
+ config.pki_master_dict[property] = value
def read_pki_configuration_file(self):
"Read configuration file sections into dictionaries"
rv = 0
try:
- if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
- default_instance_name = 'pki-tomcat'
- default_http_port = '8080'
- default_https_port = '8443'
- else:
- default_instance_name = 'pki-apache'
- default_http_port = '80'
- default_https_port = '443'
-
- predefined_dict = {'pki_instance_name': default_instance_name,
- 'pki_http_port': default_http_port,
- 'pki_https_port': default_https_port,
- 'pki_dns_domainname': config.pki_dns_domainname,
- 'pki_subsystem' : config.pki_subsystem,
- 'pki_hostname': config.pki_hostname}
+ print pkilogging.format(config.pki_master_dict)
- self.pki_config = ConfigParser.SafeConfigParser(predefined_dict)
+ self.pki_config = ConfigParser.SafeConfigParser(config.pki_master_dict)
# Make keys case-sensitive!
self.pki_config.optionxform = str
- self.pki_config.read([
- config.default_deployment_cfg,
- config.user_deployment_cfg])
+ with open(config.default_deployment_cfg) as f:
+ self.pki_config.readfp(f)
+
+ if config.user_deployment_cfg:
+ print 'Reading configuration file ' + config.user_deployment_cfg + '.'
+ self.pki_config.read([config.user_deployment_cfg])
+
config.pki_default_dict = dict(self.pki_config.items('DEFAULT'))
- pkilogging.sensitive_parameters = config.pki_default_dict['sensitive_parameters'].split()
- if config.pki_subsystem == "CA":
- config.pki_web_server_dict = dict(self.pki_config.items('Tomcat'))
- config.pki_subsystem_dict = dict(self.pki_config.items('CA'))
- elif config.pki_subsystem == "KRA":
- config.pki_web_server_dict = dict(self.pki_config.items('Tomcat'))
- config.pki_subsystem_dict = dict(self.pki_config.items('KRA'))
- elif config.pki_subsystem == "OCSP":
- config.pki_web_server_dict = dict(self.pki_config.items('Tomcat'))
- config.pki_subsystem_dict = dict(self.pki_config.items('OCSP'))
- elif config.pki_subsystem == "RA":
- config.pki_web_server_dict = dict(self.pki_config.items('Apache'))
- config.pki_subsystem_dict = dict(self.pki_config.items('RA'))
- elif config.pki_subsystem == "TKS":
- config.pki_web_server_dict = dict(self.pki_config.items('Tomcat'))
- config.pki_subsystem_dict = dict(self.pki_config.items('TKS'))
- elif config.pki_subsystem == "TPS":
- config.pki_web_server_dict = dict(self.pki_config.items('Apache'))
- config.pki_subsystem_dict = dict(self.pki_config.items('TPS'))
+ if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
+ if self.pki_config.has_section('Tomcat'):
+ config.pki_web_server_dict = dict(self.pki_config.items('Tomcat'))
+ else:
+ if self.pki_config.has_section('Apache'):
+ config.pki_web_server_dict = dict(self.pki_config.items('Apache'))
+ if self.pki_config.has_section(config.pki_subsystem):
+ config.pki_subsystem_dict = dict(self.pki_config.items(config.pki_subsystem))
# Insert empty record into dictionaries for "pretty print" statements
# NEVER print "sensitive" key value pairs!!!
config.pki_default_dict[0] = None
@@ -240,7 +263,6 @@ class PKIConfigParser:
def compose_pki_master_dictionary(self):
"Create a single master PKI dictionary from the sectional dictionaries"
try:
- config.pki_master_dict = dict()
# 'pkispawn'/'pkirespawn'/'pkidestroy' name/value pairs
config.pki_master_dict['pki_deployment_executable'] =\
config.pki_deployment_executable
@@ -253,8 +275,9 @@ class PKIConfigParser:
config.pki_jython_log_level
config.pki_master_dict['pki_default_deployment_cfg'] = config.default_deployment_cfg
config.pki_master_dict['pki_user_deployment_cfg'] = config.user_deployment_cfg
- config.pki_master_dict['pki_deployed_instance_name'] =\
- config.pki_deployed_instance_name
+ if config.pki_instance_name:
+ config.pki_master_dict['pki_instance_name'] =\
+ config.pki_instance_name
# Generate random 'pin's for use as security database passwords
# and add these to the "sensitive" key value pairs read in from
# the configuration file
@@ -266,11 +289,16 @@ class PKIConfigParser:
random.randint(pin_low, pin_high)
# Configuration file name/value pairs
# NEVER add "sensitive" key value pairs to the master dictionary!!!
- config.pki_master_dict.update(config.pki_default_dict)
- config.pki_master_dict.update(config.pki_web_server_dict)
- config.pki_master_dict.update(config.pki_subsystem_dict)
+ if config.pki_default_dict:
+ config.pki_master_dict.update(config.pki_default_dict)
+ if config.pki_web_server_dict:
+ config.pki_master_dict.update(config.pki_web_server_dict)
+ if config.pki_subsystem_dict:
+ config.pki_master_dict.update(config.pki_subsystem_dict)
config.pki_master_dict.update(__name__="PKI Master Dictionary")
+ pkilogging.sensitive_parameters = config.pki_master_dict['sensitive_parameters'].split()
+
# RESTEasy
config.pki_master_dict['RESTEASY_LIB'] =\
subprocess.check_output(