diff options
| author | Ade Lee <alee@redhat.com> | 2016-02-23 14:06:23 -0500 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2016-02-26 11:25:22 -0500 |
| commit | a35bd50af7ad1cfce41b9d7940ba8c0974d52115 (patch) | |
| tree | 1cc77460b337ab67d682d2960f77fd11097772a4 | |
| parent | b48889a2ef41fd45ca69c3926c36ef075777447c (diff) | |
| download | pki-a35bd50af7ad1cfce41b9d7940ba8c0974d52115.tar.gz pki-a35bd50af7ad1cfce41b9d7940ba8c0974d52115.tar.xz pki-a35bd50af7ad1cfce41b9d7940ba8c0974d52115.zip | |
Add precheck option for pkispawn.
--precheck can be used to run specific tests prior to ensure
that the installation parameters are sane, without actually
doing the installation.
There are also optional parameters to disable specific tests.
Trac Ticket #2042
| -rw-r--r-- | base/server/etc/default.cfg | 2 | ||||
| -rwxr-xr-x | base/server/sbin/pkispawn | 177 |
2 files changed, 103 insertions, 76 deletions
diff --git a/base/server/etc/default.cfg b/base/server/etc/default.cfg index 1c1ae92b3..aefe0f45c 100644 --- a/base/server/etc/default.cfg +++ b/base/server/etc/default.cfg @@ -112,7 +112,9 @@ pki_security_domain_user=caadmin pki_san_inject=False pki_san_for_server_cert= pki_skip_configuration=False +pki_skip_ds_verify=False pki_skip_installation=False +pki_skip_sd_verify=False pki_ssl_server_key_algorithm=SHA256withRSA pki_ssl_server_key_size=2048 pki_ssl_server_key_type=rsa diff --git a/base/server/sbin/pkispawn b/base/server/sbin/pkispawn index 5892a671f..e7b22ef1e 100755 --- a/base/server/sbin/pkispawn +++ b/base/server/sbin/pkispawn @@ -110,6 +110,11 @@ def main(argv): help='configuration filename ' '(MUST specify complete path)') + parser.optional.add_argument( + '--precheck', + dest='precheck', action='store_true', + help='Execute pre-checks and exit') + args = parser.process_command_line_arguments() config.default_deployment_cfg = \ @@ -149,6 +154,9 @@ def main(argv): parser.init_config() if config.user_deployment_cfg is None: + if args.precheck: + sys.exit( + 'precheck mode is only valid for non-interactive installs') interactive = True parser.indent = 2 @@ -488,6 +496,62 @@ def main(argv): config.pki_subsystem.lower()) sys.exit(1) + start_logging() + create_master_dictionary(parser) + + if not interactive and \ + not config.str2bool(parser.mdict['pki_skip_configuration']): + check_ds(parser) + check_security_domain(parser) + + if args.precheck: + print('pre-checks completed successfully.') + sys.exit(0) + + print("Installing " + config.pki_subsystem + " into " + + parser.mdict['pki_instance_path'] + ".") + + # Process the various "scriptlets" to create the specified PKI subsystem. + pki_subsystem_scriptlets = parser.mdict['spawn_scriplets'].split() + deployer = util.PKIDeployer(parser.mdict, parser.slots_dict) + rv = 0 + for pki_scriptlet in pki_subsystem_scriptlets: + scriptlet = __import__("pki.server.deployment.scriptlets." + + pki_scriptlet, + fromlist=[pki_scriptlet]) + instance = scriptlet.PkiScriptlet() + try: + rv = instance.spawn(deployer) + # pylint: disable=W0703 + except Exception: + log_error_details() + print() + print("Installation failed.") + print() + sys.exit(1) + if rv != 0: + print("Nothing here!!!") + print("Installation failed.") + sys.exit(1) + config.pki_log.debug(log.PKI_DICTIONARY_MASTER, + extra=config.PKI_INDENTATION_LEVEL_0) + config.pki_log.debug(pkilogging.log_format(parser.mdict), + extra=config.PKI_INDENTATION_LEVEL_0) + + external = deployer.configuration_file.external + step_one = deployer.configuration_file.external_step_one + + if external and step_one: + external_csr_path = deployer.mdict['pki_external_csr_path'] + if external_csr_path: + print_external_ca_step_one_information(parser.mdict) + else: + print_existing_ca_step_one_information(parser.mdict) + else: + print_install_information(parser.mdict) + + +def start_logging(): # Enable 'pkispawn' logging. config.pki_log_dir = config.pki_root_prefix + \ config.PKI_DEPLOYMENT_LOG_ROOT @@ -496,7 +560,6 @@ def main(argv): "-" + "spawn" + "." + \ config.pki_timestamp + "." + "log" print('Log file: %s/%s' % (config.pki_log_dir, config.pki_log_name)) - rv = pkilogging.enable_pki_logger(config.pki_log_dir, config.pki_log_name, config.pki_log_level, @@ -508,6 +571,8 @@ def main(argv): print(log.PKI_UNABLE_TO_CREATE_LOG_DIRECTORY_1 % config.pki_log_dir) sys.exit(1) + +def create_master_dictionary(parser): # Read the specified PKI configuration file. rv = parser.read_pki_configuration_file() if rv != 0: @@ -521,10 +586,8 @@ def main(argv): extra=config.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(pkilogging.log_format(parser.slots_dict), extra=config.PKI_INDENTATION_LEVEL_0) - # Combine the various sectional dictionaries into a PKI master dictionary parser.compose_pki_master_dictionary() - parser.mdict['pki_spawn_log'] = \ config.pki_log_dir + "/" + config.pki_log_name config.pki_log.debug(log.PKI_DICTIONARY_MASTER, @@ -532,43 +595,21 @@ def main(argv): config.pki_log.debug(pkilogging.log_format(parser.mdict), extra=config.PKI_INDENTATION_LEVEL_0) - if not interactive and \ - not config.str2bool(parser.mdict['pki_skip_configuration']): + +def check_security_domain(parser): + if parser.mdict['pki_security_domain_type'] != "new": try: - # Verify existence of Directory Server Password - if 'pki_ds_password' not in parser.mdict or\ - not len(parser.mdict['pki_ds_password']): + # Verify existence of Security Domain Password + if 'pki_security_domain_password' not in parser.mdict or \ + not len(parser.mdict['pki_security_domain_password']): config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, - "pki_ds_password", + "pki_security_domain_password", parser.mdict['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_0) sys.exit(1) - parser.ds_verify_configuration() - - if parser.ds_base_dn_exists() and\ - not config.str2bool(parser.mdict['pki_ds_remove_data']): - print('ERROR: Base DN already exists.') - sys.exit(1) - - except ldap.LDAPError as e: - print('ERROR: Unable to access directory server: ' + - e.args[0]['desc']) - sys.exit(1) - - if parser.mdict['pki_security_domain_type'] != "new": - try: - # Verify existence of Security Domain Password - if 'pki_security_domain_password' not in parser.mdict or\ - not len(parser.mdict['pki_security_domain_password']): - config.pki_log.error( - log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, - "pki_security_domain_password", - parser.mdict['pki_user_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_0) - sys.exit(1) - + if not config.str2bool(parser.mdict['pki_skip_sd_verify']): parser.sd_connect() info = parser.sd_get_info() parser.set_property(config.pki_subsystem, @@ -576,55 +617,39 @@ def main(argv): info.name) parser.sd_authenticate() - except requests.exceptions.ConnectionError as e: - print(('ERROR: Unable to access security domain: ' + str(e))) - sys.exit(1) + except requests.exceptions.ConnectionError as e: + print(('ERROR: Unable to access security domain: ' + str(e))) + sys.exit(1) - except requests.exceptions.HTTPError as e: - print(('ERROR: Unable to access security domain: ' + str(e))) - sys.exit(1) + except requests.exceptions.HTTPError as e: + print(('ERROR: Unable to access security domain: ' + str(e))) + sys.exit(1) - print("Installing " + config.pki_subsystem + " into " + - parser.mdict['pki_instance_path'] + ".") - # Process the various "scriptlets" to create the specified PKI subsystem. - pki_subsystem_scriptlets = parser.mdict['spawn_scriplets'].split() - deployer = util.PKIDeployer(parser.mdict, parser.slots_dict) - rv = 0 - for pki_scriptlet in pki_subsystem_scriptlets: - scriptlet = __import__("pki.server.deployment.scriptlets." + - pki_scriptlet, - fromlist=[pki_scriptlet]) - instance = scriptlet.PkiScriptlet() - try: - rv = instance.spawn(deployer) - # pylint: disable=W0703 - except Exception: - log_error_details() - print() - print("Installation failed.") - print() - sys.exit(1) - if rv != 0: - print("Nothing here!!!") - print("Installation failed.") +def check_ds(parser): + try: + # Verify existence of Directory Server Password + if 'pki_ds_password' not in parser.mdict or \ + not len(parser.mdict['pki_ds_password']): + config.pki_log.error( + log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, + "pki_ds_password", + parser.mdict['pki_user_deployment_cfg'], + extra=config.PKI_INDENTATION_LEVEL_0) sys.exit(1) - config.pki_log.debug(log.PKI_DICTIONARY_MASTER, - extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pkilogging.log_format(parser.mdict), - extra=config.PKI_INDENTATION_LEVEL_0) - external = deployer.configuration_file.external - step_one = deployer.configuration_file.external_step_one + if not config.str2bool(parser.mdict['pki_skip_ds_verify']): + parser.ds_verify_configuration() - if external and step_one: - external_csr_path = deployer.mdict['pki_external_csr_path'] - if external_csr_path: - print_external_ca_step_one_information(parser.mdict) - else: - print_existing_ca_step_one_information(parser.mdict) - else: - print_install_information(parser.mdict) + if parser.ds_base_dn_exists() and not \ + config.str2bool(parser.mdict['pki_ds_remove_data']): + print('ERROR: Base DN already exists.') + sys.exit(1) + + except ldap.LDAPError as e: + print('ERROR: Unable to access directory server: ' + + e.args[0]['desc']) + sys.exit(1) def set_port(parser, tag, prompt, existing_data): |