diff options
| author | Ade Lee <alee@redhat.com> | 2014-06-06 21:46:04 +0800 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2014-06-10 20:54:26 +0700 |
| commit | cfb1486b7693b208c99f1853763404b2b5f68322 (patch) | |
| tree | c18a9656029b43f93d5fb51fcf6d65b0b3d843d3 | |
| parent | d2980374a6c241b507f21a6acb4ec04a19241025 (diff) | |
| download | pki-cfb1486b7693b208c99f1853763404b2b5f68322.tar.gz pki-cfb1486b7693b208c99f1853763404b2b5f68322.tar.xz pki-cfb1486b7693b208c99f1853763404b2b5f68322.zip | |
Modify master_dict to mdict to improve readability
Most of the install python scripts do not meet PEP8 including
being less than 80 chars. Changing master_dict to mdict helps
fix this and improves or at least does not degrade readability.
14 files changed, 1245 insertions, 1240 deletions
diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index 3c0032ff5..e33d43f52 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -130,7 +130,7 @@ class Identity: """PKI Deployment Identity Class""" def __init__(self, deployer): - self.master_dict = deployer.master_dict + self.mdict = deployer.mdict def __add_gid(self, pki_group): pki_gid = None @@ -254,7 +254,7 @@ class Identity: def get_uid(self, critical_failure=True): try: - pki_uid = self.master_dict['pki_uid'] + pki_uid = self.mdict['pki_uid'] except KeyError as exc: config.pki_log.error(log.PKI_KEYERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) @@ -264,7 +264,7 @@ class Identity: def get_gid(self, critical_failure=True): try: - pki_gid = self.master_dict['pki_gid'] + pki_gid = self.mdict['pki_gid'] except KeyError as exc: config.pki_log.error(log.PKI_KEYERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) @@ -278,7 +278,7 @@ class Identity: extra=config.PKI_INDENTATION_LEVEL_2) # id -u <name> pki_uid = getpwnam(name)[2] - self.master_dict['pki_uid'] = pki_uid + self.mdict['pki_uid'] = pki_uid config.pki_log.debug(log.PKIHELPER_UID_2, name, pki_uid, extra=config.PKI_INDENTATION_LEVEL_3) except KeyError as exc: @@ -294,7 +294,7 @@ class Identity: extra=config.PKI_INDENTATION_LEVEL_2) # id -g <name> pki_gid = getgrnam(name)[2] - self.master_dict['pki_gid'] = pki_gid + self.mdict['pki_gid'] = pki_gid config.pki_log.debug(log.PKIHELPER_GID_2, name, pki_gid, extra=config.PKI_INDENTATION_LEVEL_3) except KeyError as exc: @@ -310,155 +310,155 @@ class Namespace: # Silently verify that the selected 'pki_instance_name' will # NOT produce any namespace collisions def __init__(self, deployer): - self.master_dict = deployer.master_dict + self.mdict = deployer.mdict def collision_detection(self): # Run simple checks for pre-existing namespace collisions - if os.path.exists(self.master_dict['pki_instance_path']): - if os.path.exists(self.master_dict['pki_subsystem_path']): + if os.path.exists(self.mdict['pki_instance_path']): + if os.path.exists(self.mdict['pki_subsystem_path']): # Top-Level PKI base path collision config.pki_log.error( log.PKIHELPER_NAMESPACE_COLLISION_2, - self.master_dict['pki_instance_name'], - self.master_dict['pki_instance_path'], + self.mdict['pki_instance_name'], + self.mdict['pki_instance_path'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.master_dict['pki_instance_name'], - self.master_dict['pki_instance_path'])) + raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.mdict['pki_instance_name'], + self.mdict['pki_instance_path'])) else: - if os.path.exists(self.master_dict['pki_target_tomcat_conf_instance_id']): + if os.path.exists(self.mdict['pki_target_tomcat_conf_instance_id']): # Top-Level "/etc/sysconfig" path collision config.pki_log.error( log.PKIHELPER_NAMESPACE_COLLISION_2, - self.master_dict['pki_instance_name'], - self.master_dict['pki_target_tomcat_conf_instance_id'], + self.mdict['pki_instance_name'], + self.mdict['pki_target_tomcat_conf_instance_id'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.master_dict['pki_instance_name'], - self.master_dict['pki_target_tomcat_conf_instance_id'])) - if os.path.exists(self.master_dict['pki_cgroup_systemd_service']): + raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.mdict['pki_instance_name'], + self.mdict['pki_target_tomcat_conf_instance_id'])) + if os.path.exists(self.mdict['pki_cgroup_systemd_service']): # Systemd cgroup path collision config.pki_log.error( log.PKIHELPER_NAMESPACE_COLLISION_2, - self.master_dict['pki_instance_name'], - self.master_dict['pki_cgroup_systemd_service_path'], + self.mdict['pki_instance_name'], + self.mdict['pki_cgroup_systemd_service_path'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.master_dict['pki_instance_name'], - self.master_dict['pki_cgroup_systemd_service_path'])) - if os.path.exists(self.master_dict['pki_cgroup_cpu_systemd_service']): + raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.mdict['pki_instance_name'], + self.mdict['pki_cgroup_systemd_service_path'])) + if os.path.exists(self.mdict['pki_cgroup_cpu_systemd_service']): # Systemd cgroup CPU path collision config.pki_log.error( log.PKIHELPER_NAMESPACE_COLLISION_2, - self.master_dict['pki_instance_name'], - self.master_dict['pki_cgroup_cpu_systemd_service_path'], + self.mdict['pki_instance_name'], + self.mdict['pki_cgroup_cpu_systemd_service_path'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.master_dict['pki_instance_name'], - self.master_dict['pki_cgroup_cpu_systemd_service_path'])) - if os.path.exists(self.master_dict['pki_instance_log_path']) and\ - os.path.exists(self.master_dict['pki_subsystem_log_path']): + raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.mdict['pki_instance_name'], + self.mdict['pki_cgroup_cpu_systemd_service_path'])) + if os.path.exists(self.mdict['pki_instance_log_path']) and\ + os.path.exists(self.mdict['pki_subsystem_log_path']): # Top-Level PKI log path collision config.pki_log.error( log.PKIHELPER_NAMESPACE_COLLISION_2, - self.master_dict['pki_instance_name'], - self.master_dict['pki_instance_log_path'], + self.mdict['pki_instance_name'], + self.mdict['pki_instance_log_path'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.master_dict['pki_instance_name'], - self.master_dict['pki_instance_log_path'])) - if os.path.exists(self.master_dict['pki_instance_configuration_path']) and\ - os.path.exists(self.master_dict['pki_subsystem_configuration_path']): + raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.mdict['pki_instance_name'], + self.mdict['pki_instance_log_path'])) + if os.path.exists(self.mdict['pki_instance_configuration_path']) and\ + os.path.exists(self.mdict['pki_subsystem_configuration_path']): # Top-Level PKI configuration path collision config.pki_log.error( log.PKIHELPER_NAMESPACE_COLLISION_2, - self.master_dict['pki_instance_name'], - self.master_dict['pki_instance_configuration_path'], + self.mdict['pki_instance_name'], + self.mdict['pki_instance_configuration_path'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.master_dict['pki_instance_name'], - self.master_dict['pki_instance_configuration_path'])) - if os.path.exists(self.master_dict['pki_instance_registry_path']) and\ - os.path.exists(self.master_dict['pki_subsystem_registry_path']): + raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.mdict['pki_instance_name'], + self.mdict['pki_instance_configuration_path'])) + if os.path.exists(self.mdict['pki_instance_registry_path']) and\ + os.path.exists(self.mdict['pki_subsystem_registry_path']): # Top-Level PKI registry path collision config.pki_log.error( log.PKIHELPER_NAMESPACE_COLLISION_2, - self.master_dict['pki_instance_name'], - self.master_dict['pki_instance_registry_path'], + self.mdict['pki_instance_name'], + self.mdict['pki_instance_registry_path'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.master_dict['pki_instance_name'], - self.master_dict['pki_instance_registry_path'])) + raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.mdict['pki_instance_name'], + self.mdict['pki_instance_registry_path'])) # Run simple checks for reserved name namespace collisions - if self.master_dict['pki_instance_name'] in config.PKI_BASE_RESERVED_NAMES: + if self.mdict['pki_instance_name'] in config.PKI_BASE_RESERVED_NAMES: # Top-Level PKI base path reserved name collision config.pki_log.error( log.PKIHELPER_NAMESPACE_RESERVED_NAME_2, - self.master_dict['pki_instance_name'], - self.master_dict['pki_instance_path'], + self.mdict['pki_instance_name'], + self.mdict['pki_instance_path'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (self.master_dict['pki_instance_name'], - self.master_dict['pki_instance_path'])) + raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (self.mdict['pki_instance_name'], + self.mdict['pki_instance_path'])) # No need to check for reserved name under Top-Level PKI log path - if self.master_dict['pki_instance_name'] in config.PKI_CONFIGURATION_RESERVED_NAMES: + if self.mdict['pki_instance_name'] in config.PKI_CONFIGURATION_RESERVED_NAMES: # Top-Level PKI configuration path reserved name collision config.pki_log.error( log.PKIHELPER_NAMESPACE_RESERVED_NAME_2, - self.master_dict['pki_instance_name'], - self.master_dict['pki_instance_configuration_path'], + self.mdict['pki_instance_name'], + self.mdict['pki_instance_configuration_path'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (self.master_dict['pki_instance_name'], - self.master_dict['pki_instance_configuration_path'])) - if self.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: + raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (self.mdict['pki_instance_name'], + self.mdict['pki_instance_configuration_path'])) + if self.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: # Top-Level Apache PKI registry path reserved name collision - if self.master_dict['pki_instance_name'] in\ + if self.mdict['pki_instance_name'] in\ config.PKI_APACHE_REGISTRY_RESERVED_NAMES: config.pki_log.error( log.PKIHELPER_NAMESPACE_RESERVED_NAME_2, - self.master_dict['pki_instance_name'], - self.master_dict['pki_instance_registry_path'], + self.mdict['pki_instance_name'], + self.mdict['pki_instance_registry_path'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (self.master_dict['pki_instance_name'], - self.master_dict['pki_instance_registry_path'])) - elif self.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (self.mdict['pki_instance_name'], + self.mdict['pki_instance_registry_path'])) + elif self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: # Top-Level Tomcat PKI registry path reserved name collision - if self.master_dict['pki_instance_name'] in\ + if self.mdict['pki_instance_name'] in\ config.PKI_TOMCAT_REGISTRY_RESERVED_NAMES: config.pki_log.error( log.PKIHELPER_NAMESPACE_RESERVED_NAME_2, - self.master_dict['pki_instance_name'], - self.master_dict['pki_instance_registry_path'], + self.mdict['pki_instance_name'], + self.mdict['pki_instance_registry_path'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (self.master_dict['pki_instance_name'], - self.master_dict['pki_instance_registry_path'])) + raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (self.mdict['pki_instance_name'], + self.mdict['pki_instance_registry_path'])) class ConfigurationFile: """PKI Deployment Configuration File Class""" def __init__(self, deployer): - self.master_dict = deployer.master_dict + self.mdict = deployer.mdict # set useful 'boolean' object variables for this class - self.clone = config.str2bool(self.master_dict['pki_clone']) - self.external = config.str2bool(self.master_dict['pki_external']) + self.clone = config.str2bool(self.mdict['pki_clone']) + self.external = config.str2bool(self.mdict['pki_external']) self.external_step_two = config.str2bool( - self.master_dict['pki_external_step_two']) + self.mdict['pki_external_step_two']) self.skip_configuration = config.str2bool( - self.master_dict['pki_skip_configuration']) - self.standalone = config.str2bool(self.master_dict['pki_standalone']) - self.subordinate = config.str2bool(self.master_dict['pki_subordinate']) + self.mdict['pki_skip_configuration']) + self.standalone = config.str2bool(self.mdict['pki_standalone']) + self.subordinate = config.str2bool(self.mdict['pki_subordinate']) # set useful 'string' object variables for this class - self.subsystem = self.master_dict['pki_subsystem'] + self.subsystem = self.mdict['pki_subsystem'] def log_configuration_url(self): # NOTE: This is the one and only parameter containing a sensitive # parameter that may be stored in a log file. config.pki_log.info(log.PKI_CONFIGURATION_WIZARD_URL_1, - self.master_dict['pki_configuration_url'], + self.mdict['pki_configuration_url'], extra=config.PKI_INDENTATION_LEVEL_2) config.pki_log.info(log.PKI_CONFIGURATION_WIZARD_RESTART_1, - self.master_dict['pki_registry_initscript_command'], + self.mdict['pki_registry_initscript_command'], extra=config.PKI_INDENTATION_LEVEL_2) def display_configuration_url(self): # NOTE: This is the one and only parameter containing a sensitive # parameter that may be displayed to the screen. - print log.PKI_CONFIGURATION_URL_1 % self.master_dict['pki_configuration_url'] + print log.PKI_CONFIGURATION_URL_1 % self.mdict['pki_configuration_url'] print print log.PKI_CONFIGURATION_RESTART_1 % \ - self.master_dict['pki_registry_initscript_command'] + self.mdict['pki_registry_initscript_command'] print def confirm_external(self): @@ -511,29 +511,29 @@ class ConfigurationFile: self.subsystem) def confirm_data_exists(self, param): - if not self.master_dict.has_key(param) or\ - not len(self.master_dict[param]): + if not self.mdict.has_key(param) or\ + not len(self.mdict[param]): config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, param, - self.master_dict['pki_user_deployment_cfg'], + self.mdict['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) raise Exception( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % - (param, self.master_dict['pki_user_deployment_cfg'])) + (param, self.mdict['pki_user_deployment_cfg'])) def confirm_missing_file(self, param): - if os.path.exists(self.master_dict[param]): + if os.path.exists(self.mdict[param]): config.pki_log.error(log.PKI_FILE_ALREADY_EXISTS_1, - self.master_dict[param], + self.mdict[param], extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKI_FILE_ALREADY_EXISTS_1 % param) def confirm_file_exists(self, param): - if not os.path.exists(self.master_dict[param]) or\ - not os.path.isfile(self.master_dict[param]): + if not os.path.exists(self.mdict[param]) or\ + not os.path.isfile(self.mdict[param]): config.pki_log.error(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, - self.master_dict[param], + self.mdict[param], extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % param) @@ -548,7 +548,7 @@ class ConfigurationFile: if not self.clone: self.confirm_data_exists("pki_admin_password") # If required, verify existence of Backup Password - if config.str2bool(self.master_dict['pki_backup_keys']): + if config.str2bool(self.mdict['pki_backup_keys']): self.confirm_data_exists("pki_backup_password") # Verify existence of Client Pin for NSS client security databases self.confirm_data_exists("pki_client_database_password") @@ -570,7 +570,7 @@ class ConfigurationFile: if not self.skip_configuration and not self.standalone: self.confirm_data_exists("pki_security_domain_password") # If required, verify existence of Token Password - if not self.master_dict['pki_token_name'] == "internal": + if not self.mdict['pki_token_name'] == "internal": self.confirm_data_exists("pki_token_password") return @@ -581,36 +581,36 @@ class ConfigurationFile: if self.clone and self.external and self.subordinate: config.pki_log.error( log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_SUB_CA, - self.master_dict['pki_user_deployment_cfg'], + self.mdict['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_SUB_CA % self.master_dict['pki_user_deployment_cfg']) + raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_SUB_CA % self.mdict['pki_user_deployment_cfg']) elif self.clone and self.external: config.pki_log.error( log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_CA, - self.master_dict['pki_user_deployment_cfg'], + self.mdict['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_CA % self.master_dict['pki_user_deployment_cfg']) + raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_CA % self.mdict['pki_user_deployment_cfg']) elif self.clone and self.subordinate: config.pki_log.error( log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_SUB_CA, - self.master_dict['pki_user_deployment_cfg'], + self.mdict['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_SUB_CA % self.master_dict['pki_user_deployment_cfg']) + raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_SUB_CA % self.mdict['pki_user_deployment_cfg']) elif self.external and self.subordinate: config.pki_log.error( log.PKIHELPER_MUTUALLY_EXCLUSIVE_EXTERNAL_SUB_CA, - self.master_dict['pki_user_deployment_cfg'], + self.mdict['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_EXTERNAL_SUB_CA % self.master_dict['pki_user_deployment_cfg']) + raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_EXTERNAL_SUB_CA % self.mdict['pki_user_deployment_cfg']) elif self.standalone: if self.clone: config.pki_log.error( log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_STANDALONE_PKI, - self.master_dict['pki_user_deployment_cfg'], + self.mdict['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) raise Exception( log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_STANDALONE_PKI % - self.master_dict['pki_user_deployment_cfg']) + self.mdict['pki_user_deployment_cfg']) def verify_predefined_configuration_file_data(self): # Silently verify the existence of any required 'predefined' data @@ -725,18 +725,18 @@ class ConfigurationFile: return def populate_non_default_ports(self): - if (self.master_dict['pki_http_port'] != + if (self.mdict['pki_http_port'] != str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTP_PORT)): - ports.append(self.master_dict['pki_http_port']) - if (self.master_dict['pki_https_port'] != + ports.append(self.mdict['pki_http_port']) + if (self.mdict['pki_https_port'] != str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTPS_PORT)): - ports.append(self.master_dict['pki_https_port']) - if (self.master_dict['pki_tomcat_server_port'] != + ports.append(self.mdict['pki_https_port']) + if (self.mdict['pki_tomcat_server_port'] != str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_SERVER_PORT)): - ports.append(self.master_dict['pki_tomcat_server_port']) - if (self.master_dict['pki_ajp_port'] != + ports.append(self.mdict['pki_tomcat_server_port']) + if (self.mdict['pki_ajp_port'] != str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_AJP_PORT)): - ports.append(self.master_dict['pki_ajp_port']) + ports.append(self.mdict['pki_ajp_port']) return def verify_selinux_ports(self): @@ -782,16 +782,16 @@ class ConfigurationFile: def verify_command_matches_configuration_file(self): # Silently verify that the command-line parameters match the values # that are present in the corresponding configuration file - if self.master_dict['pki_deployment_executable'] == 'pkidestroy': - if self.master_dict['pki_deployed_instance_name'] != \ - self.master_dict['pki_instance_name']: + if self.mdict['pki_deployment_executable'] == 'pkidestroy': + if self.mdict['pki_deployed_instance_name'] != \ + self.mdict['pki_instance_name']: config.pki_log.error( log.PKIHELPER_COMMAND_LINE_PARAMETER_MISMATCH_2, - self.master_dict['pki_deployed_instance_name'], - self.master_dict['pki_instance_name'], + self.mdict['pki_deployed_instance_name'], + self.mdict['pki_instance_name'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % (self.master_dict['pki_deployed_instance_name'], - self.master_dict['pki_instance_name'])) + raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % (self.mdict['pki_deployed_instance_name'], + self.mdict['pki_instance_name'])) return # PKI Deployment XML File Class @@ -800,7 +800,7 @@ class ConfigurationFile: # web_xml_source, # web_xml_target): # config.pki_log.info(log.PKIHELPER_REMOVE_FILTER_SECTION_1, -# self.master_dict['pki_target_subsystem_web_xml'], +# self.mdict['pki_target_subsystem_web_xml'], # extra=config.PKI_INDENTATION_LEVEL_2) # begin_filters_section = False # begin_servlet_section = False @@ -830,7 +830,7 @@ class Instance: """PKI Deployment Instance Class""" def __init__(self, deployer): - self.master_dict = deployer.master_dict + self.mdict = deployer.mdict def apache_instance_subsystems(self): rv = 0 @@ -838,11 +838,11 @@ class Instance: # count number of PKI subsystems present # within the specified Apache instance for subsystem in config.PKI_APACHE_SUBSYSTEMS: - path = self.master_dict['pki_instance_path'] + "/" + subsystem.lower() + path = self.mdict['pki_instance_path'] + "/" + subsystem.lower() if os.path.exists(path) and os.path.isdir(path): rv = rv + 1 config.pki_log.debug(log.PKIHELPER_APACHE_INSTANCE_SUBSYSTEMS_2, - self.master_dict['pki_instance_path'], + self.mdict['pki_instance_path'], rv, extra=config.PKI_INDENTATION_LEVEL_2) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, @@ -859,16 +859,16 @@ class Instance: # simply count the number of PKI 'apache' instances (directories) # present within the PKI 'apache' registry directory for instance in\ - os.listdir(self.master_dict['pki_instance_type_registry_path']): + os.listdir(self.mdict['pki_instance_type_registry_path']): if os.path.isdir( - os.path.join(self.master_dict['pki_instance_type_registry_path'], + os.path.join(self.mdict['pki_instance_type_registry_path'], instance)) and not\ os.path.islink( - os.path.join(self.master_dict['pki_instance_type_registry_path'], + os.path.join(self.mdict['pki_instance_type_registry_path'], instance)): rv = rv + 1 config.pki_log.debug(log.PKIHELPER_APACHE_INSTANCES_2, - self.master_dict['pki_instance_type_registry_path'], + self.mdict['pki_instance_type_registry_path'], rv, extra=config.PKI_INDENTATION_LEVEL_2) except OSError as exc: @@ -883,11 +883,11 @@ class Instance: # Since ALL directories within the top-level PKI infrastructure # SHOULD represent PKI instances, look for all possible # PKI instances within the top-level PKI infrastructure - for instance in os.listdir(self.master_dict['pki_path']): - if os.path.isdir(os.path.join(self.master_dict['pki_path'], instance))\ + for instance in os.listdir(self.mdict['pki_path']): + if os.path.isdir(os.path.join(self.mdict['pki_path'], instance))\ and not\ - os.path.islink(os.path.join(self.master_dict['pki_path'], instance)): - instance_dir = os.path.join(self.master_dict['pki_path'], instance) + os.path.islink(os.path.join(self.mdict['pki_path'], instance)): + instance_dir = os.path.join(self.mdict['pki_path'], instance) # Since ANY directory within this PKI instance COULD # be a PKI subsystem, look for all possible # PKI subsystems within this PKI instance @@ -897,7 +897,7 @@ class Instance: if name.upper() in config.PKI_SUBSYSTEMS: rv = rv + 1 config.pki_log.debug(log.PKIHELPER_PKI_INSTANCE_SUBSYSTEMS_2, - self.master_dict['pki_instance_path'], rv, + self.mdict['pki_instance_path'], rv, extra=config.PKI_INDENTATION_LEVEL_2) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, @@ -910,7 +910,7 @@ class Instance: rv = [] try: for subsystem in config.PKI_TOMCAT_SUBSYSTEMS: - path = self.master_dict['pki_instance_path'] + "/" + subsystem.lower() + path = self.mdict['pki_instance_path'] + "/" + subsystem.lower() if os.path.exists(path) and os.path.isdir(path): rv.append(subsystem) except OSError as exc: @@ -928,16 +928,16 @@ class Instance: # simply count the number of PKI 'tomcat' instances (directories) # present within the PKI 'tomcat' registry directory for instance in\ - os.listdir(self.master_dict['pki_instance_type_registry_path']): + os.listdir(self.mdict['pki_instance_type_registry_path']): if os.path.isdir( - os.path.join(self.master_dict['pki_instance_type_registry_path'], + os.path.join(self.mdict['pki_instance_type_registry_path'], instance)) and not\ os.path.islink( - os.path.join(self.master_dict['pki_instance_type_registry_path'], + os.path.join(self.mdict['pki_instance_type_registry_path'], instance)): rv = rv + 1 config.pki_log.debug(log.PKIHELPER_TOMCAT_INSTANCES_2, - self.master_dict['pki_instance_type_registry_path'], + self.mdict['pki_instance_type_registry_path'], rv, extra=config.PKI_INDENTATION_LEVEL_2) except OSError as exc: @@ -948,13 +948,13 @@ class Instance: def verify_subsystem_exists(self): try: - if not os.path.exists(self.master_dict['pki_subsystem_path']): + if not os.path.exists(self.mdict['pki_subsystem_path']): config.pki_log.error(log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2, - self.master_dict['pki_subsystem'], - self.master_dict['pki_instance_name'], + self.mdict['pki_subsystem'], + self.mdict['pki_instance_name'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2 % (self.master_dict['pki_subsystem'], - self.master_dict['pki_instance_name'])) + raise Exception(log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2 % (self.mdict['pki_subsystem'], + self.mdict['pki_instance_name'])) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) @@ -962,13 +962,13 @@ class Instance: def verify_subsystem_does_not_exist(self): try: - if os.path.exists(self.master_dict['pki_subsystem_path']): + if os.path.exists(self.mdict['pki_subsystem_path']): config.pki_log.error(log.PKI_SUBSYSTEM_ALREADY_EXISTS_2, - self.master_dict['pki_subsystem'], - self.master_dict['pki_instance_name'], + self.mdict['pki_subsystem'], + self.mdict['pki_instance_name'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2 % (self.master_dict['pki_subsystem'], - self.master_dict['pki_instance_name'])) + raise Exception(log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2 % (self.mdict['pki_subsystem'], + self.mdict['pki_instance_name'])) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) @@ -977,9 +977,9 @@ class Instance: def get_instance_status(self): connection = pki.client.PKIConnection( protocol='https', - hostname=self.master_dict['pki_hostname'], - port=self.master_dict['pki_https_port'], - subsystem=self.master_dict['pki_subsystem_type'], + hostname=self.mdict['pki_hostname'], + port=self.mdict['pki_https_port'], + subsystem=self.mdict['pki_subsystem_type'], accept='application/xml') # catching all exceptions because we do not want to break if underlying @@ -1018,7 +1018,7 @@ class Directory: """PKI Deployment Directory Class""" def __init__(self, deployer): - self.master_dict = deployer.master_dict + self.mdict = deployer.mdict self.identity = deployer.identity self.manifest_db = deployer.manifest_db @@ -1048,8 +1048,8 @@ class Directory: record = manifest.Record() record.name = name record.type = manifest.RECORD_TYPE_DIRECTORY - record.user = self.master_dict['pki_user'] - record.group = self.master_dict['pki_group'] + record.user = self.mdict['pki_user'] + record.group = self.mdict['pki_group'] record.uid = uid record.gid = gid record.permissions = perms @@ -1106,8 +1106,8 @@ class Directory: record = manifest.Record() record.name = name record.type = manifest.RECORD_TYPE_DIRECTORY - record.user = self.master_dict['pki_user'] - record.group = self.master_dict['pki_group'] + record.user = self.mdict['pki_user'] + record.group = self.mdict['pki_group'] record.uid = uid record.gid = gid record.permissions = perms @@ -1221,8 +1221,8 @@ class Directory: record = manifest.Record() record.name = name record.type = manifest.RECORD_TYPE_FILE - record.user = self.master_dict['pki_user'] - record.group = self.master_dict['pki_group'] + record.user = self.mdict['pki_user'] + record.group = self.mdict['pki_group'] record.uid = uid record.gid = gid record.permissions = file_perms @@ -1247,8 +1247,8 @@ class Directory: record = manifest.Record() record.name = name record.type = manifest.RECORD_TYPE_SYMLINK - record.user = self.master_dict['pki_user'] - record.group = self.master_dict['pki_group'] + record.user = self.mdict['pki_user'] + record.group = self.mdict['pki_group'] record.uid = uid record.gid = gid record.permissions = symlink_perms @@ -1273,8 +1273,8 @@ class Directory: record = manifest.Record() record.name = name record.type = manifest.RECORD_TYPE_DIRECTORY - record.user = self.master_dict['pki_user'] - record.group = self.master_dict['pki_group'] + record.user = self.mdict['pki_user'] + record.group = self.mdict['pki_group'] record.uid = uid record.gid = gid record.permissions = dir_perms @@ -1299,8 +1299,8 @@ class Directory: record = manifest.Record() record.name = name record.type = manifest.RECORD_TYPE_DIRECTORY - record.user = self.master_dict['pki_user'] - record.group = self.master_dict['pki_group'] + record.user = self.mdict['pki_user'] + record.group = self.mdict['pki_group'] record.uid = uid record.gid = gid record.permissions = dir_perms @@ -1376,7 +1376,7 @@ class File: """PKI Deployment File Class (also used for executables)""" def __init__(self, deployer): - self.master_dict = deployer.master_dict + self.mdict = deployer.mdict self.slots = deployer.slots self.identity = deployer.identity self.manifest_db = deployer.manifest_db @@ -1407,8 +1407,8 @@ class File: record = manifest.Record() record.name = name record.type = manifest.RECORD_TYPE_FILE - record.user = self.master_dict['pki_user'] - record.group = self.master_dict['pki_group'] + record.user = self.mdict['pki_user'] + record.group = self.mdict['pki_group'] record.uid = uid record.gid = gid record.permissions = perms @@ -1465,8 +1465,8 @@ class File: record = manifest.Record() record.name = name record.type = manifest.RECORD_TYPE_FILE - record.user = self.master_dict['pki_user'] - record.group = self.master_dict['pki_group'] + record.user = self.mdict['pki_user'] + record.group = self.mdict['pki_group'] record.uid = uid record.gid = gid record.permissions = perms @@ -1554,8 +1554,8 @@ class File: record = manifest.Record() record.name = new_name record.type = manifest.RECORD_TYPE_FILE - record.user = self.master_dict['pki_user'] - record.group = self.master_dict['pki_group'] + record.user = self.mdict['pki_user'] + record.group = self.mdict['pki_group'] record.uid = uid record.gid = gid record.permissions = perms @@ -1592,9 +1592,9 @@ class File: if slot != '__name__' and self.slots[slot] in line: config.pki_log.debug( log.PKIHELPER_SLOT_SUBSTITUTION_2, - self.slots[slot], self.master_dict[slot], + self.slots[slot], self.mdict[slot], extra=config.PKI_INDENTATION_LEVEL_3) - line = line.replace(self.slots[slot], self.master_dict[slot]) + line = line.replace(self.slots[slot], self.mdict[slot]) sys.stdout.write(line) if uid == None: uid = self.identity.get_uid() @@ -1614,8 +1614,8 @@ class File: record = manifest.Record() record.name = name record.type = manifest.RECORD_TYPE_FILE - record.user = self.master_dict['pki_user'] - record.group = self.master_dict['pki_group'] + record.user = self.mdict['pki_user'] + record.group = self.mdict['pki_group'] record.uid = uid record.gid = gid record.permissions = perms @@ -1661,9 +1661,9 @@ class File: if slot != '__name__' and self.slots[slot] in line: config.pki_log.debug( log.PKIHELPER_SLOT_SUBSTITUTION_2, - self.slots[slot], self.master_dict[slot], + self.slots[slot], self.mdict[slot], extra=config.PKI_INDENTATION_LEVEL_3) - line = line.replace(self.slots[slot], self.master_dict[slot]) + line = line.replace(self.slots[slot], self.mdict[slot]) FILE.write(line) if uid == None: uid = self.identity.get_uid() @@ -1683,8 +1683,8 @@ class File: record = manifest.Record() record.name = new_name record.type = manifest.RECORD_TYPE_FILE - record.user = self.master_dict['pki_user'] - record.group = self.master_dict['pki_group'] + record.user = self.mdict['pki_user'] + record.group = self.mdict['pki_group'] record.uid = uid record.gid = gid record.permissions = perms @@ -1733,8 +1733,8 @@ class File: record = manifest.Record() record.name = name record.type = manifest.RECORD_TYPE_FILE - record.user = self.master_dict['pki_user'] - record.group = self.master_dict['pki_group'] + record.user = self.mdict['pki_user'] + record.group = self.mdict['pki_group'] record.uid = uid record.gid = gid record.permissions = perms @@ -1760,7 +1760,7 @@ class Symlink: """PKI Deployment Symbolic Link Class""" def __init__(self, deployer): - self.master_dict = deployer.master_dict + self.mdict = deployer.mdict self.identity = deployer.identity self.manifest_db = deployer.manifest_db @@ -1794,8 +1794,8 @@ class Symlink: record = manifest.Record() record.name = link record.type = manifest.RECORD_TYPE_SYMLINK - record.user = self.master_dict['pki_user'] - record.group = self.master_dict['pki_group'] + record.user = self.mdict['pki_user'] + record.group = self.mdict['pki_group'] record.uid = uid record.gid = gid record.permissions = \ @@ -1850,8 +1850,8 @@ class Symlink: record = manifest.Record() record.name = link record.type = manifest.RECORD_TYPE_SYMLINK - record.user = self.master_dict['pki_user'] - record.group = self.master_dict['pki_group'] + record.user = self.mdict['pki_user'] + record.group = self.mdict['pki_group'] record.uid = uid record.gid = gid record.permissions = \ @@ -1905,7 +1905,7 @@ class War: """PKI Deployment War File Class""" def __init__(self, deployer): - self.master_dict = deployer.master_dict + self.mdict = deployer.mdict def explode(self, name, path, critical_failure=True): try: @@ -1956,7 +1956,7 @@ class Password: """PKI Deployment Password Class""" def __init__(self, deployer): - self.master_dict = deployer.master_dict + self.mdict = deployer.mdict def create_password_conf(self, path, pin, pin_sans_token=False, overwrite_flag=False, critical_failure=True): @@ -1970,12 +1970,12 @@ class Password: with open(path, "w") as fd: if pin_sans_token == True: fd.write(str(pin)) - elif self.master_dict['pki_subsystem'] in\ + elif self.mdict['pki_subsystem'] in\ config.PKI_APACHE_SUBSYSTEMS: - fd.write(self.master_dict['pki_self_signed_token'] + \ + fd.write(self.mdict['pki_self_signed_token'] + \ ":" + str(pin)) else: - fd.write(self.master_dict['pki_self_signed_token'] + \ + fd.write(self.mdict['pki_self_signed_token'] + \ "=" + str(pin)) else: config.pki_log.info(log.PKIHELPER_PASSWORD_CONF_1, path, @@ -1984,12 +1984,12 @@ class Password: with open(path, "w") as fd: if pin_sans_token == True: fd.write(str(pin)) - elif self.master_dict['pki_subsystem'] in\ + elif self.mdict['pki_subsystem'] in\ config.PKI_APACHE_SUBSYSTEMS: - fd.write(self.master_dict['pki_self_signed_token'] + \ + fd.write(self.mdict['pki_self_signed_token'] + \ ":" + str(pin)) else: - fd.write(self.master_dict['pki_self_signed_token'] + \ + fd.write(self.mdict['pki_self_signed_token'] + \ "=" + str(pin)) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, @@ -2008,13 +2008,13 @@ class Password: extra=config.PKI_INDENTATION_LEVEL_2) # overwrite the existing 'pkcs12_password.conf' file with open(path, "w") as fd: - fd.write(self.master_dict['pki_client_pkcs12_password']) + fd.write(self.mdict['pki_client_pkcs12_password']) else: config.pki_log.info(log.PKIHELPER_PASSWORD_CONF_1, path, extra=config.PKI_INDENTATION_LEVEL_2) # create a new 'pkcs12_password.conf' file with open(path, "w") as fd: - fd.write(self.master_dict['pki_client_pkcs12_password']) + fd.write(self.mdict['pki_client_pkcs12_password']) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) @@ -2048,7 +2048,7 @@ class Certutil: """PKI Deployment NSS 'certutil' Class""" def __init__(self, deployer): - self.master_dict = deployer.master_dict + self.mdict = deployer.mdict def create_security_databases(self, path, pki_cert_database, pki_key_database, pki_secmod_database, @@ -2474,7 +2474,7 @@ class PK12util: """PKI Deployment pk12util class""" def __init__(self, deployer): - self.master_dict = deployer.master_dict + self.mdict = deployer.mdict def create_file(self, out_file, nickname, out_pwfile, db_pwfile, path=None, critical_failure=True): @@ -2531,13 +2531,13 @@ class KRAConnector: """PKI Deployment KRA Connector Class""" def __init__(self, deployer): - self.master_dict = deployer.master_dict + self.mdict = deployer.mdict self.password = deployer.password def deregister(self, critical_failure=False): try: # this is applicable to KRAs only - if self.master_dict['pki_subsystem_type'] != "kra": + if self.mdict['pki_subsystem_type'] != "kra": return config.pki_log.info( @@ -2545,7 +2545,7 @@ class KRAConnector: extra=config.PKI_INDENTATION_LEVEL_2) cs_cfg = PKIConfigParser.read_simple_configuration_file( - self.master_dict['pki_target_cs_cfg']) + self.mdict['pki_target_cs_cfg']) krahost = cs_cfg.get('service.machineName') kraport = cs_cfg.get('pkicreate.secure_port') cahost = cs_cfg.get('cloning.ca.hostname') @@ -2584,7 +2584,7 @@ class KRAConnector: token_name = "internal" token_pwd = self.password.get_password( - self.master_dict['pki_shared_password_conf'], + self.mdict['pki_shared_password_conf'], token_name, critical_failure) @@ -2623,7 +2623,7 @@ class KRAConnector: "-h", cahost, "-n", subsystemnick, "-P", "https", - "-d", self.master_dict['pki_database_path'], + "-d", self.mdict['pki_database_path'], "-c", token_pwd, "ca-kraconnector-del", krahost, str(kraport)] @@ -2653,7 +2653,7 @@ class KRAConnector: command = ["/usr/bin/sslget", "-n", subsystemnick, "-p", token_pwd, - "-d", self.master_dict['pki_database_path'], + "-d", self.mdict['pki_database_path'], "-e", params, "-v", "-r", updateURL, cahost + ":" + str(caport)] @@ -2668,13 +2668,13 @@ class TPSConnector: """PKI Deployment TPS Connector Class""" def __init__(self, deployer): - self.master_dict = deployer.master_dict + self.mdict = deployer.mdict self.password = deployer.password def deregister(self, critical_failure=False): try: # this is applicable to TPSs only - if self.master_dict['pki_subsystem_type'] != "tps": + if self.mdict['pki_subsystem_type'] != "tps": return config.pki_log.info( @@ -2682,7 +2682,7 @@ class TPSConnector: extra=config.PKI_INDENTATION_LEVEL_2) cs_cfg = PKIConfigParser.read_simple_configuration_file( - self.master_dict['pki_target_cs_cfg']) + self.mdict['pki_target_cs_cfg']) tpshost = cs_cfg.get('service.machineName') tpsport = cs_cfg.get('pkicreate.secure_port') tkshostport = cs_cfg.get('conn.tks1.hostport') @@ -2727,7 +2727,7 @@ class TPSConnector: token_name = "internal" token_pwd = self.password.get_password( - self.master_dict['pki_shared_password_conf'], + self.mdict['pki_shared_password_conf'], token_name, critical_failure) @@ -2766,7 +2766,7 @@ class TPSConnector: "-h", tkshost, "-n", subsystemnick, "-P", "https", - "-d", self.master_dict['pki_database_path'], + "-d", self.mdict['pki_database_path'], "-c", token_pwd, "-t", "tks", "tks-tpsconnector-del", @@ -2793,13 +2793,13 @@ class SecurityDomain: """PKI Deployment Security Domain Class""" def __init__(self, deployer): - self.master_dict = deployer.master_dict + self.mdict = deployer.mdict self.password = deployer.password def deregister(self, install_token, critical_failure=False): # process this PKI subsystem instance's 'CS.cfg' cs_cfg = PKIConfigParser.read_simple_configuration_file( - self.master_dict['pki_target_cs_cfg']) + self.mdict['pki_target_cs_cfg']) # assign key name/value pairs machinename = cs_cfg.get('service.machineName') @@ -2839,7 +2839,7 @@ class SecurityDomain: listval = typeval.lower() + "List" updateURL = "/ca/agent/ca/updateDomainXML" - params = "name=" + "\"" + self.master_dict['pki_instance_path'] + "\"" + \ + params = "name=" + "\"" + self.mdict['pki_instance_path'] + "\"" + \ "&type=" + str(typeval) + \ "&list=" + str(listval) + \ "&host=" + str(machinename) + \ @@ -2856,7 +2856,7 @@ class SecurityDomain: adminUpdateURL = "/ca/admin/ca/updateDomainXML" command = ["/usr/bin/sslget", "-p", str(123456), - "-d", self.master_dict['pki_database_path'], + "-d", self.mdict['pki_database_path'], "-e", params, "-v", "-r", adminUpdateURL, @@ -2924,7 +2924,7 @@ class SecurityDomain: updateURL, sechost, secagentport, critical_failure=False): token_pwd = None cs_cfg = PKIConfigParser.read_simple_configuration_file( - self.master_dict['pki_target_cs_cfg']) + self.mdict['pki_target_cs_cfg']) # retrieve subsystem nickname subsystemnick_param = typeval.lower() + ".cert.subsystem.nickname" subsystemnick = cs_cfg.get(subsystemnick_param) @@ -2949,7 +2949,7 @@ class SecurityDomain: token_name = "internal" token_pwd = self.password.get_password( - self.master_dict['pki_shared_password_conf'], + self.mdict['pki_shared_password_conf'], token_name, critical_failure) @@ -2969,7 +2969,7 @@ class SecurityDomain: command = ["/usr/bin/sslget", "-n", subsystemnick, "-p", token_pwd, - "-d", self.master_dict['pki_database_path'], + "-d", self.mdict['pki_database_path'], "-e", params, "-v", "-r", updateURL, sechost + ":" + str(secagentport)] @@ -3003,7 +3003,7 @@ class SecurityDomain: # process this PKI subsystem instance's 'CS.cfg' cs_cfg = PKIConfigParser.read_simple_configuration_file( - self.master_dict['pki_target_cs_cfg']) + self.mdict['pki_target_cs_cfg']) # assign key name/value pairs machinename = cs_cfg.get('service.machineName') @@ -3018,7 +3018,7 @@ class SecurityDomain: "-P", "https", "-u", secuser, "-w", secpass, - "-d", self.master_dict['pki_database_path'], + "-d", self.mdict['pki_database_path'], "securitydomain-get-install-token", "--hostname", machinename, "--subsystem", cstype] @@ -3073,7 +3073,7 @@ class Systemd(object): Examples: """ - self.master_dict = deployer.master_dict + self.mdict = deployer.mdict def daemon_reload(self, critical_failure=True): """PKI Deployment execution management lifecycle function. @@ -3144,18 +3144,18 @@ class Systemd(object): if reload_daemon == True: self.daemon_reload(critical_failure) # Compose this "systemd" execution management command - if self.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: + if self.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: service = "pki-apached" + "@" +\ - self.master_dict['pki_instance_name'] + "." +\ + self.mdict['pki_instance_name'] + "." +\ "service" - elif self.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + elif self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: service = "pki-tomcatd" + "@" +\ - self.master_dict['pki_instance_name'] + "." +\ + self.mdict['pki_instance_name'] + "." +\ "service" if pki.system.SYSTEM_TYPE == "debian": command = ["/etc/init.d/pki-tomcatd", "start", - self.master_dict['pki_instance_name']] + self.mdict['pki_instance_name']] else: command = ["systemctl", "start", service] @@ -3199,18 +3199,18 @@ class Systemd(object): try: service = None # Compose this "systemd" execution management command - if self.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: + if self.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: service = "pki-apached" + "@" +\ - self.master_dict['pki_instance_name'] + "." +\ + self.mdict['pki_instance_name'] + "." +\ "service" - elif self.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + elif self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: service = "pki-tomcatd" + "@" +\ - self.master_dict['pki_instance_name'] + "." +\ + self.mdict['pki_instance_name'] + "." +\ "service" if pki.system.SYSTEM_TYPE == "debian": command = ["/etc/init.d/pki-tomcatd", "stop", - self.master_dict['pki_instance_name']] + self.mdict['pki_instance_name']] else: command = ["systemctl", "stop", service] @@ -3258,18 +3258,18 @@ class Systemd(object): # Execute the "systemd daemon-reload" management lifecycle command if reload_daemon == True: self.daemon_reload(critical_failure) - if self.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: + if self.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: service = "pki-apached" + "@" +\ - self.master_dict['pki_instance_name'] + "." +\ + self.mdict['pki_instance_name'] + "." +\ "service" - elif self.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + elif self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: service = "pki-tomcatd" + "@" +\ - self.master_dict['pki_instance_name'] + "." +\ + self.mdict['pki_instance_name'] + "." +\ "service" if pki.system.SYSTEM_TYPE == "debian": command = ["/etc/init.d/pki-tomcatd", "restart", - self.master_dict['pki_instance_name']] + self.mdict['pki_instance_name']] else: command = ["systemctl", "restart", service] @@ -3295,16 +3295,16 @@ class ConfigClient: def __init__(self, deployer): self.deployer = deployer - self.master_dict = deployer.master_dict + self.mdict = deployer.mdict # set useful 'boolean' object variables for this class - self.clone = config.str2bool(self.master_dict['pki_clone']) - self.external = config.str2bool(self.master_dict['pki_external']) + self.clone = config.str2bool(self.mdict['pki_clone']) + self.external = config.str2bool(self.mdict['pki_external']) self.external_step_two = config.str2bool( - self.master_dict['pki_external_step_two']) - self.standalone = config.str2bool(self.master_dict['pki_standalone']) - self.subordinate = config.str2bool(self.master_dict['pki_subordinate']) + self.mdict['pki_external_step_two']) + self.standalone = config.str2bool(self.mdict['pki_standalone']) + self.subordinate = config.str2bool(self.mdict['pki_subordinate']) # set useful 'string' object variables for this class - self.subsystem = self.master_dict['pki_subsystem'] + self.subsystem = self.mdict['pki_subsystem'] def configure_pki_data(self, data): config.pki_log.info(log.PKI_CONFIG_CONFIGURING_PKI_DATA, @@ -3312,9 +3312,9 @@ class ConfigClient: connection = pki.client.PKIConnection( protocol='https', - hostname=self.master_dict['pki_hostname'], - port=self.master_dict['pki_https_port'], - subsystem=self.master_dict['pki_subsystem_type']) + hostname=self.mdict['pki_hostname'], + port=self.mdict['pki_https_port'], + subsystem=self.mdict['pki_subsystem_type']) try: client = pki.system.SystemConfigClient(connection) @@ -3342,7 +3342,7 @@ class ConfigClient: # Save 'External CA Signing Certificate' CSR (Step 1) self.save_system_csr(cdata['request'], log.PKI_CONFIG_EXTERNAL_CSR_SAVE, - self.master_dict['pki_external_csr_path']) + self.mdict['pki_external_csr_path']) return elif self.standalone and not self.external_step_two: # Stand-alone PKI (Step 1) @@ -3351,40 +3351,40 @@ class ConfigClient: # (Step 1) self.save_system_csr(cdata['request'], log.PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_AUDIT_SIGNING_1, - self.master_dict['pki_external_audit_signing_csr_path'], + self.mdict['pki_external_audit_signing_csr_path'], self.subsystem) elif cdata['tag'].lower() == "signing": # Save Stand-alone PKI OCSP 'OCSP Signing Certificate' # CSR (Step 1) self.save_system_csr(cdata['request'], log.PKI_CONFIG_EXTERNAL_CSR_SAVE_OCSP_SIGNING, - self.master_dict['pki_external_signing_csr_path']) + self.mdict['pki_external_signing_csr_path']) elif cdata['tag'].lower() == "sslserver": # Save Stand-alone PKI 'SSL Server Certificate' CSR # (Step 1) self.save_system_csr(cdata['request'], log.PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_SSLSERVER_1, - self.master_dict['pki_external_sslserver_csr_path'], + self.mdict['pki_external_sslserver_csr_path'], self.subsystem) elif cdata['tag'].lower() == "storage": # Save Stand-alone PKI KRA 'Storage Certificate' CSR # (Step 1) self.save_system_csr(cdata['request'], log.PKI_CONFIG_EXTERNAL_CSR_SAVE_KRA_STORAGE, - self.master_dict['pki_external_storage_csr_path']) + self.mdict['pki_external_storage_csr_path']) elif cdata['tag'].lower() == "subsystem": # Save Stand-alone PKI 'Subsystem Certificate' CSR # (Step 1) self.save_system_csr(cdata['request'], log.PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_SUBSYSTEM_1, - self.master_dict['pki_external_subsystem_csr_path'], + self.mdict['pki_external_subsystem_csr_path'], self.subsystem) elif cdata['tag'].lower() == "transport": # Save Stand-alone PKI KRA 'Transport Certificate' CSR # (Step 1) self.save_system_csr(cdata['request'], log.PKI_CONFIG_EXTERNAL_CSR_SAVE_KRA_TRANSPORT, - self.master_dict['pki_external_transport_csr_path']) + self.mdict['pki_external_transport_csr_path']) else: config.pki_log.debug(log.PKI_CONFIG_CDATA_TAG + \ " " + cdata['tag'], @@ -3407,7 +3407,7 @@ class ConfigClient: else: admin_cert = response['adminCert']['cert'] self.process_admin_cert(admin_cert) - elif not config.str2bool(self.master_dict['pki_import_admin_cert']): + elif not config.str2bool(self.mdict['pki_import_admin_cert']): admin_cert = response['adminCert']['cert'] self.process_admin_cert(admin_cert) @@ -3432,11 +3432,11 @@ class ConfigClient: extra=config.PKI_INDENTATION_LEVEL_2) # Store the Administration Certificate in a file - admin_cert_file = self.master_dict['pki_client_admin_cert'] + admin_cert_file = self.mdict['pki_client_admin_cert'] admin_cert_bin_file = admin_cert_file + ".der" self.save_admin_cert(log.PKI_CONFIG_ADMIN_CERT_SAVE_1, admin_cert, admin_cert_file, - self.master_dict['pki_subsystem_name']) + self.mdict['pki_subsystem_name']) # convert the cert file to binary command = ["AtoB", admin_cert_file, admin_cert_bin_file] @@ -3458,28 +3458,28 @@ class ConfigClient: # Import the Administration Certificate # into the client NSS security database self.deployer.certutil.import_cert( - re.sub("'", "'", self.master_dict['pki_admin_nickname']), + re.sub("'", "'", self.mdict['pki_admin_nickname']), "u,u,u", admin_cert_bin_file, - self.master_dict['pki_client_password_conf'], - self.master_dict['pki_client_database_dir'], + self.mdict['pki_client_password_conf'], + self.mdict['pki_client_database_dir'], None, True) # create directory for p12 file if it does not exist self.deployer.directory.create(os.path.dirname( - self.master_dict['pki_client_admin_cert_p12'])) + self.mdict['pki_client_admin_cert_p12'])) # Export the Administration Certificate from the # client NSS security database into a PKCS #12 file self.deployer.pk12util.create_file( - self.master_dict['pki_client_admin_cert_p12'], - re.sub("'", "'", self.master_dict['pki_admin_nickname']), - self.master_dict['pki_client_pkcs12_password_conf'], - self.master_dict['pki_client_password_conf'], - self.master_dict['pki_client_database_dir']) + self.mdict['pki_client_admin_cert_p12'], + re.sub("'", "'", self.mdict['pki_admin_nickname']), + self.mdict['pki_client_pkcs12_password_conf'], + self.mdict['pki_client_password_conf'], + self.mdict['pki_client_database_dir']) - os.chmod(self.master_dict['pki_client_admin_cert_p12'], + os.chmod(self.mdict['pki_client_admin_cert_p12'], config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) @@ -3490,13 +3490,13 @@ class ConfigClient: data = pki.system.ConfigurationRequest() # Miscellaneous Configuration Information - data.pin = self.master_dict['pki_one_time_pin'] - data.subsystemName = self.master_dict['pki_subsystem_name'] + data.pin = self.mdict['pki_one_time_pin'] + data.subsystemName = self.mdict['pki_subsystem_name'] data.standAlone = self.standalone data.stepTwo = self.external_step_two # Cloning parameters - if self.master_dict['pki_instance_type'] == "Tomcat": + if self.mdict['pki_instance_type'] == "Tomcat": if self.clone: self.set_cloning_parameters(data) else: @@ -3521,7 +3521,7 @@ class ConfigClient: self.set_database_parameters(data) # backup - if self.master_dict['pki_instance_type'] == "Tomcat": + if self.mdict['pki_instance_type'] == "Tomcat": self.set_backup_parameters(data) # admin user @@ -3544,23 +3544,23 @@ class ConfigClient: config.pki_log.info( log.PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_ADMIN_1 + \ " '" + \ - self.master_dict['pki_external_admin_csr_path'] + \ + self.mdict['pki_external_admin_csr_path'] + \ "'", self.subsystem, extra=config.PKI_INDENTATION_LEVEL_2) self.deployer.directory.create( - os.path.dirname(self.master_dict['pki_external_admin_csr_path'])) - with open(self.master_dict['pki_external_admin_csr_path'], "w") as f: + os.path.dirname(self.mdict['pki_external_admin_csr_path'])) + with open(self.mdict['pki_external_admin_csr_path'], "w") as f: f.write("-----BEGIN CERTIFICATE REQUEST-----\n") admin_certreq = None with open(os.path.join( - self.master_dict['pki_client_database_dir'], + self.mdict['pki_client_database_dir'], "admin_pkcs10.bin.asc"), "r") as f: admin_certreq = f.read() - with open(self.master_dict['pki_external_admin_csr_path'], "a") as f: + with open(self.mdict['pki_external_admin_csr_path'], "a") as f: f.write(admin_certreq) f.write("-----END CERTIFICATE REQUEST-----") # Read in and print Admin certificate request - with open(self.master_dict['pki_external_admin_csr_path'], "r") as f: + with open(self.mdict['pki_external_admin_csr_path'], "r") as f: admin_certreq = f.read() config.pki_log.info(log.PKI_CONFIG_CDATA_REQUEST + \ "\n" + admin_certreq, @@ -3612,23 +3612,23 @@ class ConfigClient: # PKI CA, Subordinate CA, or External CA cert1 = self.create_system_cert("ca_signing") cert1.signingAlgorithm = \ - self.master_dict['pki_ca_signing_signing_algorithm'] + self.mdict['pki_ca_signing_signing_algorithm'] if self.external_step_two: # External CA (Step 2) or Stand-alone PKI (Step 2) if not self.subsystem == "CA": # Stand-alone PKI (Step 2) cert1 = pki.system.SystemCertData() - cert1.tag = self.master_dict['pki_ca_signing_tag'] + cert1.tag = self.mdict['pki_ca_signing_tag'] # Load the External CA or Stand-alone PKI # 'External CA Signing Certificate' (Step 2) self.load_system_cert(cert1, log.PKI_CONFIG_EXTERNAL_CA_LOAD, - self.master_dict['pki_external_ca_cert_path']) + self.mdict['pki_external_ca_cert_path']) # Load the External CA or Stand-alone PKI # 'External CA Signing Certificate Chain' (Step 2) self.load_system_cert_chain(cert1, log.PKI_CONFIG_EXTERNAL_CA_CHAIN_LOAD, - self.master_dict['pki_external_ca_cert_chain_path']) + self.mdict['pki_external_ca_cert_chain_path']) systemCerts.append(cert1) elif self.subsystem == "CA": # PKI CA or Subordinate CA @@ -3645,15 +3645,15 @@ class ConfigClient: # (Step 2) self.load_system_cert(cert2, log.PKI_CONFIG_EXTERNAL_CERT_LOAD_OCSP_SIGNING, - self.master_dict['pki_external_signing_cert_path']) + self.mdict['pki_external_signing_cert_path']) cert2.signingAlgorithm = \ - self.master_dict['pki_ocsp_signing_signing_algorithm'] + self.mdict['pki_ocsp_signing_signing_algorithm'] systemCerts.append(cert2) elif self.subsystem == "CA" or self.subsystem == "OCSP": # External CA, Subordinate CA, PKI CA, or PKI OCSP cert2 = self.create_system_cert("ocsp_signing") cert2.signingAlgorithm = \ - self.master_dict['pki_ocsp_signing_signing_algorithm'] + self.mdict['pki_ocsp_signing_signing_algorithm'] systemCerts.append(cert2) # Create 'SSL Server Certificate' @@ -3667,14 +3667,14 @@ class ConfigClient: # Load the Stand-alone PKI 'SSL Server Certificate' (Step 2) self.load_system_cert(cert3, log.PKI_CONFIG_EXTERNAL_CERT_LOAD_PKI_SSLSERVER_1, - self.master_dict['pki_external_sslserver_cert_path'], + self.mdict['pki_external_sslserver_cert_path'], self.subsystem) systemCerts.append(cert3) elif len(system_list) >= 2: # Existing PKI Instance data.generateServerCert = "false" for subsystem in system_list: - dst = self.master_dict['pki_instance_path'] + '/conf/' + \ + dst = self.mdict['pki_instance_path'] + '/conf/' + \ subsystem.lower() + '/CS.cfg' if subsystem != self.subsystem and os.path.exists(dst): cert3 = self.retrieve_existing_server_cert(dst) @@ -3696,14 +3696,14 @@ class ConfigClient: # Load the Stand-alone PKI 'Subsystem Certificate' (Step 2) self.load_system_cert(cert4, log.PKI_CONFIG_EXTERNAL_CERT_LOAD_PKI_SUBSYSTEM_1, - self.master_dict['pki_external_subsystem_cert_path'], + self.mdict['pki_external_subsystem_cert_path'], self.subsystem) systemCerts.append(cert4) elif len(system_list) >= 2: # Existing PKI Instance data.generateSubsystemCert = "false" for subsystem in system_list: - dst = self.master_dict['pki_instance_path'] + '/conf/' + \ + dst = self.mdict['pki_instance_path'] + '/conf/' + \ subsystem.lower() + '/CS.cfg' if subsystem != self.subsystem and os.path.exists(dst): cert4 = self.retrieve_existing_subsystem_cert(dst) @@ -3724,15 +3724,15 @@ class ConfigClient: # Load the Stand-alone PKI 'Audit Signing Certificate' (Step 2) self.load_system_cert(cert5, log.PKI_CONFIG_EXTERNAL_CERT_LOAD_PKI_AUDIT_SIGNING_1, - self.master_dict['pki_external_audit_signing_cert_path'], + self.mdict['pki_external_audit_signing_cert_path'], self.subsystem) cert5.signingAlgorithm = \ - self.master_dict['pki_audit_signing_signing_algorithm'] + self.mdict['pki_audit_signing_signing_algorithm'] systemCerts.append(cert5) elif self.subsystem != "RA": cert5 = self.create_system_cert("audit_signing") cert5.signingAlgorithm = \ - self.master_dict['pki_audit_signing_signing_algorithm'] + self.mdict['pki_audit_signing_signing_algorithm'] systemCerts.append(cert5) # Create 'DRM Transport Certificate' and 'DRM Storage Certificate' @@ -3745,14 +3745,14 @@ class ConfigClient: # Load the Stand-alone PKI KRA 'Transport Certificate' (Step 2) self.load_system_cert(cert6, log.PKI_CONFIG_EXTERNAL_CERT_LOAD_KRA_TRANSPORT, - self.master_dict['pki_external_transport_cert_path']) + self.mdict['pki_external_transport_cert_path']) systemCerts.append(cert6) # Stand-alone PKI KRA Storage Certificate (Step 2) cert7 = self.create_system_cert("storage") # Load the Stand-alone PKI KRA 'Storage Certificate' (Step 2) self.load_system_cert(cert7, log.PKI_CONFIG_EXTERNAL_CERT_LOAD_KRA_STORAGE, - self.master_dict['pki_external_storage_cert_path']) + self.mdict['pki_external_storage_cert_path']) systemCerts.append(cert7) elif self.subsystem == "KRA": # PKI KRA Transport Certificate @@ -3766,18 +3766,18 @@ class ConfigClient: def set_cloning_parameters(self, data): data.isClone = "true" - data.cloneUri = self.master_dict['pki_clone_uri'] - data.p12File = self.master_dict['pki_clone_pkcs12_path'] - data.p12Password = self.master_dict['pki_clone_pkcs12_password'] - data.replicateSchema = self.master_dict['pki_clone_replicate_schema'] + data.cloneUri = self.mdict['pki_clone_uri'] + data.p12File = self.mdict['pki_clone_pkcs12_path'] + data.p12Password = self.mdict['pki_clone_pkcs12_password'] + data.replicateSchema = self.mdict['pki_clone_replicate_schema'] data.replicationSecurity = \ - self.master_dict['pki_clone_replication_security'] - if self.master_dict['pki_clone_replication_master_port']: + self.mdict['pki_clone_replication_security'] + if self.mdict['pki_clone_replication_master_port']: data.masterReplicationPort = \ - self.master_dict['pki_clone_replication_master_port'] - if self.master_dict['pki_clone_replication_clone_port']: + self.mdict['pki_clone_replication_master_port'] + if self.mdict['pki_clone_replication_clone_port']: data.cloneReplicationPort = \ - self.master_dict['pki_clone_replication_clone_port'] + self.mdict['pki_clone_replication_clone_port'] def set_hierarchy_parameters(self, data): if self.subsystem == "CA": @@ -3796,60 +3796,60 @@ class ConfigClient: def set_existing_security_domain(self, data): data.securityDomainType = "existingdomain" - data.securityDomainUri = self.master_dict['pki_security_domain_uri'] - data.securityDomainUser = self.master_dict['pki_security_domain_user'] - data.securityDomainPassword = self.master_dict['pki_security_domain_password'] + data.securityDomainUri = self.mdict['pki_security_domain_uri'] + data.securityDomainUser = self.mdict['pki_security_domain_user'] + data.securityDomainPassword = self.mdict['pki_security_domain_password'] def set_new_security_domain(self, data): data.securityDomainType = "newdomain" - data.securityDomainName = self.master_dict['pki_security_domain_name'] + data.securityDomainName = self.mdict['pki_security_domain_name'] def set_database_parameters(self, data): - data.dsHost = self.master_dict['pki_ds_hostname'] - data.dsPort = self.master_dict['pki_ds_ldap_port'] - data.baseDN = self.master_dict['pki_ds_base_dn'] - data.bindDN = self.master_dict['pki_ds_bind_dn'] - data.database = self.master_dict['pki_ds_database'] - data.bindpwd = self.master_dict['pki_ds_password'] - if config.str2bool(self.master_dict['pki_ds_remove_data']): + data.dsHost = self.mdict['pki_ds_hostname'] + data.dsPort = self.mdict['pki_ds_ldap_port'] + data.baseDN = self.mdict['pki_ds_base_dn'] + data.bindDN = self.mdict['pki_ds_bind_dn'] + data.database = self.mdict['pki_ds_database'] + data.bindpwd = self.mdict['pki_ds_password'] + if config.str2bool(self.mdict['pki_ds_remove_data']): data.removeData = "true" else: data.removeData = "false" - if config.str2bool(self.master_dict['pki_ds_secure_connection']): + if config.str2bool(self.mdict['pki_ds_secure_connection']): data.secureConn = "true" else: data.secureConn = "false" - if config.str2bool(self.master_dict['pki_share_db']): + if config.str2bool(self.mdict['pki_share_db']): data.sharedDB = "true" - data.sharedDBUserDN = self.master_dict['pki_share_dbuser_dn'] + data.sharedDBUserDN = self.mdict['pki_share_dbuser_dn'] else: data.sharedDB = "false" def set_backup_parameters(self, data): - if config.str2bool(self.master_dict['pki_backup_keys']): + if config.str2bool(self.mdict['pki_backup_keys']): data.backupKeys = "true" - data.backupFile = self.master_dict['pki_backup_keys_p12'] - data.backupPassword = self.master_dict['pki_backup_password'] + data.backupFile = self.mdict['pki_backup_keys_p12'] + data.backupPassword = self.mdict['pki_backup_password'] else: data.backupKeys = "false" def set_admin_parameters(self, data): - data.adminEmail = self.master_dict['pki_admin_email'] - data.adminName = self.master_dict['pki_admin_name'] - data.adminPassword = self.master_dict['pki_admin_password'] - data.adminProfileID = self.master_dict['pki_admin_profile_id'] - data.adminUID = self.master_dict['pki_admin_uid'] - data.adminSubjectDN = self.master_dict['pki_admin_subject_dn'] + data.adminEmail = self.mdict['pki_admin_email'] + data.adminName = self.mdict['pki_admin_name'] + data.adminPassword = self.mdict['pki_admin_password'] + data.adminProfileID = self.mdict['pki_admin_profile_id'] + data.adminUID = self.mdict['pki_admin_uid'] + data.adminSubjectDN = self.mdict['pki_admin_subject_dn'] if self.standalone: if not self.external_step_two: # IMPORTANT: ALWAYS set 'pki_import_admin_cert' FALSE for # Stand-alone PKI (Step 1) - self.master_dict['pki_import_admin_cert'] = "False" + self.mdict['pki_import_admin_cert'] = "False" else: # IMPORTANT: ALWAYS set 'pki_import_admin_cert' TRUE for # Stand-alone PKI (Step 2) - self.master_dict['pki_import_admin_cert'] = "True" - if config.str2bool(self.master_dict['pki_import_admin_cert']): + self.mdict['pki_import_admin_cert'] = "True" + if config.str2bool(self.mdict['pki_import_admin_cert']): data.importAdminCert = "true" if self.standalone: # Stand-alone PKI (Step 2) @@ -3859,7 +3859,7 @@ class ConfigClient: # 'ca_admin.cert' under the specified 'pki_client_dir' # stripping the certificate HEADER/FOOTER prior to saving it. imported_admin_cert = "" - with open(self.master_dict['pki_external_admin_cert_path'], "r") as f: + with open(self.mdict['pki_external_admin_cert_path'], "r") as f: for line in f: if line.startswith("-----BEGIN CERTIFICATE-----"): continue @@ -3867,34 +3867,34 @@ class ConfigClient: continue else: imported_admin_cert = imported_admin_cert + line - with open(self.master_dict['pki_admin_cert_file'], "w") as f: + with open(self.mdict['pki_admin_cert_file'], "w") as f: f.write(imported_admin_cert) # read config from file - with open(self.master_dict['pki_admin_cert_file'], "r") as f: + with open(self.mdict['pki_admin_cert_file'], "r") as f: b64 = f.read().replace('\n', '') data.adminCert = b64 else: data.importAdminCert = "false" - data.adminSubjectDN = self.master_dict['pki_admin_subject_dn'] - if self.master_dict['pki_admin_cert_request_type'] == "pkcs10": + data.adminSubjectDN = self.mdict['pki_admin_subject_dn'] + if self.mdict['pki_admin_cert_request_type'] == "pkcs10": data.adminCertRequestType = "pkcs10" noise_file = os.path.join( - self.master_dict['pki_client_database_dir'], "noise") + self.mdict['pki_client_database_dir'], "noise") output_file = os.path.join( - self.master_dict['pki_client_database_dir'], "admin_pkcs10.bin") + self.mdict['pki_client_database_dir'], "admin_pkcs10.bin") self.deployer.file.generate_noise_file( - noise_file, int(self.master_dict['pki_admin_keysize'])) + noise_file, int(self.mdict['pki_admin_keysize'])) self.deployer.certutil.generate_certificate_request( - self.master_dict['pki_admin_subject_dn'], - self.master_dict['pki_admin_keysize'], - self.master_dict['pki_client_password_conf'], + self.mdict['pki_admin_subject_dn'], + self.mdict['pki_admin_keysize'], + self.mdict['pki_client_password_conf'], noise_file, output_file, - self.master_dict['pki_client_database_dir'], + self.mdict['pki_client_database_dir'], None, None, True) # convert output to ascii @@ -3916,7 +3916,7 @@ class ConfigClient: self.save_admin_csr() # IMPORTANT: ALWAYS save the client database for # Stand-alone PKI (Step 1) - self.master_dict['pki_client_database_purge'] = "False" + self.mdict['pki_client_database_purge'] = "False" with open(output_file + ".asc", "r") as f: b64 = f.read().replace('\n', '') @@ -3934,43 +3934,43 @@ class ConfigClient: # PKI KRA, PKI OCSP, PKI RA, PKI TKS, PKI TPS, # CA Clone, KRA Clone, OCSP Clone, TKS Clone, TPS Clone, # Subordinate CA, External CA, or Stand-alone PKI - data.issuingCA = self.master_dict['pki_issuing_ca'] + data.issuingCA = self.mdict['pki_issuing_ca'] def set_tps_parameters(self, data): - data.caUri = self.master_dict['pki_ca_uri'] - data.tksUri = self.master_dict['pki_tks_uri'] - data.enableServerSideKeyGen = self.master_dict['pki_enable_server_side_keygen'] - if config.str2bool(self.master_dict['pki_enable_server_side_keygen']): - data.kraUri = self.master_dict['pki_kra_uri'] - data.authdbHost = self.master_dict['pki_authdb_hostname'] - data.authdbPort = self.master_dict['pki_authdb_port'] - data.authdbBaseDN = self.master_dict['pki_authdb_basedn'] - data.authdbSecureConn = self.master_dict['pki_authdb_secure_conn'] - data.importSharedSecret = self.master_dict['pki_import_shared_secret'] + data.caUri = self.mdict['pki_ca_uri'] + data.tksUri = self.mdict['pki_tks_uri'] + data.enableServerSideKeyGen = self.mdict['pki_enable_server_side_keygen'] + if config.str2bool(self.mdict['pki_enable_server_side_keygen']): + data.kraUri = self.mdict['pki_kra_uri'] + data.authdbHost = self.mdict['pki_authdb_hostname'] + data.authdbPort = self.mdict['pki_authdb_port'] + data.authdbBaseDN = self.mdict['pki_authdb_basedn'] + data.authdbSecureConn = self.mdict['pki_authdb_secure_conn'] + data.importSharedSecret = self.mdict['pki_import_shared_secret'] def create_system_cert(self, tag): cert = pki.system.SystemCertData() - cert.tag = self.master_dict["pki_%s_tag" % tag] - cert.keyAlgorithm = self.master_dict["pki_%s_key_algorithm" % tag] - cert.keySize = self.master_dict["pki_%s_key_size" % tag] - cert.keyType = self.master_dict["pki_%s_key_type" % tag] - cert.nickname = self.master_dict["pki_%s_nickname" % tag] - cert.subjectDN = self.master_dict["pki_%s_subject_dn" % tag] - cert.token = self.master_dict["pki_%s_token" % tag] + cert.tag = self.mdict["pki_%s_tag" % tag] + cert.keyAlgorithm = self.mdict["pki_%s_key_algorithm" % tag] + cert.keySize = self.mdict["pki_%s_key_size" % tag] + cert.keyType = self.mdict["pki_%s_key_type" % tag] + cert.nickname = self.mdict["pki_%s_nickname" % tag] + cert.subjectDN = self.mdict["pki_%s_subject_dn" % tag] + cert.token = self.mdict["pki_%s_token" % tag] return cert def retrieve_existing_server_cert(self, cfg_file): cs_cfg = PKIConfigParser.read_simple_configuration_file(cfg_file) cstype = cs_cfg.get('cs.type').lower() cert = pki.system.SystemCertData() - cert.tag = self.master_dict["pki_ssl_server_tag"] - cert.keyAlgorithm = self.master_dict["pki_ssl_server_key_algorithm"] - cert.keySize = self.master_dict["pki_ssl_server_key_size"] - cert.keyType = self.master_dict["pki_ssl_server_key_type"] + cert.tag = self.mdict["pki_ssl_server_tag"] + cert.keyAlgorithm = self.mdict["pki_ssl_server_key_algorithm"] + cert.keySize = self.mdict["pki_ssl_server_key_size"] + cert.keyType = self.mdict["pki_ssl_server_key_type"] cert.nickname = cs_cfg.get(cstype + ".sslserver.nickname") cert.cert = cs_cfg.get(cstype + ".sslserver.cert") cert.request = cs_cfg.get(cstype + ".sslserver.certreq") - cert.subjectDN = self.master_dict["pki_ssl_server_subject_dn"] + cert.subjectDN = self.mdict["pki_ssl_server_subject_dn"] cert.token = cs_cfg.get(cstype + ".sslserver.tokenname") return cert @@ -3978,9 +3978,9 @@ class ConfigClient: cs_cfg = PKIConfigParser.read_simple_configuration_file(cfg_file) cstype = cs_cfg.get('cs.type').lower() cert = pki.system.SystemCertData() - cert.tag = self.master_dict["pki_subsystem_tag"] + cert.tag = self.mdict["pki_subsystem_tag"] cert.keyAlgorithm = cs_cfg.get("cloning.subsystem.keyalgorithm") - cert.keySize = self.master_dict["pki_subsystem_key_size"] + cert.keySize = self.mdict["pki_subsystem_key_size"] cert.keyType = cs_cfg.get("cloning.subsystem.keytype") cert.nickname = cs_cfg.get(cstype + ".subsystem.nickname") cert.cert = cs_cfg.get(cstype + ".subsystem.cert") @@ -3992,10 +3992,10 @@ class ConfigClient: class PKIDeployer: """Holds the global dictionaries and the utility objects""" - def __init__(self, pki_master_dict, pki_slots_dict=None): + def __init__(self, pki_mdict, slots_dict=None): # Global dictionary variables - self.master_dict = pki_master_dict - self.slots = pki_slots_dict + self.mdict = pki_mdict + self.slots = slots_dict self.manifest_db = [] # Utility objects diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py index 2759ceeef..620c9bdb5 100644 --- a/base/server/python/pki/server/deployment/pkiparser.py +++ b/base/server/python/pki/server/deployment/pkiparser.py @@ -90,8 +90,8 @@ class PKIConfigParser: self.authdb_connection = None # Master and Slot dictionaries - self.pki_master_dict = dict() - self.pki_slots_dict = dict() + self.mdict = dict() + self.slots_dict = dict() # PKI Deployment Helper Functions def process_command_line_arguments(self): @@ -254,7 +254,7 @@ class PKIConfigParser: options=None, sign=':', allow_empty=True, case_sensitive=True): if default is None and key is not None: - default = self.pki_master_dict[key] + default = self.mdict[key] if default: message = message + ' [' + default + ']' message = ' ' * self.indent + message + sign + ' ' @@ -369,11 +369,11 @@ class PKIConfigParser: def flatten_master_dict(self): - self.pki_master_dict.update(__name__="PKI Master Dictionary") + self.mdict.update(__name__="PKI Master Dictionary") default_dict = dict(self.pki_config.items('DEFAULT')) default_dict[0] = None - self.pki_master_dict.update(default_dict) + self.mdict.update(default_dict) web_server_dict = None if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: @@ -385,31 +385,31 @@ class PKIConfigParser: if web_server_dict: web_server_dict[0] = None - self.pki_master_dict.update(web_server_dict) + self.mdict.update(web_server_dict) if self.pki_config.has_section(config.pki_subsystem): subsystem_dict = dict(self.pki_config.items(config.pki_subsystem)) subsystem_dict[0] = None - self.pki_master_dict.update(subsystem_dict) + self.mdict.update(subsystem_dict) def ds_connect(self): - hostname = self.pki_master_dict['pki_ds_hostname'] + hostname = self.mdict['pki_ds_hostname'] - if config.str2bool(self.pki_master_dict['pki_ds_secure_connection']): + if config.str2bool(self.mdict['pki_ds_secure_connection']): protocol = 'ldaps' - port = self.pki_master_dict['pki_ds_ldaps_port'] + port = self.mdict['pki_ds_ldaps_port'] else: protocol = 'ldap' - port = self.pki_master_dict['pki_ds_ldap_port'] + port = self.mdict['pki_ds_ldap_port'] self.ds_connection = ldap.initialize(protocol + '://' + hostname + ':' + port) def ds_bind(self): self.ds_connection.simple_bind_s( - self.pki_master_dict['pki_ds_bind_dn'], - self.pki_master_dict['pki_ds_password']) + self.mdict['pki_ds_bind_dn'], + self.mdict['pki_ds_password']) def ds_search(self, key=None): if key is None: @@ -437,7 +437,7 @@ class PKIConfigParser: self.ds_bind() self.ds_search() try: - results = self.ds_search(self.pki_master_dict['pki_ds_base_dn']) + results = self.ds_search(self.mdict['pki_ds_base_dn']) if results is None or len(results) == 0: base_dn_exists = False @@ -453,8 +453,8 @@ class PKIConfigParser: def sd_connect(self): self.sd_connection = pki.client.PKIConnection( protocol='https', - hostname=self.pki_master_dict['pki_security_domain_hostname'], - port=self.pki_master_dict['pki_security_domain_https_port'], + hostname=self.mdict['pki_security_domain_hostname'], + port=self.mdict['pki_security_domain_https_port'], subsystem='ca') def sd_get_info(self): @@ -471,8 +471,8 @@ class PKIConfigParser: def sd_authenticate(self): self.sd_connection.authenticate( - self.pki_master_dict['pki_security_domain_user'], - self.pki_master_dict['pki_security_domain_password']) + self.mdict['pki_security_domain_user'], + self.mdict['pki_security_domain_password']) account = pki.account.AccountClient(self.sd_connection) try: @@ -490,10 +490,10 @@ class PKIConfigParser: def authdb_connect(self): - hostname = self.pki_master_dict['pki_authdb_hostname'] - port = self.pki_master_dict['pki_authdb_port'] + hostname = self.mdict['pki_authdb_hostname'] + port = self.mdict['pki_authdb_port'] - if config.str2bool(self.pki_master_dict['pki_authdb_secure_conn']): + if config.str2bool(self.mdict['pki_authdb_secure_conn']): protocol = 'ldaps' else: protocol = 'ldap' @@ -504,7 +504,7 @@ class PKIConfigParser: def authdb_base_dn_exists(self): try: results = self.authdb_connection.search_s( - self.pki_master_dict['pki_authdb_basedn'], + self.mdict['pki_authdb_basedn'], ldap.SCOPE_BASE) if results is None or len(results) == 0: @@ -516,7 +516,7 @@ class PKIConfigParser: return False def get_server_status(self, system_type, system_uri): - parse = urlparse(self.pki_master_dict[system_uri]) + parse = urlparse(self.mdict[system_uri]) conn = pki.client.PKIConnection( protocol=parse.scheme, hostname=parse.hostname, @@ -531,410 +531,410 @@ class PKIConfigParser: "Create a single master PKI dictionary from the sectional dictionaries" try: # 'pkispawn'/'pkidestroy' name/value pairs - self.pki_master_dict['pki_deployment_executable'] = \ + self.mdict['pki_deployment_executable'] = \ config.pki_deployment_executable - self.pki_master_dict['pki_install_time'] = config.pki_install_time - self.pki_master_dict['pki_timestamp'] = config.pki_timestamp - self.pki_master_dict['pki_certificate_timestamp'] = \ + self.mdict['pki_install_time'] = config.pki_install_time + self.mdict['pki_timestamp'] = config.pki_timestamp + self.mdict['pki_certificate_timestamp'] = \ config.pki_certificate_timestamp - self.pki_master_dict['pki_architecture'] = config.pki_architecture - self.pki_master_dict['pki_default_deployment_cfg'] = config.default_deployment_cfg - self.pki_master_dict['pki_user_deployment_cfg'] = config.user_deployment_cfg - self.pki_master_dict['pki_deployed_instance_name'] = \ + self.mdict['pki_architecture'] = config.pki_architecture + self.mdict['pki_default_deployment_cfg'] = config.default_deployment_cfg + self.mdict['pki_user_deployment_cfg'] = config.user_deployment_cfg + self.mdict['pki_deployed_instance_name'] = \ config.pki_deployed_instance_name # Generate random 'pin's for use as security database passwords # and add these to the "sensitive" key value pairs read in from # the configuration file pin_low = 100000000000 pin_high = 999999999999 - self.pki_master_dict['pki_pin'] = \ + self.mdict['pki_pin'] = \ random.randint(pin_low, pin_high) - self.pki_master_dict['pki_client_pin'] = \ + self.mdict['pki_client_pin'] = \ random.randint(pin_low, pin_high) self.flatten_master_dict() - pkilogging.sensitive_parameters = self.pki_master_dict['sensitive_parameters'].split() + pkilogging.sensitive_parameters = self.mdict['sensitive_parameters'].split() # Always create "false" values for these missing "boolean" keys - if not self.pki_master_dict.has_key('pki_enable_access_log') or\ - not len(self.pki_master_dict['pki_enable_access_log']): - self.pki_master_dict['pki_enable_access_log'] = "false" - if not self.pki_master_dict.has_key('pki_external') or\ - not len(self.pki_master_dict['pki_external']): - self.pki_master_dict['pki_external'] = "false" - if not self.pki_master_dict.has_key('pki_external_step_two') or\ - not len(self.pki_master_dict['pki_external_step_two']): - self.pki_master_dict['pki_external_step_two'] = "false" - if not self.pki_master_dict.has_key('pki_standalone') or\ - not len(self.pki_master_dict['pki_standalone']): - self.pki_master_dict['pki_standalone'] = "false" - if not self.pki_master_dict.has_key('pki_subordinate') or\ - not len(self.pki_master_dict['pki_subordinate']): - self.pki_master_dict['pki_subordinate'] = "false" + if not self.mdict.has_key('pki_enable_access_log') or\ + not len(self.mdict['pki_enable_access_log']): + self.mdict['pki_enable_access_log'] = "false" + if not self.mdict.has_key('pki_external') or\ + not len(self.mdict['pki_external']): + self.mdict['pki_external'] = "false" + if not self.mdict.has_key('pki_external_step_two') or\ + not len(self.mdict['pki_external_step_two']): + self.mdict['pki_external_step_two'] = "false" + if not self.mdict.has_key('pki_standalone') or\ + not len(self.mdict['pki_standalone']): + self.mdict['pki_standalone'] = "false" + if not self.mdict.has_key('pki_subordinate') or\ + not len(self.mdict['pki_subordinate']): + self.mdict['pki_subordinate'] = "false" # PKI Target (slot substitution) name/value pairs - self.pki_master_dict['pki_target_cs_cfg'] = \ + self.mdict['pki_target_cs_cfg'] = \ os.path.join( - self.pki_master_dict['pki_subsystem_configuration_path'], + self.mdict['pki_subsystem_configuration_path'], "CS.cfg") - self.pki_master_dict['pki_target_registry'] = \ - os.path.join(self.pki_master_dict['pki_instance_registry_path'], - self.pki_master_dict['pki_instance_name']) - if (config.str2bool(self.pki_master_dict['pki_external_step_two'])): + self.mdict['pki_target_registry'] = \ + os.path.join(self.mdict['pki_instance_registry_path'], + self.mdict['pki_instance_name']) + if (config.str2bool(self.mdict['pki_external_step_two'])): # For CA (External CA Step 2) and Stand-alone PKI (Step 2), # use the 'pki_one_time_pin' established during the setup # of (Step 1) - if os.path.exists(self.pki_master_dict['pki_target_cs_cfg'])\ + if os.path.exists(self.mdict['pki_target_cs_cfg'])\ and\ - os.path.isfile(self.pki_master_dict['pki_target_cs_cfg']): + os.path.isfile(self.mdict['pki_target_cs_cfg']): cs_cfg = self.read_simple_configuration_file( - self.pki_master_dict['pki_target_cs_cfg']) - self.pki_master_dict['pki_one_time_pin'] = \ + self.mdict['pki_target_cs_cfg']) + self.mdict['pki_one_time_pin'] = \ cs_cfg.get('preop.pin') else: config.pki_log.error(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, - self.pki_master_dict['pki_target_cs_cfg'], + self.mdict['pki_target_cs_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1) else: # Generate a one-time pin to be used prior to configuration # and add this to the "sensitive" key value pairs read in from # the configuration file - self.pki_master_dict['pki_one_time_pin'] = \ + self.mdict['pki_one_time_pin'] = \ ''.join(random.choice(string.ascii_letters + string.digits)\ for x in range(20)) - if self.pki_master_dict['pki_subsystem'] in\ + if self.mdict['pki_subsystem'] in\ config.PKI_TOMCAT_SUBSYSTEMS: - self.pki_master_dict['pki_target_catalina_properties'] = \ + self.mdict['pki_target_catalina_properties'] = \ os.path.join( - self.pki_master_dict['pki_instance_configuration_path'], + self.mdict['pki_instance_configuration_path'], "catalina.properties") - self.pki_master_dict['pki_target_servercertnick_conf'] = \ + self.mdict['pki_target_servercertnick_conf'] = \ os.path.join( - self.pki_master_dict['pki_instance_configuration_path'], + self.mdict['pki_instance_configuration_path'], "serverCertNick.conf") - self.pki_master_dict['pki_target_server_xml'] = \ + self.mdict['pki_target_server_xml'] = \ os.path.join( - self.pki_master_dict['pki_instance_configuration_path'], + self.mdict['pki_instance_configuration_path'], "server.xml") - self.pki_master_dict['pki_target_context_xml'] = \ + self.mdict['pki_target_context_xml'] = \ os.path.join( - self.pki_master_dict['pki_instance_configuration_path'], + self.mdict['pki_instance_configuration_path'], "context.xml") - self.pki_master_dict['pki_target_tomcat_conf_instance_id'] = \ - self.pki_master_dict['pki_root_prefix'] + \ + self.mdict['pki_target_tomcat_conf_instance_id'] = \ + self.mdict['pki_root_prefix'] + \ "/etc/sysconfig/" + \ - self.pki_master_dict['pki_instance_name'] - self.pki_master_dict['pki_target_tomcat_conf'] = \ + self.mdict['pki_instance_name'] + self.mdict['pki_target_tomcat_conf'] = \ os.path.join( - self.pki_master_dict['pki_instance_configuration_path'], + self.mdict['pki_instance_configuration_path'], "tomcat.conf") # in-place slot substitution name/value pairs - self.pki_master_dict['pki_target_velocity_properties'] = \ + self.mdict['pki_target_velocity_properties'] = \ os.path.join( - self.pki_master_dict['pki_tomcat_webapps_subsystem_path'], + self.mdict['pki_tomcat_webapps_subsystem_path'], "WEB-INF", "velocity.properties") - self.pki_master_dict['pki_target_subsystem_web_xml'] = \ + self.mdict['pki_target_subsystem_web_xml'] = \ os.path.join( - self.pki_master_dict['pki_tomcat_webapps_subsystem_path'], + self.mdict['pki_tomcat_webapps_subsystem_path'], "WEB-INF", "web.xml") - self.pki_master_dict['pki_target_subsystem_web_xml_orig'] = \ + self.mdict['pki_target_subsystem_web_xml_orig'] = \ os.path.join( - self.pki_master_dict['pki_tomcat_webapps_subsystem_path'], + self.mdict['pki_tomcat_webapps_subsystem_path'], "WEB-INF", "web.xml.orig") # subystem-specific slot substitution name/value pairs - if self.pki_master_dict['pki_subsystem'] == "CA": - self.pki_master_dict['pki_target_flatfile_txt'] = \ - os.path.join(self.pki_master_dict\ + if self.mdict['pki_subsystem'] == "CA": + self.mdict['pki_target_flatfile_txt'] = \ + os.path.join(self.mdict\ ['pki_subsystem_configuration_path'], "flatfile.txt") - self.pki_master_dict['pki_target_proxy_conf'] = \ - os.path.join(self.pki_master_dict\ + self.mdict['pki_target_proxy_conf'] = \ + os.path.join(self.mdict\ ['pki_subsystem_configuration_path'], "proxy.conf") - self.pki_master_dict['pki_target_registry_cfg'] = \ - os.path.join(self.pki_master_dict\ + self.mdict['pki_target_registry_cfg'] = \ + os.path.join(self.mdict\ ['pki_subsystem_configuration_path'], "registry.cfg") # '*.profile' - self.pki_master_dict['pki_target_admincert_profile'] = \ - os.path.join(self.pki_master_dict\ + self.mdict['pki_target_admincert_profile'] = \ + os.path.join(self.mdict\ ['pki_subsystem_configuration_path'], "adminCert.profile") - self.pki_master_dict['pki_target_caauditsigningcert_profile']\ - = os.path.join(self.pki_master_dict\ + self.mdict['pki_target_caauditsigningcert_profile']\ + = os.path.join(self.mdict\ ['pki_subsystem_configuration_path'], "caAuditSigningCert.profile") - self.pki_master_dict['pki_target_cacert_profile'] = \ - os.path.join(self.pki_master_dict\ + self.mdict['pki_target_cacert_profile'] = \ + os.path.join(self.mdict\ ['pki_subsystem_configuration_path'], "caCert.profile") - self.pki_master_dict['pki_target_caocspcert_profile'] = \ - os.path.join(self.pki_master_dict\ + self.mdict['pki_target_caocspcert_profile'] = \ + os.path.join(self.mdict\ ['pki_subsystem_configuration_path'], "caOCSPCert.profile") - self.pki_master_dict['pki_target_servercert_profile'] = \ - os.path.join(self.pki_master_dict\ + self.mdict['pki_target_servercert_profile'] = \ + os.path.join(self.mdict\ ['pki_subsystem_configuration_path'], "serverCert.profile") - self.pki_master_dict['pki_target_subsystemcert_profile'] = \ - os.path.join(self.pki_master_dict\ + self.mdict['pki_target_subsystemcert_profile'] = \ + os.path.join(self.mdict\ ['pki_subsystem_configuration_path'], "subsystemCert.profile") # in-place slot substitution name/value pairs - self.pki_master_dict['pki_target_profileselect_template'] = \ + self.mdict['pki_target_profileselect_template'] = \ os.path.join( - self.pki_master_dict\ + self.mdict\ ['pki_tomcat_webapps_subsystem_path'], "ee", - self.pki_master_dict['pki_subsystem'].lower(), + self.mdict['pki_subsystem'].lower(), "ProfileSelect.template") - elif self.pki_master_dict['pki_subsystem'] == "KRA": + elif self.mdict['pki_subsystem'] == "KRA": # '*.profile' - self.pki_master_dict['pki_target_servercert_profile'] = \ - os.path.join(self.pki_master_dict\ + self.mdict['pki_target_servercert_profile'] = \ + os.path.join(self.mdict\ ['pki_subsystem_configuration_path'], "serverCert.profile") - self.pki_master_dict['pki_target_storagecert_profile'] = \ - os.path.join(self.pki_master_dict\ + self.mdict['pki_target_storagecert_profile'] = \ + os.path.join(self.mdict\ ['pki_subsystem_configuration_path'], "storageCert.profile") - self.pki_master_dict['pki_target_subsystemcert_profile'] = \ - os.path.join(self.pki_master_dict\ + self.mdict['pki_target_subsystemcert_profile'] = \ + os.path.join(self.mdict\ ['pki_subsystem_configuration_path'], "subsystemCert.profile") - self.pki_master_dict['pki_target_transportcert_profile'] = \ - os.path.join(self.pki_master_dict\ + self.mdict['pki_target_transportcert_profile'] = \ + os.path.join(self.mdict\ ['pki_subsystem_configuration_path'], "transportCert.profile") - elif self.pki_master_dict['pki_subsystem'] == "TPS": - self.pki_master_dict['pki_target_registry_cfg'] = \ - os.path.join(self.pki_master_dict\ + elif self.mdict['pki_subsystem'] == "TPS": + self.mdict['pki_target_registry_cfg'] = \ + os.path.join(self.mdict\ ['pki_subsystem_configuration_path'], "registry.cfg") - self.pki_master_dict['pki_target_phone_home_xml'] = \ + self.mdict['pki_target_phone_home_xml'] = \ os.path.join( - self.pki_master_dict['pki_subsystem_configuration_path'], + self.mdict['pki_subsystem_configuration_path'], "phoneHome.xml") # Slot assignment name/value pairs # NOTE: Master key == Slots key; Master value ==> Slots value - self.pki_master_dict['PKI_INSTANCE_NAME_SLOT'] = \ - self.pki_master_dict['pki_instance_name'] - self.pki_master_dict['PKI_INSTANCE_INITSCRIPT_SLOT'] = \ - os.path.join(self.pki_master_dict['pki_instance_path'], - self.pki_master_dict['pki_instance_name']) - self.pki_master_dict['PKI_REGISTRY_FILE_SLOT'] = \ - os.path.join(self.pki_master_dict['pki_subsystem_registry_path'], - self.pki_master_dict['pki_instance_name']) - if self.pki_master_dict['pki_subsystem'] in\ + self.mdict['PKI_INSTANCE_NAME_SLOT'] = \ + self.mdict['pki_instance_name'] + self.mdict['PKI_INSTANCE_INITSCRIPT_SLOT'] = \ + os.path.join(self.mdict['pki_instance_path'], + self.mdict['pki_instance_name']) + self.mdict['PKI_REGISTRY_FILE_SLOT'] = \ + os.path.join(self.mdict['pki_subsystem_registry_path'], + self.mdict['pki_instance_name']) + if self.mdict['pki_subsystem'] in\ config.PKI_APACHE_SUBSYSTEMS: - self.pki_master_dict['FORTITUDE_APACHE_SLOT'] = None - self.pki_master_dict['FORTITUDE_AUTH_MODULES_SLOT'] = None - self.pki_master_dict['FORTITUDE_DIR_SLOT'] = None - self.pki_master_dict['FORTITUDE_LIB_DIR_SLOT'] = None - self.pki_master_dict['FORTITUDE_MODULE_SLOT'] = None - self.pki_master_dict['FORTITUDE_NSS_MODULES_SLOT'] = None - self.pki_master_dict['HTTPD_CONF_SLOT'] = None - self.pki_master_dict['LIB_PREFIX_SLOT'] = None - self.pki_master_dict['NON_CLIENTAUTH_SECURE_PORT_SLOT'] = None - self.pki_master_dict['NSS_CONF_SLOT'] = None - self.pki_master_dict['OBJ_EXT_SLOT'] = None - self.pki_master_dict['PKI_LOCKDIR_SLOT'] = \ + self.mdict['FORTITUDE_APACHE_SLOT'] = None + self.mdict['FORTITUDE_AUTH_MODULES_SLOT'] = None + self.mdict['FORTITUDE_DIR_SLOT'] = None + self.mdict['FORTITUDE_LIB_DIR_SLOT'] = None + self.mdict['FORTITUDE_MODULE_SLOT'] = None + self.mdict['FORTITUDE_NSS_MODULES_SLOT'] = None + self.mdict['HTTPD_CONF_SLOT'] = None + self.mdict['LIB_PREFIX_SLOT'] = None + self.mdict['NON_CLIENTAUTH_SECURE_PORT_SLOT'] = None + self.mdict['NSS_CONF_SLOT'] = None + self.mdict['OBJ_EXT_SLOT'] = None + self.mdict['PKI_LOCKDIR_SLOT'] = \ os.path.join("/var/lock/pki", "apache") - self.pki_master_dict['PKI_PIDDIR_SLOT'] = \ + self.mdict['PKI_PIDDIR_SLOT'] = \ os.path.join("/var/run/pki", "apache") - self.pki_master_dict['PKI_WEB_SERVER_TYPE_SLOT'] = "apache" - self.pki_master_dict['PORT_SLOT'] = None - self.pki_master_dict['PROCESS_ID_SLOT'] = None - self.pki_master_dict['REQUIRE_CFG_PL_SLOT'] = None - self.pki_master_dict['SECURE_PORT_SLOT'] = None - self.pki_master_dict['SECURITY_LIBRARIES_SLOT'] = None - self.pki_master_dict['PKI_HOSTNAME_SLOT'] = None - self.pki_master_dict['SERVER_ROOT_SLOT'] = None - self.pki_master_dict['SYSTEM_LIBRARIES_SLOT'] = None - self.pki_master_dict['SYSTEM_USER_LIBRARIES_SLOT'] = None - self.pki_master_dict['TMP_DIR_SLOT'] = None - elif self.pki_master_dict['pki_subsystem'] in\ + self.mdict['PKI_WEB_SERVER_TYPE_SLOT'] = "apache" + self.mdict['PORT_SLOT'] = None + self.mdict['PROCESS_ID_SLOT'] = None + self.mdict['REQUIRE_CFG_PL_SLOT'] = None + self.mdict['SECURE_PORT_SLOT'] = None + self.mdict['SECURITY_LIBRARIES_SLOT'] = None + self.mdict['PKI_HOSTNAME_SLOT'] = None + self.mdict['SERVER_ROOT_SLOT'] = None + self.mdict['SYSTEM_LIBRARIES_SLOT'] = None + self.mdict['SYSTEM_USER_LIBRARIES_SLOT'] = None + self.mdict['TMP_DIR_SLOT'] = None + elif self.mdict['pki_subsystem'] in\ config.PKI_TOMCAT_SUBSYSTEMS: - self.pki_master_dict['INSTALL_TIME_SLOT'] = \ - self.pki_master_dict['pki_install_time'] - self.pki_master_dict['PKI_ADMIN_SECURE_PORT_SLOT'] = \ - self.pki_master_dict['pki_https_port'] - self.pki_master_dict\ + self.mdict['INSTALL_TIME_SLOT'] = \ + self.mdict['pki_install_time'] + self.mdict['PKI_ADMIN_SECURE_PORT_SLOT'] = \ + self.mdict['pki_https_port'] + self.mdict\ ['PKI_ADMIN_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \ "Unused" - self.pki_master_dict\ + self.mdict\ ['PKI_ADMIN_SECURE_PORT_SERVER_COMMENT_SLOT'] = \ "" - self.pki_master_dict['PKI_AGENT_CLIENTAUTH_SLOT'] = \ + self.mdict['PKI_AGENT_CLIENTAUTH_SLOT'] = \ "want" - self.pki_master_dict['PKI_AGENT_SECURE_PORT_SLOT'] = \ - self.pki_master_dict['pki_https_port'] - self.pki_master_dict['PKI_AJP_PORT_SLOT'] = \ - self.pki_master_dict['pki_ajp_port'] - self.pki_master_dict['PKI_AJP_REDIRECT_PORT_SLOT'] = \ - self.pki_master_dict['pki_https_port'] - self.pki_master_dict['PKI_CA_HOSTNAME_SLOT'] = \ - self.pki_master_dict['pki_ca_hostname'] - self.pki_master_dict['PKI_CA_PORT_SLOT'] = \ - self.pki_master_dict['pki_ca_port'] - self.pki_master_dict['PKI_CERT_DB_PASSWORD_SLOT'] = \ - self.pki_master_dict['pki_pin'] - self.pki_master_dict['PKI_CFG_PATH_NAME_SLOT'] = \ - self.pki_master_dict['pki_target_cs_cfg'] - self.pki_master_dict\ + self.mdict['PKI_AGENT_SECURE_PORT_SLOT'] = \ + self.mdict['pki_https_port'] + self.mdict['PKI_AJP_PORT_SLOT'] = \ + self.mdict['pki_ajp_port'] + self.mdict['PKI_AJP_REDIRECT_PORT_SLOT'] = \ + self.mdict['pki_https_port'] + self.mdict['PKI_CA_HOSTNAME_SLOT'] = \ + self.mdict['pki_ca_hostname'] + self.mdict['PKI_CA_PORT_SLOT'] = \ + self.mdict['pki_ca_port'] + self.mdict['PKI_CERT_DB_PASSWORD_SLOT'] = \ + self.mdict['pki_pin'] + self.mdict['PKI_CFG_PATH_NAME_SLOT'] = \ + self.mdict['pki_target_cs_cfg'] + self.mdict\ ['PKI_CLOSE_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] = \ "-->" - self.pki_master_dict\ + self.mdict\ ['PKI_CLOSE_SEPARATE_PORTS_WEB_COMMENT_SLOT'] = \ "-->" - self.pki_master_dict['PKI_EE_SECURE_CLIENT_AUTH_PORT_SLOT'] = \ - self.pki_master_dict['pki_https_port'] - self.pki_master_dict\ + self.mdict['PKI_EE_SECURE_CLIENT_AUTH_PORT_SLOT'] = \ + self.mdict['pki_https_port'] + self.mdict\ ['PKI_EE_SECURE_CLIENT_AUTH_PORT_CONNECTOR_NAME_SLOT'] = \ "Unused" - self.pki_master_dict\ + self.mdict\ ['PKI_EE_SECURE_CLIENT_AUTH_PORT_SERVER_COMMENT_SLOT'] = \ "" - self.pki_master_dict['PKI_EE_SECURE_CLIENT_AUTH_PORT_UI_SLOT'] = \ - self.pki_master_dict['pki_https_port'] - self.pki_master_dict['PKI_EE_SECURE_PORT_SLOT'] = \ - self.pki_master_dict['pki_https_port'] - self.pki_master_dict['PKI_EE_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \ + self.mdict['PKI_EE_SECURE_CLIENT_AUTH_PORT_UI_SLOT'] = \ + self.mdict['pki_https_port'] + self.mdict['PKI_EE_SECURE_PORT_SLOT'] = \ + self.mdict['pki_https_port'] + self.mdict['PKI_EE_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \ "Unused" - self.pki_master_dict['PKI_EE_SECURE_PORT_SERVER_COMMENT_SLOT'] = \ + self.mdict['PKI_EE_SECURE_PORT_SERVER_COMMENT_SLOT'] = \ "" - self.pki_master_dict['PKI_GROUP_SLOT'] = \ - self.pki_master_dict['pki_group'] - self.pki_master_dict['PKI_INSTANCE_PATH_SLOT'] = \ - self.pki_master_dict['pki_instance_path'] - self.pki_master_dict['PKI_INSTANCE_ROOT_SLOT'] = \ - self.pki_master_dict['pki_path'] - self.pki_master_dict['PKI_LOCKDIR_SLOT'] = \ + self.mdict['PKI_GROUP_SLOT'] = \ + self.mdict['pki_group'] + self.mdict['PKI_INSTANCE_PATH_SLOT'] = \ + self.mdict['pki_instance_path'] + self.mdict['PKI_INSTANCE_ROOT_SLOT'] = \ + self.mdict['pki_path'] + self.mdict['PKI_LOCKDIR_SLOT'] = \ os.path.join("/var/lock/pki", "tomcat") - self.pki_master_dict['PKI_HOSTNAME_SLOT'] = \ - self.pki_master_dict['pki_hostname'] - self.pki_master_dict\ + self.mdict['PKI_HOSTNAME_SLOT'] = \ + self.mdict['pki_hostname'] + self.mdict\ ['PKI_OPEN_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] = \ "<!--" - self.pki_master_dict\ + self.mdict\ ['PKI_OPEN_SEPARATE_PORTS_WEB_COMMENT_SLOT'] = \ "<!--" - self.pki_master_dict['PKI_PIDDIR_SLOT'] = \ + self.mdict['PKI_PIDDIR_SLOT'] = \ os.path.join("/var/run/pki", "tomcat") - if config.str2bool(self.pki_master_dict['pki_enable_proxy']): - self.pki_master_dict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] = \ + if config.str2bool(self.mdict['pki_enable_proxy']): + self.mdict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] = \ "" - self.pki_master_dict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] = \ + self.mdict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] = \ "" - self.pki_master_dict['PKI_PROXY_SECURE_PORT_SLOT'] = \ - self.pki_master_dict['pki_proxy_https_port'] - self.pki_master_dict['PKI_PROXY_UNSECURE_PORT_SLOT'] = \ - self.pki_master_dict['pki_proxy_http_port'] - self.pki_master_dict['PKI_OPEN_AJP_PORT_COMMENT_SLOT'] = \ + self.mdict['PKI_PROXY_SECURE_PORT_SLOT'] = \ + self.mdict['pki_proxy_https_port'] + self.mdict['PKI_PROXY_UNSECURE_PORT_SLOT'] = \ + self.mdict['pki_proxy_http_port'] + self.mdict['PKI_OPEN_AJP_PORT_COMMENT_SLOT'] = \ "" - self.pki_master_dict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] = \ + self.mdict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] = \ "" else: - self.pki_master_dict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] = \ + self.mdict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] = \ "-->" - self.pki_master_dict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] = \ + self.mdict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] = \ "-->" - self.pki_master_dict['PKI_PROXY_SECURE_PORT_SLOT'] = "" - self.pki_master_dict['PKI_PROXY_UNSECURE_PORT_SLOT'] = "" - self.pki_master_dict['PKI_OPEN_AJP_PORT_COMMENT_SLOT'] = \ + self.mdict['PKI_PROXY_SECURE_PORT_SLOT'] = "" + self.mdict['PKI_PROXY_UNSECURE_PORT_SLOT'] = "" + self.mdict['PKI_OPEN_AJP_PORT_COMMENT_SLOT'] = \ "<!--" - self.pki_master_dict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] = \ + self.mdict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] = \ "<!--" - if (config.str2bool(self.pki_master_dict['pki_standalone'])): + if (config.str2bool(self.mdict['pki_standalone'])): # Stand-alone PKI - self.pki_master_dict['PKI_CLOSE_STANDALONE_COMMENT_SLOT'] = \ + self.mdict['PKI_CLOSE_STANDALONE_COMMENT_SLOT'] = \ "" - self.pki_master_dict['PKI_OPEN_STANDALONE_COMMENT_SLOT'] = \ + self.mdict['PKI_OPEN_STANDALONE_COMMENT_SLOT'] = \ "" - self.pki_master_dict['PKI_STANDALONE_SLOT'] = "true" + self.mdict['PKI_STANDALONE_SLOT'] = "true" else: - self.pki_master_dict['PKI_CLOSE_STANDALONE_COMMENT_SLOT'] = \ + self.mdict['PKI_CLOSE_STANDALONE_COMMENT_SLOT'] = \ "-->" - self.pki_master_dict['PKI_OPEN_STANDALONE_COMMENT_SLOT'] = \ + self.mdict['PKI_OPEN_STANDALONE_COMMENT_SLOT'] = \ "<!--" - self.pki_master_dict['PKI_STANDALONE_SLOT'] = "false" - if (config.str2bool(self.pki_master_dict['pki_enable_access_log'])): - self.pki_master_dict['PKI_CLOSE_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \ + self.mdict['PKI_STANDALONE_SLOT'] = "false" + if (config.str2bool(self.mdict['pki_enable_access_log'])): + self.mdict['PKI_CLOSE_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \ "" - self.pki_master_dict['PKI_OPEN_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \ + self.mdict['PKI_OPEN_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \ "" else: - self.pki_master_dict['PKI_CLOSE_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \ + self.mdict['PKI_CLOSE_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \ "-->" - self.pki_master_dict['PKI_OPEN_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \ + self.mdict['PKI_OPEN_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \ "<!--" - self.pki_master_dict['PKI_TMPDIR_SLOT'] = \ - self.pki_master_dict['pki_tomcat_tmpdir_path'] - self.pki_master_dict['PKI_RESTEASY_LIB_SLOT'] = \ - self.pki_master_dict['resteasy_lib'] - self.pki_master_dict['PKI_RANDOM_NUMBER_SLOT'] = \ - self.pki_master_dict['pki_one_time_pin'] - self.pki_master_dict['PKI_SECURE_PORT_SLOT'] = \ - self.pki_master_dict['pki_https_port'] - self.pki_master_dict['PKI_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \ + self.mdict['PKI_TMPDIR_SLOT'] = \ + self.mdict['pki_tomcat_tmpdir_path'] + self.mdict['PKI_RESTEASY_LIB_SLOT'] = \ + self.mdict['resteasy_lib'] + self.mdict['PKI_RANDOM_NUMBER_SLOT'] = \ + self.mdict['pki_one_time_pin'] + self.mdict['PKI_SECURE_PORT_SLOT'] = \ + self.mdict['pki_https_port'] + self.mdict['PKI_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \ "Secure" - self.pki_master_dict['PKI_SECURE_PORT_SERVER_COMMENT_SLOT'] = \ + self.mdict['PKI_SECURE_PORT_SERVER_COMMENT_SLOT'] = \ "<!-- " + \ "Shared Ports: Agent, EE, and Admin Secure Port Connector " + \ "-->" - self.pki_master_dict['PKI_SECURITY_MANAGER_SLOT'] = \ - self.pki_master_dict['pki_security_manager'] - self.pki_master_dict['PKI_SERVER_XML_CONF_SLOT'] = \ - self.pki_master_dict['pki_target_server_xml'] - self.pki_master_dict['PKI_SSL_SERVER_NICKNAME_SLOT'] = \ - self.pki_master_dict['pki_ssl_server_nickname'] - self.pki_master_dict['PKI_SUBSYSTEM_TYPE_SLOT'] = \ - self.pki_master_dict['pki_subsystem'].lower() - self.pki_master_dict['PKI_SYSTEMD_SERVICENAME_SLOT'] = \ + self.mdict['PKI_SECURITY_MANAGER_SLOT'] = \ + self.mdict['pki_security_manager'] + self.mdict['PKI_SERVER_XML_CONF_SLOT'] = \ + self.mdict['pki_target_server_xml'] + self.mdict['PKI_SSL_SERVER_NICKNAME_SLOT'] = \ + self.mdict['pki_ssl_server_nickname'] + self.mdict['PKI_SUBSYSTEM_TYPE_SLOT'] = \ + self.mdict['pki_subsystem'].lower() + self.mdict['PKI_SYSTEMD_SERVICENAME_SLOT'] = \ "pki-tomcatd" + "@" + \ - self.pki_master_dict['pki_instance_name'] + ".service" - self.pki_master_dict['PKI_UNSECURE_PORT_SLOT'] = \ - self.pki_master_dict['pki_http_port'] - self.pki_master_dict['PKI_UNSECURE_PORT_CONNECTOR_NAME_SLOT'] = \ + self.mdict['pki_instance_name'] + ".service" + self.mdict['PKI_UNSECURE_PORT_SLOT'] = \ + self.mdict['pki_http_port'] + self.mdict['PKI_UNSECURE_PORT_CONNECTOR_NAME_SLOT'] = \ "Unsecure" - self.pki_master_dict['PKI_UNSECURE_PORT_SERVER_COMMENT_SLOT'] = \ + self.mdict['PKI_UNSECURE_PORT_SERVER_COMMENT_SLOT'] = \ "<!-- Shared Ports: Unsecure Port Connector -->" - self.pki_master_dict['PKI_USER_SLOT'] = \ - self.pki_master_dict['pki_user'] - self.pki_master_dict['PKI_WEB_SERVER_TYPE_SLOT'] = \ + self.mdict['PKI_USER_SLOT'] = \ + self.mdict['pki_user'] + self.mdict['PKI_WEB_SERVER_TYPE_SLOT'] = \ "tomcat" - self.pki_master_dict['PKI_WEBAPPS_NAME_SLOT'] = \ + self.mdict['PKI_WEBAPPS_NAME_SLOT'] = \ "webapps" - self.pki_master_dict['TOMCAT_CFG_SLOT'] = \ - self.pki_master_dict['pki_target_tomcat_conf'] - self.pki_master_dict['TOMCAT_INSTANCE_COMMON_LIB_SLOT'] = \ + self.mdict['TOMCAT_CFG_SLOT'] = \ + self.mdict['pki_target_tomcat_conf'] + self.mdict['TOMCAT_INSTANCE_COMMON_LIB_SLOT'] = \ os.path.join( - self.pki_master_dict['pki_tomcat_common_lib_path'], + self.mdict['pki_tomcat_common_lib_path'], "*.jar") - self.pki_master_dict['TOMCAT_LOG_DIR_SLOT'] = \ - self.pki_master_dict['pki_instance_log_path'] - self.pki_master_dict['TOMCAT_PIDFILE_SLOT'] = \ - "/var/run/pki/tomcat/" + self.pki_master_dict['pki_instance_name'] + ".pid" - self.pki_master_dict['TOMCAT_SERVER_PORT_SLOT'] = \ - self.pki_master_dict['pki_tomcat_server_port'] - self.pki_master_dict['TOMCAT_SSL2_CIPHERS_SLOT'] = \ + self.mdict['TOMCAT_LOG_DIR_SLOT'] = \ + self.mdict['pki_instance_log_path'] + self.mdict['TOMCAT_PIDFILE_SLOT'] = \ + "/var/run/pki/tomcat/" + self.mdict['pki_instance_name'] + ".pid" + self.mdict['TOMCAT_SERVER_PORT_SLOT'] = \ + self.mdict['pki_tomcat_server_port'] + self.mdict['TOMCAT_SSL2_CIPHERS_SLOT'] = \ "-SSL2_RC4_128_WITH_MD5," + \ "-SSL2_RC4_128_EXPORT40_WITH_MD5," + \ "-SSL2_RC2_128_CBC_WITH_MD5," + \ "-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5," + \ "-SSL2_DES_64_CBC_WITH_MD5," + \ "-SSL2_DES_192_EDE3_CBC_WITH_MD5" - self.pki_master_dict['TOMCAT_SSL3_CIPHERS_SLOT'] = \ + self.mdict['TOMCAT_SSL3_CIPHERS_SLOT'] = \ "-SSL3_FORTEZZA_DMS_WITH_NULL_SHA," + \ "-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA," + \ "+SSL3_RSA_WITH_RC4_128_SHA," + \ @@ -949,11 +949,11 @@ class PKIConfigParser: "-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA," + \ "-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," + \ "+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" - self.pki_master_dict['TOMCAT_SSL_OPTIONS_SLOT'] = \ + self.mdict['TOMCAT_SSL_OPTIONS_SLOT'] = \ "ssl2=true," + \ "ssl3=true," + \ "tls=true" - self.pki_master_dict['TOMCAT_TLS_CIPHERS_SLOT'] = \ + self.mdict['TOMCAT_TLS_CIPHERS_SLOT'] = \ "-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA," + \ "-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA," + \ "+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA," + \ @@ -977,72 +977,72 @@ class PKIConfigParser: "+TLS_DHE_RSA_WITH_AES_256_CBC_SHA" # tps parameters - self.pki_master_dict['TOKENDB_HOST_SLOT'] = \ - self.pki_master_dict['pki_ds_hostname'] + self.mdict['TOKENDB_HOST_SLOT'] = \ + self.mdict['pki_ds_hostname'] - if config.str2bool(self.pki_master_dict['pki_ds_secure_connection']): - self.pki_master_dict['TOKENDB_PORT_SLOT'] = \ - self.pki_master_dict['pki_ds_ldaps_port'] + if config.str2bool(self.mdict['pki_ds_secure_connection']): + self.mdict['TOKENDB_PORT_SLOT'] = \ + self.mdict['pki_ds_ldaps_port'] else: - self.pki_master_dict['TOKENDB_PORT_SLOT'] = \ - self.pki_master_dict['pki_ds_ldap_port'] + self.mdict['TOKENDB_PORT_SLOT'] = \ + self.mdict['pki_ds_ldap_port'] - self.pki_master_dict['TOKENDB_ROOT_SLOT'] = \ - self.pki_master_dict['pki_ds_base_dn'] + self.mdict['TOKENDB_ROOT_SLOT'] = \ + self.mdict['pki_ds_base_dn'] - self.pki_master_dict['TPS_DIR_SLOT'] = \ - self.pki_master_dict['pki_source_subsystem_path'] + self.mdict['TPS_DIR_SLOT'] = \ + self.mdict['pki_source_subsystem_path'] - if self.pki_master_dict['pki_subsystem'] == "CA": - self.pki_master_dict['PKI_ENABLE_RANDOM_SERIAL_NUMBERS'] = \ - self.pki_master_dict\ + if self.mdict['pki_subsystem'] == "CA": + self.mdict['PKI_ENABLE_RANDOM_SERIAL_NUMBERS'] = \ + self.mdict\ ['pki_random_serial_numbers_enable'].lower() # Shared Apache/Tomcat NSS security database name/value pairs - self.pki_master_dict['pki_shared_pfile'] = \ + self.mdict['pki_shared_pfile'] = \ os.path.join( - self.pki_master_dict['pki_instance_configuration_path'], + self.mdict['pki_instance_configuration_path'], "pfile") - self.pki_master_dict['pki_shared_password_conf'] = \ + self.mdict['pki_shared_password_conf'] = \ os.path.join( - self.pki_master_dict['pki_instance_configuration_path'], + self.mdict['pki_instance_configuration_path'], "password.conf") - self.pki_master_dict['pki_cert_database'] = \ - os.path.join(self.pki_master_dict['pki_database_path'], + self.mdict['pki_cert_database'] = \ + os.path.join(self.mdict['pki_database_path'], "cert8.db") - self.pki_master_dict['pki_key_database'] = \ - os.path.join(self.pki_master_dict['pki_database_path'], + self.mdict['pki_key_database'] = \ + os.path.join(self.mdict['pki_database_path'], "key3.db") - self.pki_master_dict['pki_secmod_database'] = \ - os.path.join(self.pki_master_dict['pki_database_path'], + self.mdict['pki_secmod_database'] = \ + os.path.join(self.mdict['pki_database_path'], "secmod.db") - self.pki_master_dict['pki_self_signed_token'] = "internal" - self.pki_master_dict['pki_self_signed_nickname'] = \ - self.pki_master_dict['pki_ssl_server_nickname'] - self.pki_master_dict['pki_self_signed_subject'] = \ - "cn=" + self.pki_master_dict['pki_hostname'] + "," + \ - "o=" + self.pki_master_dict['pki_certificate_timestamp'] - self.pki_master_dict['pki_self_signed_serial_number'] = 0 - self.pki_master_dict['pki_self_signed_validity_period'] = 12 - self.pki_master_dict['pki_self_signed_issuer_name'] = \ - "cn=" + self.pki_master_dict['pki_hostname'] + "," + \ - "o=" + self.pki_master_dict['pki_certificate_timestamp'] - self.pki_master_dict['pki_self_signed_trustargs'] = "CTu,CTu,CTu" - self.pki_master_dict['pki_self_signed_noise_file'] = \ + self.mdict['pki_self_signed_token'] = "internal" + self.mdict['pki_self_signed_nickname'] = \ + self.mdict['pki_ssl_server_nickname'] + self.mdict['pki_self_signed_subject'] = \ + "cn=" + self.mdict['pki_hostname'] + "," + \ + "o=" + self.mdict['pki_certificate_timestamp'] + self.mdict['pki_self_signed_serial_number'] = 0 + self.mdict['pki_self_signed_validity_period'] = 12 + self.mdict['pki_self_signed_issuer_name'] = \ + "cn=" + self.mdict['pki_hostname'] + "," + \ + "o=" + self.mdict['pki_certificate_timestamp'] + self.mdict['pki_self_signed_trustargs'] = "CTu,CTu,CTu" + self.mdict['pki_self_signed_noise_file'] = \ os.path.join( - self.pki_master_dict['pki_subsystem_configuration_path'], + self.mdict['pki_subsystem_configuration_path'], "noise") - self.pki_master_dict['pki_self_signed_noise_bytes'] = 1024 + self.mdict['pki_self_signed_noise_bytes'] = 1024 # Shared Apache/Tomcat NSS security database convenience symbolic links - self.pki_master_dict\ + self.mdict\ ['pki_subsystem_configuration_password_conf_link'] = \ os.path.join( - self.pki_master_dict['pki_subsystem_configuration_path'], + self.mdict['pki_subsystem_configuration_path'], "password.conf") - if not len(self.pki_master_dict['pki_client_database_password']): + if not len(self.mdict['pki_client_database_password']): # use randomly generated client 'pin' - self.pki_master_dict['pki_client_database_password'] = \ - str(self.pki_master_dict['pki_client_pin']) + self.mdict['pki_client_database_password'] = \ + str(self.mdict['pki_client_pin']) # Configuration scriptlet # 'Security Domain' Configuration name/value pairs @@ -1057,70 +1057,70 @@ class PKIConfigParser: # # The following variables are defined below: # - # self.pki_master_dict['pki_security_domain_type'] - # self.pki_master_dict['pki_security_domain_uri'] + # self.mdict['pki_security_domain_type'] + # self.mdict['pki_security_domain_uri'] # # The following variables are established via the specified PKI # deployment configuration file and are NOT redefined below: # - # self.pki_master_dict['pki_clone_pkcs12_password'] - # self.pki_master_dict['pki_security_domain_password'] - # self.pki_master_dict['pki_token_password'] - # self.pki_master_dict['pki_clone_pkcs12_path'] - # self.pki_master_dict['pki_clone_uri'] - # self.pki_master_dict['pki_security_domain_https_port'] - # self.pki_master_dict['pki_token_name'] + # self.mdict['pki_clone_pkcs12_password'] + # self.mdict['pki_security_domain_password'] + # self.mdict['pki_token_password'] + # self.mdict['pki_clone_pkcs12_path'] + # self.mdict['pki_clone_uri'] + # self.mdict['pki_security_domain_https_port'] + # self.mdict['pki_token_name'] # # The following variables are established via the specified PKI # deployment configuration file and potentially overridden below: # - # self.pki_master_dict['pki_security_domain_user'] - # self.pki_master_dict['pki_issuing_ca'] + # self.mdict['pki_security_domain_user'] + # self.mdict['pki_issuing_ca'] # # if security domain user is not defined - if not len(self.pki_master_dict['pki_security_domain_user']): + if not len(self.mdict['pki_security_domain_user']): # use the CA admin uid if it's defined if self.pki_config.has_option('CA', 'pki_admin_uid') and\ len(self.pki_config.get('CA', 'pki_admin_uid')) > 0: - self.pki_master_dict['pki_security_domain_user'] = \ + self.mdict['pki_security_domain_user'] = \ self.pki_config.get('CA', 'pki_admin_uid') # or use the Default admin uid if it's defined elif self.pki_config.has_option('DEFAULT', 'pki_admin_uid') and\ len(self.pki_config.get('DEFAULT', 'pki_admin_uid')) > 0: - self.pki_master_dict['pki_security_domain_user'] = \ + self.mdict['pki_security_domain_user'] = \ self.pki_config.get('DEFAULT', 'pki_admin_uid') # otherwise use the default CA admin uid else: - self.pki_master_dict['pki_security_domain_user'] = "caadmin" + self.mdict['pki_security_domain_user'] = "caadmin" - if not config.str2bool(self.pki_master_dict['pki_skip_configuration']) and\ - (config.str2bool(self.pki_master_dict['pki_standalone'])): + if not config.str2bool(self.mdict['pki_skip_configuration']) and\ + (config.str2bool(self.mdict['pki_standalone'])): # Stand-alone PKI - self.pki_master_dict['pki_security_domain_type'] = "new" - self.pki_master_dict['pki_issuing_ca'] = "External CA" + self.mdict['pki_security_domain_type'] = "new" + self.mdict['pki_issuing_ca'] = "External CA" elif config.pki_subsystem != "CA" or\ - config.str2bool(self.pki_master_dict['pki_clone']) or\ - config.str2bool(self.pki_master_dict['pki_subordinate']): + config.str2bool(self.mdict['pki_clone']) or\ + config.str2bool(self.mdict['pki_subordinate']): # PKI KRA, PKI OCSP, PKI RA, PKI TKS, PKI TPS, # CA Clone, KRA Clone, OCSP Clone, TKS Clone, TPS Clone, or # Subordinate CA - self.pki_master_dict['pki_security_domain_type'] = "existing" - self.pki_master_dict['pki_security_domain_uri'] = \ + self.mdict['pki_security_domain_type'] = "existing" + self.mdict['pki_security_domain_uri'] = \ "https" + "://" + \ - self.pki_master_dict['pki_security_domain_hostname'] + ":" + \ - self.pki_master_dict['pki_security_domain_https_port'] + self.mdict['pki_security_domain_hostname'] + ":" + \ + self.mdict['pki_security_domain_https_port'] - elif config.str2bool(self.pki_master_dict['pki_external']): + elif config.str2bool(self.mdict['pki_external']): # External CA - self.pki_master_dict['pki_security_domain_type'] = "new" - self.pki_master_dict['pki_issuing_ca'] = "External CA" + self.mdict['pki_security_domain_type'] = "new" + self.mdict['pki_issuing_ca'] = "External CA" else: # PKI CA - self.pki_master_dict['pki_security_domain_type'] = "new" + self.mdict['pki_security_domain_type'] = "new" # 'External CA' Configuration name/value pairs # @@ -1129,10 +1129,10 @@ class PKIConfigParser: # The following variables are established via the specified PKI # deployment configuration file and are NOT redefined below: # - # self.pki_master_dict['pki_external_ca_cert_chain_path'] - # self.pki_master_dict['pki_external_ca_cert_path'] - # self.pki_master_dict['pki_external_csr_path'] - # self.pki_master_dict['pki_external_step_two'] + # self.mdict['pki_external_ca_cert_chain_path'] + # self.mdict['pki_external_ca_cert_path'] + # self.mdict['pki_external_csr_path'] + # self.mdict['pki_external_step_two'] # # 'Backup' Configuration name/value pairs @@ -1145,59 +1145,59 @@ class PKIConfigParser: # The following variables are established via the specified PKI # deployment configuration file and are NOT redefined below: # - # self.pki_master_dict['pki_backup_password'] - # self.pki_master_dict['pki_backup_keys'] + # self.mdict['pki_backup_password'] + # self.mdict['pki_backup_keys'] # - if config.str2bool(self.pki_master_dict['pki_backup_keys']): + if config.str2bool(self.mdict['pki_backup_keys']): # NOTE: ALWAYS store the PKCS #12 backup keys file # in with the NSS "server" security databases - self.pki_master_dict['pki_backup_keys_p12'] = \ - self.pki_master_dict['pki_database_path'] + "/" + \ - self.pki_master_dict['pki_subsystem'].lower() + "_" + \ + self.mdict['pki_backup_keys_p12'] = \ + self.mdict['pki_database_path'] + "/" + \ + self.mdict['pki_subsystem'].lower() + "_" + \ "backup" + "_" + "keys" + "." + "p12" - self.pki_master_dict['pki_admin_profile_id'] = "caAdminCert" + self.mdict['pki_admin_profile_id'] = "caAdminCert" - if not 'pki_import_admin_cert' in self.pki_master_dict: - self.pki_master_dict['pki_import_admin_cert'] = 'false' - elif not config.str2bool(self.pki_master_dict['pki_skip_configuration']) and\ - (config.str2bool(self.pki_master_dict['pki_standalone'])): + if not 'pki_import_admin_cert' in self.mdict: + self.mdict['pki_import_admin_cert'] = 'false' + elif not config.str2bool(self.mdict['pki_skip_configuration']) and\ + (config.str2bool(self.mdict['pki_standalone'])): # Stand-alone PKI - self.pki_master_dict['pki_import_admin_cert'] = 'false' + self.mdict['pki_import_admin_cert'] = 'false' - if (config.str2bool(self.pki_master_dict['pki_standalone'])): - self.pki_master_dict['pki_ca_signing_tag'] = "external_signing" + if (config.str2bool(self.mdict['pki_standalone'])): + self.mdict['pki_ca_signing_tag'] = "external_signing" else: - self.pki_master_dict['pki_ca_signing_tag'] = "signing" - if self.pki_master_dict['pki_subsystem'] == "CA": - self.pki_master_dict['pki_ocsp_signing_tag'] = "ocsp_signing" - elif self.pki_master_dict['pki_subsystem'] == "OCSP": - self.pki_master_dict['pki_ocsp_signing_tag'] = "signing" - self.pki_master_dict['pki_ssl_server_tag'] = "sslserver" - self.pki_master_dict['pki_subsystem_tag'] = "subsystem" - self.pki_master_dict['pki_audit_signing_tag'] = "audit_signing" - self.pki_master_dict['pki_transport_tag'] = "transport" - self.pki_master_dict['pki_storage_tag'] = "storage" + self.mdict['pki_ca_signing_tag'] = "signing" + if self.mdict['pki_subsystem'] == "CA": + self.mdict['pki_ocsp_signing_tag'] = "ocsp_signing" + elif self.mdict['pki_subsystem'] == "OCSP": + self.mdict['pki_ocsp_signing_tag'] = "signing" + self.mdict['pki_ssl_server_tag'] = "sslserver" + self.mdict['pki_subsystem_tag'] = "subsystem" + self.mdict['pki_audit_signing_tag'] = "audit_signing" + self.mdict['pki_transport_tag'] = "transport" + self.mdict['pki_storage_tag'] = "storage" # Finalization name/value pairs - self.pki_master_dict['pki_default_deployment_cfg_replica'] = \ - os.path.join(self.pki_master_dict['pki_subsystem_registry_path'], + self.mdict['pki_default_deployment_cfg_replica'] = \ + os.path.join(self.mdict['pki_subsystem_registry_path'], config.DEFAULT_DEPLOYMENT_CONFIGURATION) - self.pki_master_dict['pki_user_deployment_cfg_replica'] = \ - os.path.join(self.pki_master_dict['pki_subsystem_registry_path'], + self.mdict['pki_user_deployment_cfg_replica'] = \ + os.path.join(self.mdict['pki_subsystem_registry_path'], config.USER_DEPLOYMENT_CONFIGURATION) - self.pki_master_dict['pki_user_deployment_cfg_spawn_archive'] = \ - self.pki_master_dict['pki_subsystem_archive_log_path'] + "/" + \ + self.mdict['pki_user_deployment_cfg_spawn_archive'] = \ + self.mdict['pki_subsystem_archive_log_path'] + "/" + \ "spawn" + "_" + \ config.USER_DEPLOYMENT_CONFIGURATION + "." + \ - self.pki_master_dict['pki_timestamp'] - self.pki_master_dict['pki_manifest'] = \ - self.pki_master_dict['pki_subsystem_registry_path'] + "/" + \ + self.mdict['pki_timestamp'] + self.mdict['pki_manifest'] = \ + self.mdict['pki_subsystem_registry_path'] + "/" + \ "manifest" - self.pki_master_dict['pki_manifest_spawn_archive'] = \ - self.pki_master_dict['pki_subsystem_archive_log_path'] + "/" + \ + self.mdict['pki_manifest_spawn_archive'] = \ + self.mdict['pki_subsystem_archive_log_path'] + "/" + \ "spawn" + "_" + "manifest" + "." + \ - self.pki_master_dict['pki_timestamp'] + self.mdict['pki_timestamp'] # Construct the configuration URL containing the one-time pin # and add this to the "sensitive" key value pairs read in from # the configuration file @@ -1206,28 +1206,28 @@ class PKIConfigParser: # parameter that may be stored in a log file and displayed # to the screen. # - self.pki_master_dict['pki_configuration_url'] = \ + self.mdict['pki_configuration_url'] = \ "https://{}:{}/{}/{}?pin={}".format( - self.pki_master_dict['pki_hostname'], - self.pki_master_dict['pki_https_port'], - self.pki_master_dict['pki_subsystem'].lower(), + self.mdict['pki_hostname'], + self.mdict['pki_https_port'], + self.mdict['pki_subsystem'].lower(), "admin/console/config/login", - self.pki_master_dict['pki_one_time_pin']) + self.mdict['pki_one_time_pin']) # Compose this "systemd" execution management command - if self.pki_master_dict['pki_subsystem'] in\ + if self.mdict['pki_subsystem'] in\ config.PKI_APACHE_SUBSYSTEMS: - self.pki_master_dict['pki_registry_initscript_command'] = \ + self.mdict['pki_registry_initscript_command'] = \ "systemctl" + " " + \ "restart" + " " + \ "pki-apached" + "@" + \ - self.pki_master_dict['pki_instance_name'] + "." + "service" - elif self.pki_master_dict['pki_subsystem'] in\ + self.mdict['pki_instance_name'] + "." + "service" + elif self.mdict['pki_subsystem'] in\ config.PKI_TOMCAT_SUBSYSTEMS: - self.pki_master_dict['pki_registry_initscript_command'] = \ + self.mdict['pki_registry_initscript_command'] = \ "systemctl" + " " + \ "restart" + " " + \ "pki-tomcatd" + "@" + \ - self.pki_master_dict['pki_instance_name'] + "." + "service" + self.mdict['pki_instance_name'] + "." + "service" except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) @@ -1256,9 +1256,9 @@ class PKIConfigParser: parser.read(config.PKI_DEPLOYMENT_SLOTS_CONFIGURATION_FILE) # Slots configuration file name/value pairs if config.pki_subsystem in config.PKI_APACHE_SUBSYSTEMS: - self.pki_slots_dict = dict(parser.items('Apache')) + self.slots_dict = dict(parser.items('Apache')) elif config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: - self.pki_slots_dict = dict(parser.items('Tomcat')) + self.slots_dict = dict(parser.items('Tomcat')) except ConfigParser.ParsingError, err: rv = err return rv diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py index 465ccc56e..78ec9ba80 100644 --- a/base/server/python/pki/server/deployment/scriptlets/configuration.py +++ b/base/server/python/pki/server/deployment/scriptlets/configuration.py @@ -38,10 +38,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # ALWAYS establish the following Tomcat instance symbolic link since # this link is required by both automatic pkispawn instance # configuration as well as manual browser GUI instance configuration - deployer.symlink.create(deployer.master_dict['pki_systemd_service'], - deployer.master_dict['pki_systemd_service_link']) + deployer.symlink.create(deployer.mdict['pki_systemd_service'], + deployer.mdict['pki_systemd_service_link']) - if config.str2bool(deployer.master_dict['pki_skip_configuration']): + if config.str2bool(deployer.mdict['pki_skip_configuration']): config.pki_log.info(log.SKIP_CONFIGURATION_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) return self.rv @@ -50,7 +50,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # Place "slightly" less restrictive permissions on # the top-level client directory ONLY - deployer.directory.create(deployer.master_dict['pki_client_subsystem_dir'], + deployer.directory.create( + deployer.mdict['pki_client_subsystem_dir'], uid=0, gid=0, perms=config.PKI_DEPLOYMENT_DEFAULT_CLIENT_DIR_PERMISSIONS) # Since 'certutil' does NOT strip the 'token=' portion of @@ -58,39 +59,41 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # which ONLY contains the 'password' for the purposes of # allowing 'certutil' to generate the security databases deployer.password.create_password_conf( - deployer.master_dict['pki_client_password_conf'], - deployer.master_dict['pki_client_database_password'], pin_sans_token=True) - deployer.file.modify(deployer.master_dict['pki_client_password_conf'], - uid=0, gid=0) + deployer.mdict['pki_client_password_conf'], + deployer.mdict['pki_client_database_password'], pin_sans_token=True) + deployer.file.modify( + deployer.mdict['pki_client_password_conf'], + uid=0, gid=0) # Similarly, create a simple password file containing the # PKCS #12 password used when exporting the "Admin Certificate" # into a PKCS #12 file deployer.password.create_client_pkcs12_password_conf( - deployer.master_dict['pki_client_pkcs12_password_conf']) - deployer.file.modify(deployer.master_dict['pki_client_pkcs12_password_conf']) - deployer.directory.create(deployer.master_dict['pki_client_database_dir'], - uid=0, gid=0) + deployer.mdict['pki_client_pkcs12_password_conf']) + deployer.file.modify(deployer.mdict['pki_client_pkcs12_password_conf']) + deployer.directory.create( + deployer.mdict['pki_client_database_dir'], + uid=0, gid=0) deployer.certutil.create_security_databases( - deployer.master_dict['pki_client_database_dir'], - deployer.master_dict['pki_client_cert_database'], - deployer.master_dict['pki_client_key_database'], - deployer.master_dict['pki_client_secmod_database'], - password_file=deployer.master_dict['pki_client_password_conf']) + deployer.mdict['pki_client_database_dir'], + deployer.mdict['pki_client_cert_database'], + deployer.mdict['pki_client_key_database'], + deployer.mdict['pki_client_secmod_database'], + password_file=deployer.mdict['pki_client_password_conf']) # Start/Restart this Apache/Tomcat PKI Process - if deployer.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: + if deployer.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: apache_instance_subsystems = \ deployer.instance.apache_instance_subsystems() if apache_instance_subsystems == 1: deployer.systemd.start() elif apache_instance_subsystems > 1: deployer.systemd.restart() - elif deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + elif deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: # Optionally prepare to enable a java debugger # (e. g. - 'eclipse'): - if config.str2bool(deployer.master_dict['pki_enable_java_debugger']): + if config.str2bool(deployer.mdict['pki_enable_java_debugger']): config.prepare_for_an_external_java_debugger( - deployer.master_dict['pki_target_tomcat_conf_instance_id']) + deployer.mdict['pki_target_tomcat_conf_instance_id']) tomcat_instance_subsystems = \ len(deployer.instance.tomcat_instance_subsystems()) if tomcat_instance_subsystems == 1: @@ -100,28 +103,30 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # wait for startup status = deployer.instance.wait_for_startup(60) - if status == None: - config.pki_log.error("server failed to restart", - extra=config.PKI_INDENTATION_LEVEL_2) + if status is None: + config.pki_log.error( + "server failed to restart", + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception("server failed to restart") # Optionally wait for debugger to attach (e. g. - 'eclipse'): - if config.str2bool(deployer.master_dict['pki_enable_java_debugger']): + if config.str2bool(deployer.mdict['pki_enable_java_debugger']): config.wait_to_attach_an_external_java_debugger() # Construct PKI Subsystem Configuration Data data = None - if deployer.master_dict['pki_instance_type'] == "Apache": - if deployer.master_dict['pki_subsystem'] == "RA": - config.pki_log.info(log.PKI_CONFIG_NOT_YET_IMPLEMENTED_1, - deployer.master_dict['pki_subsystem'], + if deployer.mdict['pki_instance_type'] == "Apache": + if deployer.mdict['pki_subsystem'] == "RA": + config.pki_log.info( + log.PKI_CONFIG_NOT_YET_IMPLEMENTED_1, + deployer.mdict['pki_subsystem'], extra=config.PKI_INDENTATION_LEVEL_2) return self.rv - elif deployer.master_dict['pki_instance_type'] == "Tomcat": + elif deployer.mdict['pki_instance_type'] == "Tomcat": # CA, KRA, OCSP, TKS, or TPS data = deployer.config_client.construct_pki_configuration_data() - # Configure the substem + # Configure the subsystem deployer.config_client.configure_pki_data( json.dumps(data, cls=pki.encoder.CustomTypeEncoder)) @@ -131,14 +136,14 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): config.pki_log.info(log.CONFIGURATION_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - if deployer.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ + if deployer.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ deployer.instance.apache_instance_subsystems() == 1: - if deployer.directory.exists(deployer.master_dict['pki_client_dir']): - deployer.directory.delete(deployer.master_dict['pki_client_dir']) - deployer.symlink.delete(deployer.master_dict['pki_systemd_service_link']) - elif deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ - len(deployer.instance.tomcat_instance_subsystems()) == 1: - if deployer.directory.exists(deployer.master_dict['pki_client_dir']): - deployer.directory.delete(deployer.master_dict['pki_client_dir']) - deployer.symlink.delete(deployer.master_dict['pki_systemd_service_link']) + if deployer.directory.exists(deployer.mdict['pki_client_dir']): + deployer.directory.delete(deployer.mdict['pki_client_dir']) + deployer.symlink.delete(deployer.mdict['pki_systemd_service_link']) + elif deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS \ + and len(deployer.instance.tomcat_instance_subsystems()) == 1: + if deployer.directory.exists(deployer.mdict['pki_client_dir']): + deployer.directory.delete(deployer.mdict['pki_client_dir']) + deployer.symlink.delete(deployer.mdict['pki_systemd_service_link']) return self.rv diff --git a/base/server/python/pki/server/deployment/scriptlets/finalization.py b/base/server/python/pki/server/deployment/scriptlets/finalization.py index 5186baa40..900bcef97 100644 --- a/base/server/python/pki/server/deployment/scriptlets/finalization.py +++ b/base/server/python/pki/server/deployment/scriptlets/finalization.py @@ -32,15 +32,15 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def spawn(self, deployer): - if (deployer.master_dict['pki_subsystem'] == "CA" or - config.str2bool(deployer.master_dict['pki_standalone'])) and\ - config.str2bool(deployer.master_dict['pki_external_step_two']): + if (deployer.mdict['pki_subsystem'] == "CA" or + config.str2bool(deployer.mdict['pki_standalone'])) and\ + config.str2bool(deployer.mdict['pki_external_step_two']): # For External CAs (Step 2), or Stand-alone PKIs (Step 2), # must check for (Step 2) installation PRIOR to # 'pki_skip_installation' since this value has been set to true # by the initialization scriptlet pass - elif config.str2bool(deployer.master_dict['pki_skip_installation']): + elif config.str2bool(deployer.mdict['pki_skip_installation']): config.pki_log.info(log.SKIP_FINALIZATION_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) return self.rv @@ -48,24 +48,24 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): extra=config.PKI_INDENTATION_LEVEL_1) # For debugging/auditing purposes, save a timestamped copy of # this configuration file in the subsystem archive - deployer.file.copy(deployer.master_dict['pki_user_deployment_cfg_replica'], - deployer.master_dict['pki_user_deployment_cfg_spawn_archive']) + deployer.file.copy(deployer.mdict['pki_user_deployment_cfg_replica'], + deployer.mdict['pki_user_deployment_cfg_spawn_archive']) # Save a copy of the installation manifest file - config.pki_log.info(log.PKI_MANIFEST_MESSAGE_1, deployer.master_dict['pki_manifest'], + config.pki_log.info(log.PKI_MANIFEST_MESSAGE_1, deployer.mdict['pki_manifest'], extra=config.PKI_INDENTATION_LEVEL_2) # for record in manifest.database: # print tuple(record) manifest_file = manifest.File(deployer.manifest_db) - manifest_file.register(deployer.master_dict['pki_manifest']) + manifest_file.register(deployer.mdict['pki_manifest']) manifest_file.write() - deployer.file.modify(deployer.master_dict['pki_manifest'], silent=True) + deployer.file.modify(deployer.mdict['pki_manifest'], silent=True) # Also, for debugging/auditing purposes, save a timestamped copy of # this installation manifest file - deployer.file.copy(deployer.master_dict['pki_manifest'], - deployer.master_dict['pki_manifest_spawn_archive']) + deployer.file.copy(deployer.mdict['pki_manifest'], + deployer.mdict['pki_manifest_spawn_archive']) # Optionally, programmatically 'restart' the configured PKI instance - if config.str2bool(deployer.master_dict['pki_restart_configured_instance']): + if config.str2bool(deployer.mdict['pki_restart_configured_instance']): deployer.systemd.restart() # Optionally, 'purge' the entire temporary client infrastructure # including the client NSS security databases and password files @@ -74,35 +74,35 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # placed under this infrastructure, it may accidentally # be deleted! # - if config.str2bool(deployer.master_dict['pki_client_database_purge']): - if deployer.directory.exists(deployer.master_dict['pki_client_subsystem_dir']): - deployer.directory.delete(deployer.master_dict['pki_client_subsystem_dir']) + if config.str2bool(deployer.mdict['pki_client_database_purge']): + if deployer.directory.exists(deployer.mdict['pki_client_subsystem_dir']): + deployer.directory.delete(deployer.mdict['pki_client_subsystem_dir']) # If instance has not been configured, print the # configuration URL to the log - if config.str2bool(deployer.master_dict['pki_skip_configuration']): + if config.str2bool(deployer.mdict['pki_skip_configuration']): deployer.configuration_file.log_configuration_url() # Log final process messages config.pki_log.info(log.PKISPAWN_END_MESSAGE_2, - deployer.master_dict['pki_subsystem'], - deployer.master_dict['pki_instance_name'], + deployer.mdict['pki_subsystem'], + deployer.mdict['pki_instance_name'], extra=config.PKI_INDENTATION_LEVEL_0) - deployer.file.modify(deployer.master_dict['pki_spawn_log'], silent=True) + deployer.file.modify(deployer.mdict['pki_spawn_log'], silent=True) return self.rv def destroy(self, deployer): config.pki_log.info(log.FINALIZATION_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - deployer.file.modify(deployer.master_dict['pki_destroy_log'], silent=True) + deployer.file.modify(deployer.mdict['pki_destroy_log'], silent=True) # Start this Apache/Tomcat PKI Process - if deployer.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ + if deployer.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ deployer.instance.apache_instance_subsystems() >= 1: deployer.systemd.start() - elif deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ + elif deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ len(deployer.instance.tomcat_instance_subsystems()) >= 1: deployer.systemd.start() config.pki_log.info(log.PKIDESTROY_END_MESSAGE_2, - deployer.master_dict['pki_subsystem'], - deployer.master_dict['pki_instance_name'], + deployer.mdict['pki_subsystem'], + deployer.mdict['pki_instance_name'], extra=config.PKI_INDENTATION_LEVEL_0) return self.rv diff --git a/base/server/python/pki/server/deployment/scriptlets/infrastructure_layout.py b/base/server/python/pki/server/deployment/scriptlets/infrastructure_layout.py index 5427eebca..7a8fa705c 100644 --- a/base/server/python/pki/server/deployment/scriptlets/infrastructure_layout.py +++ b/base/server/python/pki/server/deployment/scriptlets/infrastructure_layout.py @@ -31,7 +31,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def spawn(self, deployer): - if config.str2bool(deployer.master_dict['pki_skip_installation']): + if config.str2bool(deployer.mdict['pki_skip_installation']): config.pki_log.info(log.SKIP_ADMIN_DOMAIN_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) return self.rv @@ -51,32 +51,32 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # registry directories for storage of a copy of the original # deployment configuration file used to spawn this instance, # and save a copy of this file - deployer.directory.create(deployer.master_dict['pki_registry_path']) - deployer.directory.create(deployer.master_dict['pki_instance_type_registry_path']) - deployer.directory.create(deployer.master_dict['pki_instance_registry_path']) - deployer.directory.create(deployer.master_dict['pki_subsystem_registry_path']) - deployer.file.copy(deployer.master_dict['pki_default_deployment_cfg'], - deployer.master_dict['pki_default_deployment_cfg_replica']) + deployer.directory.create(deployer.mdict['pki_registry_path']) + deployer.directory.create(deployer.mdict['pki_instance_type_registry_path']) + deployer.directory.create(deployer.mdict['pki_instance_registry_path']) + deployer.directory.create(deployer.mdict['pki_subsystem_registry_path']) + deployer.file.copy(deployer.mdict['pki_default_deployment_cfg'], + deployer.mdict['pki_default_deployment_cfg_replica']) - print "Storing deployment configuration into " + deployer.master_dict['pki_user_deployment_cfg_replica'] + "." + print "Storing deployment configuration into " + deployer.mdict['pki_user_deployment_cfg_replica'] + "." # Archive the user deployment configuration excluding the sensitive parameters - sensitive_parameters = deployer.master_dict['sensitive_parameters'].split() + sensitive_parameters = deployer.mdict['sensitive_parameters'].split() sections = config.user_config.sections() for s in sections: for k in sensitive_parameters: config.user_config.set(s, k, 'XXXXXXXX') - with open(deployer.master_dict['pki_user_deployment_cfg_replica'], 'w') as f: + with open(deployer.mdict['pki_user_deployment_cfg_replica'], 'w') as f: config.user_config.write(f) # establish top-level infrastructure, instance, and subsystem # base directories and create the "registry" symbolic link that # the "pkidestroy" executable relies upon - deployer.directory.create(deployer.master_dict['pki_path']) - deployer.directory.create(deployer.master_dict['pki_instance_path']) - deployer.directory.create(deployer.master_dict['pki_subsystem_path']) - deployer.symlink.create(deployer.master_dict['pki_instance_registry_path'], - deployer.master_dict['pki_subsystem_registry_link']) + deployer.directory.create(deployer.mdict['pki_path']) + deployer.directory.create(deployer.mdict['pki_instance_path']) + deployer.directory.create(deployer.mdict['pki_subsystem_path']) + deployer.symlink.create(deployer.mdict['pki_instance_registry_path'], + deployer.mdict['pki_subsystem_registry_link']) # # NOTE: If "infrastructure_layout" scriptlet execution has been # successfully executed to this point, the "pkidestroy" command @@ -85,11 +85,11 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # no need to establish top-level infrastructure logs # since it now stores 'pkispawn'/'pkidestroy' logs # and will already exist - # deployer.directory.create(deployer.master_dict['pki_log_path']) + # deployer.directory.create(deployer.mdict['pki_log_path']) # establish top-level infrastructure configuration - if deployer.master_dict['pki_configuration_path'] != \ + if deployer.mdict['pki_configuration_path'] != \ config.PKI_DEPLOYMENT_CONFIGURATION_ROOT: - deployer.directory.create(deployer.master_dict['pki_configuration_path']) + deployer.directory.create(deployer.mdict['pki_configuration_path']) return self.rv def destroy(self, deployer): @@ -97,18 +97,18 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): config.pki_log.info(log.ADMIN_DOMAIN_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) # remove top-level infrastructure base - if deployer.master_dict['pki_subsystem'] in config.PKI_SUBSYSTEMS and\ + if deployer.mdict['pki_subsystem'] in config.PKI_SUBSYSTEMS and\ deployer.instance.pki_instance_subsystems() == 0: # remove top-level infrastructure base - deployer.directory.delete(deployer.master_dict['pki_path']) + deployer.directory.delete(deployer.mdict['pki_path']) # do NOT remove top-level infrastructure logs # since it now stores 'pkispawn'/'pkidestroy' logs - # deployer.directory.delete(deployer.master_dict['pki_log_path']) + # deployer.directory.delete(deployer.mdict['pki_log_path']) # remove top-level infrastructure configuration - if deployer.directory.is_empty(deployer.master_dict['pki_configuration_path'])\ - and deployer.master_dict['pki_configuration_path'] != \ + if deployer.directory.is_empty(deployer.mdict['pki_configuration_path'])\ + and deployer.mdict['pki_configuration_path'] != \ config.PKI_DEPLOYMENT_CONFIGURATION_ROOT: - deployer.directory.delete(deployer.master_dict['pki_configuration_path']) + deployer.directory.delete(deployer.mdict['pki_configuration_path']) # remove top-level infrastructure registry - deployer.directory.delete(deployer.master_dict['pki_registry_path']) + deployer.directory.delete(deployer.mdict['pki_registry_path']) return self.rv diff --git a/base/server/python/pki/server/deployment/scriptlets/initialization.py b/base/server/python/pki/server/deployment/scriptlets/initialization.py index d9d1d2d7b..876030b45 100644 --- a/base/server/python/pki/server/deployment/scriptlets/initialization.py +++ b/base/server/python/pki/server/deployment/scriptlets/initialization.py @@ -33,23 +33,23 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # begin official logging config.pki_log.info(log.PKISPAWN_BEGIN_MESSAGE_2, - deployer.master_dict['pki_subsystem'], - deployer.master_dict['pki_instance_name'], + deployer.mdict['pki_subsystem'], + deployer.mdict['pki_instance_name'], extra=config.PKI_INDENTATION_LEVEL_0) - if config.str2bool(deployer.master_dict['pki_skip_installation']): + if config.str2bool(deployer.mdict['pki_skip_installation']): config.pki_log.info(log.SKIP_INITIALIZATION_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) return self.rv else: config.pki_log.info(log.INITIALIZATION_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - if (deployer.master_dict['pki_subsystem'] == "CA" or - config.str2bool(deployer.master_dict['pki_standalone'])) and\ - config.str2bool(deployer.master_dict['pki_external_step_two']): + if (deployer.mdict['pki_subsystem'] == "CA" or + config.str2bool(deployer.mdict['pki_standalone'])) and\ + config.str2bool(deployer.mdict['pki_external_step_two']): # verify that this External CA (Step 2), or Stand-alone PKI # (Step 2) currently EXISTS for this "instance" deployer.instance.verify_subsystem_exists() - deployer.master_dict['pki_skip_installation'] = "True" + deployer.mdict['pki_skip_installation'] = "True" else: # verify that this type of "subsystem" does NOT yet # exist for this "instance" @@ -57,10 +57,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # detect and avoid any namespace collisions deployer.namespace.collision_detection() # initialize 'uid' and 'gid' - deployer.identity.add_uid_and_gid(deployer.master_dict['pki_user'], deployer.master_dict['pki_group']) + deployer.identity.add_uid_and_gid(deployer.mdict['pki_user'], deployer.mdict['pki_group']) # establish 'uid' and 'gid' - deployer.identity.set_uid(deployer.master_dict['pki_user']) - deployer.identity.set_gid(deployer.master_dict['pki_group']) + deployer.identity.set_uid(deployer.mdict['pki_user']) + deployer.identity.set_gid(deployer.mdict['pki_group']) # verify existence of SENSITIVE configuration file data deployer.configuration_file.verify_sensitive_data() # verify existence of MUTUALLY EXCLUSIVE configuration file data @@ -76,8 +76,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # begin official logging config.pki_log.info(log.PKIDESTROY_BEGIN_MESSAGE_2, - deployer.master_dict['pki_subsystem'], - deployer.master_dict['pki_instance_name'], + deployer.mdict['pki_subsystem'], + deployer.mdict['pki_instance_name'], extra=config.PKI_INDENTATION_LEVEL_0) config.pki_log.info(log.INITIALIZATION_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) @@ -88,8 +88,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # that are present in the corresponding configuration file deployer.configuration_file.verify_command_matches_configuration_file() # establish 'uid' and 'gid' - deployer.identity.set_uid(deployer.master_dict['pki_user']) - deployer.identity.set_gid(deployer.master_dict['pki_group']) + deployer.identity.set_uid(deployer.mdict['pki_user']) + deployer.identity.set_gid(deployer.mdict['pki_group']) # get ports to remove selinux context deployer.configuration_file.populate_non_default_ports() diff --git a/base/server/python/pki/server/deployment/scriptlets/instance_layout.py b/base/server/python/pki/server/deployment/scriptlets/instance_layout.py index 83c101fa7..97a2d1802 100644 --- a/base/server/python/pki/server/deployment/scriptlets/instance_layout.py +++ b/base/server/python/pki/server/deployment/scriptlets/instance_layout.py @@ -35,7 +35,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def spawn(self, deployer): - if config.str2bool(deployer.master_dict['pki_skip_installation']): + if config.str2bool(deployer.mdict['pki_skip_installation']): config.pki_log.info(log.SKIP_INSTANCE_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) return self.rv @@ -44,33 +44,33 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): extra=config.PKI_INDENTATION_LEVEL_1) # if this is the first subsystem - if deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ + if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ len(deployer.instance.tomcat_instance_subsystems()) == 1: # establish instance logs - deployer.directory.create(deployer.master_dict['pki_instance_log_path']) + deployer.directory.create(deployer.mdict['pki_instance_log_path']) # establish Tomcat instance configuration deployer.directory.copy( - deployer.master_dict['pki_source_server_path'], - deployer.master_dict['pki_instance_configuration_path']) + deployer.mdict['pki_source_server_path'], + deployer.mdict['pki_instance_configuration_path']) # establish Tomcat instance base - deployer.directory.create(deployer.master_dict['pki_tomcat_common_path']) - deployer.directory.create(deployer.master_dict['pki_tomcat_common_lib_path']) + deployer.directory.create(deployer.mdict['pki_tomcat_common_path']) + deployer.directory.create(deployer.mdict['pki_tomcat_common_lib_path']) # establish Tomcat instance library - deployer.directory.create(deployer.master_dict['pki_instance_lib']) - for name in os.listdir(deployer.master_dict['pki_tomcat_lib_path']): + deployer.directory.create(deployer.mdict['pki_instance_lib']) + for name in os.listdir(deployer.mdict['pki_tomcat_lib_path']): deployer.symlink.create( os.path.join( - deployer.master_dict['pki_tomcat_lib_path'], + deployer.mdict['pki_tomcat_lib_path'], name), os.path.join( - deployer.master_dict['pki_instance_lib'], + deployer.mdict['pki_instance_lib'], name)) - deployer.symlink.create(deployer.master_dict['pki_instance_conf_log4j_properties'], - deployer.master_dict['pki_instance_lib_log4j_properties']) - deployer.directory.create(deployer.master_dict['pki_tomcat_tmpdir_path']) + deployer.symlink.create(deployer.mdict['pki_instance_conf_log4j_properties'], + deployer.mdict['pki_instance_lib_log4j_properties']) + deployer.directory.create(deployer.mdict['pki_tomcat_tmpdir_path']) # Copy /usr/share/pki/server/webapps to <instance>/webapps deployer.directory.copy( @@ -78,160 +78,160 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): config.PKI_DEPLOYMENT_SOURCE_ROOT, "server", "webapps"), - deployer.master_dict['pki_tomcat_webapps_path']) + deployer.mdict['pki_tomcat_webapps_path']) # If desired and available, # copy selected server theme # to <instance>/webapps/pki - if config.str2bool(deployer.master_dict['pki_theme_enable']) and\ - os.path.exists(deployer.master_dict['pki_theme_server_dir']): + if config.str2bool(deployer.mdict['pki_theme_enable']) and\ + os.path.exists(deployer.mdict['pki_theme_server_dir']): deployer.directory.copy( - deployer.master_dict['pki_theme_server_dir'], + deployer.mdict['pki_theme_server_dir'], os.path.join( - deployer.master_dict['pki_tomcat_webapps_path'], + deployer.mdict['pki_tomcat_webapps_path'], "pki"), overwrite_flag=True) - deployer.directory.create(deployer.master_dict['pki_tomcat_work_path']) - deployer.directory.create(deployer.master_dict['pki_tomcat_work_catalina_path']) - deployer.directory.create(deployer.master_dict['pki_tomcat_work_catalina_host_path']) + deployer.directory.create(deployer.mdict['pki_tomcat_work_path']) + deployer.directory.create(deployer.mdict['pki_tomcat_work_catalina_path']) + deployer.directory.create(deployer.mdict['pki_tomcat_work_catalina_host_path']) deployer.directory.create( - deployer.master_dict['pki_tomcat_work_catalina_host_run_path']) + deployer.mdict['pki_tomcat_work_catalina_host_run_path']) deployer.directory.create( - deployer.master_dict['pki_tomcat_work_catalina_host_subsystem_path']) + deployer.mdict['pki_tomcat_work_catalina_host_subsystem_path']) # establish Tomcat instance logs # establish Tomcat instance registry # establish Tomcat instance convenience symbolic links - deployer.symlink.create(deployer.master_dict['pki_tomcat_bin_path'], - deployer.master_dict['pki_tomcat_bin_link']) - deployer.symlink.create(deployer.master_dict['pki_tomcat_systemd'], - deployer.master_dict['pki_instance_systemd_link'], + deployer.symlink.create(deployer.mdict['pki_tomcat_bin_path'], + deployer.mdict['pki_tomcat_bin_link']) + deployer.symlink.create(deployer.mdict['pki_tomcat_systemd'], + deployer.mdict['pki_instance_systemd_link'], uid=0, gid=0) # establish Tomcat instance common lib jar symbolic links - deployer.symlink.create(deployer.master_dict['pki_apache_commons_collections_jar'], - deployer.master_dict['pki_apache_commons_collections_jar_link']) - deployer.symlink.create(deployer.master_dict['pki_apache_commons_io_jar'], - deployer.master_dict['pki_apache_commons_io_jar_link']) - deployer.symlink.create(deployer.master_dict['pki_apache_commons_lang_jar'], - deployer.master_dict['pki_apache_commons_lang_jar_link']) - deployer.symlink.create(deployer.master_dict['pki_apache_commons_logging_jar'], - deployer.master_dict['pki_apache_commons_logging_jar_link']) - deployer.symlink.create(deployer.master_dict['pki_commons_codec_jar'], - deployer.master_dict['pki_commons_codec_jar_link']) - deployer.symlink.create(deployer.master_dict['pki_httpclient_jar'], - deployer.master_dict['pki_httpclient_jar_link']) - deployer.symlink.create(deployer.master_dict['pki_httpcore_jar'], - deployer.master_dict['pki_httpcore_jar_link']) - deployer.symlink.create(deployer.master_dict['pki_javassist_jar'], - deployer.master_dict['pki_javassist_jar_link']) - deployer.symlink.create(deployer.master_dict['pki_jss_jar'], - deployer.master_dict['pki_jss_jar_link']) - deployer.symlink.create(deployer.master_dict['pki_ldapjdk_jar'], - deployer.master_dict['pki_ldapjdk_jar_link']) - deployer.symlink.create(deployer.master_dict['pki_tomcat_jar'], - deployer.master_dict['pki_tomcat_jar_link']) - deployer.symlink.create(deployer.master_dict['pki_scannotation_jar'], - deployer.master_dict['pki_scannotation_jar_link']) - deployer.symlink.create(deployer.master_dict['pki_tomcatjss_jar'], - deployer.master_dict['pki_tomcatjss_jar_link']) - deployer.symlink.create(deployer.master_dict['pki_velocity_jar'], - deployer.master_dict['pki_velocity_jar_link']) - deployer.symlink.create(deployer.master_dict['pki_xerces_j2_jar'], - deployer.master_dict['pki_xerces_j2_jar_link']) - deployer.symlink.create(deployer.master_dict['pki_xml_commons_apis_jar'], - deployer.master_dict['pki_xml_commons_apis_jar_link']) - deployer.symlink.create(deployer.master_dict['pki_xml_commons_resolver_jar'], - deployer.master_dict['pki_xml_commons_resolver_jar_link']) + deployer.symlink.create(deployer.mdict['pki_apache_commons_collections_jar'], + deployer.mdict['pki_apache_commons_collections_jar_link']) + deployer.symlink.create(deployer.mdict['pki_apache_commons_io_jar'], + deployer.mdict['pki_apache_commons_io_jar_link']) + deployer.symlink.create(deployer.mdict['pki_apache_commons_lang_jar'], + deployer.mdict['pki_apache_commons_lang_jar_link']) + deployer.symlink.create(deployer.mdict['pki_apache_commons_logging_jar'], + deployer.mdict['pki_apache_commons_logging_jar_link']) + deployer.symlink.create(deployer.mdict['pki_commons_codec_jar'], + deployer.mdict['pki_commons_codec_jar_link']) + deployer.symlink.create(deployer.mdict['pki_httpclient_jar'], + deployer.mdict['pki_httpclient_jar_link']) + deployer.symlink.create(deployer.mdict['pki_httpcore_jar'], + deployer.mdict['pki_httpcore_jar_link']) + deployer.symlink.create(deployer.mdict['pki_javassist_jar'], + deployer.mdict['pki_javassist_jar_link']) + deployer.symlink.create(deployer.mdict['pki_jss_jar'], + deployer.mdict['pki_jss_jar_link']) + deployer.symlink.create(deployer.mdict['pki_ldapjdk_jar'], + deployer.mdict['pki_ldapjdk_jar_link']) + deployer.symlink.create(deployer.mdict['pki_tomcat_jar'], + deployer.mdict['pki_tomcat_jar_link']) + deployer.symlink.create(deployer.mdict['pki_scannotation_jar'], + deployer.mdict['pki_scannotation_jar_link']) + deployer.symlink.create(deployer.mdict['pki_tomcatjss_jar'], + deployer.mdict['pki_tomcatjss_jar_link']) + deployer.symlink.create(deployer.mdict['pki_velocity_jar'], + deployer.mdict['pki_velocity_jar_link']) + deployer.symlink.create(deployer.mdict['pki_xerces_j2_jar'], + deployer.mdict['pki_xerces_j2_jar_link']) + deployer.symlink.create(deployer.mdict['pki_xml_commons_apis_jar'], + deployer.mdict['pki_xml_commons_apis_jar_link']) + deployer.symlink.create(deployer.mdict['pki_xml_commons_resolver_jar'], + deployer.mdict['pki_xml_commons_resolver_jar_link']) # Jackson - deployer.symlink.create(deployer.master_dict['pki_jackson_annotations_jar'], + deployer.symlink.create(deployer.mdict['pki_jackson_annotations_jar'], os.path.join( - deployer.master_dict['pki_tomcat_common_lib_path'], + deployer.mdict['pki_tomcat_common_lib_path'], 'jackson-annotations.jar')) - deployer.symlink.create(deployer.master_dict['pki_jackson_core_asl_jar'], + deployer.symlink.create(deployer.mdict['pki_jackson_core_asl_jar'], os.path.join( - deployer.master_dict['pki_tomcat_common_lib_path'], + deployer.mdict['pki_tomcat_common_lib_path'], 'jackson-core-asl.jar')) - deployer.symlink.create(deployer.master_dict['pki_jackson_core_jar'], + deployer.symlink.create(deployer.mdict['pki_jackson_core_jar'], os.path.join( - deployer.master_dict['pki_tomcat_common_lib_path'], + deployer.mdict['pki_tomcat_common_lib_path'], 'jackson-core.jar')) - deployer.symlink.create(deployer.master_dict['pki_jackson_databind_jar'], + deployer.symlink.create(deployer.mdict['pki_jackson_databind_jar'], os.path.join( - deployer.master_dict['pki_tomcat_common_lib_path'], + deployer.mdict['pki_tomcat_common_lib_path'], 'jackson-databind.jar')) - deployer.symlink.create(deployer.master_dict['pki_jackson_jaxrs_base_jar'], + deployer.symlink.create(deployer.mdict['pki_jackson_jaxrs_base_jar'], os.path.join( - deployer.master_dict['pki_tomcat_common_lib_path'], + deployer.mdict['pki_tomcat_common_lib_path'], 'jackson-jaxrs-base.jar')) - deployer.symlink.create(deployer.master_dict['pki_jackson_jaxrs_jar'], + deployer.symlink.create(deployer.mdict['pki_jackson_jaxrs_jar'], os.path.join( - deployer.master_dict['pki_tomcat_common_lib_path'], + deployer.mdict['pki_tomcat_common_lib_path'], 'jackson-jaxrs.jar')) - deployer.symlink.create(deployer.master_dict['pki_jackson_jaxrs_json_provider_jar'], + deployer.symlink.create(deployer.mdict['pki_jackson_jaxrs_json_provider_jar'], os.path.join( - deployer.master_dict['pki_tomcat_common_lib_path'], + deployer.mdict['pki_tomcat_common_lib_path'], 'jackson-jaxrs-json-provider.jar')) - deployer.symlink.create(deployer.master_dict['pki_jackson_mapper_asl_jar'], + deployer.symlink.create(deployer.mdict['pki_jackson_mapper_asl_jar'], os.path.join( - deployer.master_dict['pki_tomcat_common_lib_path'], + deployer.mdict['pki_tomcat_common_lib_path'], 'jackson-mapper-asl.jar')) - deployer.symlink.create(deployer.master_dict['pki_jackson_module_jaxb_annotations_jar'], + deployer.symlink.create(deployer.mdict['pki_jackson_module_jaxb_annotations_jar'], os.path.join( - deployer.master_dict['pki_tomcat_common_lib_path'], + deployer.mdict['pki_tomcat_common_lib_path'], 'jackson-module-jaxb-annotations.jar')) - deployer.symlink.create(deployer.master_dict['pki_jackson_mrbean_jar'], + deployer.symlink.create(deployer.mdict['pki_jackson_mrbean_jar'], os.path.join( - deployer.master_dict['pki_tomcat_common_lib_path'], + deployer.mdict['pki_tomcat_common_lib_path'], 'jackson-mrbean.jar')) - deployer.symlink.create(deployer.master_dict['pki_jackson_smile_jar'], + deployer.symlink.create(deployer.mdict['pki_jackson_smile_jar'], os.path.join( - deployer.master_dict['pki_tomcat_common_lib_path'], + deployer.mdict['pki_tomcat_common_lib_path'], 'jackson-smile.jar')) - deployer.symlink.create(deployer.master_dict['pki_jackson_xc_jar'], + deployer.symlink.create(deployer.mdict['pki_jackson_xc_jar'], os.path.join( - deployer.master_dict['pki_tomcat_common_lib_path'], + deployer.mdict['pki_tomcat_common_lib_path'], 'jackson-xc.jar')) # RESTEasy - deployer.symlink.create(deployer.master_dict['pki_resteasy_atom_provider_jar'], + deployer.symlink.create(deployer.mdict['pki_resteasy_atom_provider_jar'], os.path.join( - deployer.master_dict['pki_tomcat_common_lib_path'], + deployer.mdict['pki_tomcat_common_lib_path'], 'resteasy-atom-provider.jar')) - deployer.symlink.create(deployer.master_dict['pki_resteasy_client_jar'], + deployer.symlink.create(deployer.mdict['pki_resteasy_client_jar'], os.path.join( - deployer.master_dict['pki_tomcat_common_lib_path'], + deployer.mdict['pki_tomcat_common_lib_path'], 'resteasy-client.jar')) - deployer.symlink.create(deployer.master_dict['pki_resteasy_jaxb_provider_jar'], + deployer.symlink.create(deployer.mdict['pki_resteasy_jaxb_provider_jar'], os.path.join( - deployer.master_dict['pki_tomcat_common_lib_path'], + deployer.mdict['pki_tomcat_common_lib_path'], 'resteasy-jaxb-provider.jar')) - deployer.symlink.create(deployer.master_dict['pki_resteasy_jaxrs_api_jar'], + deployer.symlink.create(deployer.mdict['pki_resteasy_jaxrs_api_jar'], os.path.join( - deployer.master_dict['pki_tomcat_common_lib_path'], + deployer.mdict['pki_tomcat_common_lib_path'], 'jaxrs-api.jar')) - deployer.symlink.create(deployer.master_dict['pki_resteasy_jaxrs_jar'], + deployer.symlink.create(deployer.mdict['pki_resteasy_jaxrs_jar'], os.path.join( - deployer.master_dict['pki_tomcat_common_lib_path'], + deployer.mdict['pki_tomcat_common_lib_path'], 'resteasy-jaxrs.jar')) - deployer.symlink.create(deployer.master_dict['pki_resteasy_jackson_provider_jar'], + deployer.symlink.create(deployer.mdict['pki_resteasy_jackson_provider_jar'], os.path.join( - deployer.master_dict['pki_tomcat_common_lib_path'], + deployer.mdict['pki_tomcat_common_lib_path'], 'resteasy-jackson-provider.jar')) # establish shared NSS security databases for this instance - deployer.directory.create(deployer.master_dict['pki_database_path']) + deployer.directory.create(deployer.mdict['pki_database_path']) # establish instance convenience symbolic links - deployer.symlink.create(deployer.master_dict['pki_database_path'], - deployer.master_dict['pki_instance_database_link']) - deployer.symlink.create(deployer.master_dict['pki_instance_configuration_path'], - deployer.master_dict['pki_instance_conf_link']) - deployer.symlink.create(deployer.master_dict['pki_instance_log_path'], - deployer.master_dict['pki_instance_logs_link']) + deployer.symlink.create(deployer.mdict['pki_database_path'], + deployer.mdict['pki_instance_database_link']) + deployer.symlink.create(deployer.mdict['pki_instance_configuration_path'], + deployer.mdict['pki_instance_conf_link']) + deployer.symlink.create(deployer.mdict['pki_instance_log_path'], + deployer.mdict['pki_instance_logs_link']) - if deployer.master_dict['pki_subsystem'] == 'TKS': - deployer.symlink.create(deployer.master_dict['pki_symkey_jar'], - deployer.master_dict['pki_symkey_jar_link']) + if deployer.mdict['pki_subsystem'] == 'TKS': + deployer.symlink.create(deployer.mdict['pki_symkey_jar'], + deployer.mdict['pki_symkey_jar_link']) return self.rv @@ -240,42 +240,42 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): config.pki_log.info(log.INSTANCE_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - if deployer.master_dict['pki_subsystem'] == 'TKS': - deployer.symlink.delete(deployer.master_dict['pki_symkey_jar_link']) + if deployer.mdict['pki_subsystem'] == 'TKS': + deployer.symlink.delete(deployer.mdict['pki_symkey_jar_link']) - if deployer.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ + if deployer.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ deployer.instance.apache_instance_subsystems() == 0: # remove Apache instance base - deployer.directory.delete(deployer.master_dict['pki_instance_path']) + deployer.directory.delete(deployer.mdict['pki_instance_path']) # remove Apache instance logs # remove shared NSS security database path for this instance - deployer.directory.delete(deployer.master_dict['pki_database_path']) + deployer.directory.delete(deployer.mdict['pki_database_path']) # remove Apache instance configuration - deployer.directory.delete(deployer.master_dict['pki_instance_configuration_path']) + deployer.directory.delete(deployer.mdict['pki_instance_configuration_path']) # remove Apache instance registry - deployer.directory.delete(deployer.master_dict['pki_instance_registry_path']) + deployer.directory.delete(deployer.mdict['pki_instance_registry_path']) # remove Apache PKI registry (if empty) if deployer.instance.apache_instances() == 0: deployer.directory.delete( - deployer.master_dict['pki_instance_type_registry_path']) + deployer.mdict['pki_instance_type_registry_path']) - elif deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ + elif deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ len(deployer.instance.tomcat_instance_subsystems()) == 0: # remove Tomcat instance base - deployer.directory.delete(deployer.master_dict['pki_instance_path']) + deployer.directory.delete(deployer.mdict['pki_instance_path']) # remove Tomcat instance logs - deployer.directory.delete(deployer.master_dict['pki_instance_log_path']) + deployer.directory.delete(deployer.mdict['pki_instance_log_path']) # remove shared NSS security database path for this instance - deployer.directory.delete(deployer.master_dict['pki_database_path']) + deployer.directory.delete(deployer.mdict['pki_database_path']) # remove Tomcat instance configuration - deployer.directory.delete(deployer.master_dict['pki_instance_configuration_path']) + deployer.directory.delete(deployer.mdict['pki_instance_configuration_path']) # remove PKI 'tomcat.conf' instance file - deployer.file.delete(deployer.master_dict['pki_target_tomcat_conf_instance_id']) + deployer.file.delete(deployer.mdict['pki_target_tomcat_conf_instance_id']) # remove Tomcat instance registry - deployer.directory.delete(deployer.master_dict['pki_instance_registry_path']) + deployer.directory.delete(deployer.mdict['pki_instance_registry_path']) # remove Tomcat PKI registry (if empty) if deployer.instance.tomcat_instances() == 0: deployer.directory.delete( - deployer.master_dict['pki_instance_type_registry_path']) + deployer.mdict['pki_instance_type_registry_path']) return self.rv diff --git a/base/server/python/pki/server/deployment/scriptlets/security_databases.py b/base/server/python/pki/server/deployment/scriptlets/security_databases.py index 3d3193cef..f43e0c2a2 100644 --- a/base/server/python/pki/server/deployment/scriptlets/security_databases.py +++ b/base/server/python/pki/server/deployment/scriptlets/security_databases.py @@ -31,84 +31,84 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def spawn(self, deployer): - if config.str2bool(deployer.master_dict['pki_skip_installation']): + if config.str2bool(deployer.mdict['pki_skip_installation']): config.pki_log.info(log.SKIP_SECURITY_DATABASES_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) return self.rv config.pki_log.info(log.SECURITY_DATABASES_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) deployer.password.create_password_conf( - deployer.master_dict['pki_shared_password_conf'], - deployer.master_dict['pki_pin']) + deployer.mdict['pki_shared_password_conf'], + deployer.mdict['pki_pin']) # Since 'certutil' does NOT strip the 'token=' portion of # the 'token=password' entries, create a temporary server 'pfile' # which ONLY contains the 'password' for the purposes of # allowing 'certutil' to generate the security databases deployer.password.create_password_conf( - deployer.master_dict['pki_shared_pfile'], - deployer.master_dict['pki_pin'], pin_sans_token=True) - deployer.file.modify(deployer.master_dict['pki_shared_password_conf']) + deployer.mdict['pki_shared_pfile'], + deployer.mdict['pki_pin'], pin_sans_token=True) + deployer.file.modify(deployer.mdict['pki_shared_password_conf']) deployer.certutil.create_security_databases( - deployer.master_dict['pki_database_path'], - deployer.master_dict['pki_cert_database'], - deployer.master_dict['pki_key_database'], - deployer.master_dict['pki_secmod_database'], - password_file=deployer.master_dict['pki_shared_pfile']) - deployer.file.modify(deployer.master_dict['pki_cert_database'], perms=\ + deployer.mdict['pki_database_path'], + deployer.mdict['pki_cert_database'], + deployer.mdict['pki_key_database'], + deployer.mdict['pki_secmod_database'], + password_file=deployer.mdict['pki_shared_pfile']) + deployer.file.modify(deployer.mdict['pki_cert_database'], perms=\ config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) - deployer.file.modify(deployer.master_dict['pki_key_database'], perms=\ + deployer.file.modify(deployer.mdict['pki_key_database'], perms=\ config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) - deployer.file.modify(deployer.master_dict['pki_secmod_database'], perms=\ + deployer.file.modify(deployer.mdict['pki_secmod_database'], perms=\ config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) if len(deployer.instance.tomcat_instance_subsystems()) < 2: # only create a self signed cert for a new instance rv = deployer.certutil.verify_certificate_exists( - deployer.master_dict['pki_database_path'], - deployer.master_dict['pki_cert_database'], - deployer.master_dict['pki_key_database'], - deployer.master_dict['pki_secmod_database'], - deployer.master_dict['pki_self_signed_token'], - deployer.master_dict['pki_self_signed_nickname'], - password_file=deployer.master_dict['pki_shared_pfile']) + deployer.mdict['pki_database_path'], + deployer.mdict['pki_cert_database'], + deployer.mdict['pki_key_database'], + deployer.mdict['pki_secmod_database'], + deployer.mdict['pki_self_signed_token'], + deployer.mdict['pki_self_signed_nickname'], + password_file=deployer.mdict['pki_shared_pfile']) if not rv: deployer.file.generate_noise_file( - deployer.master_dict['pki_self_signed_noise_file'], - deployer.master_dict['pki_self_signed_noise_bytes']) + deployer.mdict['pki_self_signed_noise_file'], + deployer.mdict['pki_self_signed_noise_bytes']) deployer.certutil.generate_self_signed_certificate( - deployer.master_dict['pki_database_path'], - deployer.master_dict['pki_cert_database'], - deployer.master_dict['pki_key_database'], - deployer.master_dict['pki_secmod_database'], - deployer.master_dict['pki_self_signed_token'], - deployer.master_dict['pki_self_signed_nickname'], - deployer.master_dict['pki_self_signed_subject'], - deployer.master_dict['pki_self_signed_serial_number'], - deployer.master_dict['pki_self_signed_validity_period'], - deployer.master_dict['pki_self_signed_issuer_name'], - deployer.master_dict['pki_self_signed_trustargs'], - deployer.master_dict['pki_self_signed_noise_file'], - password_file=deployer.master_dict['pki_shared_pfile']) + deployer.mdict['pki_database_path'], + deployer.mdict['pki_cert_database'], + deployer.mdict['pki_key_database'], + deployer.mdict['pki_secmod_database'], + deployer.mdict['pki_self_signed_token'], + deployer.mdict['pki_self_signed_nickname'], + deployer.mdict['pki_self_signed_subject'], + deployer.mdict['pki_self_signed_serial_number'], + deployer.mdict['pki_self_signed_validity_period'], + deployer.mdict['pki_self_signed_issuer_name'], + deployer.mdict['pki_self_signed_trustargs'], + deployer.mdict['pki_self_signed_noise_file'], + password_file=deployer.mdict['pki_shared_pfile']) # Delete the temporary 'noise' file - deployer.file.delete(deployer.master_dict['pki_self_signed_noise_file']) + deployer.file.delete(deployer.mdict['pki_self_signed_noise_file']) # Delete the temporary 'pfile' - deployer.file.delete(deployer.master_dict['pki_shared_pfile']) + deployer.file.delete(deployer.mdict['pki_shared_pfile']) return self.rv def destroy(self, deployer): config.pki_log.info(log.SECURITY_DATABASES_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - if deployer.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ + if deployer.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ deployer.instance.apache_instance_subsystems() == 0: - deployer.file.delete(deployer.master_dict['pki_cert_database']) - deployer.file.delete(deployer.master_dict['pki_key_database']) - deployer.file.delete(deployer.master_dict['pki_secmod_database']) - deployer.file.delete(deployer.master_dict['pki_shared_password_conf']) - elif deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ + deployer.file.delete(deployer.mdict['pki_cert_database']) + deployer.file.delete(deployer.mdict['pki_key_database']) + deployer.file.delete(deployer.mdict['pki_secmod_database']) + deployer.file.delete(deployer.mdict['pki_shared_password_conf']) + elif deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ len(deployer.instance.tomcat_instance_subsystems()) == 0: - deployer.file.delete(deployer.master_dict['pki_cert_database']) - deployer.file.delete(deployer.master_dict['pki_key_database']) - deployer.file.delete(deployer.master_dict['pki_secmod_database']) - deployer.file.delete(deployer.master_dict['pki_shared_password_conf']) + deployer.file.delete(deployer.mdict['pki_cert_database']) + deployer.file.delete(deployer.mdict['pki_key_database']) + deployer.file.delete(deployer.mdict['pki_secmod_database']) + deployer.file.delete(deployer.mdict['pki_shared_password_conf']) return self.rv diff --git a/base/server/python/pki/server/deployment/scriptlets/selinux_setup.py b/base/server/python/pki/server/deployment/scriptlets/selinux_setup.py index 177233afc..7301192a5 100644 --- a/base/server/python/pki/server/deployment/scriptlets/selinux_setup.py +++ b/base/server/python/pki/server/deployment/scriptlets/selinux_setup.py @@ -36,15 +36,15 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 suffix = "(/.*)?" - def restore_context(self, master_dict): - selinux.restorecon(master_dict['pki_instance_path'], True) + def restore_context(self, mdict): + selinux.restorecon(mdict['pki_instance_path'], True) selinux.restorecon(config.PKI_DEPLOYMENT_LOG_ROOT, True) - selinux.restorecon(master_dict['pki_instance_log_path'], True) - selinux.restorecon(master_dict['pki_instance_configuration_path'], True) + selinux.restorecon(mdict['pki_instance_log_path'], True) + selinux.restorecon(mdict['pki_instance_configuration_path'], True) def spawn(self, deployer): - if config.str2bool(deployer.master_dict['pki_skip_installation']): + if config.str2bool(deployer.mdict['pki_skip_installation']): config.pki_log.info(log.SKIP_SELINUX_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) return self.rv @@ -62,46 +62,46 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): while True: try: # check first if any transactions are required - if len(ports) == 0 and deployer.master_dict['pki_instance_name'] == \ + if len(ports) == 0 and deployer.mdict['pki_instance_name'] == \ config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: - self.restore_context(deployer.master_dict) + self.restore_context(deployer.mdict) return self.rv # add SELinux contexts when adding the first subsystem - if deployer.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ + if deployer.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ deployer.instance.apache_instance_subsystems() == 1 or\ - deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ + deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ len(deployer.instance.tomcat_instance_subsystems()) == 1: trans = seobject.semanageRecords("targeted") trans.start() - if deployer.master_dict['pki_instance_name'] != \ + if deployer.mdict['pki_instance_name'] != \ config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: fcon = seobject.fcontextRecords() config.pki_log.info("adding selinux fcontext \"%s\"", - deployer.master_dict['pki_instance_path'] + self.suffix, + deployer.mdict['pki_instance_path'] + self.suffix, extra=config.PKI_INDENTATION_LEVEL_2) - fcon.add(deployer.master_dict['pki_instance_path'] + self.suffix, + fcon.add(deployer.mdict['pki_instance_path'] + self.suffix, config.PKI_INSTANCE_SELINUX_CONTEXT, "", "s0", "") config.pki_log.info("adding selinux fcontext \"%s\"", - deployer.master_dict['pki_instance_log_path'] + self.suffix, + deployer.mdict['pki_instance_log_path'] + self.suffix, extra=config.PKI_INDENTATION_LEVEL_2) - fcon.add(deployer.master_dict['pki_instance_log_path'] + self.suffix, + fcon.add(deployer.mdict['pki_instance_log_path'] + self.suffix, config.PKI_LOG_SELINUX_CONTEXT, "", "s0", "") config.pki_log.info("adding selinux fcontext \"%s\"", - deployer.master_dict['pki_instance_configuration_path'] + self.suffix, + deployer.mdict['pki_instance_configuration_path'] + self.suffix, extra=config.PKI_INDENTATION_LEVEL_2) - fcon.add(deployer.master_dict['pki_instance_configuration_path'] + self.suffix, + fcon.add(deployer.mdict['pki_instance_configuration_path'] + self.suffix, config.PKI_CFG_SELINUX_CONTEXT, "", "s0", "") config.pki_log.info("adding selinux fcontext \"%s\"", - deployer.master_dict['pki_database_path'] + self.suffix, + deployer.mdict['pki_database_path'] + self.suffix, extra=config.PKI_INDENTATION_LEVEL_2) - fcon.add(deployer.master_dict['pki_database_path'] + self.suffix, + fcon.add(deployer.mdict['pki_database_path'] + self.suffix, config.PKI_CERTDB_SELINUX_CONTEXT, "", "s0", "") portRecords = seobject.portRecords() @@ -112,7 +112,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): trans.finish() - self.restore_context(deployer.master_dict) + self.restore_context(deployer.mdict) break except ValueError as e: error_message = str(e) @@ -138,7 +138,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): extra=config.PKI_INDENTATION_LEVEL_1) # check first if any transactions are required - if (len(ports) == 0 and deployer.master_dict['pki_instance_name'] == + if (len(ports) == 0 and deployer.mdict['pki_instance_name'] == config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME): return self.rv # A maximum of 10 tries to delete the SELinux contexts @@ -147,39 +147,39 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): while True: try: # remove SELinux contexts when removing the last subsystem - if (deployer.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and + if (deployer.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and deployer.instance.apache_instance_subsystems() == 0 or - deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and + deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and len(deployer.instance.tomcat_instance_subsystems()) == 0): trans = seobject.semanageRecords("targeted") trans.start() - if deployer.master_dict['pki_instance_name'] != \ + if deployer.mdict['pki_instance_name'] != \ config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: fcon = seobject.fcontextRecords() config.pki_log.info("deleting selinux fcontext \"%s\"", - deployer.master_dict['pki_instance_path'] + self.suffix, + deployer.mdict['pki_instance_path'] + self.suffix, extra=config.PKI_INDENTATION_LEVEL_2) - fcon.delete(deployer.master_dict['pki_instance_path'] + self.suffix , "") + fcon.delete(deployer.mdict['pki_instance_path'] + self.suffix , "") config.pki_log.info("deleting selinux fcontext \"%s\"", - deployer.master_dict['pki_instance_log_path'] + self.suffix, + deployer.mdict['pki_instance_log_path'] + self.suffix, extra=config.PKI_INDENTATION_LEVEL_2) - fcon.delete(deployer.master_dict['pki_instance_log_path'] + self.suffix, "") + fcon.delete(deployer.mdict['pki_instance_log_path'] + self.suffix, "") config.pki_log.info("deleting selinux fcontext \"%s\"", - deployer.master_dict['pki_instance_configuration_path'] + self.suffix, + deployer.mdict['pki_instance_configuration_path'] + self.suffix, extra=config.PKI_INDENTATION_LEVEL_2) - fcon.delete(deployer.master_dict['pki_instance_configuration_path'] + + fcon.delete(deployer.mdict['pki_instance_configuration_path'] + self.suffix, "") config.pki_log.info("deleting selinux fcontext \"%s\"", - deployer.master_dict['pki_database_path'] + self.suffix, + deployer.mdict['pki_database_path'] + self.suffix, extra=config.PKI_INDENTATION_LEVEL_2) - fcon.delete(deployer.master_dict['pki_database_path'] + self.suffix , "") + fcon.delete(deployer.mdict['pki_database_path'] + self.suffix , "") portRecords = seobject.portRecords() for port in ports: diff --git a/base/server/python/pki/server/deployment/scriptlets/slot_substitution.py b/base/server/python/pki/server/deployment/scriptlets/slot_substitution.py index 88bdf94b7..1230544b0 100644 --- a/base/server/python/pki/server/deployment/scriptlets/slot_substitution.py +++ b/base/server/python/pki/server/deployment/scriptlets/slot_substitution.py @@ -31,74 +31,74 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def spawn(self, deployer): - if config.str2bool(deployer.master_dict['pki_skip_installation']): + if config.str2bool(deployer.mdict['pki_skip_installation']): config.pki_log.info(log.SKIP_SLOT_ASSIGNMENT_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) return self.rv config.pki_log.info(log.SLOT_ASSIGNMENT_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - deployer.file.copy_with_slot_substitution(deployer.master_dict['pki_source_cs_cfg'], - deployer.master_dict['pki_target_cs_cfg']) - deployer.file.copy_with_slot_substitution(deployer.master_dict['pki_source_registry'], - deployer.master_dict['pki_target_registry'], + deployer.file.copy_with_slot_substitution(deployer.mdict['pki_source_cs_cfg'], + deployer.mdict['pki_target_cs_cfg']) + deployer.file.copy_with_slot_substitution(deployer.mdict['pki_source_registry'], + deployer.mdict['pki_target_registry'], overwrite_flag=True) - if deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: deployer.file.copy_with_slot_substitution( - deployer.master_dict['pki_source_catalina_properties'], - deployer.master_dict['pki_target_catalina_properties'], + deployer.mdict['pki_source_catalina_properties'], + deployer.mdict['pki_target_catalina_properties'], overwrite_flag=True) deployer.file.copy_with_slot_substitution( - deployer.master_dict['pki_source_servercertnick_conf'], - deployer.master_dict['pki_target_servercertnick_conf'], + deployer.mdict['pki_source_servercertnick_conf'], + deployer.mdict['pki_target_servercertnick_conf'], overwrite_flag=True) deployer.file.copy_with_slot_substitution( - deployer.master_dict['pki_source_server_xml'], - deployer.master_dict['pki_target_server_xml'], + deployer.mdict['pki_source_server_xml'], + deployer.mdict['pki_target_server_xml'], overwrite_flag=True) deployer.file.copy_with_slot_substitution( - deployer.master_dict['pki_source_context_xml'], - deployer.master_dict['pki_target_context_xml'], + deployer.mdict['pki_source_context_xml'], + deployer.mdict['pki_target_context_xml'], overwrite_flag=True) deployer.file.copy_with_slot_substitution( - deployer.master_dict['pki_source_tomcat_conf'], - deployer.master_dict['pki_target_tomcat_conf_instance_id'], + deployer.mdict['pki_source_tomcat_conf'], + deployer.mdict['pki_target_tomcat_conf_instance_id'], uid=0, gid=0, overwrite_flag=True) deployer.file.copy_with_slot_substitution( - deployer.master_dict['pki_source_tomcat_conf'], - deployer.master_dict['pki_target_tomcat_conf'], + deployer.mdict['pki_source_tomcat_conf'], + deployer.mdict['pki_target_tomcat_conf'], overwrite_flag=True) # Configure web.xml and velocity.properties for each subsystem. # For TPS this is not necessary since the files are no longer # copied to the target location in the instance directory. - if deployer.master_dict['pki_subsystem'] != "TPS": + if deployer.mdict['pki_subsystem'] != "TPS": deployer.file.apply_slot_substitution( - deployer.master_dict['pki_target_velocity_properties']) + deployer.mdict['pki_target_velocity_properties']) deployer.file.apply_slot_substitution( - deployer.master_dict['pki_target_subsystem_web_xml']) + deployer.mdict['pki_target_subsystem_web_xml']) # Strip "<filter>" section from subsystem "web.xml" # This is ONLY necessary because XML comments cannot be "nested"! - # deployer.file.copy(deployer.master_dict['pki_target_subsystem_web_xml'], - # deployer.master_dict['pki_target_subsystem_web_xml_orig']) - # deployer.file.delete(deployer.master_dict['pki_target_subsystem_web_xml']) + # deployer.file.copy(deployer.mdict['pki_target_subsystem_web_xml'], + # deployer.mdict['pki_target_subsystem_web_xml_orig']) + # deployer.file.delete(deployer.mdict['pki_target_subsystem_web_xml']) # util.xml_file.remove_filter_section_from_web_xml( - # deployer.master_dict['pki_target_subsystem_web_xml_orig'], - # deployer.master_dict['pki_target_subsystem_web_xml']) - # deployer.file.delete(deployer.master_dict['pki_target_subsystem_web_xml_orig']) - if deployer.master_dict['pki_subsystem'] == "CA": + # deployer.mdict['pki_target_subsystem_web_xml_orig'], + # deployer.mdict['pki_target_subsystem_web_xml']) + # deployer.file.delete(deployer.mdict['pki_target_subsystem_web_xml_orig']) + if deployer.mdict['pki_subsystem'] == "CA": deployer.file.copy_with_slot_substitution( - deployer.master_dict['pki_source_proxy_conf'], - deployer.master_dict['pki_target_proxy_conf']) + deployer.mdict['pki_source_proxy_conf'], + deployer.mdict['pki_target_proxy_conf']) deployer.file.apply_slot_substitution( - deployer.master_dict['pki_target_profileselect_template']) - elif deployer.master_dict['pki_subsystem'] == "TPS": + deployer.mdict['pki_target_profileselect_template']) + elif deployer.mdict['pki_subsystem'] == "TPS": deployer.file.copy_with_slot_substitution( - deployer.master_dict['pki_source_registry_cfg'], - deployer.master_dict['pki_target_registry_cfg']) + deployer.mdict['pki_source_registry_cfg'], + deployer.mdict['pki_target_registry_cfg']) deployer.file.copy_with_slot_substitution( - deployer.master_dict['pki_source_phone_home_xml'], - deployer.master_dict['pki_target_phone_home_xml']) + deployer.mdict['pki_source_phone_home_xml'], + deployer.mdict['pki_target_phone_home_xml']) return self.rv def destroy(self, deployer): diff --git a/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py b/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py index 8aae3f6c6..c257129c4 100644 --- a/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py +++ b/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py @@ -31,73 +31,73 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def spawn(self, deployer): - if config.str2bool(deployer.master_dict['pki_skip_installation']): + if config.str2bool(deployer.mdict['pki_skip_installation']): config.pki_log.info(log.SKIP_SUBSYSTEM_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) return self.rv config.pki_log.info(log.SUBSYSTEM_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) # establish instance-based subsystem logs - deployer.directory.create(deployer.master_dict['pki_subsystem_log_path']) - deployer.directory.create(deployer.master_dict['pki_subsystem_archive_log_path']) - if deployer.master_dict['pki_subsystem'] in config.PKI_SIGNED_AUDIT_SUBSYSTEMS: - deployer.directory.create(deployer.master_dict['pki_subsystem_signed_audit_log_path']) + deployer.directory.create(deployer.mdict['pki_subsystem_log_path']) + deployer.directory.create(deployer.mdict['pki_subsystem_archive_log_path']) + if deployer.mdict['pki_subsystem'] in config.PKI_SIGNED_AUDIT_SUBSYSTEMS: + deployer.directory.create(deployer.mdict['pki_subsystem_signed_audit_log_path']) # establish instance-based subsystem configuration - deployer.directory.create(deployer.master_dict['pki_subsystem_configuration_path']) - # deployer.directory.copy(deployer.master_dict['pki_source_conf_path'], - # deployer.master_dict['pki_subsystem_configuration_path']) + deployer.directory.create(deployer.mdict['pki_subsystem_configuration_path']) + # deployer.directory.copy(deployer.mdict['pki_source_conf_path'], + # deployer.mdict['pki_subsystem_configuration_path']) # establish instance-based Apache/Tomcat specific subsystems - if deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: # establish instance-based Tomcat PKI subsystem base - if deployer.master_dict['pki_subsystem'] == "CA": - deployer.directory.copy(deployer.master_dict['pki_source_emails'], - deployer.master_dict['pki_subsystem_emails_path']) - deployer.directory.copy(deployer.master_dict['pki_source_profiles'], - deployer.master_dict['pki_subsystem_profiles_path']) + if deployer.mdict['pki_subsystem'] == "CA": + deployer.directory.copy(deployer.mdict['pki_source_emails'], + deployer.mdict['pki_subsystem_emails_path']) + deployer.directory.copy(deployer.mdict['pki_source_profiles'], + deployer.mdict['pki_subsystem_profiles_path']) # establish instance-based Tomcat PKI subsystem logs # establish instance-based Tomcat PKI subsystem configuration - if deployer.master_dict['pki_subsystem'] == "CA": - deployer.file.copy(deployer.master_dict['pki_source_flatfile_txt'], - deployer.master_dict['pki_target_flatfile_txt']) - deployer.file.copy(deployer.master_dict['pki_source_registry_cfg'], - deployer.master_dict['pki_target_registry_cfg']) + if deployer.mdict['pki_subsystem'] == "CA": + deployer.file.copy(deployer.mdict['pki_source_flatfile_txt'], + deployer.mdict['pki_target_flatfile_txt']) + deployer.file.copy(deployer.mdict['pki_source_registry_cfg'], + deployer.mdict['pki_target_registry_cfg']) # '*.profile' - deployer.file.copy(deployer.master_dict['pki_source_admincert_profile'], - deployer.master_dict['pki_target_admincert_profile']) - deployer.file.copy(deployer.master_dict['pki_source_caauditsigningcert_profile'], - deployer.master_dict['pki_target_caauditsigningcert_profile']) - deployer.file.copy(deployer.master_dict['pki_source_cacert_profile'], - deployer.master_dict['pki_target_cacert_profile']) - deployer.file.copy(deployer.master_dict['pki_source_caocspcert_profile'], - deployer.master_dict['pki_target_caocspcert_profile']) - deployer.file.copy(deployer.master_dict['pki_source_servercert_profile'], - deployer.master_dict['pki_target_servercert_profile']) - deployer.file.copy(deployer.master_dict['pki_source_subsystemcert_profile'], - deployer.master_dict['pki_target_subsystemcert_profile']) - elif deployer.master_dict['pki_subsystem'] == "KRA": + deployer.file.copy(deployer.mdict['pki_source_admincert_profile'], + deployer.mdict['pki_target_admincert_profile']) + deployer.file.copy(deployer.mdict['pki_source_caauditsigningcert_profile'], + deployer.mdict['pki_target_caauditsigningcert_profile']) + deployer.file.copy(deployer.mdict['pki_source_cacert_profile'], + deployer.mdict['pki_target_cacert_profile']) + deployer.file.copy(deployer.mdict['pki_source_caocspcert_profile'], + deployer.mdict['pki_target_caocspcert_profile']) + deployer.file.copy(deployer.mdict['pki_source_servercert_profile'], + deployer.mdict['pki_target_servercert_profile']) + deployer.file.copy(deployer.mdict['pki_source_subsystemcert_profile'], + deployer.mdict['pki_target_subsystemcert_profile']) + elif deployer.mdict['pki_subsystem'] == "KRA": # '*.profile' - deployer.file.copy(deployer.master_dict['pki_source_servercert_profile'], - deployer.master_dict['pki_target_servercert_profile']) - deployer.file.copy(deployer.master_dict['pki_source_storagecert_profile'], - deployer.master_dict['pki_target_storagecert_profile']) - deployer.file.copy(deployer.master_dict['pki_source_subsystemcert_profile'], - deployer.master_dict['pki_target_subsystemcert_profile']) - deployer.file.copy(deployer.master_dict['pki_source_transportcert_profile'], - deployer.master_dict['pki_target_transportcert_profile']) + deployer.file.copy(deployer.mdict['pki_source_servercert_profile'], + deployer.mdict['pki_target_servercert_profile']) + deployer.file.copy(deployer.mdict['pki_source_storagecert_profile'], + deployer.mdict['pki_target_storagecert_profile']) + deployer.file.copy(deployer.mdict['pki_source_subsystemcert_profile'], + deployer.mdict['pki_target_subsystemcert_profile']) + deployer.file.copy(deployer.mdict['pki_source_transportcert_profile'], + deployer.mdict['pki_target_transportcert_profile']) # establish instance-based Tomcat PKI subsystem registry # establish instance-based Tomcat PKI subsystem convenience # symbolic links - deployer.symlink.create(deployer.master_dict['pki_tomcat_webapps_path'], - deployer.master_dict['pki_subsystem_tomcat_webapps_link']) + deployer.symlink.create(deployer.mdict['pki_tomcat_webapps_path'], + deployer.mdict['pki_subsystem_tomcat_webapps_link']) # establish instance-based subsystem convenience symbolic links - deployer.symlink.create(deployer.master_dict['pki_instance_database_link'], - deployer.master_dict['pki_subsystem_database_link']) - deployer.symlink.create(deployer.master_dict['pki_subsystem_configuration_path'], - deployer.master_dict['pki_subsystem_conf_link']) - deployer.symlink.create(deployer.master_dict['pki_subsystem_log_path'], - deployer.master_dict['pki_subsystem_logs_link']) - deployer.symlink.create(deployer.master_dict['pki_instance_registry_path'], - deployer.master_dict['pki_subsystem_registry_link']) + deployer.symlink.create(deployer.mdict['pki_instance_database_link'], + deployer.mdict['pki_subsystem_database_link']) + deployer.symlink.create(deployer.mdict['pki_subsystem_configuration_path'], + deployer.mdict['pki_subsystem_conf_link']) + deployer.symlink.create(deployer.mdict['pki_subsystem_log_path'], + deployer.mdict['pki_subsystem_logs_link']) + deployer.symlink.create(deployer.mdict['pki_instance_registry_path'], + deployer.mdict['pki_subsystem_registry_link']) return self.rv def destroy(self, deployer): @@ -105,17 +105,17 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): config.pki_log.info(log.SUBSYSTEM_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) # remove instance-based subsystem base - if deployer.master_dict['pki_subsystem'] == "CA": - deployer.directory.delete(deployer.master_dict['pki_subsystem_emails_path']) - deployer.directory.delete(deployer.master_dict['pki_subsystem_profiles_path']) - deployer.directory.delete(deployer.master_dict['pki_subsystem_path']) + if deployer.mdict['pki_subsystem'] == "CA": + deployer.directory.delete(deployer.mdict['pki_subsystem_emails_path']) + deployer.directory.delete(deployer.mdict['pki_subsystem_profiles_path']) + deployer.directory.delete(deployer.mdict['pki_subsystem_path']) # remove instance-based subsystem logs - if deployer.master_dict['pki_subsystem'] in config.PKI_SIGNED_AUDIT_SUBSYSTEMS: - deployer.directory.delete(deployer.master_dict['pki_subsystem_signed_audit_log_path']) - deployer.directory.delete(deployer.master_dict['pki_subsystem_archive_log_path']) - deployer.directory.delete(deployer.master_dict['pki_subsystem_log_path']) + if deployer.mdict['pki_subsystem'] in config.PKI_SIGNED_AUDIT_SUBSYSTEMS: + deployer.directory.delete(deployer.mdict['pki_subsystem_signed_audit_log_path']) + deployer.directory.delete(deployer.mdict['pki_subsystem_archive_log_path']) + deployer.directory.delete(deployer.mdict['pki_subsystem_log_path']) # remove instance-based subsystem configuration - deployer.directory.delete(deployer.master_dict['pki_subsystem_configuration_path']) + deployer.directory.delete(deployer.mdict['pki_subsystem_configuration_path']) # remove instance-based subsystem registry - deployer.directory.delete(deployer.master_dict['pki_subsystem_registry_path']) + deployer.directory.delete(deployer.mdict['pki_subsystem_registry_path']) return self.rv diff --git a/base/server/python/pki/server/deployment/scriptlets/webapp_deployment.py b/base/server/python/pki/server/deployment/scriptlets/webapp_deployment.py index 0f529a9a2..838847754 100644 --- a/base/server/python/pki/server/deployment/scriptlets/webapp_deployment.py +++ b/base/server/python/pki/server/deployment/scriptlets/webapp_deployment.py @@ -34,8 +34,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def spawn(self, deployer): - if deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: - if config.str2bool(deployer.master_dict['pki_skip_installation']): + if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + if config.str2bool(deployer.mdict['pki_skip_installation']): config.pki_log.info(log.SKIP_WEBAPP_DEPLOYMENT_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) @@ -45,7 +45,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): extra=config.PKI_INDENTATION_LEVEL_1) # For TPS, deploy web application directly from /usr/share/pki. - if deployer.master_dict['pki_subsystem'] == "TPS": + if deployer.mdict['pki_subsystem'] == "TPS": deployer.file.copy( os.path.join( config.PKI_DEPLOYMENT_SOURCE_ROOT, @@ -55,24 +55,24 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): "localhost", "tps.xml"), os.path.join( - deployer.master_dict['pki_instance_configuration_path'], + deployer.mdict['pki_instance_configuration_path'], "Catalina", "localhost", "tps.xml")) return self.rv # For other subsystems, deploy web application into Tomcat instance. - deployer.directory.create(deployer.master_dict['pki_tomcat_webapps_subsystem_path']) + deployer.directory.create(deployer.mdict['pki_tomcat_webapps_subsystem_path']) # Copy /usr/share/pki/<subsystem>/webapps/<subsystem> # to <instance>/webapps/<subsystem> deployer.directory.copy( os.path.join( config.PKI_DEPLOYMENT_SOURCE_ROOT, - deployer.master_dict['pki_subsystem'].lower(), + deployer.mdict['pki_subsystem'].lower(), "webapps", - deployer.master_dict['pki_subsystem'].lower()), - deployer.master_dict['pki_tomcat_webapps_subsystem_path'], + deployer.mdict['pki_subsystem'].lower()), + deployer.mdict['pki_tomcat_webapps_subsystem_path'], overwrite_flag=True) # Copy /usr/share/pki/server/webapps/pki/admin @@ -86,42 +86,42 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): "pki", "admin"), os.path.join( - deployer.master_dict['pki_tomcat_webapps_subsystem_path'], + deployer.mdict['pki_tomcat_webapps_subsystem_path'], "admin"), overwrite_flag=True) deployer.directory.create( - deployer.master_dict['pki_tomcat_webapps_subsystem_webinf_classes_path']) + deployer.mdict['pki_tomcat_webapps_subsystem_webinf_classes_path']) deployer.directory.create( - deployer.master_dict['pki_tomcat_webapps_subsystem_webinf_lib_path']) + deployer.mdict['pki_tomcat_webapps_subsystem_webinf_lib_path']) # establish Tomcat webapps subsystem WEB-INF lib symbolic links - deployer.symlink.create(deployer.master_dict['pki_certsrv_jar'], - deployer.master_dict['pki_certsrv_jar_link']) - deployer.symlink.create(deployer.master_dict['pki_cmsbundle'], - deployer.master_dict['pki_cmsbundle_jar_link']) - deployer.symlink.create(deployer.master_dict['pki_cmscore'], - deployer.master_dict['pki_cmscore_jar_link']) - deployer.symlink.create(deployer.master_dict['pki_cms'], - deployer.master_dict['pki_cms_jar_link']) - deployer.symlink.create(deployer.master_dict['pki_cmsutil'], - deployer.master_dict['pki_cmsutil_jar_link']) - deployer.symlink.create(deployer.master_dict['pki_nsutil'], - deployer.master_dict['pki_nsutil_jar_link']) - if deployer.master_dict['pki_subsystem'] == "CA": - deployer.symlink.create(deployer.master_dict['pki_ca_jar'], - deployer.master_dict['pki_ca_jar_link']) - elif deployer.master_dict['pki_subsystem'] == "KRA": - deployer.symlink.create(deployer.master_dict['pki_kra_jar'], - deployer.master_dict['pki_kra_jar_link']) - elif deployer.master_dict['pki_subsystem'] == "OCSP": - deployer.symlink.create(deployer.master_dict['pki_ocsp_jar'], - deployer.master_dict['pki_ocsp_jar_link']) - elif deployer.master_dict['pki_subsystem'] == "TKS": - deployer.symlink.create(deployer.master_dict['pki_tks_jar'], - deployer.master_dict['pki_tks_jar_link']) + deployer.symlink.create(deployer.mdict['pki_certsrv_jar'], + deployer.mdict['pki_certsrv_jar_link']) + deployer.symlink.create(deployer.mdict['pki_cmsbundle'], + deployer.mdict['pki_cmsbundle_jar_link']) + deployer.symlink.create(deployer.mdict['pki_cmscore'], + deployer.mdict['pki_cmscore_jar_link']) + deployer.symlink.create(deployer.mdict['pki_cms'], + deployer.mdict['pki_cms_jar_link']) + deployer.symlink.create(deployer.mdict['pki_cmsutil'], + deployer.mdict['pki_cmsutil_jar_link']) + deployer.symlink.create(deployer.mdict['pki_nsutil'], + deployer.mdict['pki_nsutil_jar_link']) + if deployer.mdict['pki_subsystem'] == "CA": + deployer.symlink.create(deployer.mdict['pki_ca_jar'], + deployer.mdict['pki_ca_jar_link']) + elif deployer.mdict['pki_subsystem'] == "KRA": + deployer.symlink.create(deployer.mdict['pki_kra_jar'], + deployer.mdict['pki_kra_jar_link']) + elif deployer.mdict['pki_subsystem'] == "OCSP": + deployer.symlink.create(deployer.mdict['pki_ocsp_jar'], + deployer.mdict['pki_ocsp_jar_link']) + elif deployer.mdict['pki_subsystem'] == "TKS": + deployer.symlink.create(deployer.mdict['pki_tks_jar'], + deployer.mdict['pki_tks_jar_link']) # set ownerships, permissions, and acls - deployer.directory.set_mode(deployer.master_dict['pki_tomcat_webapps_subsystem_path']) + deployer.directory.set_mode(deployer.mdict['pki_tomcat_webapps_subsystem_path']) # Copy web application context file # from /usr/share/pki/<subsystem>/conf/Catalina/localhost/<subsystem>.xml @@ -129,34 +129,34 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): deployer.file.copy( os.path.join( config.PKI_DEPLOYMENT_SOURCE_ROOT, - deployer.master_dict['pki_subsystem'].lower(), + deployer.mdict['pki_subsystem'].lower(), "conf", "Catalina", "localhost", - deployer.master_dict['pki_subsystem'].lower() + ".xml"), + deployer.mdict['pki_subsystem'].lower() + ".xml"), os.path.join( - deployer.master_dict['pki_instance_configuration_path'], + deployer.mdict['pki_instance_configuration_path'], "Catalina", "localhost", - deployer.master_dict['pki_subsystem'].lower() + ".xml")) + deployer.mdict['pki_subsystem'].lower() + ".xml")) return self.rv def destroy(self, deployer): - if deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: config.pki_log.info(log.WEBAPP_DEPLOYMENT_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) # Delete <instance>/conf/Catalina/localhost/<subsystem>.xml deployer.file.delete( os.path.join( - deployer.master_dict['pki_instance_configuration_path'], + deployer.mdict['pki_instance_configuration_path'], "Catalina", "localhost", - deployer.master_dict['pki_subsystem'].lower() + ".xml")) + deployer.mdict['pki_subsystem'].lower() + ".xml")) # For subsystems other than TPS, delete <instance>/webapps/<subsystem>. - if deployer.master_dict['pki_subsystem'] != "TPS": - deployer.directory.delete(deployer.master_dict['pki_tomcat_webapps_subsystem_path']) + if deployer.mdict['pki_subsystem'] != "TPS": + deployer.directory.delete(deployer.mdict['pki_tomcat_webapps_subsystem_path']) return self.rv diff --git a/base/server/sbin/pkidestroy b/base/server/sbin/pkidestroy index 16479f9fd..e9eadf9ba 100755 --- a/base/server/sbin/pkidestroy +++ b/base/server/sbin/pkidestroy @@ -230,18 +230,18 @@ def main(argv): # Combine the various sectional dictionaries into a PKI master dictionary parser.compose_pki_master_dictionary() - parser.pki_master_dict['pki_destroy_log'] = config.pki_log_dir + "/" +\ + parser.mdict['pki_destroy_log'] = config.pki_log_dir + "/" +\ config.pki_log_name config.pki_log.debug(log.PKI_DICTIONARY_MASTER, extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pkilogging.log_format(parser.pki_master_dict), + config.pki_log.debug(pkilogging.log_format(parser.mdict), extra=config.PKI_INDENTATION_LEVEL_0) print "Uninstalling " + config.pki_subsystem + " from " + deployed_pki_instance_path + "." # Process the various "scriptlets" to remove the specified PKI subsystem. - pki_subsystem_scriptlets = parser.pki_master_dict['destroy_scriplets'].split() - deployer = util.PKIDeployer(parser.pki_master_dict) + pki_subsystem_scriptlets = parser.mdict['destroy_scriplets'].split() + deployer = util.PKIDeployer(parser.mdict) rv = 0 for pki_scriptlet in pki_subsystem_scriptlets: scriptlet = __import__("pki.server.deployment.scriptlets." + @@ -253,7 +253,7 @@ def main(argv): sys.exit(1) config.pki_log.debug(log.PKI_DICTIONARY_MASTER, extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pkilogging.log_format(parser.pki_master_dict), + config.pki_log.debug(pkilogging.log_format(parser.mdict), extra=config.PKI_INDENTATION_LEVEL_0) print diff --git a/base/server/sbin/pkispawn b/base/server/sbin/pkispawn index dd1c4e0be..809ab59d8 100755 --- a/base/server/sbin/pkispawn +++ b/base/server/sbin/pkispawn @@ -160,7 +160,7 @@ def main(argv): parser.set_property(config.pki_subsystem, 'pki_client_database_password', admin_password) parser.set_property(config.pki_subsystem, 'pki_client_pkcs12_password', admin_password) - if parser.pki_master_dict['pki_import_admin_cert'] == 'True': + if parser.mdict['pki_import_admin_cert'] == 'True': import_cert = 'Y' else: import_cert = 'N' @@ -363,36 +363,36 @@ def main(argv): parser.compose_pki_slots_dictionary() config.pki_log.debug(log.PKI_DICTIONARY_SLOTS, extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pkilogging.log_format(parser.pki_slots_dict), + config.pki_log.debug(pkilogging.log_format(parser.slots_dict), extra=config.PKI_INDENTATION_LEVEL_0) # Combine the various sectional dictionaries into a PKI master dictionary parser.compose_pki_master_dictionary() - parser.pki_master_dict['pki_spawn_log'] = config.pki_log_dir + "/" + \ + parser.mdict['pki_spawn_log'] = config.pki_log_dir + "/" + \ config.pki_log_name config.pki_log.debug(log.PKI_DICTIONARY_MASTER, extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pkilogging.log_format(parser.pki_master_dict), + config.pki_log.debug(pkilogging.log_format(parser.mdict), extra=config.PKI_INDENTATION_LEVEL_0) if not interactive and\ - not config.str2bool(parser.pki_master_dict['pki_skip_configuration']): + not config.str2bool(parser.mdict['pki_skip_configuration']): try: # Verify existence of Directory Server Password - if not parser.pki_master_dict.has_key('pki_ds_password') or\ - not len(parser.pki_master_dict['pki_ds_password']): + if not parser.mdict.has_key('pki_ds_password') or\ + not len(parser.mdict['pki_ds_password']): config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_ds_password", - parser.pki_master_dict['pki_user_deployment_cfg'], + parser.mdict['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_0) sys.exit(1) parser.ds_verify_configuration() if parser.ds_base_dn_exists() and\ - not config.str2bool(parser.pki_master_dict['pki_ds_remove_data']): + not config.str2bool(parser.mdict['pki_ds_remove_data']): print 'ERROR: Base DN already exists.' sys.exit(1) @@ -402,20 +402,20 @@ def main(argv): if ((config.pki_subsystem == "KRA" or config.pki_subsystem == "OCSP") and - not config.str2bool(parser.pki_master_dict['pki_standalone'])) or\ + not config.str2bool(parser.mdict['pki_standalone'])) or\ config.pki_subsystem == "TKS" or\ config.pki_subsystem == "TPS" or\ - config.str2bool(parser.pki_master_dict['pki_clone']) or\ + config.str2bool(parser.mdict['pki_clone']) or\ (config.pki_subsystem == "CA" and - config.str2bool(parser.pki_master_dict['pki_subordinate'])): + config.str2bool(parser.mdict['pki_subordinate'])): try: # Verify existence of Security Domain Password - if not parser.pki_master_dict.has_key('pki_security_domain_password') or\ - not len(parser.pki_master_dict['pki_security_domain_password']): + if not parser.mdict.has_key('pki_security_domain_password') or\ + not len(parser.mdict['pki_security_domain_password']): config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_security_domain_password", - parser.pki_master_dict['pki_user_deployment_cfg'], + parser.mdict['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_0) sys.exit(1) @@ -432,11 +432,11 @@ def main(argv): print('ERROR: Unable to access security domain: ' + str(e)) sys.exit(1) - print "Installing " + config.pki_subsystem + " into " + parser.pki_master_dict['pki_instance_path'] + "." + print "Installing " + config.pki_subsystem + " into " + parser.mdict['pki_instance_path'] + "." # Process the various "scriptlets" to create the specified PKI subsystem. - pki_subsystem_scriptlets = parser.pki_master_dict['spawn_scriplets'].split() - deployer = util.PKIDeployer(parser.pki_master_dict, parser.pki_slots_dict) + pki_subsystem_scriptlets = parser.mdict['spawn_scriplets'].split() + deployer = util.PKIDeployer(parser.mdict, parser.slots_dict) rv = 0 for pki_scriptlet in pki_subsystem_scriptlets: scriptlet = __import__("pki.server.deployment.scriptlets." + @@ -458,41 +458,41 @@ def main(argv): sys.exit(1) config.pki_log.debug(log.PKI_DICTIONARY_MASTER, extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pkilogging.log_format(parser.pki_master_dict), + config.pki_log.debug(pkilogging.log_format(parser.mdict), extra=config.PKI_INDENTATION_LEVEL_0) - print_install_information(parser.pki_master_dict) + print_install_information(parser.mdict) -def print_install_information(pki_master_dict): +def print_install_information(mdict): - skip_configuration = config.str2bool(pki_master_dict['pki_skip_configuration']) + skip_configuration = config.str2bool(mdict['pki_skip_configuration']) print log.PKI_SPAWN_INFORMATION_HEADER if skip_configuration: - print log.PKI_CONFIGURATION_URL_1 % pki_master_dict['pki_configuration_url'] + print log.PKI_CONFIGURATION_URL_1 % mdict['pki_configuration_url'] print print log.PKI_CONFIGURATION_RESTART_1 % \ - pki_master_dict['pki_registry_initscript_command'] + mdict['pki_registry_initscript_command'] else: - print " Administrator's username: %s" % pki_master_dict['pki_admin_uid'] - if os.path.isfile(pki_master_dict['pki_client_admin_cert_p12']): - print " Administrator's PKCS #12 file:\n %s" % pki_master_dict['pki_client_admin_cert_p12'] - if not config.str2bool(pki_master_dict['pki_client_database_purge']): + print " Administrator's username: %s" % mdict['pki_admin_uid'] + if os.path.isfile(mdict['pki_client_admin_cert_p12']): + print " Administrator's PKCS #12 file:\n %s" % mdict['pki_client_admin_cert_p12'] + if not config.str2bool(mdict['pki_client_database_purge']): print - print " Administrator's certificate nickname:\n %s" % pki_master_dict['pki_admin_nickname'] - print " Administrator's certificate database:\n %s" % pki_master_dict['pki_client_database_dir'] + print " Administrator's certificate nickname:\n %s" % mdict['pki_admin_nickname'] + print " Administrator's certificate database:\n %s" % mdict['pki_client_database_dir'] print - print log.PKI_CHECK_STATUS_MESSAGE % pki_master_dict['pki_instance_name'] - print log.PKI_INSTANCE_RESTART_MESSAGE % pki_master_dict['pki_instance_name'] + print log.PKI_CHECK_STATUS_MESSAGE % mdict['pki_instance_name'] + print log.PKI_INSTANCE_RESTART_MESSAGE % mdict['pki_instance_name'] if (((config.pki_subsystem == "KRA" or config.pki_subsystem == "OCSP") and - config.str2bool(pki_master_dict['pki_standalone'])) and - not config.str2bool(pki_master_dict['pki_external_step_two'])): + config.str2bool(mdict['pki_standalone'])) and + not config.str2bool(mdict['pki_external_step_two'])): # Stand-alone PKI KRA/OCSP (External CA Step 1) print print log.PKI_CONFIGURATION_STANDALONE_1 % config.pki_subsystem else: - print log.PKI_ACCESS_URL % (pki_master_dict['pki_hostname'], - pki_master_dict['pki_https_port'], + print log.PKI_ACCESS_URL % (mdict['pki_hostname'], + mdict['pki_https_port'], config.pki_subsystem.lower()) print log.PKI_SPAWN_INFORMATION_FOOTER |