diff options
| author | Matthew Harmsen <mharmsen@redhat.com> | 2014-09-02 15:51:53 -0700 |
|---|---|---|
| committer | Matthew Harmsen <mharmsen@redhat.com> | 2014-09-02 15:51:53 -0700 |
| commit | c99069dac15a8c82e45e21747e94703c72c2a383 (patch) | |
| tree | 46ea2acd502138ab84d465f4e0e4924745b01081 | |
| parent | e362995b7b63ae3bb4617a59caf9e1a6fefc1492 (diff) | |
| download | pki-c99069dac15a8c82e45e21747e94703c72c2a383.tar.gz pki-c99069dac15a8c82e45e21747e94703c72c2a383.tar.xz pki-c99069dac15a8c82e45e21747e94703c72c2a383.zip | |
Remove Apache info from pkispawn and pkidestroy
- PKI TRAC Ticket #1077 - Consider removing [Apache] section from 'default.cfg'
16 files changed, 22 insertions, 276 deletions
diff --git a/base/server/config/pkislots.cfg b/base/server/config/pkislots.cfg index ce1ac78d5..8f7dc7812 100644 --- a/base/server/config/pkislots.cfg +++ b/base/server/config/pkislots.cfg @@ -1,31 +1,3 @@ -[Apache] -FORTITUDE_APACHE_SLOT=[FORTITUDE_APACHE] -FORTITUDE_AUTH_MODULES_SLOT=[FORTITUDE_AUTH_MODULES] -FORTITUDE_DIR_SLOT=[FORTITUDE_DIR] -FORTITUDE_LIB_DIR_SLOT=[FORTITUDE_LIB_DIR] -FORTITUDE_MODULE_SLOT=[FORTITUDE_MODULE] -FORTITUDE_NSS_MODULES_SLOT=[FORTITUDE_NSS_MODULES] -HTTPD_CONF_SLOT=[HTTPD_CONF] -LIB_PREFIX_SLOT=[LIB_PREFIX] -NON_CLIENTAUTH_SECURE_PORT_SLOT=[NON_CLIENTAUTH_SECURE_PORT] -NSS_CONF_SLOT=[NSS_CONF] -OBJ_EXT_SLOT=[OBJ_EXT] -PKI_INSTANCE_NAME_SLOT=[PKI_INSTANCE_NAME] -PKI_INSTANCE_INITSCRIPT_SLOT=[PKI_INSTANCE_INITSCRIPT] -PKI_LOCKDIR_SLOT=[PKI_LOCKDIR] -PKI_PIDDIR_SLOT=[PKI_PIDDIR] -PKI_REGISTRY_FILE_SLOT=[PKI_REGISTRY_FILE] -PKI_WEB_SERVER_TYPE_SLOT=[PKI_WEB_SERVER_TYPE] -PORT_SLOT=[PORT] -PROCESS_ID_SLOT=[PROCESS_ID] -REQUIRE_CFG_PL_SLOT=[REQUIRE_CFG_PL] -SECURE_PORT_SLOT=[SECURE_PORT] -SECURITY_LIBRARIES_SLOT=[SECURITY_LIBRARIES] -PKI_HOSTNAME_SLOT=[PKI_HOSTNAME] -SERVER_ROOT_SLOT=[SERVER_ROOT] -SYSTEM_LIBRARIES_SLOT=[SYSTEM_LIBRARIES] -SYSTEM_USER_LIBRARIES_SLOT=[SYSTEM_USER_LIBRARIES] -TMP_DIR_SLOT=[TMP_DIR] [Tomcat] application_version=[APPLICATION_VERSION] INSTALL_TIME_SLOT=[INSTALL_TIME] diff --git a/base/server/etc/default.cfg b/base/server/etc/default.cfg index 7ecbf10af..9047e6e7c 100644 --- a/base/server/etc/default.cfg +++ b/base/server/etc/default.cfg @@ -52,7 +52,7 @@ destroy_scriplets= infrastructure_layout finalization -# By default, the following parameters will be set for Tomcat and Apache instances. +# By default, the following parameters will be set for Tomcat instances. # There is no reason to uncomment these. They are provided for reference in # case someone wants to override them in their config file. # @@ -60,11 +60,6 @@ destroy_scriplets= # pki_instance_name=pki-tomcat # pki_https_port=8443 # pki_http_port=8080 -# -# Apache instances: -# pki_instance_name=pki-apache -# pki_https_port=443 -# pki_http_port=80 pki_admin_cert_file=%(pki_client_dir)s/ca_admin.cert pki_admin_cert_request_type=pkcs10 @@ -164,32 +159,6 @@ pki_subsystem_registry_link=%(pki_subsystem_path)s/registry ############################################################################### -## Apache Configuration: ## -## ## -## Values in this section are common to PKI subsystems that run ## -## as an instance of 'Apache' (RA and TPS subsystems), and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[Apache] - -# Paths -# These are used in the processing of pkispawn and are not supposed -# to be overwritten by user configuration files. -# -pki_systemd_service=/lib/systemd/system/pki-apached@.service -pki_systemd_target=/lib/systemd/system/pki-apached.target -pki_systemd_target_wants=/etc/systemd/system/pki-apached.target.wants -pki_systemd_service_link=%(pki_systemd_target_wants)s/pki-apached@%(pki_instance_name)s.service -pki_cgroup_systemd_service_path=/sys/fs/cgroup/systemd/system/%(pki_systemd_service)s -pki_cgroup_systemd_service=%(pki_cgroup_systemd_service_path)s/%(pki_instance_name)s -pki_cgroup_cpu_systemd_service_path=/sys/fs/cgroup/cpu\,cpuacct/system/%(pki_systemd_service)s -pki_cgroup_cpu_systemd_service=%(pki_cgroup_cpu_systemd_service_path)s/%(pki_systemd_service)s -pki_instance_type=Apache -pki_instance_type_registry_path =%(pki_registry_path)s/apache -pki_instance_registry_path=%(pki_instance_type_registry_path)s/%(pki_instance_name)s -pki_subsystem_registry_path=%(pki_instance_registry_path)s/%(pki_subsystem_type)s - -############################################################################### ## Tomcat Configuration: ## ## ## ## Values in this section are common to PKI subsystems that run ## diff --git a/base/server/man/man5/pki_default.cfg.5 b/base/server/man/man5/pki_default.cfg.5 index c4e1f1343..1522cc6f3 100644 --- a/base/server/man/man5/pki_default.cfg.5 +++ b/base/server/man/man5/pki_default.cfg.5 @@ -44,7 +44,7 @@ Name of the instance. The instance is located at /var/lib/pki/<instance_name>. .TP .B pki_https_port, pki_http_port .IP -Secure and unsecure ports. Defaults to standard Tomcat ports 8443 and 8080, respectively, for Java subsystems, and 443 and 80 for Apache subsystems. +Secure and unsecure ports. Defaults to standard Tomcat ports 8443 and 8080, respectively, for Java subsystems. .TP .B pki_ajp_port, pki_tomcat_server_port .IP diff --git a/base/server/man/man8/pkidestroy.8 b/base/server/man/man8/pkidestroy.8 index 407a915aa..ef32b274a 100644 --- a/base/server/man/man8/pkidestroy.8 +++ b/base/server/man/man8/pkidestroy.8 @@ -23,10 +23,6 @@ pkidestroy -s <subsystem> -i <instance> [-u <secutiry domain username>] [-W <sec .SH DESCRIPTION Removes a subsystem from an instance of Certificate Server. This utility removes any of the Java-based Certificate Server subsystems (CA, KRA, OCSP, and TKS). .PP -.TP -\fBNote:\fP -This utility is only used for Java-based subsystems. The Apache-based Certificate Server subsystems (RA and TPS) are removed using \fBpkiremove\fP. -.PP An instance can contain multiple subsystems, although it may contain at most one of each type of subsystem. So, for example, an instance could contain CA and KRA subsystems, but not two CA subsystems. If \fBpkidestroy\fP is invoked on the last subsystem in the instance, then that instance is removed. Typically, as subsystems need to contact the CA to update the security domain, the CA instance should be the last instance to be removed. .SH OPTIONS diff --git a/base/server/man/man8/pkispawn.8 b/base/server/man/man8/pkispawn.8 index d09d7d4c6..13c00ee55 100644 --- a/base/server/man/man8/pkispawn.8 +++ b/base/server/man/man8/pkispawn.8 @@ -26,9 +26,6 @@ Sets up an instance of Certificate Server. This utility creates any of the Java \fBNote:\fP A 389 Directory Server instance must be configured and running before this script can be run. Certificate Server requires an internal directory database. The default configuration assumes a Directory Server instance running on the same machine on port 389. For more information on creating a Directory Server instance, see .B setup-ds.pl(8). -.TP -\fBNote:\fP -This utility creates only Java-based subsystems. The Apache-based Certificate Server subsystems (RA and TPS) are created using \fBpkicreate\fP. .PP An instance can contain multiple subsystems, although it may contain at most one of each type of subsystem on a single machine. So, for example, an instance could contain CA and KRA subsystems, but not two CA subsystems. To create an instance with a CA and a KRA, simply run pkispawn twice, with values .I -s CA diff --git a/base/server/python/pki/server/deployment/pkiconfig.py b/base/server/python/pki/server/deployment/pkiconfig.py index 67edad1ee..003d14387 100644 --- a/base/server/python/pki/server/deployment/pkiconfig.py +++ b/base/server/python/pki/server/deployment/pkiconfig.py @@ -38,14 +38,12 @@ PKI_DEPLOYMENT_DEFAULT_USER = "pkiuser" PKI_SUBSYSTEMS = ["CA", "KRA", "OCSP", "RA", "TKS", "TPS"] PKI_SIGNED_AUDIT_SUBSYSTEMS = ["CA", "KRA", "OCSP", "TKS", "TPS"] -PKI_APACHE_SUBSYSTEMS = ["RA"] PKI_TOMCAT_SUBSYSTEMS = ["CA", "KRA", "OCSP", "TKS", "TPS"] PKI_BASE_RESERVED_NAMES = ["alias", "bin", "ca", "common", "conf", "kra", "lib", "logs", "ocsp", "temp", "tks", "tps", "webapps", "work"] PKI_CONFIGURATION_RESERVED_NAMES = ["CA", "java", "nssdb", "rpm-gpg", "rsyslog", "tls"] -PKI_APACHE_REGISTRY_RESERVED_NAMES = ["ra"] PKI_TOMCAT_REGISTRY_RESERVED_NAMES = ["ca", "kra", "ocsp", "tks", "tps"] PKI_INDENTATION_LEVEL_0 = {'indent': ''} @@ -71,7 +69,6 @@ PKI_DEPLOYMENT_LOG_ROOT = "/var/log/pki" # the default 'instance' name may be overridden by the value specified # in the configuration file (the value in the default configuration file # should always match the 'default' instance name specified below). -PKI_DEPLOYMENT_DEFAULT_APACHE_INSTANCE_NAME = "pki-apache" PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME = "pki-tomcat" DEFAULT_DEPLOYMENT_CONFIGURATION = "default.cfg" diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index afb7eea29..a35b8f347 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -425,20 +425,7 @@ class Namespace: log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % ( self.mdict['pki_instance_name'], self.mdict['pki_instance_configuration_path'])) - if self.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: - # Top-Level Apache PKI registry path reserved name collision - if self.mdict['pki_instance_name'] in\ - config.PKI_APACHE_REGISTRY_RESERVED_NAMES: - config.pki_log.error( - log.PKIHELPER_NAMESPACE_RESERVED_NAME_2, - self.mdict['pki_instance_name'], - self.mdict['pki_instance_registry_path'], - extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception( - log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % ( - self.mdict['pki_instance_name'], - self.mdict['pki_instance_registry_path'])) - elif self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + if self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: # Top-Level Tomcat PKI registry path reserved name collision if self.mdict['pki_instance_name'] in\ config.PKI_TOMCAT_REGISTRY_RESERVED_NAMES: @@ -869,53 +856,6 @@ class Instance: def __init__(self, deployer): self.mdict = deployer.mdict - def apache_instance_subsystems(self): - rv = 0 - try: - # count number of PKI subsystems present - # within the specified Apache instance - for subsystem in config.PKI_APACHE_SUBSYSTEMS: - path = self.mdict['pki_instance_path'] + "/" + subsystem.lower() - if os.path.exists(path) and os.path.isdir(path): - rv += 1 - config.pki_log.debug(log.PKIHELPER_APACHE_INSTANCE_SUBSYSTEMS_2, - self.mdict['pki_instance_path'], - rv, extra=config.PKI_INDENTATION_LEVEL_2) - except OSError as exc: - config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) - raise - return rv - - def apache_instances(self): - rv = 0 - try: - # Since ALL directories under the top-level PKI 'apache' registry - # directory SHOULD represent PKI Apache instances, and there - # shouldn't be any stray files or symbolic links at this level, - # simply count the number of PKI 'apache' instances (directories) - # present within the PKI 'apache' registry directory - for instance in\ - os.listdir(self.mdict['pki_instance_type_registry_path']): - if os.path.isdir( - os.path.join( - self.mdict['pki_instance_type_registry_path'], - instance)) and not\ - os.path.islink( - os.path.join( - self.mdict['pki_instance_type_registry_path'], - instance)): - rv += 1 - config.pki_log.debug(log.PKIHELPER_APACHE_INSTANCES_2, - self.mdict['pki_instance_type_registry_path'], - rv, - extra=config.PKI_INDENTATION_LEVEL_2) - except OSError as exc: - config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) - raise - return rv - def pki_instance_subsystems(self): rv = 0 try: @@ -2048,10 +1988,6 @@ class Password: with open(path, "w") as fd: if pin_sans_token: fd.write(str(pin)) - elif self.mdict['pki_subsystem'] in \ - config.PKI_APACHE_SUBSYSTEMS: - fd.write(self.mdict['pki_self_signed_token'] + - ":" + str(pin)) else: fd.write(self.mdict['pki_self_signed_token'] + "=" + str(pin)) @@ -2062,10 +1998,6 @@ class Password: with open(path, "w") as fd: if pin_sans_token: fd.write(str(pin)) - elif self.mdict['pki_subsystem'] in\ - config.PKI_APACHE_SUBSYSTEMS: - fd.write(self.mdict['pki_self_signed_token'] + - ":" + str(pin)) else: fd.write(self.mdict['pki_self_signed_token'] + "=" + str(pin)) @@ -3316,11 +3248,7 @@ class Systemd(object): if reload_daemon: self.daemon_reload(critical_failure) # Compose this "systemd" execution management command - if self.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: - service = "pki-apached" + "@" +\ - self.mdict['pki_instance_name'] + "." +\ - "service" - elif self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + if self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: service = "pki-tomcatd" + "@" +\ self.mdict['pki_instance_name'] + "." +\ "service" @@ -3371,11 +3299,7 @@ class Systemd(object): try: service = None # Compose this "systemd" execution management command - if self.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: - service = "pki-apached" + "@" +\ - self.mdict['pki_instance_name'] + "." +\ - "service" - elif self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + if self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: service = "pki-tomcatd" + "@" +\ self.mdict['pki_instance_name'] + "." +\ "service" @@ -3430,11 +3354,7 @@ class Systemd(object): # Execute the "systemd daemon-reload" management lifecycle command if reload_daemon: self.daemon_reload(critical_failure) - if self.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: - service = "pki-apached" + "@" +\ - self.mdict['pki_instance_name'] + "." +\ - "service" - elif self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + if self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: service = "pki-tomcatd" + "@" +\ self.mdict['pki_instance_name'] + "." +\ "service" diff --git a/base/server/python/pki/server/deployment/pkimessages.py b/base/server/python/pki/server/deployment/pkimessages.py index 1c21e8689..2b12851cf 100644 --- a/base/server/python/pki/server/deployment/pkimessages.py +++ b/base/server/python/pki/server/deployment/pkimessages.py @@ -137,11 +137,10 @@ PKISPAWN_END_MESSAGE_2 = \ PKISPAWN_EPILOG = """ REMINDER: - If two or more Apache or Tomcat PKI 'instances' are specified via + If two or more Tomcat PKI 'instances' are specified via separate configuration files, remember that the following parameters MUST differ between PKI 'instances': - Apache: 'pki_instance_name', 'pki_http_port', and 'pki_https_port' Tomcat: 'pki_instance_name', 'pki_http_port', 'pki_https_port', 'pki_ajp_port', and 'pki_tomcat_server_port' @@ -151,10 +150,6 @@ REMINDER: # PKI Deployment "Helper" Messages -PKIHELPER_APACHE_INSTANCE_SUBSYSTEMS_2 = \ - "instance '%s' contains '%d' Apache PKI subsystems" -PKIHELPER_APACHE_INSTANCES_2 = \ - "PKI Apache registry '%s' contains '%d' Apache PKI instances" PKIHELPER_APPLY_SLOT_SUBSTITUTION_1 = \ "applying in-place slot substitutions on '%s'" PKIHELPER_CERTUTIL_GENERATE_CSR_1 = "executing '%s'" diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py index 1f6cbe0b4..049ebf518 100644 --- a/base/server/python/pki/server/deployment/pkiparser.py +++ b/base/server/python/pki/server/deployment/pkiparser.py @@ -182,10 +182,6 @@ class PKIConfigParser: default_instance_name = 'pki-tomcat' default_http_port = '8080' default_https_port = '8443' - else: - default_instance_name = 'pki-apache' - default_http_port = '80' - default_https_port = '443' application_version = str(pki.upgrade.Version( pki.implementation_version())) @@ -386,9 +382,6 @@ class PKIConfigParser: if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: if self.pki_config.has_section('Tomcat'): web_server_dict = dict(self.pki_config.items('Tomcat')) - else: - if self.pki_config.has_section('Apache'): - web_server_dict = dict(self.pki_config.items('Apache')) if web_server_dict: web_server_dict[0] = None @@ -750,37 +743,7 @@ class PKIConfigParser: self.mdict['PKI_REGISTRY_FILE_SLOT'] = \ os.path.join(self.mdict['pki_subsystem_registry_path'], self.mdict['pki_instance_name']) - if self.mdict['pki_subsystem'] in\ - config.PKI_APACHE_SUBSYSTEMS: - self.mdict['FORTITUDE_APACHE_SLOT'] = None - self.mdict['FORTITUDE_AUTH_MODULES_SLOT'] = None - self.mdict['FORTITUDE_DIR_SLOT'] = None - self.mdict['FORTITUDE_LIB_DIR_SLOT'] = None - self.mdict['FORTITUDE_MODULE_SLOT'] = None - self.mdict['FORTITUDE_NSS_MODULES_SLOT'] = None - self.mdict['HTTPD_CONF_SLOT'] = None - self.mdict['LIB_PREFIX_SLOT'] = None - self.mdict['NON_CLIENTAUTH_SECURE_PORT_SLOT'] = None - self.mdict['NSS_CONF_SLOT'] = None - self.mdict['OBJ_EXT_SLOT'] = None - self.mdict['PKI_LOCKDIR_SLOT'] = \ - os.path.join("/var/lock/pki", - "apache") - self.mdict['PKI_PIDDIR_SLOT'] = \ - os.path.join("/var/run/pki", - "apache") - self.mdict['PKI_WEB_SERVER_TYPE_SLOT'] = "apache" - self.mdict['PORT_SLOT'] = None - self.mdict['PROCESS_ID_SLOT'] = None - self.mdict['REQUIRE_CFG_PL_SLOT'] = None - self.mdict['SECURE_PORT_SLOT'] = None - self.mdict['SECURITY_LIBRARIES_SLOT'] = None - self.mdict['PKI_HOSTNAME_SLOT'] = None - self.mdict['SERVER_ROOT_SLOT'] = None - self.mdict['SYSTEM_LIBRARIES_SLOT'] = None - self.mdict['SYSTEM_USER_LIBRARIES_SLOT'] = None - self.mdict['TMP_DIR_SLOT'] = None - elif self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + if self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: self.mdict['INSTALL_TIME_SLOT'] = \ self.mdict['pki_install_time'] self.mdict['PKI_ADMIN_SECURE_PORT_SLOT'] = \ @@ -1006,7 +969,7 @@ class PKIConfigParser: if self.mdict['pki_subsystem'] == "CA": self.mdict['PKI_ENABLE_RANDOM_SERIAL_NUMBERS'] = \ self.mdict['pki_random_serial_numbers_enable'].lower() - # Shared Apache/Tomcat NSS security database name/value pairs + # Tomcat NSS security database name/value pairs self.mdict['pki_shared_pfile'] = \ os.path.join( self.mdict['pki_instance_configuration_path'], @@ -1041,7 +1004,7 @@ class PKIConfigParser: self.mdict['pki_subsystem_configuration_path'], "noise") self.mdict['pki_self_signed_noise_bytes'] = 1024 - # Shared Apache/Tomcat NSS security database convenience + # Tomcat NSS security database convenience # symbolic links self.mdict['pki_subsystem_configuration_password_conf_link'] = \ os.path.join( @@ -1058,7 +1021,6 @@ class PKIConfigParser: # 'Subsystem Name' Configuration name/value pairs # 'Token' Configuration name/value pairs # - # Apache - [RA] # Tomcat - [CA], [KRA], [OCSP], [TKS], [TPS] # - [CA Clone], [KRA Clone], [OCSP Clone], [TKS Clone], # [TPS Clone] @@ -1148,7 +1110,6 @@ class PKIConfigParser: # 'Backup' Configuration name/value pairs # - # Apache - [RA] # Tomcat - [CA], [KRA], [OCSP], [TKS], [TPS] # - [External CA] # - [Subordinate CA] @@ -1210,14 +1171,7 @@ class PKIConfigParser: "spawn" + "_" + "manifest" + "." + \ self.mdict['pki_timestamp'] # Compose this "systemd" execution management command - if self.mdict['pki_subsystem'] in\ - config.PKI_APACHE_SUBSYSTEMS: - self.mdict['pki_registry_initscript_command'] = \ - "systemctl" + " " + \ - "restart" + " " + \ - "pki-apached" + "@" + \ - self.mdict['pki_instance_name'] + "." + "service" - elif self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + if self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: self.mdict['pki_registry_initscript_command'] = \ "systemctl" + " " + \ "restart" + " " + \ @@ -1249,9 +1203,7 @@ class PKIConfigParser: parser.optionxform = str parser.read(config.PKI_DEPLOYMENT_SLOTS_CONFIGURATION_FILE) # Slots configuration file name/value pairs - if config.pki_subsystem in config.PKI_APACHE_SUBSYSTEMS: - self.slots_dict = dict(parser.items('Apache')) - elif config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: + if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: self.slots_dict = dict(parser.items('Tomcat')) except ConfigParser.ParsingError, err: rv = err diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py index 78ec9ba80..464473625 100644 --- a/base/server/python/pki/server/deployment/scriptlets/configuration.py +++ b/base/server/python/pki/server/deployment/scriptlets/configuration.py @@ -80,15 +80,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): deployer.mdict['pki_client_secmod_database'], password_file=deployer.mdict['pki_client_password_conf']) - # Start/Restart this Apache/Tomcat PKI Process - if deployer.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: - apache_instance_subsystems = \ - deployer.instance.apache_instance_subsystems() - if apache_instance_subsystems == 1: - deployer.systemd.start() - elif apache_instance_subsystems > 1: - deployer.systemd.restart() - elif deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + # Start/Restart this Tomcat PKI Process + if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: # Optionally prepare to enable a java debugger # (e. g. - 'eclipse'): if config.str2bool(deployer.mdict['pki_enable_java_debugger']): @@ -115,14 +108,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # Construct PKI Subsystem Configuration Data data = None - if deployer.mdict['pki_instance_type'] == "Apache": - if deployer.mdict['pki_subsystem'] == "RA": - config.pki_log.info( - log.PKI_CONFIG_NOT_YET_IMPLEMENTED_1, - deployer.mdict['pki_subsystem'], - extra=config.PKI_INDENTATION_LEVEL_2) - return self.rv - elif deployer.mdict['pki_instance_type'] == "Tomcat": + if deployer.mdict['pki_instance_type'] == "Tomcat": # CA, KRA, OCSP, TKS, or TPS data = deployer.config_client.construct_pki_configuration_data() @@ -136,12 +122,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): config.pki_log.info(log.CONFIGURATION_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - if deployer.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ - deployer.instance.apache_instance_subsystems() == 1: - if deployer.directory.exists(deployer.mdict['pki_client_dir']): - deployer.directory.delete(deployer.mdict['pki_client_dir']) - deployer.symlink.delete(deployer.mdict['pki_systemd_service_link']) - elif deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS \ + if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS \ and len(deployer.instance.tomcat_instance_subsystems()) == 1: if deployer.directory.exists(deployer.mdict['pki_client_dir']): deployer.directory.delete(deployer.mdict['pki_client_dir']) diff --git a/base/server/python/pki/server/deployment/scriptlets/finalization.py b/base/server/python/pki/server/deployment/scriptlets/finalization.py index c545642da..7d38a5228 100644 --- a/base/server/python/pki/server/deployment/scriptlets/finalization.py +++ b/base/server/python/pki/server/deployment/scriptlets/finalization.py @@ -84,11 +84,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): config.pki_log.info(log.FINALIZATION_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) deployer.file.modify(deployer.mdict['pki_destroy_log'], silent=True) - # Start this Apache/Tomcat PKI Process - if deployer.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ - deployer.instance.apache_instance_subsystems() >= 1: - deployer.systemd.start() - elif deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS \ + # Start this Tomcat PKI Process + if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS \ and len(deployer.instance.tomcat_instance_subsystems()) >= 1: deployer.systemd.start() config.pki_log.info(log.PKIDESTROY_END_MESSAGE_2, diff --git a/base/server/python/pki/server/deployment/scriptlets/initialization.py b/base/server/python/pki/server/deployment/scriptlets/initialization.py index a555a8938..632e21d8e 100644 --- a/base/server/python/pki/server/deployment/scriptlets/initialization.py +++ b/base/server/python/pki/server/deployment/scriptlets/initialization.py @@ -113,6 +113,6 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # tightly-coupled shared instance. # deployer.security_domain.deregister(token) - # ALWAYS Stop this Apache/Tomcat PKI Process + # ALWAYS Stop this Tomcat PKI Process deployer.systemd.stop() return self.rv diff --git a/base/server/python/pki/server/deployment/scriptlets/instance_layout.py b/base/server/python/pki/server/deployment/scriptlets/instance_layout.py index b5ec19e3a..9cdecb4f2 100644 --- a/base/server/python/pki/server/deployment/scriptlets/instance_layout.py +++ b/base/server/python/pki/server/deployment/scriptlets/instance_layout.py @@ -288,25 +288,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): if deployer.mdict['pki_subsystem'] == 'TKS': deployer.symlink.delete(deployer.mdict['pki_symkey_jar_link']) - if deployer.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ - deployer.instance.apache_instance_subsystems() == 0: - # remove Apache instance base - deployer.directory.delete(deployer.mdict['pki_instance_path']) - # remove Apache instance logs - # remove shared NSS security database path for this instance - deployer.directory.delete(deployer.mdict['pki_database_path']) - # remove Apache instance configuration - deployer.directory.delete( - deployer.mdict['pki_instance_configuration_path']) - # remove Apache instance registry - deployer.directory.delete( - deployer.mdict['pki_instance_registry_path']) - # remove Apache PKI registry (if empty) - if deployer.instance.apache_instances() == 0: - deployer.directory.delete( - deployer.mdict['pki_instance_type_registry_path']) - - elif deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS \ + if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS \ and len(deployer.instance.tomcat_instance_subsystems()) == 0: # remove Tomcat instance base deployer.directory.delete(deployer.mdict['pki_instance_path']) diff --git a/base/server/python/pki/server/deployment/scriptlets/security_databases.py b/base/server/python/pki/server/deployment/scriptlets/security_databases.py index dc175cd6c..8adb3c4e3 100644 --- a/base/server/python/pki/server/deployment/scriptlets/security_databases.py +++ b/base/server/python/pki/server/deployment/scriptlets/security_databases.py @@ -103,13 +103,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): config.pki_log.info(log.SECURITY_DATABASES_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - if deployer.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS \ - and deployer.instance.apache_instance_subsystems() == 0: - deployer.file.delete(deployer.mdict['pki_cert_database']) - deployer.file.delete(deployer.mdict['pki_key_database']) - deployer.file.delete(deployer.mdict['pki_secmod_database']) - deployer.file.delete(deployer.mdict['pki_shared_password_conf']) - elif deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS \ + if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS \ and len(deployer.instance.tomcat_instance_subsystems()) == 0: deployer.file.delete(deployer.mdict['pki_cert_database']) deployer.file.delete(deployer.mdict['pki_key_database']) diff --git a/base/server/python/pki/server/deployment/scriptlets/selinux_setup.py b/base/server/python/pki/server/deployment/scriptlets/selinux_setup.py index daf41423f..dce5648a0 100644 --- a/base/server/python/pki/server/deployment/scriptlets/selinux_setup.py +++ b/base/server/python/pki/server/deployment/scriptlets/selinux_setup.py @@ -69,9 +69,6 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # add SELinux contexts when adding the first subsystem if deployer.mdict['pki_subsystem'] in \ - config.PKI_APACHE_SUBSYSTEMS and \ - deployer.instance.apache_instance_subsystems() == 1 \ - or deployer.mdict['pki_subsystem'] in \ config.PKI_TOMCAT_SUBSYSTEMS and \ len(deployer.instance.tomcat_instance_subsystems()) == 1: @@ -167,9 +164,6 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): try: # remove SELinux contexts when removing the last subsystem if (deployer.mdict['pki_subsystem'] in - config.PKI_APACHE_SUBSYSTEMS and - deployer.instance.apache_instance_subsystems() == 0 or - deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and len(deployer.instance.tomcat_instance_subsystems()) == 0): diff --git a/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py b/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py index 432fba9ca..324accad0 100644 --- a/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py +++ b/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py @@ -51,7 +51,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # deployer.directory.copy( # deployer.mdict['pki_source_conf_path'], # deployer.mdict['pki_subsystem_configuration_path']) - # establish instance-based Apache/Tomcat specific subsystems + # establish instance-based Tomcat specific subsystems if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: # establish instance-based Tomcat PKI subsystem base if deployer.mdict['pki_subsystem'] == "CA": |