summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEndi Sukma Dewata <edewata@redhat.com>2012-11-13 22:31:37 -0500
committerEndi Sukma Dewata <edewata@redhat.com>2012-11-14 12:06:49 -0500
commitd5bc2ead8c73943c0053198fb3ba9959a78b2b41 (patch)
treed4a0a56d3e99e82b149ff1a3fa67fc736993b7ae
parent7f046ceffe0d3a4f74f6202043790705133e59b6 (diff)
downloadpki-d5bc2ead8c73943c0053198fb3ba9959a78b2b41.tar.gz
pki-d5bc2ead8c73943c0053198fb3ba9959a78b2b41.tar.xz
pki-d5bc2ead8c73943c0053198fb3ba9959a78b2b41.zip
Refactored constants in pkiconfig.py.
The constants in pkiconfig.py have been moved into a new PKIConfig class. All references have been modified accordingly. Ticket #380
Diffstat
-rwxr-xr-xbase/deploy/src/pkidestroy41
-rwxr-xr-xbase/deploy/src/pkispawn47
-rw-r--r--base/deploy/src/scriptlets/configuration.jy5
-rw-r--r--base/deploy/src/scriptlets/configuration.py17
-rw-r--r--base/deploy/src/scriptlets/finalization.py17
-rw-r--r--base/deploy/src/scriptlets/infrastructure_layout.py13
-rw-r--r--base/deploy/src/scriptlets/initialization.py11
-rw-r--r--base/deploy/src/scriptlets/instance_layout.py13
-rw-r--r--base/deploy/src/scriptlets/pkiconfig.py197
-rw-r--r--base/deploy/src/scriptlets/pkihelper.py595
-rw-r--r--base/deploy/src/scriptlets/pkijython.py17
-rw-r--r--base/deploy/src/scriptlets/pkimanifest.py5
-rw-r--r--base/deploy/src/scriptlets/pkiparser.py187
-rw-r--r--base/deploy/src/scriptlets/security_databases.py17
-rw-r--r--base/deploy/src/scriptlets/selinux_setup.py53
-rw-r--r--base/deploy/src/scriptlets/slot_substitution.py11
-rw-r--r--base/deploy/src/scriptlets/subsystem_layout.py13
-rw-r--r--base/deploy/src/scriptlets/webapp_deployment.py21
18 files changed, 650 insertions, 630 deletions
diff --git a/base/deploy/src/pkidestroy b/base/deploy/src/pkidestroy
index 1597712e1..f5c6f1bf2 100755
--- a/base/deploy/src/pkidestroy
+++ b/base/deploy/src/pkidestroy
@@ -36,6 +36,7 @@ try:
import time
from time import strftime as date
from pki.deployment import pkiconfig as config
+ from pki.deployment.pkiconfig import PKIConfig
from pki.deployment.pkiparser import PKIConfigParser
from pki.deployment import pkilogging
from pki.deployment import pkimessages as log
@@ -58,7 +59,7 @@ def main(argv):
sys.exit("'%s' must be run as root!" % argv[0])
# Set the umask
- os.umask(config.PKI_DEPLOYMENT_DEFAULT_UMASK)
+ os.umask(PKIConfig.PKI_DEPLOYMENT_DEFAULT_UMASK)
# Set installation time
ticks = time.time()
@@ -97,7 +98,7 @@ def main(argv):
# Enable 'pkidestroy' logging.
config.pki_log_dir = config.pki_root_prefix +\
- config.PKI_DEPLOYMENT_LOG_ROOT
+ PKIConfig.PKI_DEPLOYMENT_LOG_ROOT
config.pki_log_name = "pki" + "-" +\
config.pki_subsystem.lower() +\
"-" + "destroy" + "." +\
@@ -117,45 +118,45 @@ def main(argv):
rv = parser.read_pki_configuration_file()
if rv != 0:
config.pki_log.error(PKI_UNABLE_TO_PARSE_1, rv,
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
sys.exit(1)
else:
# NEVER print out 'sensitive' name/value pairs!!!
config.pki_log.debug(log.PKI_DICTIONARY_COMMON,
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(pp.pformat(config.pki_common_dict),
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER,
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(pp.pformat(config.pki_web_server_dict),
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(log.PKI_DICTIONARY_SUBSYSTEM,
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(pp.pformat(config.pki_subsystem_dict),
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
# NEVER print out 'sensitive' name/value pairs!!!
config.pki_log.debug(log.PKI_DICTIONARY_COMMON,
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(pp.pformat(config.pki_common_dict),
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER,
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(pp.pformat(config.pki_web_server_dict),
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(log.PKI_DICTIONARY_SUBSYSTEM,
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(pp.pformat(config.pki_subsystem_dict),
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
# Combine the various sectional dictionaries into a PKI master dictionary
parser.compose_pki_master_dictionary()
config.pki_master_dict['pki_destroy_log'] = config.pki_log_dir + "/" +\
config.pki_log_name
config.pki_log.debug(log.PKI_DICTIONARY_MASTER,
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(pp.pformat(config.pki_master_dict),
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
# Remove the specified PKI subsystem.
pki_scriptlets_path = "/usr/share/pki/deployment/destroy" +\
@@ -164,7 +165,7 @@ def main(argv):
not os.path.isdir(pki_scriptlets_path):
config.pki_log.error(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1,
pki_scriptlets_path,
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
sys.exit(1)
pki_subsystem_scriptlets = os.listdir(pki_scriptlets_path)
pki_subsystem_scriptlets.sort()
@@ -180,9 +181,9 @@ def main(argv):
if rv != 0:
sys.exit(1)
config.pki_log.debug(log.PKI_DICTIONARY_MASTER,
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(pp.pformat(config.pki_master_dict),
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
# PKI Deployment Entry Point
diff --git a/base/deploy/src/pkispawn b/base/deploy/src/pkispawn
index fbb6b8e26..63a827fcb 100755
--- a/base/deploy/src/pkispawn
+++ b/base/deploy/src/pkispawn
@@ -36,6 +36,7 @@ try:
import time
from time import strftime as date
from pki.deployment import pkiconfig as config
+ from pki.deployment.pkiconfig import PKIConfig
from pki.deployment.pkiparser import PKIConfigParser
from pki.deployment import pkilogging
from pki.deployment import pkimessages as log
@@ -58,7 +59,7 @@ def main(argv):
sys.exit("'%s' must be run as root!" % argv[0])
# Set the umask
- os.umask(config.PKI_DEPLOYMENT_DEFAULT_UMASK)
+ os.umask(PKIConfig.PKI_DEPLOYMENT_DEFAULT_UMASK)
# Set installation time
ticks = time.time()
@@ -95,7 +96,7 @@ def main(argv):
parser = PKIConfigParser()
parser.process_command_line_arguments(argv)
- if not os.path.exists(config.PKI_DEPLOYMENT_SOURCE_ROOT +\
+ if not os.path.exists(PKIConfig.PKI_DEPLOYMENT_SOURCE_ROOT +\
"/" + config.pki_subsystem.lower()):
print "ERROR: " + log.PKI_SUBSYSTEM_NOT_INSTALLED_1 %\
config.pki_subsystem.lower()
@@ -104,7 +105,7 @@ def main(argv):
# Enable 'pkispawn' logging.
rv = 0
config.pki_log_dir = config.pki_root_prefix +\
- config.PKI_DEPLOYMENT_LOG_ROOT
+ PKIConfig.PKI_DEPLOYMENT_LOG_ROOT
config.pki_log_name = "pki" + "-" +\
config.pki_subsystem.lower() +\
"-" + "spawn" + "." +\
@@ -124,52 +125,52 @@ def main(argv):
rv = parser.read_pki_configuration_file()
if rv != 0:
config.pki_log.error(PKI_UNABLE_TO_PARSE_1, rv,
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
sys.exit(1)
else:
# NEVER print out 'sensitive' name/value pairs!!!
config.pki_log.debug(log.PKI_DICTIONARY_COMMON,
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(pp.pformat(config.pki_common_dict),
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER,
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(pp.pformat(config.pki_web_server_dict),
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(log.PKI_DICTIONARY_SUBSYSTEM,
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(pp.pformat(config.pki_subsystem_dict),
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
# NEVER print out 'sensitive' name/value pairs!!!
config.pki_log.debug(log.PKI_DICTIONARY_COMMON,
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(pp.pformat(config.pki_common_dict),
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER,
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(pp.pformat(config.pki_web_server_dict),
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(log.PKI_DICTIONARY_SUBSYSTEM,
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(pp.pformat(config.pki_subsystem_dict),
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
# Read in the PKI slots configuration file.
parser.compose_pki_slots_dictionary()
config.pki_log.debug(log.PKI_DICTIONARY_SLOTS,
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(pp.pformat(config.pki_slots_dict),
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
# Combine the various sectional dictionaries into a PKI master dictionary
parser.compose_pki_master_dictionary()
config.pki_master_dict['pki_spawn_log'] = config.pki_log_dir + "/" +\
config.pki_log_name
config.pki_log.debug(log.PKI_DICTIONARY_MASTER,
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(pp.pformat(config.pki_master_dict),
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
# Install and configure the specified PKI subsystem.
pki_scriptlets_path = "/usr/share/pki/deployment/spawn" +\
@@ -178,7 +179,7 @@ def main(argv):
not os.path.isdir(pki_scriptlets_path):
config.pki_log.error(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1,
pki_scriptlets_path,
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
sys.exit(1)
pki_subsystem_scriptlets = os.listdir(pki_scriptlets_path)
pki_subsystem_scriptlets.sort()
@@ -194,9 +195,9 @@ def main(argv):
if rv != 0:
sys.exit(1)
config.pki_log.debug(log.PKI_DICTIONARY_MASTER,
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(pp.pformat(config.pki_master_dict),
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
# PKI Deployment Entry Point
diff --git a/base/deploy/src/scriptlets/configuration.jy b/base/deploy/src/scriptlets/configuration.jy
index bf89a0170..a9c7d5037 100644
--- a/base/deploy/src/scriptlets/configuration.jy
+++ b/base/deploy/src/scriptlets/configuration.jy
@@ -9,6 +9,7 @@ import sys
# PKI Python Imports
import pkijython as jyutil
import pkiconfig as config
+from pkiconfig import PKIConfig
import pkimessages as log
@@ -55,7 +56,7 @@ def main(argv):
# in which case a single process could be executed
# end-to-end from installation through configuration).
#
- if master['pki_jython_log_level'] >= config.PKI_JYTHON_DEBUG_LOG_LEVEL:
+ if master['pki_jython_log_level'] >= PKIConfig.PKI_JYTHON_DEBUG_LOG_LEVEL:
# javasystem.out.println("Hello")
print "%s %s" %\
(log.PKI_JYTHON_INDENTATION_2, sys.path)
@@ -107,7 +108,7 @@ def main(argv):
if config.str2bool(master['pki_external']):
print "%s '%s %s' %s" %\
(log.PKI_JYTHON_INDENTATION_2,
- config.PKI_DEPLOYMENT_EXTERNAL_CA,
+ PKIConfig.PKI_DEPLOYMENT_EXTERNAL_CA,
master['pki_subsystem'],
log.PKI_JYTHON_NOT_YET_IMPLEMENTED)
return rv
diff --git a/base/deploy/src/scriptlets/configuration.py b/base/deploy/src/scriptlets/configuration.py
index c6c43d047..44d017d72 100644
--- a/base/deploy/src/scriptlets/configuration.py
+++ b/base/deploy/src/scriptlets/configuration.py
@@ -21,6 +21,7 @@
# PKI Deployment Imports
import pkiconfig as config
+from pkiconfig import PKIConfig
from pkiconfig import pki_master_dict as master
from pkiconfig import pki_sensitive_dict as sensitive
import pkihelper as util
@@ -35,16 +36,16 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
def spawn(self):
if config.str2bool(master['pki_skip_configuration']):
config.pki_log.info(log.SKIP_CONFIGURATION_SPAWN_1, __name__,
- extra=config.PKI_INDENTATION_LEVEL_1)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_1)
return self.rv
config.pki_log.info(log.CONFIGURATION_SPAWN_1, __name__,
- extra=config.PKI_INDENTATION_LEVEL_1)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_1)
# Place "slightly" less restrictive permissions on
# the top-level client directory ONLY
util.directory.create(master['pki_client_dir'],
uid=0, gid=0,
- perms=config.PKI_DEPLOYMENT_DEFAULT_CLIENT_DIR_PERMISSIONS)
+ perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_CLIENT_DIR_PERMISSIONS)
# Since 'certutil' does NOT strip the 'token=' portion of
# the 'token=password' entries, create a client password file
# which ONLY contains the 'password' for the purposes of
@@ -72,14 +73,14 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
master['pki_systemd_service_link'])
# Start/Restart this Apache/Tomcat PKI Process
- if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS:
+ if master['pki_subsystem'] in PKIConfig.PKI_APACHE_SUBSYSTEMS:
apache_instance_subsystems =\
util.instance.apache_instance_subsystems()
if apache_instance_subsystems == 1:
util.systemd.start()
elif apache_instance_subsystems > 1:
util.systemd.restart()
- elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
+ elif master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS:
# Optionally prepare to enable a java debugger
# (e. g. - 'eclipse'):
if config.str2bool(master['pki_enable_java_debugger']):
@@ -98,13 +99,13 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
def destroy(self):
config.pki_log.info(log.CONFIGURATION_DESTROY_1, __name__,
- extra=config.PKI_INDENTATION_LEVEL_1)
- if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_1)
+ if master['pki_subsystem'] in PKIConfig.PKI_APACHE_SUBSYSTEMS and\
util.instance.apache_instance_subsystems() == 1:
if util.directory.exists(master['pki_client_dir']):
util.directory.delete(master['pki_client_dir'])
util.symlink.delete(master['pki_systemd_service_link'])
- elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\
+ elif master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS and\
util.instance.tomcat_instance_subsystems() == 1:
if util.directory.exists(master['pki_client_dir']):
util.directory.delete(master['pki_client_dir'])
diff --git a/base/deploy/src/scriptlets/finalization.py b/base/deploy/src/scriptlets/finalization.py
index d871dd354..2cc3ad203 100644
--- a/base/deploy/src/scriptlets/finalization.py
+++ b/base/deploy/src/scriptlets/finalization.py
@@ -21,6 +21,7 @@
# PKI Deployment Imports
import pkiconfig as config
+from pkiconfig import PKIConfig
from pkiconfig import pki_master_dict as master
import pkihelper as util
import pkimanifest as manifest
@@ -35,17 +36,17 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
def spawn(self):
if config.str2bool(master['pki_skip_installation']):
config.pki_log.info(log.SKIP_FINALIZATION_SPAWN_1, __name__,
- extra=config.PKI_INDENTATION_LEVEL_1)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_1)
return self.rv
config.pki_log.info(log.FINALIZATION_SPAWN_1, __name__,
- extra=config.PKI_INDENTATION_LEVEL_1)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_1)
# For debugging/auditing purposes, save a timestamped copy of
# this configuration file in the subsystem archive
util.file.copy(master['pki_deployment_cfg_replica'],
master['pki_deployment_cfg_spawn_archive'])
# Save a copy of the installation manifest file
config.pki_log.info(log.PKI_MANIFEST_MESSAGE_1, master['pki_manifest'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
# for record in manifest.database:
# print tuple(record)
manifest.file.register(master['pki_manifest'])
@@ -77,7 +78,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
config.pki_log.info(log.PKISPAWN_END_MESSAGE_2,
master['pki_subsystem'],
master['pki_instance_id'],
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
util.file.modify(master['pki_spawn_log'], silent=True)
# If instance has not been configured, print the
# configuration URL to the screen
@@ -87,17 +88,17 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
def destroy(self):
config.pki_log.info(log.FINALIZATION_DESTROY_1, __name__,
- extra=config.PKI_INDENTATION_LEVEL_1)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_1)
util.file.modify(master['pki_destroy_log'], silent=True)
# Start this Apache/Tomcat PKI Process
- if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\
+ if master['pki_subsystem'] in PKIConfig.PKI_APACHE_SUBSYSTEMS and\
util.instance.apache_instance_subsystems() >= 1:
util.systemd.start()
- elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\
+ elif master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS and\
util.instance.tomcat_instance_subsystems() >= 1:
util.systemd.start()
config.pki_log.info(log.PKIDESTROY_END_MESSAGE_2,
master['pki_subsystem'],
master['pki_instance_id'],
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
return self.rv
diff --git a/base/deploy/src/scriptlets/infrastructure_layout.py b/base/deploy/src/scriptlets/infrastructure_layout.py
index 31c788bfd..9113e8131 100644
--- a/base/deploy/src/scriptlets/infrastructure_layout.py
+++ b/base/deploy/src/scriptlets/infrastructure_layout.py
@@ -21,6 +21,7 @@
# PKI Deployment Imports
import pkiconfig as config
+from pkiconfig import PKIConfig
from pkiconfig import pki_master_dict as master
import pkihelper as util
import pkimessages as log
@@ -34,10 +35,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
def spawn(self):
if config.str2bool(master['pki_skip_installation']):
config.pki_log.info(log.SKIP_ADMIN_DOMAIN_SPAWN_1, __name__,
- extra=config.PKI_INDENTATION_LEVEL_1)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_1)
return self.rv
config.pki_log.info(log.ADMIN_DOMAIN_SPAWN_1, __name__,
- extra=config.PKI_INDENTATION_LEVEL_1)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_1)
# NOTE: It was determined that since the "pkidestroy" command
# relies upon a symbolic link to a replica of the original
# "pkideployment.cfg" configuration file used by the
@@ -77,15 +78,15 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
# util.directory.create(master['pki_log_path'])
# establish top-level infrastructure configuration
if master['pki_configuration_path'] !=\
- config.PKI_DEPLOYMENT_CONFIGURATION_ROOT:
+ PKIConfig.PKI_DEPLOYMENT_CONFIGURATION_ROOT:
util.directory.create(master['pki_configuration_path'])
return self.rv
def destroy(self):
config.pki_log.info(log.ADMIN_DOMAIN_DESTROY_1, __name__,
- extra=config.PKI_INDENTATION_LEVEL_1)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_1)
# remove top-level infrastructure base
- if master['pki_subsystem'] in config.PKI_SUBSYSTEMS and\
+ if master['pki_subsystem'] in PKIConfig.PKI_SUBSYSTEMS and\
util.instance.pki_instance_subsystems() == 0:
# remove top-level infrastructure base
util.directory.delete(master['pki_path'])
@@ -95,7 +96,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
# remove top-level infrastructure configuration
if util.directory.is_empty(master['pki_configuration_path'])\
and master['pki_configuration_path'] !=\
- config.PKI_DEPLOYMENT_CONFIGURATION_ROOT:
+ PKIConfig.PKI_DEPLOYMENT_CONFIGURATION_ROOT:
util.directory.delete(master['pki_configuration_path'])
# remove top-level infrastructure registry
util.directory.delete(master['pki_registry_path'])
diff --git a/base/deploy/src/scriptlets/initialization.py b/base/deploy/src/scriptlets/initialization.py
index 2b5cc3861..dead48fff 100644
--- a/base/deploy/src/scriptlets/initialization.py
+++ b/base/deploy/src/scriptlets/initialization.py
@@ -21,6 +21,7 @@
# PKI Deployment Imports
import pkiconfig as config
+from pkiconfig import PKIConfig
from pkiconfig import pki_master_dict as master
import pkihelper as util
import pkimessages as log
@@ -36,13 +37,13 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
config.pki_log.info(log.PKISPAWN_BEGIN_MESSAGE_2,
master['pki_subsystem'],
master['pki_instance_id'],
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
if config.str2bool(master['pki_skip_installation']):
config.pki_log.info(log.SKIP_INITIALIZATION_SPAWN_1, __name__,
- extra=config.PKI_INDENTATION_LEVEL_1)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_1)
return self.rv
config.pki_log.info(log.INITIALIZATION_SPAWN_1, __name__,
- extra=config.PKI_INDENTATION_LEVEL_1)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_1)
# verify that this type of "subsystem" does NOT yet
# exist for this "instance"
util.instance.verify_subsystem_does_not_exist()
@@ -69,9 +70,9 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
config.pki_log.info(log.PKIDESTROY_BEGIN_MESSAGE_2,
master['pki_subsystem'],
master['pki_instance_id'],
- extra=config.PKI_INDENTATION_LEVEL_0)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_0)
config.pki_log.info(log.INITIALIZATION_DESTROY_1, __name__,
- extra=config.PKI_INDENTATION_LEVEL_1)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_1)
# verify that this type of "subsystem" currently EXISTS
# for this "instance"
util.instance.verify_subsystem_exists()
diff --git a/base/deploy/src/scriptlets/instance_layout.py b/base/deploy/src/scriptlets/instance_layout.py
index 67de6d01e..c320e421d 100644
--- a/base/deploy/src/scriptlets/instance_layout.py
+++ b/base/deploy/src/scriptlets/instance_layout.py
@@ -25,6 +25,7 @@ import os
# PKI Deployment Imports
import pkiconfig as config
+from pkiconfig import PKIConfig
from pkiconfig import pki_master_dict as master
import pkihelper as util
import pkimessages as log
@@ -39,16 +40,16 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
def spawn(self):
if config.str2bool(master['pki_skip_installation']):
config.pki_log.info(log.SKIP_INSTANCE_SPAWN_1, __name__,
- extra=config.PKI_INDENTATION_LEVEL_1)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_1)
return self.rv
config.pki_log.info(log.INSTANCE_SPAWN_1, __name__,
- extra=config.PKI_INDENTATION_LEVEL_1)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_1)
# establish instance logs
util.directory.create(master['pki_instance_log_path'])
# establish instance configuration
util.directory.create(master['pki_instance_configuration_path'])
# establish Apache/Tomcat specific instance
- if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
+ if master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS:
# establish Tomcat instance configuration
util.directory.copy(master['pki_source_server_path'],
master['pki_instance_configuration_path'],
@@ -146,10 +147,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
def destroy(self):
config.pki_log.info(log.INSTANCE_DESTROY_1, __name__,
- extra=config.PKI_INDENTATION_LEVEL_1)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_1)
if master['pki_subsystem'] == 'TKS':
util.symlink.delete(master['pki_symkey_jar_link'])
- if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\
+ if master['pki_subsystem'] in PKIConfig.PKI_APACHE_SUBSYSTEMS and\
util.instance.apache_instance_subsystems() == 0:
# remove Apache instance base
util.directory.delete(master['pki_instance_path'])
@@ -164,7 +165,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
if util.instance.apache_instances() == 0:
util.directory.delete(
master['pki_instance_type_registry_path'])
- elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\
+ elif master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS and\
util.instance.tomcat_instance_subsystems() == 0:
# remove Tomcat instance base
util.directory.delete(master['pki_instance_path'])
diff --git a/base/deploy/src/scriptlets/pkiconfig.py b/base/deploy/src/scriptlets/pkiconfig.py
index a86774555..c1d22bf10 100644
--- a/base/deploy/src/scriptlets/pkiconfig.py
+++ b/base/deploy/src/scriptlets/pkiconfig.py
@@ -19,93 +19,101 @@
# All rights reserved.
#
-# PKI Deployment Constants
-PKI_DEPLOYMENT_DEFAULT_CLIENT_DIR_PERMISSIONS = 00755
-PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS = 00770
-PKI_DEPLOYMENT_DEFAULT_EXE_PERMISSIONS = 00770
-PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS = 00660
-PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS = 00600
-PKI_DEPLOYMENT_DEFAULT_SGID_DIR_PERMISSIONS = 02770
-PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS = 00777
-PKI_DEPLOYMENT_DEFAULT_UMASK = 00002
-
-PKI_DEPLOYMENT_DEFAULT_COMMENT = "'Certificate System'"
-PKI_DEPLOYMENT_DEFAULT_GID = 17
-PKI_DEPLOYMENT_DEFAULT_GROUP = "pkiuser"
-PKI_DEPLOYMENT_DEFAULT_SHELL = "/sbin/nologin"
-PKI_DEPLOYMENT_DEFAULT_UID = 17
-PKI_DEPLOYMENT_DEFAULT_USER = "pkiuser"
-
-PKI_SUBSYSTEMS = ["CA","KRA","OCSP","RA","TKS","TPS"]
-PKI_SIGNED_AUDIT_SUBSYSTEMS = ["CA","KRA","OCSP","TKS","TPS"]
-PKI_APACHE_SUBSYSTEMS = ["RA","TPS"]
-PKI_TOMCAT_SUBSYSTEMS = ["CA","KRA","OCSP","TKS"]
-PKI_BASE_RESERVED_NAMES = ["alias", "bin", "ca", "common", "conf", "kra",
- "lib", "logs", "ocsp", "temp", "tks", "webapps",
- "work"]
-PKI_CONFIGURATION_RESERVED_NAMES = ["CA", "java", "nssdb", "rpm-gpg",
- "rsyslog", "tls"]
-PKI_APACHE_REGISTRY_RESERVED_NAMES = ["ra", "tps"]
-PKI_TOMCAT_REGISTRY_RESERVED_NAMES = ["ca", "kra", "ocsp", "tks"]
-
-PKI_INDENTATION_LEVEL_0 = {'indent' : ''}
-PKI_INDENTATION_LEVEL_1 = {'indent' : '... '}
-PKI_INDENTATION_LEVEL_2 = {'indent' : '....... '}
-PKI_INDENTATION_LEVEL_3 = {'indent' : '........... '}
-PKI_INDENTATION_LEVEL_4 = {'indent' : '............... '}
-
-PKI_DEPLOYMENT_INTERRUPT_BANNER = "-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+"\
- "-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-"
-PKI_DEPLOYMENT_JAR_SOURCE_ROOT = "/usr/share/java"
-PKI_DEPLOYMENT_HTTPCOMPONENTS_JAR_SOURCE_ROOT = "/usr/share/java/httpcomponents"
-PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT = "/usr/share/java/pki"
-PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT = "/usr/share/java/resteasy"
-PKI_DEPLOYMENT_SOURCE_ROOT = "/usr/share/pki"
-PKI_DEPLOYMENT_SYSTEMD_ROOT = "/lib/systemd/system"
-PKI_DEPLOYMENT_SYSTEMD_CONFIGURATION_ROOT = "/etc/systemd/system"
-PKI_DEPLOYMENT_TOMCAT_ROOT = "/usr/share/tomcat"
-PKI_DEPLOYMENT_TOMCAT_SYSTEMD = "/usr/sbin/tomcat-sysd"
-PKI_DEPLOYMENT_BASE_ROOT = "/var/lib/pki"
-# NOTE: Top-level "/etc/pki" is owned by the "filesystem" package!
-PKI_DEPLOYMENT_CONFIGURATION_ROOT = "/etc/pki"
-PKI_DEPLOYMENT_LOG_ROOT = "/var/log/pki"
-# NOTE: Well-known 'registry root', default 'instance', and default
-# 'configuration file' names MUST be created in order to potentially
-# obtain an instance-specific configuration file
-# (presuming one has not been specified during command-line parsing)
-# because command-line parsing happens prior to reading any
-# configuration files. Although the 'registry root' MUST remain fixed,
-# the default 'instance' name may be overridden by the value specified
-# in the configuration file (the value in the default configuration file
-# should always match the 'default' instance name specified below).
-PKI_DEPLOYMENT_REGISTRY_ROOT = "/etc/sysconfig/pki"
-PKI_DEPLOYMENT_DEFAULT_ADMIN_DOMAIN_NAME = None
-PKI_DEPLOYMENT_DEFAULT_APACHE_SERVICE_NAME = "apache"
-PKI_DEPLOYMENT_DEFAULT_TOMCAT_SERVICE_NAME = "tomcat"
-PKI_DEPLOYMENT_DEFAULT_APACHE_INSTANCE_NAME = "pki-apache"
-PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME = "pki-tomcat"
-PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE = "pkideployment.cfg"
-PKI_DEPLOYMENT_SLOTS_CONFIGURATION_FILE =\
- "/usr/share/pki/deployment/config/pkislots.cfg"
-
-# subtypes of PKI subsystems
-PKI_DEPLOYMENT_CLONED_PKI_SUBSYSTEM = "Cloned"
-PKI_DEPLOYMENT_EXTERNAL_CA = "External"
-PKI_DEPLOYMENT_SUBORDINATE_CA = "Subordinate"
-
-# default ports (for defined selinux policy)
-PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTP_PORT = 8080
-PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTPS_PORT = 8443
-PKI_DEPLOYMENT_DEFAULT_TOMCAT_SERVER_PORT = 8005
-PKI_DEPLOYMENT_DEFAULT_TOMCAT_AJP_PORT = 8009
-
-# PKI Deployment Jython 2.2 Constants
-PKI_JYTHON_CRITICAL_LOG_LEVEL = 1
-PKI_JYTHON_ERROR_LOG_LEVEL = 2
-PKI_JYTHON_WARNING_LOG_LEVEL = 3
-PKI_JYTHON_INFO_LOG_LEVEL = 4
-PKI_JYTHON_DEBUG_LOG_LEVEL = 5
-
+class PKIConfig:
+
+ # PKI Deployment Constants
+ PKI_DEPLOYMENT_DEFAULT_CLIENT_DIR_PERMISSIONS = 00755
+ PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS = 00770
+ PKI_DEPLOYMENT_DEFAULT_EXE_PERMISSIONS = 00770
+ PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS = 00660
+ PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS = 00600
+ PKI_DEPLOYMENT_DEFAULT_SGID_DIR_PERMISSIONS = 02770
+ PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS = 00777
+ PKI_DEPLOYMENT_DEFAULT_UMASK = 00002
+
+ PKI_DEPLOYMENT_DEFAULT_COMMENT = "'Certificate System'"
+ PKI_DEPLOYMENT_DEFAULT_GID = 17
+ PKI_DEPLOYMENT_DEFAULT_GROUP = "pkiuser"
+ PKI_DEPLOYMENT_DEFAULT_SHELL = "/sbin/nologin"
+ PKI_DEPLOYMENT_DEFAULT_UID = 17
+ PKI_DEPLOYMENT_DEFAULT_USER = "pkiuser"
+
+ PKI_SUBSYSTEMS = ["CA","KRA","OCSP","RA","TKS","TPS"]
+ PKI_SIGNED_AUDIT_SUBSYSTEMS = ["CA","KRA","OCSP","TKS","TPS"]
+ PKI_APACHE_SUBSYSTEMS = ["RA","TPS"]
+ PKI_TOMCAT_SUBSYSTEMS = ["CA","KRA","OCSP","TKS"]
+ PKI_BASE_RESERVED_NAMES = ["alias", "bin", "ca", "common", "conf", "kra",
+ "lib", "logs", "ocsp", "temp", "tks", "webapps",
+ "work"]
+ PKI_CONFIGURATION_RESERVED_NAMES = ["CA", "java", "nssdb", "rpm-gpg",
+ "rsyslog", "tls"]
+ PKI_APACHE_REGISTRY_RESERVED_NAMES = ["ra", "tps"]
+ PKI_TOMCAT_REGISTRY_RESERVED_NAMES = ["ca", "kra", "ocsp", "tks"]
+
+ PKI_INDENTATION_LEVEL_0 = {'indent' : ''}
+ PKI_INDENTATION_LEVEL_1 = {'indent' : '... '}
+ PKI_INDENTATION_LEVEL_2 = {'indent' : '....... '}
+ PKI_INDENTATION_LEVEL_3 = {'indent' : '........... '}
+ PKI_INDENTATION_LEVEL_4 = {'indent' : '............... '}
+
+ PKI_DEPLOYMENT_INTERRUPT_BANNER = "-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+"\
+ "-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-"
+ PKI_DEPLOYMENT_JAR_SOURCE_ROOT = "/usr/share/java"
+ PKI_DEPLOYMENT_HTTPCOMPONENTS_JAR_SOURCE_ROOT = "/usr/share/java/httpcomponents"
+ PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT = "/usr/share/java/pki"
+ PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT = "/usr/share/java/resteasy"
+ PKI_DEPLOYMENT_SOURCE_ROOT = "/usr/share/pki"
+ PKI_DEPLOYMENT_SYSTEMD_ROOT = "/lib/systemd/system"
+ PKI_DEPLOYMENT_SYSTEMD_CONFIGURATION_ROOT = "/etc/systemd/system"
+ PKI_DEPLOYMENT_TOMCAT_ROOT = "/usr/share/tomcat"
+ PKI_DEPLOYMENT_TOMCAT_SYSTEMD = "/usr/sbin/tomcat-sysd"
+ PKI_DEPLOYMENT_BASE_ROOT = "/var/lib/pki"
+ # NOTE: Top-level "/etc/pki" is owned by the "filesystem" package!
+ PKI_DEPLOYMENT_CONFIGURATION_ROOT = "/etc/pki"
+ PKI_DEPLOYMENT_LOG_ROOT = "/var/log/pki"
+ # NOTE: Well-known 'registry root', default 'instance', and default
+ # 'configuration file' names MUST be created in order to potentially
+ # obtain an instance-specific configuration file
+ # (presuming one has not been specified during command-line parsing)
+ # because command-line parsing happens prior to reading any
+ # configuration files. Although the 'registry root' MUST remain fixed,
+ # the default 'instance' name may be overridden by the value specified
+ # in the configuration file (the value in the default configuration file
+ # should always match the 'default' instance name specified below).
+ PKI_DEPLOYMENT_REGISTRY_ROOT = "/etc/sysconfig/pki"
+ PKI_DEPLOYMENT_DEFAULT_ADMIN_DOMAIN_NAME = None
+ PKI_DEPLOYMENT_DEFAULT_APACHE_SERVICE_NAME = "apache"
+ PKI_DEPLOYMENT_DEFAULT_TOMCAT_SERVICE_NAME = "tomcat"
+ PKI_DEPLOYMENT_DEFAULT_APACHE_INSTANCE_NAME = "pki-apache"
+ PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME = "pki-tomcat"
+ PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE = "pkideployment.cfg"
+ PKI_DEPLOYMENT_SLOTS_CONFIGURATION_FILE =\
+ "/usr/share/pki/deployment/config/pkislots.cfg"
+
+ # subtypes of PKI subsystems
+ PKI_DEPLOYMENT_CLONED_PKI_SUBSYSTEM = "Cloned"
+ PKI_DEPLOYMENT_EXTERNAL_CA = "External"
+ PKI_DEPLOYMENT_SUBORDINATE_CA = "Subordinate"
+
+ # default ports (for defined selinux policy)
+ PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTP_PORT = 8080
+ PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTPS_PORT = 8443
+ PKI_DEPLOYMENT_DEFAULT_TOMCAT_SERVER_PORT = 8005
+ PKI_DEPLOYMENT_DEFAULT_TOMCAT_AJP_PORT = 8009
+
+ # PKI Deployment Jython 2.2 Constants
+ PKI_JYTHON_CRITICAL_LOG_LEVEL = 1
+ PKI_JYTHON_ERROR_LOG_LEVEL = 2
+ PKI_JYTHON_WARNING_LOG_LEVEL = 3
+ PKI_JYTHON_INFO_LOG_LEVEL = 4
+ PKI_JYTHON_DEBUG_LOG_LEVEL = 5
+
+ # PKI Selinux Constants
+ PKI_INSTANCE_SELINUX_CONTEXT = "pki_tomcat_var_lib_t"
+ PKI_LOG_SELINUX_CONTEXT = "pki_tomcat_log_t"
+ PKI_CFG_SELINUX_CONTEXT = "pki_tomcat_etc_rw_t"
+ PKI_CERTDB_SELINUX_CONTEXT = "pki_tomcat_cert_t"
+ PKI_PORT_SELINUX_CONTEXT = "http_port_t"
# PKI Deployment Global Variables
pki_install_time = None
@@ -139,7 +147,7 @@ def str2bool(string):
# 'pkideployment.cfg' configuration file.
def prepare_for_an_external_java_debugger(instance):
print
- print PKI_DEPLOYMENT_INTERRUPT_BANNER
+ print PKIConfig.PKI_DEPLOYMENT_INTERRUPT_BANNER
print
print "The following 'JAVA_OPTS' MUST be enabled (uncommented) in"
print "'%s':" % instance
@@ -150,13 +158,13 @@ def prepare_for_an_external_java_debugger(instance):
raw_input("Enable external java debugger 'JAVA_OPTS' "\
"and press return to continue . . . ")
print
- print PKI_DEPLOYMENT_INTERRUPT_BANNER
+ print PKIConfig.PKI_DEPLOYMENT_INTERRUPT_BANNER
print
return
def wait_to_attach_an_external_java_debugger():
print
- print PKI_DEPLOYMENT_INTERRUPT_BANNER
+ print PKIConfig.PKI_DEPLOYMENT_INTERRUPT_BANNER
print
print "Attach the java debugger to this process on the port specified by"
print "the 'address' selected by 'JAVA_OPTS' (e. g. - port 8000) and"
@@ -165,7 +173,7 @@ def wait_to_attach_an_external_java_debugger():
raw_input("Please attach an external java debugger "\
"and press return to continue . . . ")
print
- print PKI_DEPLOYMENT_INTERRUPT_BANNER
+ print PKIConfig.PKI_DEPLOYMENT_INTERRUPT_BANNER
print
return
@@ -188,10 +196,5 @@ pki_master_dict = None
pki_slots_dict = None
pki_master_jython_dict = None
-# PKI Selinux Constants and parameters
-PKI_INSTANCE_SELINUX_CONTEXT = "pki_tomcat_var_lib_t"
-PKI_LOG_SELINUX_CONTEXT = "pki_tomcat_log_t"
-PKI_CFG_SELINUX_CONTEXT = "pki_tomcat_etc_rw_t"
-PKI_CERTDB_SELINUX_CONTEXT = "pki_tomcat_cert_t"
-PKI_PORT_SELINUX_CONTEXT = "http_port_t"
+# PKI Selinux parameters
pki_selinux_config_ports = []
diff --git a/base/deploy/src/scriptlets/pkihelper.py b/base/deploy/src/scriptlets/pkihelper.py
index b16fbf620..59f69ba8f 100644
--- a/base/deploy/src/scriptlets/pkihelper.py
+++ b/base/deploy/src/scriptlets/pkihelper.py
@@ -41,6 +41,7 @@ import seobject
# PKI Deployment Imports
import pkiconfig as config
+from pkiconfig import PKIConfig
from pkiconfig import pki_master_dict as master
from pkiconfig import pki_sensitive_dict as sensitive
from pkiconfig import pki_slots_dict as slots
@@ -131,18 +132,18 @@ class identity:
pki_gid = getgrnam(pki_group)[2]
# Yes, group 'pki_group' exists!
config.pki_log.info(log.PKIHELPER_GROUP_ADD_2, pki_group, pki_gid,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
except KeyError as exc:
# No, group 'pki_group' does not exist!
config.pki_log.debug(log.PKIHELPER_GROUP_ADD_KEYERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
try:
# Is the default well-known GID already defined?
- group = getgrgid(config.PKI_DEPLOYMENT_DEFAULT_GID)[0]
+ group = getgrgid(PKIConfig.PKI_DEPLOYMENT_DEFAULT_GID)[0]
# Yes, the default well-known GID exists!
config.pki_log.info(log.PKIHELPER_GROUP_ADD_DEFAULT_2,
- group, config.PKI_DEPLOYMENT_DEFAULT_GID,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ group, PKIConfig.PKI_DEPLOYMENT_DEFAULT_GID,
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
# Attempt to create 'pki_group' using a random GID.
command = "/usr/sbin/groupadd" + " " +\
pki_group + " " +\
@@ -150,14 +151,14 @@ class identity:
except KeyError as exc:
# No, the default well-known GID does not exist!
config.pki_log.debug(log.PKIHELPER_GROUP_ADD_GID_KEYERROR_1,
- exc, extra=config.PKI_INDENTATION_LEVEL_2)
+ exc, extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
# Is the specified 'pki_group' the default well-known group?
- if pki_group == config.PKI_DEPLOYMENT_DEFAULT_GROUP:
+ if pki_group == PKIConfig.PKI_DEPLOYMENT_DEFAULT_GROUP:
# Yes, attempt to create the default well-known group
# using the default well-known GID.
command = "/usr/sbin/groupadd" + " " +\
"-g" + " " +\
- str(config.PKI_DEPLOYMENT_DEFAULT_GID) + " " +\
+ str(PKIConfig.PKI_DEPLOYMENT_DEFAULT_GID) + " " +\
"-r" + " " +\
pki_group + " " +\
"> /dev/null 2>&1"
@@ -170,7 +171,7 @@ class identity:
subprocess.call(command, shell=True)
except subprocess.CalledProcessError as exc:
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
return
@@ -181,50 +182,50 @@ class identity:
pki_uid = getpwnam(pki_user)[2]
# Yes, user 'pki_user' exists!
config.pki_log.info(log.PKIHELPER_USER_ADD_2, pki_user, pki_uid,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
# NOTE: For now, never check validity of specified 'pki_group'!
except KeyError as exc:
# No, user 'pki_user' does not exist!
config.pki_log.debug(log.PKIHELPER_USER_ADD_KEYERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
try:
# Is the default well-known UID already defined?
- user = getpwuid(config.PKI_DEPLOYMENT_DEFAULT_UID)[0]
+ user = getpwuid(PKIConfig.PKI_DEPLOYMENT_DEFAULT_UID)[0]
# Yes, the default well-known UID exists!
config.pki_log.info(log.PKIHELPER_USER_ADD_DEFAULT_2,
- user, config.PKI_DEPLOYMENT_DEFAULT_UID,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ user, PKIConfig.PKI_DEPLOYMENT_DEFAULT_UID,
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
# Attempt to create 'pki_user' using a random UID.
command = "/usr/sbin/useradd" + " " +\
"-g" + " " +\
pki_group + " " +\
"-d" + " " +\
- config.PKI_DEPLOYMENT_SOURCE_ROOT + " " +\
+ PKIConfig.PKI_DEPLOYMENT_SOURCE_ROOT + " " +\
"-s" + " " +\
- config.PKI_DEPLOYMENT_DEFAULT_SHELL + " " +\
+ PKIConfig.PKI_DEPLOYMENT_DEFAULT_SHELL + " " +\
"-c" + " " +\
- config.PKI_DEPLOYMENT_DEFAULT_COMMENT + " " +\
+ PKIConfig.PKI_DEPLOYMENT_DEFAULT_COMMENT + " " +\
pki_user + " " +\
"> /dev/null 2>&1"
except KeyError as exc:
# No, the default well-known UID does not exist!
config.pki_log.debug(log.PKIHELPER_USER_ADD_UID_KEYERROR_1,
- exc, extra=config.PKI_INDENTATION_LEVEL_2)
+ exc, extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
# Is the specified 'pki_user' the default well-known user?
- if pki_user == config.PKI_DEPLOYMENT_DEFAULT_USER:
+ if pki_user == PKIConfig.PKI_DEPLOYMENT_DEFAULT_USER:
# Yes, attempt to create the default well-known user
# using the default well-known UID.
command = "/usr/sbin/useradd" + " " +\
"-g" + " " +\
pki_group + " " +\
"-d" + " " +\
- config.PKI_DEPLOYMENT_SOURCE_ROOT + " " +\
+ PKIConfig.PKI_DEPLOYMENT_SOURCE_ROOT + " " +\
"-s" + " " +\
- config.PKI_DEPLOYMENT_DEFAULT_SHELL + " " +\
+ PKIConfig.PKI_DEPLOYMENT_DEFAULT_SHELL + " " +\
"-c" + " " +\
- config.PKI_DEPLOYMENT_DEFAULT_COMMENT + " " +\
+ PKIConfig.PKI_DEPLOYMENT_DEFAULT_COMMENT + " " +\
"-u" + " " +\
- str(config.PKI_DEPLOYMENT_DEFAULT_UID) + " " +\
+ str(PKIConfig.PKI_DEPLOYMENT_DEFAULT_UID) + " " +\
"-r" + " " +\
pki_user + " " +\
"> /dev/null 2>&1"
@@ -234,18 +235,18 @@ class identity:
"-g" + " " +\
pki_group + " " +\
"-d" + " " +\
- config.PKI_DEPLOYMENT_SOURCE_ROOT + " " +\
+ PKIConfig.PKI_DEPLOYMENT_SOURCE_ROOT + " " +\
"-s" + " " +\
- config.PKI_DEPLOYMENT_DEFAULT_SHELL + " " +\
+ PKIConfig.PKI_DEPLOYMENT_DEFAULT_SHELL + " " +\
"-c" + " " +\
- config.PKI_DEPLOYMENT_DEFAULT_COMMENT + " " +\
+ PKIConfig.PKI_DEPLOYMENT_DEFAULT_COMMENT + " " +\
pki_user + " " +\
"> /dev/null 2>&1"
# Execute this "useradd" command.
subprocess.call(command, shell=True)
except subprocess.CalledProcessError as exc:
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
return
@@ -259,7 +260,7 @@ class identity:
pki_uid = master['pki_uid']
except KeyError as exc:
config.pki_log.error(log.PKI_KEYERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
return pki_uid
@@ -269,7 +270,7 @@ class identity:
pki_gid = master['pki_gid']
except KeyError as exc:
config.pki_log.error(log.PKI_KEYERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
return pki_gid
@@ -277,15 +278,15 @@ class identity:
def set_uid(self, name, critical_failure=True):
try:
config.pki_log.debug(log.PKIHELPER_USER_1, name,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
# id -u <name>
pki_uid = getpwnam(name)[2]
master['pki_uid']=pki_uid
config.pki_log.debug(log.PKIHELPER_UID_2, name, pki_uid,
- extra=config.PKI_INDENTATION_LEVEL_3)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_3)
except KeyError as exc:
config.pki_log.error(log.PKI_KEYERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
return pki_uid
@@ -293,15 +294,15 @@ class identity:
def set_gid(self, name, critical_failure=True):
try:
config.pki_log.debug(log.PKIHELPER_GROUP_1, name,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
# id -g <name>
pki_gid = getgrnam(name)[2]
master['pki_gid']=pki_gid
config.pki_log.debug(log.PKIHELPER_GID_2, name, pki_gid,
- extra=config.PKI_INDENTATION_LEVEL_3)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_3)
except KeyError as exc:
config.pki_log.error(log.PKI_KEYERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
return pki_gid
@@ -320,7 +321,7 @@ class namespace:
log.PKIHELPER_NAMESPACE_COLLISION_2,
master['pki_instance_id'],
master['pki_instance_path'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
else:
if os.path.exists(master['pki_target_tomcat_conf_instance_id']):
@@ -329,7 +330,7 @@ class namespace:
log.PKIHELPER_NAMESPACE_COLLISION_2,
master['pki_instance_id'],
master['pki_target_tomcat_conf_instance_id'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if os.path.exists(master['pki_cgroup_systemd_service']):
# Systemd cgroup path collision
@@ -337,7 +338,7 @@ class namespace:
log.PKIHELPER_NAMESPACE_COLLISION_2,
master['pki_instance_id'],
master['pki_cgroup_systemd_service_path'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if os.path.exists(master['pki_cgroup_cpu_systemd_service']):
# Systemd cgroup CPU path collision
@@ -345,7 +346,7 @@ class namespace:
log.PKIHELPER_NAMESPACE_COLLISION_2,
master['pki_instance_id'],
master['pki_cgroup_cpu_systemd_service_path'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if os.path.exists(master['pki_instance_log_path']) and\
os.path.exists(master['pki_subsystem_log_path']):
@@ -354,7 +355,7 @@ class namespace:
log.PKIHELPER_NAMESPACE_COLLISION_2,
master['pki_instance_id'],
master['pki_instance_log_path'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if os.path.exists(master['pki_instance_configuration_path']) and\
os.path.exists(master['pki_subsystem_configuration_path']):
@@ -363,7 +364,7 @@ class namespace:
log.PKIHELPER_NAMESPACE_COLLISION_2,
master['pki_instance_id'],
master['pki_instance_configuration_path'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if os.path.exists(master['pki_instance_registry_path']) and\
os.path.exists(master['pki_subsystem_registry_path']):
@@ -372,45 +373,45 @@ class namespace:
log.PKIHELPER_NAMESPACE_COLLISION_2,
master['pki_instance_id'],
master['pki_instance_registry_path'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# Run simple checks for reserved name namespace collisions
- if master['pki_instance_id'] in config.PKI_BASE_RESERVED_NAMES:
+ if master['pki_instance_id'] in PKIConfig.PKI_BASE_RESERVED_NAMES:
# Top-Level PKI base path reserved name collision
config.pki_log.error(
log.PKIHELPER_NAMESPACE_RESERVED_NAME_2,
master['pki_instance_id'],
master['pki_instance_path'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# No need to check for reserved name under Top-Level PKI log path
- if master['pki_instance_id'] in config.PKI_CONFIGURATION_RESERVED_NAMES:
+ if master['pki_instance_id'] in PKIConfig.PKI_CONFIGURATION_RESERVED_NAMES:
# Top-Level PKI configuration path reserved name collision
config.pki_log.error(
log.PKIHELPER_NAMESPACE_RESERVED_NAME_2,
master['pki_instance_id'],
master['pki_instance_configuration_path'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
- if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS:
+ if master['pki_subsystem'] in PKIConfig.PKI_APACHE_SUBSYSTEMS:
# Top-Level Apache PKI registry path reserved name collision
if master['pki_instance_id'] in\
- config.PKI_APACHE_REGISTRY_RESERVED_NAMES:
+ PKIConfig.PKI_APACHE_REGISTRY_RESERVED_NAMES:
config.pki_log.error(
log.PKIHELPER_NAMESPACE_RESERVED_NAME_2,
master['pki_instance_id'],
master['pki_instance_registry_path'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
- elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
+ elif master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS:
# Top-Level Tomcat PKI registry path reserved name collision
if master['pki_instance_id'] in\
- config.PKI_TOMCAT_REGISTRY_RESERVED_NAMES:
+ PKIConfig.PKI_TOMCAT_REGISTRY_RESERVED_NAMES:
config.pki_log.error(
log.PKIHELPER_NAMESPACE_RESERVED_NAME_2,
master['pki_instance_id'],
master['pki_instance_registry_path'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
@@ -421,10 +422,10 @@ class configuration_file:
# parameter that may be stored in a log file.
config.pki_log.info(log.PKI_CONFIGURATION_WIZARD_URL_1,
sensitive['pki_configuration_url'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
config.pki_log.info(log.PKI_CONFIGURATION_WIZARD_RESTART_1,
master['pki_registry_initscript_command'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
def display_configuration_url(self):
# NOTE: This is the one and only parameter containing a sensitive
@@ -437,7 +438,7 @@ class configuration_file:
def verify_sensitive_data(self):
# Silently verify the existence of 'sensitive' data
- if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
+ if master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS:
# Verify existence of Directory Server Password (ALWAYS)
if not sensitive.has_key('pki_ds_password') or\
not len(sensitive['pki_ds_password']):
@@ -445,7 +446,7 @@ class configuration_file:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_ds_password",
master['pki_deployment_cfg'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# Verify existence of Admin Password (except for Clones)
if not config.str2bool(master['pki_clone']):
@@ -455,7 +456,7 @@ class configuration_file:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_admin_password",
master['pki_deployment_cfg'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# If required, verify existence of Backup Password
if config.str2bool(master['pki_backup_keys']):
@@ -465,7 +466,7 @@ class configuration_file:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_backup_password",
master['pki_deployment_cfg'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# Verify existence of Client Pin for NSS client security databases
if not sensitive.has_key('pki_client_database_password') or\
@@ -474,7 +475,7 @@ class configuration_file:
log.PKIHELPER_UNDEFINED_CLIENT_DATABASE_PASSWORD_2,
"pki_client_database_password",
master['pki_deployment_cfg'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# Verify existence of Client PKCS #12 Password for Admin Cert
if not sensitive.has_key('pki_client_pkcs12_password') or\
@@ -483,7 +484,7 @@ class configuration_file:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_client_pkcs12_password",
master['pki_deployment_cfg'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# Verify existence of PKCS #12 Password (ONLY for Clones)
if config.str2bool(master['pki_clone']):
@@ -493,7 +494,7 @@ class configuration_file:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_clone_pkcs12_password",
master['pki_deployment_cfg'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# Verify existence of Security Domain Password File
# (ONLY for Clones, KRA, OCSP, TKS, or Subordinate CA)
@@ -506,7 +507,7 @@ class configuration_file:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_security_domain_password",
master['pki_deployment_cfg'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# If required, verify existence of Token Password
if not master['pki_token_name'] == "internal":
@@ -516,13 +517,13 @@ class configuration_file:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_token_password",
master['pki_deployment_cfg'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
return
def verify_mutually_exclusive_data(self):
# Silently verify the existence of 'mutually exclusive' data
- if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
+ if master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS:
if master['pki_subsystem'] == "CA":
if config.str2bool(master['pki_clone']) and\
config.str2bool(master['pki_external']) and\
@@ -530,28 +531,28 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_SUB_CA,
master['pki_deployment_cfg'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
elif config.str2bool(master['pki_clone']) and\
config.str2bool(master['pki_external']):
config.pki_log.error(
log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_CA,
master['pki_deployment_cfg'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
elif config.str2bool(master['pki_clone']) and\
config.str2bool(master['pki_subordinate']):
config.pki_log.error(
log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_SUB_CA,
master['pki_deployment_cfg'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
elif config.str2bool(master['pki_external']) and\
config.str2bool(master['pki_subordinate']):
config.pki_log.error(
log.PKIHELPER_MUTUALLY_EXCLUSIVE_EXTERNAL_SUB_CA,
master['pki_deployment_cfg'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
def verify_predefined_configuration_file_data(self):
@@ -565,7 +566,7 @@ class configuration_file:
# etc.), and "correctness" (e. g. - file, directory, boolean
# 'True' or 'False', etc.) of ALL required "value" parameters.
#
- if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
+ if master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS:
if config.str2bool(master['pki_clone']):
# Verify existence of clone parameters
if not master.has_key('pki_ds_base_dn') or\
@@ -574,7 +575,7 @@ class configuration_file:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_ds_base_dn",
master['pki_deployment_cfg'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if not master.has_key('pki_ds_ldap_port') or\
not len(master['pki_ds_ldap_port']):
@@ -585,7 +586,7 @@ class configuration_file:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_ds_ldap_port",
master['pki_deployment_cfg'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if not master.has_key('pki_ds_ldaps_port') or\
not len(master['pki_ds_ldaps_port']):
@@ -596,7 +597,7 @@ class configuration_file:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_ds_ldaps_port",
master['pki_deployment_cfg'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# NOTE: Although this will be checked prior to getting to
# this method, this clone's 'pki_instance_name' MUST
@@ -612,7 +613,7 @@ class configuration_file:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_ajp_port",
master['pki_deployment_cfg'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if not master.has_key('pki_http_port') or\
not len(master['pki_http_port']):
@@ -623,7 +624,7 @@ class configuration_file:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_http_port",
master['pki_deployment_cfg'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if not master.has_key('pki_https_port') or\
not len(master['pki_https_port']):
@@ -634,7 +635,7 @@ class configuration_file:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_https_port",
master['pki_deployment_cfg'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if not master.has_key('pki_tomcat_server_port') or\
not len(master['pki_tomcat_server_port']):
@@ -645,7 +646,7 @@ class configuration_file:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_tomcat_server_port",
master['pki_deployment_cfg'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if not master.has_key('pki_clone_pkcs12_path') or\
not len(master['pki_clone_pkcs12_path']):
@@ -653,13 +654,13 @@ class configuration_file:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_clone_pkcs12_path",
master['pki_deployment_cfg'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
elif not os.path.isfile(master['pki_clone_pkcs12_path']):
config.pki_log.error(
log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1,
master['pki_clone_pkcs12_path'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if not master.has_key('pki_clone_replication_security') or\
not len(master['pki_clone_replication_security']):
@@ -667,7 +668,7 @@ class configuration_file:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_clone_replication_security",
master['pki_deployment_cfg'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if not master.has_key('pki_clone_uri') or\
not len(master['pki_clone_uri']):
@@ -675,7 +676,7 @@ class configuration_file:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_clone_uri",
master['pki_deployment_cfg'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
elif master['pki_subsystem'] == "CA" and\
config.str2bool(master['pki_external']):
@@ -685,7 +686,7 @@ class configuration_file:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_external_step_two",
master['pki_deployment_cfg'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if not config.str2bool(master['pki_step_two']):
if not master.has_key('pki_external_csr_path') or\
@@ -694,13 +695,13 @@ class configuration_file:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_external_csr_path",
master['pki_deployment_cfg'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
elif not os.path.isfile(master['pki_external_csr_path']):
config.pki_log.error(
log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1,
master['pki_external_csr_path'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
else:
if not master.has_key('pki_external_ca_cert_chain_path') or\
@@ -709,14 +710,14 @@ class configuration_file:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_external_ca_cert_chain_path",
master['pki_deployment_cfg'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
elif not os.path.isfile(
master['pki_external_ca_cert_chain_path']):
config.pki_log.error(
log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1,
master['pki_external_ca_cert_chain_path'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if not master.has_key('pki_external_ca_cert_path') or\
not len(master['pki_external_ca_cert_path']):
@@ -724,29 +725,29 @@ class configuration_file:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_external_ca_cert_path",
master['pki_deployment_cfg'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
elif not os.path.isfile(
master['pki_external_ca_cert_path']):
config.pki_log.error(
log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1,
master['pki_external_ca_cert_path'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
return
def populate_non_default_ports(self):
if master['pki_http_port'] != \
- str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTP_PORT):
+ str(PKIConfig.PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTP_PORT):
ports.append(master['pki_http_port'])
if master['pki_https_port'] != \
- str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTPS_PORT):
+ str(PKIConfig.PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTPS_PORT):
ports.append(master['pki_https_port'])
if master['pki_tomcat_server_port'] != \
- str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_SERVER_PORT):
+ str(PKIConfig.PKI_DEPLOYMENT_DEFAULT_TOMCAT_SERVER_PORT):
ports.append(master['pki_tomcat_server_port'])
if master['pki_ajp_port'] != \
- str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_AJP_PORT):
+ str(PKIConfig.PKI_DEPLOYMENT_DEFAULT_TOMCAT_AJP_PORT):
ports.append(master['pki_ajp_port'])
return
@@ -772,7 +773,7 @@ class configuration_file:
# port has no current context
# leave it in list of ports to set
continue
- elif context == config.PKI_PORT_SELINUX_CONTEXT:
+ elif context == PKIConfig.PKI_PORT_SELINUX_CONTEXT:
# port is already set correctly
# remove from list of ports to set
ports.remove(port)
@@ -780,7 +781,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_INVALID_SELINUX_CONTEXT_FOR_PORT,
port, context,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
return
@@ -794,7 +795,7 @@ class configuration_file:
log.PKIHELPER_COMMAND_LINE_PARAMETER_MISMATCH_2,
master['pki_deployed_instance_name'],
master['pki_instance_id'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
return
@@ -807,7 +808,7 @@ class configuration_file:
# web_xml_target):
# config.pki_log.info(log.PKIHELPER_REMOVE_FILTER_SECTION_1,
# master['pki_target_subsystem_web_xml'],
-# extra=config.PKI_INDENTATION_LEVEL_2)
+# extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
# begin_filters_section = False
# begin_servlet_section = False
# FILE = open(web_xml_target, "w")
@@ -840,16 +841,16 @@ class instance:
try:
# count number of PKI subsystems present
# within the specified Apache instance
- for subsystem in config.PKI_APACHE_SUBSYSTEMS:
+ for subsystem in PKIConfig.PKI_APACHE_SUBSYSTEMS:
path = master['pki_instance_path'] + "/" + subsystem.lower()
if os.path.exists(path) and os.path.isdir(path):
rv = rv + 1
config.pki_log.debug(log.PKIHELPER_APACHE_INSTANCE_SUBSYSTEMS_2,
master['pki_instance_path'],
- rv, extra=config.PKI_INDENTATION_LEVEL_2)
+ rv, extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
return rv
@@ -873,10 +874,10 @@ class instance:
config.pki_log.debug(log.PKIHELPER_APACHE_INSTANCES_2,
master['pki_instance_type_registry_path'],
rv,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
return rv
@@ -897,14 +898,14 @@ class instance:
for name in os.listdir(dir):
if os.path.isdir(os.path.join(dir,name)) and\
not os.path.islink(os.path.join(dir,name)):
- if name.upper() in config.PKI_SUBSYSTEMS:
+ if name.upper() in PKIConfig.PKI_SUBSYSTEMS:
rv = rv + 1
config.pki_log.debug(log.PKIHELPER_PKI_INSTANCE_SUBSYSTEMS_2,
master['pki_instance_path'], rv,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
return rv
@@ -913,16 +914,16 @@ class instance:
try:
# count number of PKI subsystems present
# within the specified Tomcat instance
- for subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
+ for subsystem in PKIConfig.PKI_TOMCAT_SUBSYSTEMS:
path = master['pki_instance_path'] + "/" + subsystem.lower()
if os.path.exists(path) and os.path.isdir(path):
rv = rv + 1
config.pki_log.debug(log.PKIHELPER_TOMCAT_INSTANCE_SUBSYSTEMS_2,
master['pki_instance_path'],
- rv, extra=config.PKI_INDENTATION_LEVEL_2)
+ rv, extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
return rv
@@ -946,10 +947,10 @@ class instance:
config.pki_log.debug(log.PKIHELPER_TOMCAT_INSTANCES_2,
master['pki_instance_type_registry_path'],
rv,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
return rv
@@ -959,11 +960,11 @@ class instance:
config.pki_log.error(log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2,
master['pki_subsystem'],
master['pki_instance_id'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
def verify_subsystem_does_not_exist(self):
@@ -972,28 +973,28 @@ class instance:
config.pki_log.error(log.PKI_SUBSYSTEM_ALREADY_EXISTS_2,
master['pki_subsystem'],
master['pki_instance_id'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# PKI Deployment Directory Class
class directory:
def create(self, name, uid=None, gid=None,
- perms=config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS,
+ perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS,
acls=None, critical_failure=True):
try:
if not os.path.exists(name):
# mkdir -p <name>
config.pki_log.info(log.PKIHELPER_MKDIR_1, name,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
os.makedirs(name)
# chmod <perms> <name>
config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, name,
- extra=config.PKI_INDENTATION_LEVEL_3)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_3)
os.chmod(name, perms)
# chown <uid>:<gid> <name>
if uid == None:
@@ -1002,7 +1003,7 @@ class directory:
gid = identity.get_gid()
config.pki_log.debug(log.PKIHELPER_CHOWN_3,
uid, gid, name,
- extra=config.PKI_INDENTATION_LEVEL_3)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_3)
os.chown(name, uid, gid)
# Store record in installation manifest
record = manifest.record()
@@ -1018,7 +1019,7 @@ class directory:
elif not os.path.isdir(name):
config.pki_log.error(
log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1, name,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
except OSError as exc:
@@ -1026,30 +1027,30 @@ class directory:
pass
else:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
return
def modify(self, name, uid=None, gid=None,
- perms=config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS,
+ perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS,
acls=None, silent=False, critical_failure=True):
try:
if os.path.exists(name):
if not os.path.isdir(name):
config.pki_log.error(
log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1,
- name, extra=config.PKI_INDENTATION_LEVEL_2)
+ name, extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
# Always re-process each directory whether it needs it or not
if not silent:
config.pki_log.info(log.PKIHELPER_MODIFY_DIR_1, name,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
# chmod <perms> <name>
if not silent:
config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, name,
- extra=config.PKI_INDENTATION_LEVEL_3)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_3)
os.chmod(name, perms)
# chown <uid>:<gid> <name>
if uid == None:
@@ -1059,7 +1060,7 @@ class directory:
if not silent:
config.pki_log.debug(log.PKIHELPER_CHOWN_3,
uid, gid, name,
- extra=config.PKI_INDENTATION_LEVEL_3)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_3)
os.chown(name, uid, gid)
# Store record in installation manifest
if not silent:
@@ -1076,12 +1077,12 @@ class directory:
else:
config.pki_log.error(
log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, name,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
return
@@ -1092,21 +1093,21 @@ class directory:
# Simply issue a warning and continue
config.pki_log.warning(
log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, name,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
else:
if recursive_flag == True:
# rm -rf <name>
config.pki_log.info(log.PKIHELPER_RM_RF_1, name,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
shutil.rmtree(name)
else:
# rmdir <name>
config.pki_log.info(log.PKIHELPER_RMDIR_1, name,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
os.rmdir(name)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
return
@@ -1119,41 +1120,41 @@ class directory:
return True
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
def is_empty(self, name):
try:
if not os.listdir(name):
config.pki_log.debug(log.PKIHELPER_DIRECTORY_IS_EMPTY_1,
- name, extra=config.PKI_INDENTATION_LEVEL_2)
+ name, extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
return True
else:
config.pki_log.debug(log.PKIHELPER_DIRECTORY_IS_NOT_EMPTY_1,
- name, extra=config.PKI_INDENTATION_LEVEL_2)
+ name, extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
return False
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
def set_mode(self, name, uid=None, gid=None,
- dir_perms=config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS,
- file_perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
+ dir_perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS,
+ file_perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
symlink_perms=\
- config.PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS,
+ PKIConfig.PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS,
dir_acls=None, file_acls=None, symlink_acls=None,
recursive_flag=True, critical_failure=True):
try:
if not os.path.exists(name) or not os.path.isdir(name):
config.pki_log.error(
log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, name,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
else:
config.pki_log.info(
log.PKIHELPER_SET_MODE_1, name,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if uid == None:
uid = identity.get_uid()
if gid == None:
@@ -1166,16 +1167,16 @@ class directory:
file = entity
config.pki_log.debug(
log.PKIHELPER_IS_A_FILE_1, file,
- extra=config.PKI_INDENTATION_LEVEL_3)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_3)
# chmod <file_perms> <name>
config.pki_log.debug(log.PKIHELPER_CHMOD_2,
file_perms, file,
- extra=config.PKI_INDENTATION_LEVEL_3)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_3)
os.chmod(file, file_perms)
# chown <uid>:<gid> <name>
config.pki_log.debug(log.PKIHELPER_CHOWN_3,
uid, gid, file,
- extra=config.PKI_INDENTATION_LEVEL_3)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_3)
os.chown(file, uid, gid)
# Store record in installation manifest
record = manifest.record()
@@ -1192,7 +1193,7 @@ class directory:
symlink = entity
config.pki_log.debug(
log.PKIHELPER_IS_A_SYMLINK_1, symlink,
- extra=config.PKI_INDENTATION_LEVEL_3)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_3)
# REMINDER: Due to POSIX compliance, 'lchmod'
# is NEVER implemented on Linux
# systems since 'chmod' CANNOT be
@@ -1201,7 +1202,7 @@ class directory:
# chown -h <uid>:<gid> <symlink>
config.pki_log.debug(log.PKIHELPER_CHOWN_H_3,
uid, gid, symlink,
- extra=config.PKI_INDENTATION_LEVEL_3)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_3)
os.lchown(symlink, uid, gid)
# Store record in installation manifest
record = manifest.record()
@@ -1218,16 +1219,16 @@ class directory:
dir = os.path.join(root, name)
config.pki_log.debug(
log.PKIHELPER_IS_A_DIRECTORY_1, dir,
- extra=config.PKI_INDENTATION_LEVEL_3)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_3)
# chmod <dir_perms> <name>
config.pki_log.debug(log.PKIHELPER_CHMOD_2,
dir_perms, dir,
- extra=config.PKI_INDENTATION_LEVEL_3)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_3)
os.chmod(dir, dir_perms)
# chown <uid>:<gid> <name>
config.pki_log.debug(log.PKIHELPER_CHOWN_3,
uid, gid, dir,
- extra=config.PKI_INDENTATION_LEVEL_3)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_3)
os.chown(dir, uid, gid)
# Store record in installation manifest
record = manifest.record()
@@ -1243,17 +1244,17 @@ class directory:
else:
config.pki_log.debug(
log.PKIHELPER_IS_A_DIRECTORY_1, name,
- extra=config.PKI_INDENTATION_LEVEL_3)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_3)
name = os.path.join(root, name)
# chmod <dir_perms> <name>
config.pki_log.debug(log.PKIHELPER_CHMOD_2,
dir_perms, name,
- extra=config.PKI_INDENTATION_LEVEL_3)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_3)
os.chmod(name, dir_perms)
# chown <uid>:<gid> <name>
config.pki_log.debug(log.PKIHELPER_CHOWN_3,
uid, gid, name,
- extra=config.PKI_INDENTATION_LEVEL_3)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_3)
os.chown(name, uid, gid)
# Store record in installation manifest
record = manifest.record()
@@ -1268,34 +1269,34 @@ class directory:
manifest.database.append(record)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
def copy(self, old_name, new_name, uid=None, gid=None,
- dir_perms=config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS,
- file_perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
- symlink_perms=config.PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS,
+ dir_perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS,
+ file_perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
+ symlink_perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS,
dir_acls=None, file_acls=None, symlink_acls=None,
recursive_flag=True, overwrite_flag=False, critical_failure=True):
try:
if not os.path.exists(old_name) or not os.path.isdir(old_name):
config.pki_log.error(
log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, old_name,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
else:
if os.path.exists(new_name):
if not overwrite_flag:
config.pki_log.error(
log.PKI_DIRECTORY_ALREADY_EXISTS_1, new_name,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if recursive_flag == True:
# cp -rp <old_name> <new_name>
config.pki_log.info(log.PKIHELPER_CP_RP_2,
old_name, new_name,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
# Due to a limitation in the 'shutil.copytree()'
# implementation which requires that
# 'The destination directory must not already exist.',
@@ -1308,7 +1309,7 @@ class directory:
# cp -p <old_name> <new_name>
config.pki_log.info(log.PKIHELPER_CP_P_2,
old_name, new_name,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
shutil.copy2(old_name, new_name)
# set ownerships, permissions, and acls
# of newly created top-level directory
@@ -1322,12 +1323,12 @@ class directory:
recursive_flag, critical_failure)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
except shutil.Error as exc:
config.pki_log.error(log.PKI_SHUTIL_ERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
return
@@ -1336,17 +1337,17 @@ class directory:
# PKI Deployment File Class (also used for executables)
class file:
def create(self, name, uid=None, gid=None,
- perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
+ perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
acls=None, critical_failure=True):
try:
if not os.path.exists(name):
# touch <name>
config.pki_log.info(log.PKIHELPER_TOUCH_1, name,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
open(name, "w").close()
# chmod <perms> <name>
config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, name,
- extra=config.PKI_INDENTATION_LEVEL_3)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_3)
os.chmod(name, perms)
# chown <uid>:<gid> <name>
if uid == None:
@@ -1355,7 +1356,7 @@ class file:
gid = identity.get_gid()
config.pki_log.debug(log.PKIHELPER_CHOWN_3,
uid, gid, name,
- extra=config.PKI_INDENTATION_LEVEL_3)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_3)
os.chown(name, uid, gid)
# Store record in installation manifest
record = manifest.record()
@@ -1371,7 +1372,7 @@ class file:
elif not os.path.isfile(name):
config.pki_log.error(
log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, name,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
except OSError as exc:
@@ -1379,30 +1380,30 @@ class file:
pass
else:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
return
def modify(self, name, uid=None, gid=None,
- perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
+ perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
acls=None, silent=False, critical_failure=True):
try:
if os.path.exists(name):
if not os.path.isfile(name):
config.pki_log.error(
log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1,
- name, extra=config.PKI_INDENTATION_LEVEL_2)
+ name, extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
# Always re-process each file whether it needs it or not
if not silent:
config.pki_log.info(log.PKIHELPER_MODIFY_FILE_1, name,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
# chmod <perms> <name>
if not silent:
config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, name,
- extra=config.PKI_INDENTATION_LEVEL_3)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_3)
os.chmod(name, perms)
# chown <uid>:<gid> <name>
if uid == None:
@@ -1412,7 +1413,7 @@ class file:
if not silent:
config.pki_log.debug(log.PKIHELPER_CHOWN_3,
uid, gid, name,
- extra=config.PKI_INDENTATION_LEVEL_3)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_3)
os.chown(name, uid, gid)
# Store record in installation manifest
if not silent:
@@ -1429,12 +1430,12 @@ class file:
else:
config.pki_log.error(
log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, name,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
return
@@ -1445,15 +1446,15 @@ class file:
# Simply issue a warning and continue
config.pki_log.warning(
log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, name,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
else:
# rm -f <name>
config.pki_log.info(log.PKIHELPER_RM_F_1, name,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
os.remove(name)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
return
@@ -1466,29 +1467,29 @@ class file:
return True
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
def copy(self, old_name, new_name, uid=None, gid=None,
- perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, acls=None,
+ perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, acls=None,
overwrite_flag=False, critical_failure=True):
try:
if not os.path.exists(old_name) or not os.path.isfile(old_name):
config.pki_log.error(
log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, old_name,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
else:
if os.path.exists(new_name):
if not overwrite_flag:
config.pki_log.error(
log.PKI_FILE_ALREADY_EXISTS_1, new_name,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# cp -p <old_name> <new_name>
config.pki_log.info(log.PKIHELPER_CP_P_2,
old_name, new_name,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
shutil.copy2(old_name, new_name)
if uid == None:
uid = identity.get_uid()
@@ -1497,12 +1498,12 @@ class file:
# chmod <perms> <new_name>
config.pki_log.debug(log.PKIHELPER_CHMOD_2,
perms, new_name,
- extra=config.PKI_INDENTATION_LEVEL_3)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_3)
os.chmod(new_name, perms)
# chown <uid>:<gid> <new_name>
config.pki_log.debug(log.PKIHELPER_CHOWN_3,
uid, gid, new_name,
- extra=config.PKI_INDENTATION_LEVEL_3)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_3)
os.chown(new_name, uid, gid)
# Store record in installation manifest
record = manifest.record()
@@ -1517,37 +1518,37 @@ class file:
manifest.database.append(record)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
except shutil.Error as exc:
config.pki_log.error(log.PKI_SHUTIL_ERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
return
def apply_slot_substitution(
self, name, uid=None, gid=None,
- perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
+ perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
acls=None, critical_failure=True):
try:
if not os.path.exists(name) or not os.path.isfile(name):
config.pki_log.error(
log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, name,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# applying in-place slot substitutions on <name>
config.pki_log.info(log.PKIHELPER_APPLY_SLOT_SUBSTITUTION_1,
name,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
for line in fileinput.FileInput(name, inplace=1):
for slot in slots:
if slot != '__name__' and slots[slot] in line:
config.pki_log.debug(
log.PKIHELPER_SLOT_SUBSTITUTION_2,
slots[slot], master[slot],
- extra=config.PKI_INDENTATION_LEVEL_3)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_3)
line=line.replace(slots[slot],master[slot])
sys.stdout.write(line)
if uid == None:
@@ -1557,12 +1558,12 @@ class file:
# chmod <perms> <name>
config.pki_log.debug(log.PKIHELPER_CHMOD_2,
perms, name,
- extra=config.PKI_INDENTATION_LEVEL_3)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_3)
os.chmod(name, perms)
# chown <uid>:<gid> <name>
config.pki_log.debug(log.PKIHELPER_CHOWN_3,
uid, gid, name,
- extra=config.PKI_INDENTATION_LEVEL_3)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_3)
os.chown(name, uid, gid)
# Store record in installation manifest
record = manifest.record()
@@ -1577,38 +1578,38 @@ class file:
manifest.database.append(record)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
except shutil.Error as exc:
config.pki_log.error(log.PKI_SHUTIL_ERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
return
def copy_with_slot_substitution(
self, old_name, new_name, uid=None, gid=None,
- perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
+ perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
acls=None, overwrite_flag=False,
critical_failure=True):
try:
if not os.path.exists(old_name) or not os.path.isfile(old_name):
config.pki_log.error(
log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, old_name,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
else:
if os.path.exists(new_name):
if not overwrite_flag:
config.pki_log.error(
log.PKI_FILE_ALREADY_EXISTS_1, new_name,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# copy <old_name> to <new_name> with slot substitutions
config.pki_log.info(log.PKIHELPER_COPY_WITH_SLOT_SUBSTITUTION_2,
old_name, new_name,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
FILE = open(new_name, "w")
for line in fileinput.FileInput(old_name):
for slot in slots:
@@ -1616,7 +1617,7 @@ class file:
config.pki_log.debug(
log.PKIHELPER_SLOT_SUBSTITUTION_2,
slots[slot], master[slot],
- extra=config.PKI_INDENTATION_LEVEL_3)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_3)
line=line.replace(slots[slot],master[slot])
FILE.write(line)
FILE.close()
@@ -1627,12 +1628,12 @@ class file:
# chmod <perms> <new_name>
config.pki_log.debug(log.PKIHELPER_CHMOD_2,
perms, new_name,
- extra=config.PKI_INDENTATION_LEVEL_3)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_3)
os.chmod(new_name, perms)
# chown <uid>:<gid> <new_name>
config.pki_log.debug(log.PKIHELPER_CHOWN_3,
uid, gid, new_name,
- extra=config.PKI_INDENTATION_LEVEL_3)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_3)
os.chown(new_name, uid, gid)
# Store record in installation manifest
record = manifest.record()
@@ -1647,25 +1648,25 @@ class file:
manifest.database.append(record)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
except shutil.Error as exc:
config.pki_log.error(log.PKI_SHUTIL_ERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
return
def generate_noise_file(self, name, bytes, uid=None, gid=None,
- perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
+ perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
acls=None, critical_failure=True):
try:
if not os.path.exists(name):
# generating noise file called <name> and
# filling it with <bytes> random bytes
config.pki_log.info(log.PKIHELPER_NOISE_FILE_2, name, bytes,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
open(name, "w").close()
FILE = open(name, "w")
noise = ''.join(random.choice(string.ascii_letters +\
@@ -1674,7 +1675,7 @@ class file:
FILE.close()
# chmod <perms> <name>
config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, name,
- extra=config.PKI_INDENTATION_LEVEL_3)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_3)
os.chmod(name, perms)
# chown <uid>:<gid> <name>
if uid == None:
@@ -1683,7 +1684,7 @@ class file:
gid = identity.get_gid()
config.pki_log.debug(log.PKIHELPER_CHOWN_3,
uid, gid, name,
- extra=config.PKI_INDENTATION_LEVEL_3)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_3)
os.chown(name, uid, gid)
# Store record in installation manifest
record = manifest.record()
@@ -1699,7 +1700,7 @@ class file:
elif not os.path.isfile(name):
config.pki_log.error(
log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, name,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
except OSError as exc:
@@ -1707,7 +1708,7 @@ class file:
pass
else:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
return
@@ -1722,12 +1723,12 @@ class symlink:
if not os.path.exists(name):
config.pki_log.warning(
log.PKIHELPER_DANGLING_SYMLINK_2, link, name,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if not allow_dangling_symlink:
sys.exit(1)
# ln -s <name> <link>
config.pki_log.info(log.PKIHELPER_LINK_S_2, name, link,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
os.symlink(name, link)
# REMINDER: Due to POSIX compliance, 'lchmod' is NEVER
# implemented on Linux systems since 'chmod'
@@ -1739,7 +1740,7 @@ class symlink:
gid = identity.get_gid()
config.pki_log.debug(log.PKIHELPER_CHOWN_H_3,
uid, gid, link,
- extra=config.PKI_INDENTATION_LEVEL_3)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_3)
os.lchown(link, uid, gid)
# Store record in installation manifest
record = manifest.record()
@@ -1750,13 +1751,13 @@ class symlink:
record.uid = uid
record.gid = gid
record.permissions =\
- config.PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS
+ PKIConfig.PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS
record.acls = acls
manifest.database.append(record)
elif not os.path.islink(link):
config.pki_log.error(
log.PKI_SYMLINK_ALREADY_EXISTS_NOT_A_SYMLINK_1, link,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
except OSError as exc:
@@ -1764,7 +1765,7 @@ class symlink:
pass
else:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
return
@@ -1776,13 +1777,13 @@ class symlink:
if not os.path.islink(link):
config.pki_log.error(
log.PKI_SYMLINK_ALREADY_EXISTS_NOT_A_SYMLINK_1,
- link, extra=config.PKI_INDENTATION_LEVEL_2)
+ link, extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
# Always re-process each link whether it needs it or not
if not silent:
config.pki_log.info(log.PKIHELPER_MODIFY_SYMLINK_1, link,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
# REMINDER: Due to POSIX compliance, 'lchmod' is NEVER
# implemented on Linux systems since 'chmod'
# CANNOT be run directly against symbolic links!
@@ -1794,7 +1795,7 @@ class symlink:
if not silent:
config.pki_log.debug(log.PKIHELPER_CHOWN_H_3,
uid, gid, link,
- extra=config.PKI_INDENTATION_LEVEL_3)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_3)
os.lchown(link, uid, gid)
# Store record in installation manifest
if not silent:
@@ -1806,18 +1807,18 @@ class symlink:
record.uid = uid
record.gid = gid
record.permissions =\
- config.PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS
+ PKIConfig.PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS
record.acls = acls
manifest.database.append(record)
else:
config.pki_log.error(
log.PKI_SYMLINK_MISSING_OR_NOT_A_SYMLINK_1, link,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
return
@@ -1828,15 +1829,15 @@ class symlink:
# Simply issue a warning and continue
config.pki_log.warning(
log.PKI_SYMLINK_MISSING_OR_NOT_A_SYMLINK_1, link,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
else:
# rm -f <link>
config.pki_log.info(log.PKIHELPER_RM_F_1, link,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
os.remove(link)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
return
@@ -1849,7 +1850,7 @@ class symlink:
return True
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
@@ -1861,18 +1862,18 @@ class war:
if not zipfile.is_zipfile(name):
config.pki_log.error(
log.PKI_FILE_NOT_A_WAR_FILE_1,
- name, extra=config.PKI_INDENTATION_LEVEL_2)
+ name, extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
if not os.path.exists(path) or not os.path.isdir(path):
config.pki_log.error(
log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1,
- path, extra=config.PKI_INDENTATION_LEVEL_2)
+ path, extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
# jar -xf <name> -C <path>
config.pki_log.info(log.PKIHELPER_JAR_XF_C_2, name, path,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
# Open war file
war = zipfile.ZipFile(name, 'r')
# Extract contents of war file to path
@@ -1880,22 +1881,22 @@ class war:
else:
config.pki_log.error(
log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, name,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
except zipfile.BadZipfile as exc:
config.pki_log.error(log.PKI_BADZIPFILE_ERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
except zipfile.LargeZipFile as exc:
config.pki_log.error(log.PKI_LARGEZIPFILE_ERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
return
@@ -1910,13 +1911,13 @@ class password:
if overwrite_flag:
config.pki_log.info(
log.PKIHELPER_PASSWORD_CONF_1, path,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
# overwrite the existing 'password.conf' file
with open(path, "wt") as fd:
if pin_sans_token == True:
fd.write(str(pin))
elif master['pki_subsystem'] in\
- config.PKI_APACHE_SUBSYSTEMS:
+ PKIConfig.PKI_APACHE_SUBSYSTEMS:
fd.write(master['pki_self_signed_token'] +\
":" + str(pin))
else:
@@ -1925,13 +1926,13 @@ class password:
fd.closed
else:
config.pki_log.info(log.PKIHELPER_PASSWORD_CONF_1, path,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
# create a new 'password.conf' file
with open(path, "wt") as fd:
if pin_sans_token == True:
fd.write(str(pin))
elif master['pki_subsystem'] in\
- config.PKI_APACHE_SUBSYSTEMS:
+ PKIConfig.PKI_APACHE_SUBSYSTEMS:
fd.write(master['pki_self_signed_token'] +\
":" + str(pin))
else:
@@ -1940,7 +1941,7 @@ class password:
fd.closed
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
return
@@ -1952,21 +1953,21 @@ class password:
if overwrite_flag:
config.pki_log.info(
log.PKIHELPER_PASSWORD_CONF_1, path,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
# overwrite the existing 'pkcs12_password.conf' file
with open(path, "wt") as fd:
fd.write(sensitive['pki_client_pkcs12_password'])
fd.closed
else:
config.pki_log.info(log.PKIHELPER_PASSWORD_CONF_1, path,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
# create a new 'pkcs12_password.conf' file
with open(path, "wt") as fd:
fd.write(sensitive['pki_client_pkcs12_password'])
fd.closed
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
return
@@ -1987,7 +1988,7 @@ class certutil:
else:
config.pki_log.error(
log.PKIHELPER_CERTUTIL_MISSING_PATH,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if password_file != None:
command = command + " " + "-f" + " " + password_file
@@ -1996,7 +1997,7 @@ class certutil:
if not os.path.exists(path):
config.pki_log.error(
log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, path,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if os.path.exists(pki_cert_database) or\
os.path.exists(pki_key_database) or\
@@ -2007,7 +2008,7 @@ class certutil:
pki_cert_database,
pki_key_database,
pki_secmod_database,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
else:
if password_file != None:
if not os.path.exists(password_file) or\
@@ -2015,23 +2016,23 @@ class certutil:
config.pki_log.error(
log.PKI_FILE_MISSING_OR_NOT_A_FILE_1,
password_file,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# Display this "certutil" command
config.pki_log.info(
log.PKIHELPER_CREATE_SECURITY_DATABASES_1,
command,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
# Execute this "certutil" command
subprocess.call(command, shell=True)
except subprocess.CalledProcessError as exc:
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
return
@@ -2050,7 +2051,7 @@ class certutil:
else:
config.pki_log.error(
log.PKIHELPER_CERTUTIL_MISSING_PATH,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# Specify the 'token'
if token:
@@ -2058,7 +2059,7 @@ class certutil:
else:
config.pki_log.error(
log.PKIHELPER_CERTUTIL_MISSING_TOKEN,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# Specify the nickname of this self-signed certificate
if nickname:
@@ -2066,7 +2067,7 @@ class certutil:
else:
config.pki_log.error(
log.PKIHELPER_CERTUTIL_MISSING_NICKNAME,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# OPTIONALLY specify a password file
if password_file != None:
@@ -2077,7 +2078,7 @@ class certutil:
if not os.path.exists(path):
config.pki_log.error(
log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, path,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if not os.path.exists(pki_cert_database) or\
not os.path.exists(pki_key_database) or\
@@ -2088,7 +2089,7 @@ class certutil:
pki_cert_database,
pki_key_database,
pki_secmod_database,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if password_file != None:
if not os.path.exists(password_file) or\
@@ -2096,7 +2097,7 @@ class certutil:
config.pki_log.error(
log.PKI_FILE_MISSING_OR_NOT_A_FILE_1,
password_file,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# Execute this "certutil" command
subprocess.check_call(command, shell=True)
@@ -2104,7 +2105,7 @@ class certutil:
return False
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
return True
@@ -2126,7 +2127,7 @@ class certutil:
else:
config.pki_log.error(
log.PKIHELPER_CERTUTIL_MISSING_PATH,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# Specify the 'token'
if token:
@@ -2134,7 +2135,7 @@ class certutil:
else:
config.pki_log.error(
log.PKIHELPER_CERTUTIL_MISSING_TOKEN,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# Specify the nickname of this self-signed certificate
if nickname:
@@ -2142,7 +2143,7 @@ class certutil:
else:
config.pki_log.error(
log.PKIHELPER_CERTUTIL_MISSING_NICKNAME,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# Specify the subject name (RFC1485)
if subject:
@@ -2150,7 +2151,7 @@ class certutil:
else:
config.pki_log.error(
log.PKIHELPER_CERTUTIL_MISSING_SUBJECT,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# Specify the serial number
if serial_number != None:
@@ -2158,7 +2159,7 @@ class certutil:
else:
config.pki_log.error(
log.PKIHELPER_CERTUTIL_MISSING_SERIAL_NUMBER,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# Specify the months valid
if validity_period != None:
@@ -2166,7 +2167,7 @@ class certutil:
else:
config.pki_log.error(
log.PKIHELPER_CERTUTIL_MISSING_VALIDITY_PERIOD,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# Specify the nickname of the issuer certificate
if issuer_name:
@@ -2175,7 +2176,7 @@ class certutil:
else:
config.pki_log.error(
log.PKIHELPER_CERTUTIL_MISSING_ISSUER_NAME,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# Specify the certificate trust attributes
if trustargs:
@@ -2183,7 +2184,7 @@ class certutil:
else:
config.pki_log.error(
log.PKIHELPER_CERTUTIL_MISSING_TRUSTARGS,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# Specify a noise file to be used for key generation
if noise_file:
@@ -2191,7 +2192,7 @@ class certutil:
else:
config.pki_log.error(
log.PKIHELPER_CERTUTIL_MISSING_NOISE_FILE,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# OPTIONALLY specify a password file
if password_file != None:
@@ -2203,11 +2204,11 @@ class certutil:
# Display this "certutil" command
config.pki_log.info(
log.PKIHELPER_CERTUTIL_SELF_SIGNED_CERTIFICATE_1, command,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if not os.path.exists(path):
config.pki_log.error(
log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, path,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if not os.path.exists(pki_cert_database) or\
not os.path.exists(pki_key_database) or\
@@ -2218,13 +2219,13 @@ class certutil:
pki_cert_database,
pki_key_database,
pki_secmod_database,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if not os.path.exists(noise_file):
config.pki_log.error(
log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1,
noise_file,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if password_file != None:
if not os.path.exists(password_file) or\
@@ -2232,18 +2233,18 @@ class certutil:
config.pki_log.error(
log.PKI_FILE_MISSING_OR_NOT_A_FILE_1,
password_file,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# Execute this "certutil" command
subprocess.call(command, shell=True)
except subprocess.CalledProcessError as exc:
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
return
@@ -2280,10 +2281,10 @@ class security_domain:
log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_2,
typeval,
secname,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
config.pki_log.error(
log.PKIHELPER_UNDEFINED_SUBSYSTEM_NICKNAME,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(-1)
else:
@@ -2305,10 +2306,10 @@ class security_domain:
log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_2,
typeval,
secname,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
config.pki_log.error(
log.PKIHELPER_SECURITY_DOMAIN_UNDEFINED,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(-1)
else:
@@ -2318,7 +2319,7 @@ class security_domain:
# This is not a domain master, so we need to update the master
config.pki_log.info(log.PKIHELPER_SECURITY_DOMAIN_CONTACT_1,
secname,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
listval = typeval.lower() + "List"
urlheader = "https://{}:{}".format(sechost, seceeport)
urlagentheader = "https://{}:{}".format(sechost, secagentport)
@@ -2348,10 +2349,10 @@ class security_domain:
log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_2,
typeval,
secname,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
config.pki_log.error(log.PKIHELPER_PASSWORD_NOT_FOUND_1,
token_name,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(-1)
else:
@@ -2385,14 +2386,14 @@ class security_domain:
shell=True)
config.pki_log.debug(log.PKIHELPER_SSLGET_OUTPUT_1,
output,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
# Search the output for Status
status = re.findall("\<Status\>(.*?)\<\/Status\>", output)
if not status:
config.pki_log.warning(
log.PKIHELPER_SECURITY_DOMAIN_UNREACHABLE_1,
secname,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(-1)
elif status[0] != "0":
@@ -2403,13 +2404,13 @@ class security_domain:
log.PKIHELPER_SECURITY_DOMAIN_UNREGISTERED_2,
typeval,
secname,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
config.pki_log.error(
log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_3,
typeval,
secname,
error,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(-1)
else:
@@ -2417,19 +2418,19 @@ class security_domain:
log.PKIHELPER_SECURITY_DOMAIN_UPDATE_SUCCESS_2,
typeval,
secname,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
except subprocess.CalledProcessError as exc:
config.pki_log.warning(
log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_2,
typeval,
secname,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
config.pki_log.warning(
log.PKIHELPER_SECURITY_DOMAIN_UNREACHABLE_1,
secname,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(-1)
return
@@ -2440,12 +2441,12 @@ class systemd:
def start(self, critical_failure=True):
try:
# Compose this "systemd" execution management command
- if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS:
+ if master['pki_subsystem'] in PKIConfig.PKI_APACHE_SUBSYSTEMS:
command = "systemctl" + " " +\
"start" + " " +\
"pki-apached" + "@" +\
master['pki_instance_id'] + "." + "service"
- elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
+ elif master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS:
command = "systemctl" + " " +\
"start" + " " +\
"pki-tomcatd" + "@" +\
@@ -2453,12 +2454,12 @@ class systemd:
# Display this "systemd" execution managment command
config.pki_log.info(
log.PKIHELPER_SYSTEMD_COMMAND_1, command,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
# Execute this "systemd" execution management command
subprocess.call(command, shell=True)
except subprocess.CalledProcessError as exc:
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
return
@@ -2466,12 +2467,12 @@ class systemd:
def stop(self, critical_failure=True):
try:
# Compose this "systemd" execution management command
- if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS:
+ if master['pki_subsystem'] in PKIConfig.PKI_APACHE_SUBSYSTEMS:
command = "systemctl" + " " +\
"stop" + " " +\
"pki-apached" + "@" +\
master['pki_instance_id'] + "." + "service"
- elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
+ elif master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS:
command = "systemctl" + " " +\
"stop" + " " +\
"pki-tomcatd" + "@" +\
@@ -2479,12 +2480,12 @@ class systemd:
# Display this "systemd" execution managment command
config.pki_log.info(
log.PKIHELPER_SYSTEMD_COMMAND_1, command,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
# Execute this "systemd" execution management command
subprocess.call(command, shell=True)
except subprocess.CalledProcessError as exc:
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
return
@@ -2492,12 +2493,12 @@ class systemd:
def restart(self, critical_failure=True):
try:
# Compose this "systemd" execution management command
- if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS:
+ if master['pki_subsystem'] in PKIConfig.PKI_APACHE_SUBSYSTEMS:
command = "systemctl" + " " +\
"restart" + " " +\
"pki-apached" + "@" +\
master['pki_instance_id'] + "." + "service"
- elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
+ elif master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS:
command = "systemctl" + " " +\
"restart" + " " +\
"pki-tomcatd" + "@" +\
@@ -2505,12 +2506,12 @@ class systemd:
# Display this "systemd" execution managment command
config.pki_log.info(
log.PKIHELPER_SYSTEMD_COMMAND_1, command,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
# Execute this "systemd" execution management command
subprocess.call(command, shell=True)
except subprocess.CalledProcessError as exc:
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
return
@@ -2544,12 +2545,12 @@ class jython:
config.pki_log.info(
log.PKIHELPER_INVOKE_JYTHON_3,
ld_library_path, property, scriptlet,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
# Invoke this "jython" command
subprocess.call(command, shell=True)
except subprocess.CalledProcessError as exc:
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
sys.exit(1)
return
diff --git a/base/deploy/src/scriptlets/pkijython.py b/base/deploy/src/scriptlets/pkijython.py
index 8d027f91a..3753c9e49 100644
--- a/base/deploy/src/scriptlets/pkijython.py
+++ b/base/deploy/src/scriptlets/pkijython.py
@@ -151,6 +151,7 @@ from netscape.security.x509 import X500Name
# PKI Python Imports
import pkiconfig as config
+from pkiconfig import PKIConfig
import pkimessages as log
@@ -220,7 +221,7 @@ def read_simple_configuration_file(filename):
class security_databases:
def initialize_token(self, pki_database_path, log_level):
try:
- if log_level >= config.PKI_JYTHON_INFO_LOG_LEVEL:
+ if log_level >= PKIConfig.PKI_JYTHON_INFO_LOG_LEVEL:
print "%s %s '%s'" %\
(log.PKI_JYTHON_INDENTATION_2,
log.PKI_JYTHON_INITIALIZING_TOKEN,
@@ -237,7 +238,7 @@ class security_databases:
def log_into_token(self, pki_database_path, password_conf, log_level):
token = None
try:
- if log_level >= config.PKI_JYTHON_INFO_LOG_LEVEL:
+ if log_level >= PKIConfig.PKI_JYTHON_INFO_LOG_LEVEL:
print "%s %s '%s'" %\
(log.PKI_JYTHON_INDENTATION_2,
log.PKI_JYTHON_LOG_INTO_TOKEN,
@@ -281,7 +282,7 @@ class rest_client:
self.master = master
self.sensitive = sensitive
log_level = master['pki_jython_log_level']
- if log_level >= config.PKI_JYTHON_INFO_LOG_LEVEL:
+ if log_level >= PKIConfig.PKI_JYTHON_INFO_LOG_LEVEL:
print "%s %s '%s'" %\
(log.PKI_JYTHON_INDENTATION_2,
log.PKI_JYTHON_INITIALIZING_REST_CLIENT,
@@ -398,7 +399,7 @@ class rest_client:
# Return list of PKI subsystems in the specified tomcat instance
rv = []
try:
- for subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
+ for subsystem in PKIConfig.PKI_TOMCAT_SUBSYSTEMS:
path = self.master['pki_instance_path'] + "/" + subsystem.lower()
if os.path.exists(path) and os.path.isdir(path):
rv.append(subsystem)
@@ -412,7 +413,7 @@ class rest_client:
def construct_pki_configuration_data(self, token):
data = None
master = self.master
- if master['pki_jython_log_level'] >= config.PKI_JYTHON_INFO_LOG_LEVEL:
+ if master['pki_jython_log_level'] >= PKIConfig.PKI_JYTHON_INFO_LOG_LEVEL:
print "%s %s '%s'" %\
(log.PKI_JYTHON_INDENTATION_2,
log.PKI_JYTHON_CONSTRUCTING_PKI_DATA,
@@ -547,7 +548,7 @@ class rest_client:
def configure_pki_data(self, data):
master = self.master
- if master['pki_jython_log_level'] >= config.PKI_JYTHON_INFO_LOG_LEVEL:
+ if master['pki_jython_log_level'] >= PKIConfig.PKI_JYTHON_INFO_LOG_LEVEL:
print "%s %s '%s'" %\
(log.PKI_JYTHON_INDENTATION_2,
log.PKI_JYTHON_CONFIGURING_PKI_DATA,
@@ -592,7 +593,7 @@ class rest_client:
#
# os.chmod(
# admin_cert_file,
- # config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS)
+ # PKIConfig.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS)
#
# Emulate it with a system call.
command = "chmod" + " 660 " + admin_cert_file
@@ -650,7 +651,7 @@ class rest_client:
# following operating system specific command:
#
# os.chmod(master['pki_client_admin_cert_p12'],
- # config.\
+ # PKIConfig.\
# PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS)
#
# Emulate it with a system call.
diff --git a/base/deploy/src/scriptlets/pkimanifest.py b/base/deploy/src/scriptlets/pkimanifest.py
index 04a638f06..6e2b9c367 100644
--- a/base/deploy/src/scriptlets/pkimanifest.py
+++ b/base/deploy/src/scriptlets/pkimanifest.py
@@ -27,6 +27,7 @@ import sys
# PKI Deployment Imports
import pkiconfig as config
+from pkiconfig import PKIConfig
import pkimessages as log
@@ -80,7 +81,7 @@ class file:
fd.close()
except IOError as exc:
config.pki_log.error(log.PKI_IOERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_1)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_1)
sys.exit(1)
def read(self):
@@ -92,7 +93,7 @@ class file:
fd.close()
except IOError as exc:
config.pki_log.error(log.PKI_IOERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_1)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_1)
sys.exit(1)
diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py
index e9d348840..971c64040 100644
--- a/base/deploy/src/scriptlets/pkiparser.py
+++ b/base/deploy/src/scriptlets/pkiparser.py
@@ -32,6 +32,7 @@ import time
# PKI Deployment Imports
import pkiconfig as config
+from pkiconfig import PKIConfig
import pkimessages as log
@@ -63,7 +64,7 @@ class PKIConfigParser:
mandatory = parser.add_argument_group('mandatory arguments')
mandatory.add_argument('-s',
dest='pki_subsystem', action='store',
- nargs=1, choices=config.PKI_SUBSYSTEMS,
+ nargs=1, choices=PKIConfig.PKI_SUBSYSTEMS,
required=True, metavar='<subsystem>',
help='where <subsystem> is '
'CA, KRA, OCSP, RA, TKS, or TPS')
@@ -110,15 +111,15 @@ class PKIConfigParser:
# Process 'Optional' command-line options
# '-v'
if args.pki_verbosity == 1:
- config.pki_jython_log_level = config.PKI_JYTHON_INFO_LOG_LEVEL
+ config.pki_jython_log_level = PKIConfig.PKI_JYTHON_INFO_LOG_LEVEL
config.pki_console_log_level = logging.INFO
config.pki_log_level = logging.INFO
elif args.pki_verbosity == 2:
- config.pki_jython_log_level = config.PKI_JYTHON_INFO_LOG_LEVEL
+ config.pki_jython_log_level = PKIConfig.PKI_JYTHON_INFO_LOG_LEVEL
config.pki_console_log_level = logging.INFO
config.pki_log_level = logging.DEBUG
elif args.pki_verbosity == 3:
- config.pki_jython_log_level = config.PKI_JYTHON_DEBUG_LOG_LEVEL
+ config.pki_jython_log_level = PKIConfig.PKI_JYTHON_DEBUG_LOG_LEVEL
config.pki_console_log_level = logging.DEBUG
config.pki_log_level = logging.DEBUG
elif args.pki_verbosity > 3:
@@ -128,7 +129,7 @@ class PKIConfigParser:
parser.exit(-1);
else:
# Set default log levels
- config.pki_jython_log_level = config.PKI_JYTHON_WARNING_LOG_LEVEL
+ config.pki_jython_log_level = PKIConfig.PKI_JYTHON_WARNING_LOG_LEVEL
config.pki_console_log_level = logging.WARNING
config.pki_log_level = logging.INFO
# Process 'Test' command-line options
@@ -150,7 +151,7 @@ class PKIConfigParser:
if config.pki_deployment_executable == 'pkidestroy':
# verify that previously deployed instance exists
deployed_pki_instance_path = config.pki_root_prefix +\
- config.PKI_DEPLOYMENT_BASE_ROOT + "/" +\
+ PKIConfig.PKI_DEPLOYMENT_BASE_ROOT + "/" +\
config.pki_deployed_instance_name
if not os.path.exists(deployed_pki_instance_path):
print "ERROR: " + log.PKI_INSTANCE_DOES_NOT_EXIST_1 %\
@@ -170,7 +171,7 @@ class PKIConfigParser:
deployed_pki_subsystem_path + "/" +\
"registry" + "/" +\
config.pki_subsystem.lower() + "/" +\
- config.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE
+ PKIConfig.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE
# always verify that configuration file exists
if not os.path.exists(config.pkideployment_cfg) or\
not os.path.isfile(config.pkideployment_cfg):
@@ -344,14 +345,14 @@ class PKIConfigParser:
config.pki_master_dict['pki_instance_name']
# PKI Source name/value pairs
config.pki_master_dict['pki_source_conf_path'] =\
- os.path.join(config.PKI_DEPLOYMENT_SOURCE_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_SOURCE_ROOT,
config.pki_master_dict['pki_subsystem'].lower(),
"conf")
config.pki_master_dict['pki_source_setup_path'] =\
- os.path.join(config.PKI_DEPLOYMENT_SOURCE_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_SOURCE_ROOT,
"setup")
config.pki_master_dict['pki_source_server_path'] =\
- os.path.join(config.PKI_DEPLOYMENT_SOURCE_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_SOURCE_ROOT,
"server",
"conf")
config.pki_master_dict['pki_source_cs_cfg'] =\
@@ -361,43 +362,43 @@ class PKIConfigParser:
os.path.join(config.pki_master_dict['pki_source_setup_path'],
"pkidaemon_registry")
if config.pki_master_dict['pki_subsystem'] in\
- config.PKI_APACHE_SUBSYSTEMS:
+ PKIConfig.PKI_APACHE_SUBSYSTEMS:
config.pki_master_dict['pki_systemd_service'] =\
- config.PKI_DEPLOYMENT_SYSTEMD_ROOT + "/" +\
+ PKIConfig.PKI_DEPLOYMENT_SYSTEMD_ROOT + "/" +\
"pki-apached" + "@" + ".service"
config.pki_master_dict['pki_systemd_target'] =\
- config.PKI_DEPLOYMENT_SYSTEMD_ROOT + "/" +\
+ PKIConfig.PKI_DEPLOYMENT_SYSTEMD_ROOT + "/" +\
"pki-apached.target"
config.pki_master_dict['pki_systemd_target_wants'] =\
- config.PKI_DEPLOYMENT_SYSTEMD_CONFIGURATION_ROOT + "/" +\
+ PKIConfig.PKI_DEPLOYMENT_SYSTEMD_CONFIGURATION_ROOT + "/" +\
"pki-apached.target.wants"
config.pki_master_dict['pki_systemd_service_link'] =\
config.pki_master_dict['pki_systemd_target_wants'] + "/" +\
"pki-apached" + "@" +\
config.pki_master_dict['pki_instance_id'] + ".service"
elif config.pki_master_dict['pki_subsystem'] in\
- config.PKI_TOMCAT_SUBSYSTEMS:
+ PKIConfig.PKI_TOMCAT_SUBSYSTEMS:
config.pki_master_dict['pki_systemd_service'] =\
- config.PKI_DEPLOYMENT_SYSTEMD_ROOT + "/" +\
+ PKIConfig.PKI_DEPLOYMENT_SYSTEMD_ROOT + "/" +\
"pki-tomcatd" + "@" + ".service"
config.pki_master_dict['pki_systemd_target'] =\
- config.PKI_DEPLOYMENT_SYSTEMD_ROOT + "/" +\
+ PKIConfig.PKI_DEPLOYMENT_SYSTEMD_ROOT + "/" +\
"pki-tomcatd.target"
config.pki_master_dict['pki_systemd_target_wants'] =\
- config.PKI_DEPLOYMENT_SYSTEMD_CONFIGURATION_ROOT + "/" +\
+ PKIConfig.PKI_DEPLOYMENT_SYSTEMD_CONFIGURATION_ROOT + "/" +\
"pki-tomcatd.target.wants"
config.pki_master_dict['pki_systemd_service_link'] =\
config.pki_master_dict['pki_systemd_target_wants'] + "/" +\
"pki-tomcatd" + "@" +\
config.pki_master_dict['pki_instance_id'] + ".service"
config.pki_master_dict['pki_tomcat_bin_path'] =\
- os.path.join(config.PKI_DEPLOYMENT_TOMCAT_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_TOMCAT_ROOT,
"bin")
config.pki_master_dict['pki_tomcat_lib_path'] =\
- os.path.join(config.PKI_DEPLOYMENT_TOMCAT_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_TOMCAT_ROOT,
"lib")
config.pki_master_dict['pki_tomcat_systemd'] =\
- config.PKI_DEPLOYMENT_TOMCAT_SYSTEMD
+ PKIConfig.PKI_DEPLOYMENT_TOMCAT_SYSTEMD
config.pki_master_dict['pki_source_catalina_properties'] =\
os.path.join(config.pki_master_dict['pki_source_server_path'],
"catalina.properties")
@@ -415,14 +416,14 @@ class PKIConfigParser:
"tomcat.conf")
if config.pki_master_dict['pki_subsystem'] == "CA":
config.pki_master_dict['pki_source_emails'] =\
- os.path.join(config.PKI_DEPLOYMENT_SOURCE_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_SOURCE_ROOT,
"ca",
"emails")
config.pki_master_dict['pki_source_flatfile_txt'] =\
os.path.join(config.pki_master_dict['pki_source_conf_path'],
"flatfile.txt")
config.pki_master_dict['pki_source_profiles'] =\
- os.path.join(config.PKI_DEPLOYMENT_SOURCE_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_SOURCE_ROOT,
"ca",
"profiles")
config.pki_master_dict['pki_source_proxy_conf'] =\
@@ -485,16 +486,16 @@ class PKIConfigParser:
config.pki_master_dict['pki_root_prefix'] = config.pki_root_prefix
config.pki_master_dict['pki_path'] =\
config.pki_master_dict['pki_root_prefix'] +\
- config.PKI_DEPLOYMENT_BASE_ROOT
+ PKIConfig.PKI_DEPLOYMENT_BASE_ROOT
config.pki_master_dict['pki_log_path'] =\
config.pki_master_dict['pki_root_prefix'] +\
- config.PKI_DEPLOYMENT_LOG_ROOT
+ PKIConfig.PKI_DEPLOYMENT_LOG_ROOT
config.pki_master_dict['pki_configuration_path'] =\
config.pki_master_dict['pki_root_prefix'] +\
- config.PKI_DEPLOYMENT_CONFIGURATION_ROOT
+ PKIConfig.PKI_DEPLOYMENT_CONFIGURATION_ROOT
config.pki_master_dict['pki_registry_path'] =\
config.pki_master_dict['pki_root_prefix'] +\
- config.PKI_DEPLOYMENT_REGISTRY_ROOT
+ PKIConfig.PKI_DEPLOYMENT_REGISTRY_ROOT
# Apache/Tomcat instance base name/value pairs
config.pki_master_dict['pki_instance_path'] =\
os.path.join(config.pki_master_dict['pki_path'],
@@ -510,7 +511,7 @@ class PKIConfigParser:
# Apache/Tomcat instance registry name/value pairs
# Apache-specific instance name/value pairs
if config.pki_master_dict['pki_subsystem'] in\
- config.PKI_APACHE_SUBSYSTEMS:
+ PKIConfig.PKI_APACHE_SUBSYSTEMS:
# Apache instance base name/value pairs
config.pki_master_dict['pki_instance_type'] = "Apache"
# Apache instance log name/value pairs
@@ -527,7 +528,7 @@ class PKIConfigParser:
# Apache instance convenience symbolic links
# Tomcat-specific instance name/value pairs
elif config.pki_master_dict['pki_subsystem'] in\
- config.PKI_TOMCAT_SUBSYSTEMS:
+ PKIConfig.PKI_TOMCAT_SUBSYSTEMS:
# Tomcat instance base name/value pairs
config.pki_master_dict['pki_instance_type'] = "Tomcat"
config.pki_master_dict['pki_tomcat_common_path'] =\
@@ -617,87 +618,87 @@ class PKIConfigParser:
os.path.join("/usr/lib/java",
"symkey.jar")
config.pki_master_dict['pki_apache_commons_collections_jar'] =\
- os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
"apache-commons-collections.jar")
config.pki_master_dict['pki_apache_commons_lang_jar'] =\
- os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
"apache-commons-lang.jar")
config.pki_master_dict['pki_apache_commons_logging_jar'] =\
- os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
"apache-commons-logging.jar")
config.pki_master_dict['pki_commons_codec_jar'] =\
- os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
"commons-codec.jar")
config.pki_master_dict['pki_httpclient_jar'] =\
os.path.join(
- config.PKI_DEPLOYMENT_HTTPCOMPONENTS_JAR_SOURCE_ROOT,
+ PKIConfig.PKI_DEPLOYMENT_HTTPCOMPONENTS_JAR_SOURCE_ROOT,
"httpclient.jar")
config.pki_master_dict['pki_httpcore_jar'] =\
os.path.join(
- config.PKI_DEPLOYMENT_HTTPCOMPONENTS_JAR_SOURCE_ROOT,
+ PKIConfig.PKI_DEPLOYMENT_HTTPCOMPONENTS_JAR_SOURCE_ROOT,
"httpcore.jar")
config.pki_master_dict['pki_javassist_jar'] =\
- os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
"javassist.jar")
config.pki_master_dict['pki_resteasy_jaxrs_api_jar'] =\
- os.path.join(config.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT,
"jaxrs-api.jar")
config.pki_master_dict['pki_jettison_jar'] =\
- os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
"jettison.jar")
config.pki_master_dict['pki_ldapjdk_jar'] =\
- os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
"ldapjdk.jar")
config.pki_master_dict['pki_certsrv_jar'] =\
- os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
"pki-certsrv.jar")
config.pki_master_dict['pki_cmsbundle'] =\
- os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
"pki-cmsbundle.jar")
config.pki_master_dict['pki_cmscore'] =\
- os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
"pki-cmscore.jar")
config.pki_master_dict['pki_cms'] =\
- os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
"pki-cms.jar")
config.pki_master_dict['pki_cmsutil'] =\
- os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
"pki-cmsutil.jar")
config.pki_master_dict['pki_nsutil'] =\
- os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
"pki-nsutil.jar")
config.pki_master_dict['pki_tomcat_jar'] =\
- os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
"pki-tomcat.jar")
config.pki_master_dict['pki_resteasy_atom_provider_jar'] =\
- os.path.join(config.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT,
"resteasy-atom-provider.jar")
config.pki_master_dict['pki_resteasy_jaxb_provider_jar'] =\
- os.path.join(config.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT,
"resteasy-jaxb-provider.jar")
config.pki_master_dict['pki_resteasy_jaxrs_jar'] =\
- os.path.join(config.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT,
"resteasy-jaxrs.jar")
config.pki_master_dict['pki_resteasy_jettison_provider_jar'] =\
- os.path.join(config.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT,
"resteasy-jettison-provider.jar")
config.pki_master_dict['pki_scannotation_jar'] =\
- os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
"scannotation.jar")
config.pki_master_dict['pki_tomcatjss_jar'] =\
- os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
"tomcat7jss.jar")
config.pki_master_dict['pki_velocity_jar'] =\
- os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
"velocity.jar")
config.pki_master_dict['pki_xerces_j2_jar'] =\
- os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
"xerces-j2.jar")
config.pki_master_dict['pki_xml_commons_apis_jar'] =\
- os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
"xml-commons-apis.jar")
config.pki_master_dict['pki_xml_commons_resolver_jar'] =\
- os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
"xml-commons-resolver.jar")
# Tomcat instance common lib jar symbolic links
config.pki_master_dict['pki_jss_jar_link'] =\
@@ -829,7 +830,7 @@ class PKIConfigParser:
config.pki_master_dict['pki_subsystem'].lower())
# Instance-based Apache/Tomcat PKI subsystem name/value pairs
if config.pki_master_dict['pki_subsystem'] in\
- config.PKI_APACHE_SUBSYSTEMS:
+ PKIConfig.PKI_APACHE_SUBSYSTEMS:
# Instance-based Apache PKI subsystem base name/value pairs
# Instance-based Apache PKI subsystem log name/value pairs
if config.pki_master_dict['pki_subsystem'] == "TPS":
@@ -840,7 +841,7 @@ class PKIConfigParser:
# Instance-based Apache PKI subsystem registry name/value pairs
# Instance-based Apache PKI subsystem convenience symbolic links
elif config.pki_master_dict['pki_subsystem'] in\
- config.PKI_TOMCAT_SUBSYSTEMS:
+ PKIConfig.PKI_TOMCAT_SUBSYSTEMS:
# Instance-based Tomcat PKI subsystem base name/value pairs
if config.pki_master_dict['pki_subsystem'] == "CA":
config.pki_master_dict['pki_subsystem_emails_path'] =\
@@ -874,7 +875,7 @@ class PKIConfigParser:
"registry")
# PKI Target (war file) name/value pairs
if config.pki_master_dict['pki_subsystem'] in\
- config.PKI_TOMCAT_SUBSYSTEMS:
+ PKIConfig.PKI_TOMCAT_SUBSYSTEMS:
# Tomcat PKI subsystem war file base name/value pairs
config.pki_master_dict['pki_tomcat_webapps_subsystem_path'] =\
os.path.join(config.pki_master_dict['pki_tomcat_webapps_path'],
@@ -918,7 +919,7 @@ class PKIConfigParser:
# Tomcat PKI subsystem war file convenience symbolic links
if config.pki_master_dict['pki_subsystem'] == "CA":
config.pki_master_dict['pki_ca_jar'] =\
- os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
"pki-ca.jar")
config.pki_master_dict['pki_ca_jar_link'] =\
os.path.join(
@@ -927,7 +928,7 @@ class PKIConfigParser:
"pki-ca.jar")
elif config.pki_master_dict['pki_subsystem'] == "KRA":
config.pki_master_dict['pki_kra_jar'] =\
- os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
"pki-kra.jar")
config.pki_master_dict['pki_kra_jar_link'] =\
os.path.join(
@@ -936,7 +937,7 @@ class PKIConfigParser:
"pki-kra.jar")
elif config.pki_master_dict['pki_subsystem'] == "OCSP":
config.pki_master_dict['pki_ocsp_jar'] =\
- os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
"pki-ocsp.jar")
config.pki_master_dict['pki_ocsp_jar_link'] =\
os.path.join(
@@ -945,7 +946,7 @@ class PKIConfigParser:
"pki-ocsp.jar")
elif config.pki_master_dict['pki_subsystem'] == "TKS":
config.pki_master_dict['pki_tks_jar'] =\
- os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
+ os.path.join(PKIConfig.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
"pki-tks.jar")
config.pki_master_dict['pki_tks_jar_link'] =\
os.path.join(
@@ -961,7 +962,7 @@ class PKIConfigParser:
os.path.join(config.pki_master_dict['pki_instance_registry_path'],
config.pki_master_dict['pki_instance_id'])
if config.pki_master_dict['pki_subsystem'] in\
- config.PKI_TOMCAT_SUBSYSTEMS:
+ PKIConfig.PKI_TOMCAT_SUBSYSTEMS:
config.pki_master_dict['pki_target_catalina_properties'] =\
os.path.join(
config.pki_master_dict['pki_instance_configuration_path'],
@@ -1083,7 +1084,7 @@ class PKIConfigParser:
os.path.join(config.pki_master_dict['pki_subsystem_registry_path'],
config.pki_master_dict['pki_instance_id'])
if config.pki_master_dict['pki_subsystem'] in\
- config.PKI_APACHE_SUBSYSTEMS:
+ PKIConfig.PKI_APACHE_SUBSYSTEMS:
config.pki_master_dict['FORTITUDE_APACHE_SLOT'] = None
config.pki_master_dict['FORTITUDE_AUTH_MODULES_SLOT'] = None
config.pki_master_dict['FORTITUDE_DIR_SLOT'] = None
@@ -1114,7 +1115,7 @@ class PKIConfigParser:
config.pki_master_dict['TMP_DIR_SLOT'] = None
config.pki_master_dict['TPS_DIR_SLOT'] = None
elif config.pki_master_dict['pki_subsystem'] in\
- config.PKI_TOMCAT_SUBSYSTEMS:
+ PKIConfig.PKI_TOMCAT_SUBSYSTEMS:
config.pki_master_dict['INSTALL_TIME_SLOT'] =\
config.pki_master_dict['pki_install_time']
config.pki_master_dict['PKI_ADMIN_SECURE_PORT_SLOT'] =\
@@ -1466,24 +1467,24 @@ class PKIConfigParser:
if not len(config.pki_master_dict['pki_subsystem_name']):
if config.pki_master_dict['pki_subsystem'] in\
- config.PKI_TOMCAT_SUBSYSTEMS and \
+ PKIConfig.PKI_TOMCAT_SUBSYSTEMS and \
config.str2bool(config.pki_master_dict['pki_clone']):
config.pki_master_dict['pki_subsystem_name'] =\
- config.PKI_DEPLOYMENT_CLONED_PKI_SUBSYSTEM + " " +\
+ PKIConfig.PKI_DEPLOYMENT_CLONED_PKI_SUBSYSTEM + " " +\
config.pki_subsystem + " " +\
config.pki_master_dict['pki_hostname'] + " " +\
config.pki_master_dict['pki_https_port']
elif config.pki_subsystem == "CA" and \
config.str2bool(config.pki_master_dict['pki_external']):
config.pki_master_dict['pki_subsystem_name'] =\
- config.PKI_DEPLOYMENT_EXTERNAL_CA + " " +\
+ PKIConfig.PKI_DEPLOYMENT_EXTERNAL_CA + " " +\
config.pki_subsystem + " " +\
config.pki_master_dict['pki_hostname'] + " " +\
config.pki_master_dict['pki_https_port']
elif config.pki_subsystem == "CA" and \
config.str2bool(config.pki_master_dict['pki_subordinate']):
config.pki_master_dict['pki_subsystem_name'] =\
- config.PKI_DEPLOYMENT_SUBORDINATE_CA + " " +\
+ PKIConfig.PKI_DEPLOYMENT_SUBORDINATE_CA + " " +\
config.pki_subsystem + " " +\
config.pki_master_dict['pki_hostname'] + " " +\
config.pki_master_dict['pki_https_port']
@@ -1652,7 +1653,7 @@ class PKIConfigParser:
config.pki_master_dict['pki_admin_name'] + "@" +\
config.pki_master_dict['pki_dns_domainname']
if not len(config.pki_master_dict['pki_admin_nickname']):
- if config.pki_subsystem in config.PKI_APACHE_SUBSYSTEMS:
+ if config.pki_subsystem in PKIConfig.PKI_APACHE_SUBSYSTEMS:
if config.pki_master_dict['pki_subsystem'] == "RA":
# PKI RA
config.pki_master_dict['pki_admin_nickname'] =\
@@ -1665,7 +1666,7 @@ class PKIConfigParser:
"TPS Administrator&#39;s" + " " +\
config.pki_master_dict['pki_security_domain_name'] +\
" " + "ID"
- elif config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
+ elif config.pki_subsystem in PKIConfig.PKI_TOMCAT_SUBSYSTEMS:
if not config.str2bool(config.pki_master_dict['pki_clone']):
if config.pki_master_dict['pki_subsystem'] == "CA":
if config.str2bool(
@@ -1709,7 +1710,7 @@ class PKIConfigParser:
config.pki_master_dict['pki_security_domain_name']\
+ " " + "ID"
if not len(config.pki_master_dict['pki_admin_subject_dn']):
- if config.pki_subsystem in config.PKI_APACHE_SUBSYSTEMS:
+ if config.pki_subsystem in PKIConfig.PKI_APACHE_SUBSYSTEMS:
if config.pki_master_dict['pki_subsystem'] == "RA":
# PKI RA
config.pki_master_dict['pki_admin_subject_dn'] =\
@@ -1728,7 +1729,7 @@ class PKIConfigParser:
config.pki_master_dict['pki_admin_email'] +\
"," + "o=" +\
config.pki_master_dict['pki_security_domain_name']
- elif config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
+ elif config.pki_subsystem in PKIConfig.PKI_TOMCAT_SUBSYSTEMS:
if not config.str2bool(config.pki_master_dict['pki_clone']):
if config.pki_master_dict['pki_subsystem'] == "CA":
if config.str2bool(
@@ -1810,7 +1811,7 @@ class PKIConfigParser:
# config.pki_master_dict['pki_ca_signing_subject_dn']
# config.pki_master_dict['pki_ca_signing_token']
#
- if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
+ if config.pki_subsystem in PKIConfig.PKI_TOMCAT_SUBSYSTEMS:
if not config.str2bool(config.pki_master_dict['pki_clone']):
if config.pki_master_dict['pki_subsystem'] == "CA":
# config.pki_master_dict['pki_ca_signing_nickname']
@@ -1879,7 +1880,7 @@ class PKIConfigParser:
# config.pki_master_dict['pki_ocsp_signing_subject_dn']
# config.pki_master_dict['pki_ocsp_signing_token']
#
- if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
+ if config.pki_subsystem in PKIConfig.PKI_TOMCAT_SUBSYSTEMS:
if not config.str2bool(config.pki_master_dict['pki_clone']):
if config.pki_master_dict['pki_subsystem'] == "CA":
if not len(config.pki_master_dict\
@@ -1973,13 +1974,13 @@ class PKIConfigParser:
"Server-Cert" + " " + "cert-" +\
config.pki_master_dict['pki_instance_id']
if not len(config.pki_master_dict['pki_ssl_server_subject_dn']):
- if config.pki_subsystem in config.PKI_APACHE_SUBSYSTEMS:
+ if config.pki_subsystem in PKIConfig.PKI_APACHE_SUBSYSTEMS:
config.pki_master_dict['pki_ssl_server_subject_dn'] =\
"cn=" + config.pki_master_dict['pki_hostname'] +\
"," + "ou=" + config.pki_master_dict['pki_instance_id'] +\
"," + "o=" +\
config.pki_master_dict['pki_security_domain_name']
- elif config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
+ elif config.pki_subsystem in PKIConfig.PKI_TOMCAT_SUBSYSTEMS:
if config.pki_master_dict['pki_subsystem'] == "CA" and\
config.str2bool(config.pki_master_dict['pki_external']):
# External CA
@@ -2022,7 +2023,7 @@ class PKIConfigParser:
# config.pki_master_dict['pki_subsystem_subject_dn']
# config.pki_master_dict['pki_subsystem_token']
#
- if config.pki_subsystem in config.PKI_APACHE_SUBSYSTEMS:
+ if config.pki_subsystem in PKIConfig.PKI_APACHE_SUBSYSTEMS:
if not len(config.pki_master_dict['pki_subsystem_nickname']):
config.pki_master_dict['pki_subsystem_nickname'] =\
"subsystemCert" + " " + "cert-" +\
@@ -2047,7 +2048,7 @@ class PKIConfigParser:
if not len(config.pki_master_dict['pki_subsystem_token']):
config.pki_master_dict['pki_subsystem_token'] =\
"Internal Key Storage Token"
- elif config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
+ elif config.pki_subsystem in PKIConfig.PKI_TOMCAT_SUBSYSTEMS:
if not config.str2bool(config.pki_master_dict['pki_clone']):
if not len(config.pki_master_dict['pki_subsystem_nickname']):
config.pki_master_dict['pki_subsystem_nickname'] =\
@@ -2128,7 +2129,7 @@ class PKIConfigParser:
# config.pki_master_dict['pki_audit_signing_subject_dn']
# config.pki_master_dict['pki_audit_signing_token']
#
- if config.pki_subsystem in config.PKI_APACHE_SUBSYSTEMS:
+ if config.pki_subsystem in PKIConfig.PKI_APACHE_SUBSYSTEMS:
if config.pki_master_dict['pki_subsystem'] != "RA":
if not len(config.pki_master_dict\
['pki_audit_signing_nickname']):
@@ -2148,7 +2149,7 @@ class PKIConfigParser:
if not len(config.pki_master_dict['pki_audit_signing_token']):
config.pki_master_dict['pki_audit_signing_token'] =\
"Internal Key Storage Token"
- elif config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
+ elif config.pki_subsystem in PKIConfig.PKI_TOMCAT_SUBSYSTEMS:
if not config.str2bool(config.pki_master_dict['pki_clone']):
if not len(config.pki_master_dict\
['pki_audit_signing_nickname']):
@@ -2229,7 +2230,7 @@ class PKIConfigParser:
# config.pki_master_dict['pki_transport_subject_dn']
# config.pki_master_dict['pki_transport_token']
#
- if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
+ if config.pki_subsystem in PKIConfig.PKI_TOMCAT_SUBSYSTEMS:
if not config.str2bool(config.pki_master_dict['pki_clone']):
if config.pki_master_dict['pki_subsystem'] == "KRA":
# PKI KRA
@@ -2274,7 +2275,7 @@ class PKIConfigParser:
# config.pki_master_dict['pki_storage_subject_dn']
# config.pki_master_dict['pki_storage_token']
#
- if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
+ if config.pki_subsystem in PKIConfig.PKI_TOMCAT_SUBSYSTEMS:
if not config.str2bool(config.pki_master_dict['pki_clone']):
if config.pki_master_dict['pki_subsystem'] == "KRA":
# PKI KRA
@@ -2297,11 +2298,11 @@ class PKIConfigParser:
# Finalization name/value pairs
config.pki_master_dict['pki_deployment_cfg_replica'] =\
os.path.join(config.pki_master_dict['pki_subsystem_registry_path'],
- config.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE)
+ PKIConfig.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE)
config.pki_master_dict['pki_deployment_cfg_spawn_archive'] =\
config.pki_master_dict['pki_subsystem_archive_log_path'] + "/" +\
"spawn" + "_" +\
- config.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE + "." +\
+ PKIConfig.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE + "." +\
config.pki_master_dict['pki_timestamp']
config.pki_master_dict['pki_manifest'] =\
config.pki_master_dict['pki_subsystem_registry_path'] + "/" +\
@@ -2327,14 +2328,14 @@ class PKIConfigParser:
config.pki_sensitive_dict['pki_one_time_pin'])
# Compose this "systemd" execution management command
if config.pki_master_dict['pki_subsystem'] in\
- config.PKI_APACHE_SUBSYSTEMS:
+ PKIConfig.PKI_APACHE_SUBSYSTEMS:
config.pki_master_dict['pki_registry_initscript_command'] =\
"systemctl" + " " +\
"restart" + " " +\
"pki-apached" + "@" +\
config.pki_master_dict['pki_instance_id'] + "." + "service"
elif config.pki_master_dict['pki_subsystem'] in\
- config.PKI_TOMCAT_SUBSYSTEMS:
+ PKIConfig.PKI_TOMCAT_SUBSYSTEMS:
config.pki_master_dict['pki_registry_initscript_command'] =\
"systemctl" + " " +\
"restart" + " " +\
@@ -2342,11 +2343,11 @@ class PKIConfigParser:
config.pki_master_dict['pki_instance_id'] + "." + "service"
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
except KeyError as err:
config.pki_log.error(log.PKIHELPER_DICTIONARY_MASTER_MISSING_KEY_1,
- err, extra=config.PKI_INDENTATION_LEVEL_2)
+ err, extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
return
@@ -2360,11 +2361,11 @@ class PKIConfigParser:
parser = ConfigParser.ConfigParser()
# Make keys case-sensitive!
parser.optionxform = str
- parser.read(config.PKI_DEPLOYMENT_SLOTS_CONFIGURATION_FILE)
+ parser.read(PKIConfig.PKI_DEPLOYMENT_SLOTS_CONFIGURATION_FILE)
# Slots configuration file name/value pairs
- if config.pki_subsystem in config.PKI_APACHE_SUBSYSTEMS:
+ if config.pki_subsystem in PKIConfig.PKI_APACHE_SUBSYSTEMS:
config.pki_slots_dict = dict(parser._sections['Apache'])
- elif config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
+ elif config.pki_subsystem in PKIConfig.PKI_TOMCAT_SUBSYSTEMS:
config.pki_slots_dict = dict(parser._sections['Tomcat'])
except ConfigParser.ParsingError, err:
rv = err
diff --git a/base/deploy/src/scriptlets/security_databases.py b/base/deploy/src/scriptlets/security_databases.py
index be0eecf56..1a437e2da 100644
--- a/base/deploy/src/scriptlets/security_databases.py
+++ b/base/deploy/src/scriptlets/security_databases.py
@@ -21,6 +21,7 @@
# PKI Deployment Imports
import pkiconfig as config
+from pkiconfig import PKIConfig
from pkiconfig import pki_master_dict as master
from pkiconfig import pki_sensitive_dict as sensitive
import pkihelper as util
@@ -35,10 +36,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
def spawn(self):
if config.str2bool(master['pki_skip_installation']):
config.pki_log.info(log.SKIP_SECURITY_DATABASES_SPAWN_1, __name__,
- extra=config.PKI_INDENTATION_LEVEL_1)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_1)
return self.rv
config.pki_log.info(log.SECURITY_DATABASES_SPAWN_1, __name__,
- extra=config.PKI_INDENTATION_LEVEL_1)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_1)
util.password.create_password_conf(
master['pki_shared_password_conf'],
sensitive['pki_pin'])
@@ -57,11 +58,11 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
master['pki_secmod_database'],
password_file=master['pki_shared_pfile'])
util.file.modify(master['pki_cert_database'], perms=\
- config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS)
+ PKIConfig.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS)
util.file.modify(master['pki_key_database'], perms=\
- config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS)
+ PKIConfig.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS)
util.file.modify(master['pki_secmod_database'], perms=\
- config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS)
+ PKIConfig.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS)
if util.instance.tomcat_instance_subsystems() < 2:
# only create a self signed cert for a new instance
@@ -99,14 +100,14 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
def destroy(self):
config.pki_log.info(log.SECURITY_DATABASES_DESTROY_1, __name__,
- extra=config.PKI_INDENTATION_LEVEL_1)
- if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_1)
+ if master['pki_subsystem'] in PKIConfig.PKI_APACHE_SUBSYSTEMS and\
util.instance.apache_instance_subsystems() == 0:
util.file.delete(master['pki_cert_database'])
util.file.delete(master['pki_key_database'])
util.file.delete(master['pki_secmod_database'])
util.file.delete(master['pki_shared_password_conf'])
- elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\
+ elif master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS and\
util.instance.tomcat_instance_subsystems() == 0:
util.file.delete(master['pki_cert_database'])
util.file.delete(master['pki_key_database'])
diff --git a/base/deploy/src/scriptlets/selinux_setup.py b/base/deploy/src/scriptlets/selinux_setup.py
index 56d03fd1d..be976cd18 100644
--- a/base/deploy/src/scriptlets/selinux_setup.py
+++ b/base/deploy/src/scriptlets/selinux_setup.py
@@ -21,6 +21,7 @@
# PKI Deployment Imports
import pkiconfig as config
+from pkiconfig import PKIConfig
from pkiconfig import pki_master_dict as master
from pkiconfig import pki_selinux_config_ports as ports
import pkihelper as util
@@ -42,59 +43,59 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
def spawn(self):
if config.str2bool(master['pki_skip_installation']):
config.pki_log.info(log.SKIP_SELINUX_SPAWN_1, __name__,
- extra=config.PKI_INDENTATION_LEVEL_1)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_1)
return self.rv
config.pki_log.info(log.SELINUX_SPAWN_1, __name__,
- extra=config.PKI_INDENTATION_LEVEL_1)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_1)
# check first if any transactions are required
if len(ports) == 0 and master['pki_instance_name'] == \
- config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME:
+ PKIConfig.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME:
self.restore_context()
return self.rv
# add SELinux contexts when adding the first subsystem
- if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\
+ if master['pki_subsystem'] in PKIConfig.PKI_APACHE_SUBSYSTEMS and\
util.instance.apache_instance_subsystems() == 1 or\
- master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\
+ master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS and\
util.instance.tomcat_instance_subsystems() == 1:
trans = seobject.semanageRecords("targeted")
trans.start()
if master['pki_instance_name'] != \
- config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME:
+ PKIConfig.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME:
fcon = seobject.fcontextRecords()
config.pki_log.info("adding selinux fcontext \"%s\"",
master['pki_instance_path'] + self.suffix,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
fcon.add(master['pki_instance_path'] + self.suffix,
- config.PKI_INSTANCE_SELINUX_CONTEXT, "", "s0", "")
+ PKIConfig.PKI_INSTANCE_SELINUX_CONTEXT, "", "s0", "")
config.pki_log.info("adding selinux fcontext \"%s\"",
master['pki_instance_log_path'] + self.suffix,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
fcon.add(master['pki_instance_log_path'] + self.suffix,
- config.PKI_LOG_SELINUX_CONTEXT, "", "s0", "")
+ PKIConfig.PKI_LOG_SELINUX_CONTEXT, "", "s0", "")
config.pki_log.info("adding selinux fcontext \"%s\"",
master['pki_instance_configuration_path'] + self.suffix,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
fcon.add(master['pki_instance_configuration_path'] + self.suffix,
- config.PKI_CFG_SELINUX_CONTEXT, "", "s0", "")
+ PKIConfig.PKI_CFG_SELINUX_CONTEXT, "", "s0", "")
config.pki_log.info("adding selinux fcontext \"%s\"",
master['pki_database_path'] + self.suffix,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
fcon.add(master['pki_database_path'] + self.suffix,
- config.PKI_CERTDB_SELINUX_CONTEXT, "", "s0", "")
+ PKIConfig.PKI_CERTDB_SELINUX_CONTEXT, "", "s0", "")
portRecords = seobject.portRecords()
for port in ports:
config.pki_log.info("adding selinux port %s", port,
- extra=config.PKI_INDENTATION_LEVEL_2)
- portRecords.add(port, "tcp", "s0", config.PKI_PORT_SELINUX_CONTEXT)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
+ portRecords.add(port, "tcp", "s0", PKIConfig.PKI_PORT_SELINUX_CONTEXT)
trans.finish()
@@ -103,52 +104,52 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
def destroy(self):
config.pki_log.info(log.SELINUX_DESTROY_1, __name__,
- extra=config.PKI_INDENTATION_LEVEL_1)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_1)
# check first if any transactions are required
if len(ports) == 0 and master['pki_instance_name'] == \
- config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME:
+ PKIConfig.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME:
return self.rv
# remove SELinux contexts when removing the last subsystem
- if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\
+ if master['pki_subsystem'] in PKIConfig.PKI_APACHE_SUBSYSTEMS and\
util.instance.apache_instance_subsystems() == 0 or\
- master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\
+ master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS and\
util.instance.tomcat_instance_subsystems() == 0:
trans = seobject.semanageRecords("targeted")
trans.start()
if master['pki_instance_name'] != \
- config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME:
+ PKIConfig.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME:
fcon = seobject.fcontextRecords()
config.pki_log.info("deleting selinux fcontext \"%s\"",
master['pki_instance_path'] + self.suffix,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
fcon.delete(master['pki_instance_path'] + self.suffix , "")
config.pki_log.info("deleting selinux fcontext \"%s\"",
master['pki_instance_log_path'] + self.suffix,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
fcon.delete(master['pki_instance_log_path'] + self.suffix, "")
config.pki_log.info("deleting selinux fcontext \"%s\"",
master['pki_instance_configuration_path'] + self.suffix,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
fcon.delete(master['pki_instance_configuration_path'] + \
self.suffix, "")
config.pki_log.info("deleting selinux fcontext \"%s\"",
master['pki_database_path'] + self.suffix,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
fcon.delete(master['pki_database_path'] + self.suffix , "")
portRecords = seobject.portRecords()
for port in ports:
config.pki_log.info("deleting selinux port %s", port,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
portRecords.delete(port, "tcp")
trans.finish()
diff --git a/base/deploy/src/scriptlets/slot_substitution.py b/base/deploy/src/scriptlets/slot_substitution.py
index 8e566e266..d80ccf0e8 100644
--- a/base/deploy/src/scriptlets/slot_substitution.py
+++ b/base/deploy/src/scriptlets/slot_substitution.py
@@ -21,6 +21,7 @@
# PKI Deployment Imports
import pkiconfig as config
+from pkiconfig import PKIConfig
from pkiconfig import pki_master_dict as master
from pkiconfig import pki_slots_dict as slots
import pkihelper as util
@@ -35,16 +36,16 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
def spawn(self):
if config.str2bool(master['pki_skip_installation']):
config.pki_log.info(log.SKIP_SLOT_ASSIGNMENT_SPAWN_1, __name__,
- extra=config.PKI_INDENTATION_LEVEL_1)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_1)
return self.rv
config.pki_log.info(log.SLOT_ASSIGNMENT_SPAWN_1, __name__,
- extra=config.PKI_INDENTATION_LEVEL_1)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_1)
util.file.copy_with_slot_substitution(master['pki_source_cs_cfg'],
master['pki_target_cs_cfg'])
util.file.copy_with_slot_substitution(master['pki_source_registry'],
master['pki_target_registry'],
uid=0, gid=0, overwrite_flag=True)
- if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
+ if master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS:
util.file.copy_with_slot_substitution(
master['pki_source_catalina_properties'],
master['pki_target_catalina_properties'],
@@ -94,7 +95,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
def destroy(self):
config.pki_log.info(log.SLOT_ASSIGNMENT_DESTROY_1, __name__,
- extra=config.PKI_INDENTATION_LEVEL_1)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_1)
config.pki_log.info("NOTHING NEEDS TO BE IMPLEMENTED",
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_2)
return self.rv
diff --git a/base/deploy/src/scriptlets/subsystem_layout.py b/base/deploy/src/scriptlets/subsystem_layout.py
index f340ead49..87ccef888 100644
--- a/base/deploy/src/scriptlets/subsystem_layout.py
+++ b/base/deploy/src/scriptlets/subsystem_layout.py
@@ -21,6 +21,7 @@
# PKI Deployment Imports
import pkiconfig as config
+from pkiconfig import PKIConfig
from pkiconfig import pki_master_dict as master
import pkihelper as util
import pkimessages as log
@@ -34,21 +35,21 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
def spawn(self):
if config.str2bool(master['pki_skip_installation']):
config.pki_log.info(log.SKIP_SUBSYSTEM_SPAWN_1, __name__,
- extra=config.PKI_INDENTATION_LEVEL_1)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_1)
return self.rv
config.pki_log.info(log.SUBSYSTEM_SPAWN_1, __name__,
- extra=config.PKI_INDENTATION_LEVEL_1)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_1)
# establish instance-based subsystem logs
util.directory.create(master['pki_subsystem_log_path'])
util.directory.create(master['pki_subsystem_archive_log_path'])
- if master['pki_subsystem'] in config.PKI_SIGNED_AUDIT_SUBSYSTEMS:
+ if master['pki_subsystem'] in PKIConfig.PKI_SIGNED_AUDIT_SUBSYSTEMS:
util.directory.create(master['pki_subsystem_signed_audit_log_path'])
# establish instance-based subsystem configuration
util.directory.create(master['pki_subsystem_configuration_path'])
# util.directory.copy(master['pki_source_conf_path'],
# master['pki_subsystem_configuration_path'])
# establish instance-based Apache/Tomcat specific subsystems
- if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
+ if master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS:
# establish instance-based Tomcat PKI subsystem base
if master['pki_subsystem'] == "CA":
util.directory.copy(master['pki_source_emails'],
@@ -103,14 +104,14 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
def destroy(self):
config.pki_log.info(log.SUBSYSTEM_DESTROY_1, __name__,
- extra=config.PKI_INDENTATION_LEVEL_1)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_1)
# remove instance-based subsystem base
if master['pki_subsystem'] == "CA":
util.directory.delete(master['pki_subsystem_emails_path'])
util.directory.delete(master['pki_subsystem_profiles_path'])
util.directory.delete(master['pki_subsystem_path'])
# remove instance-based subsystem logs
- if master['pki_subsystem'] in config.PKI_SIGNED_AUDIT_SUBSYSTEMS:
+ if master['pki_subsystem'] in PKIConfig.PKI_SIGNED_AUDIT_SUBSYSTEMS:
util.directory.delete(master['pki_subsystem_signed_audit_log_path'])
util.directory.delete(master['pki_subsystem_archive_log_path'])
util.directory.delete(master['pki_subsystem_log_path'])
diff --git a/base/deploy/src/scriptlets/webapp_deployment.py b/base/deploy/src/scriptlets/webapp_deployment.py
index 4597b57bd..6c7672a22 100644
--- a/base/deploy/src/scriptlets/webapp_deployment.py
+++ b/base/deploy/src/scriptlets/webapp_deployment.py
@@ -25,6 +25,7 @@ import os
# PKI Deployment Imports
import pkiconfig as config
+from pkiconfig import PKIConfig
from pkiconfig import pki_master_dict as master
import pkihelper as util
import pkimessages as log
@@ -36,21 +37,21 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
rv = 0
def spawn(self):
- if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
+ if master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS:
if config.str2bool(master['pki_skip_installation']):
config.pki_log.info(log.SKIP_WEBAPP_DEPLOYMENT_SPAWN_1,
__name__,
- extra=config.PKI_INDENTATION_LEVEL_1)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_1)
return self.rv
config.pki_log.info(log.WEBAPP_DEPLOYMENT_SPAWN_1, __name__,
- extra=config.PKI_INDENTATION_LEVEL_1)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_1)
# Copy /usr/share/pki/server/webapps/ROOT
# to <instance>/webapps/ROOT
util.directory.create(master['pki_tomcat_webapps_root_path'])
util.directory.copy(
os.path.join(
- config.PKI_DEPLOYMENT_SOURCE_ROOT,
+ PKIConfig.PKI_DEPLOYMENT_SOURCE_ROOT,
"server",
"webapps",
"ROOT"),
@@ -62,7 +63,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
util.directory.create(master['pki_tomcat_webapps_common_path'])
util.directory.copy(
os.path.join(
- config.PKI_DEPLOYMENT_SOURCE_ROOT,
+ PKIConfig.PKI_DEPLOYMENT_SOURCE_ROOT,
"common-ui"),
master['pki_tomcat_webapps_common_path'],
overwrite_flag=True)
@@ -72,7 +73,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
util.directory.create(master['pki_tomcat_webapps_subsystem_path'])
util.directory.copy(
os.path.join(
- config.PKI_DEPLOYMENT_SOURCE_ROOT,
+ PKIConfig.PKI_DEPLOYMENT_SOURCE_ROOT,
"server",
"webapps",
"pki",
@@ -88,7 +89,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
util.directory.create(master['pki_tomcat_webapps_subsystem_path'])
util.directory.copy(
os.path.join(
- config.PKI_DEPLOYMENT_SOURCE_ROOT,
+ PKIConfig.PKI_DEPLOYMENT_SOURCE_ROOT,
"server",
"webapps",
"pki",
@@ -102,7 +103,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
# to <instance>/webapps/<subsystem>
util.directory.copy(
os.path.join(
- config.PKI_DEPLOYMENT_SOURCE_ROOT,
+ PKIConfig.PKI_DEPLOYMENT_SOURCE_ROOT,
master['pki_subsystem'].lower(),
"webapps",
master['pki_subsystem'].lower()),
@@ -143,8 +144,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
return self.rv
def destroy(self):
- if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
+ if master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS:
config.pki_log.info(log.WEBAPP_DEPLOYMENT_DESTROY_1, __name__,
- extra=config.PKI_INDENTATION_LEVEL_1)
+ extra=PKIConfig.PKI_INDENTATION_LEVEL_1)
util.directory.delete(master['pki_tomcat_webapps_subsystem_path'])
return self.rv
generated by cgit (git 2.34.1) at 2024-04-23 09:55:24 +0000