diff options
author | Matthew Harmsen <mharmsen@redhat.com> | 2012-07-03 17:52:33 -0700 |
---|---|---|
committer | Matthew Harmsen <mharmsen@redhat.com> | 2012-07-19 10:15:56 -0700 |
commit | 0ce6c97e4fe0e36786b78c273833b8f1dfbc12b4 (patch) | |
tree | 79c0152be9f49069e977d0156283dbed746e7cfb /base/deploy/src/scriptlets/configuration.py | |
parent | 32b2670ba16084896e10ae27f7ce7b50313e375a (diff) | |
download | pki-0ce6c97e4fe0e36786b78c273833b8f1dfbc12b4.tar.gz pki-0ce6c97e4fe0e36786b78c273833b8f1dfbc12b4.tar.xz pki-0ce6c97e4fe0e36786b78c273833b8f1dfbc12b4.zip |
PKI Deployment Scriptlets
* Integration of Tomcat 7
* Introduction of dependency upon tomcatjss 7.0
* Removal of http filtering configuration mechanisms
* Introduction of additional slot substitution to
support revised filesystem layout
* Addition of 'pkiuser' uid:gid creation methods
* Inclusion of per instance '*.profile' files
* Introduction of configurable 'configurationRoot'
parameter
* Introduction of default configuration of 'log4j'
mechanism (alee)
* Modify web.xml to use new Application classes to
bootstrap servers (alee)
* Introduction of "Wrapper" logic to support
Tomcat 6 --> Tomcat 7 API change (jmagne)
* Added jython helper function to allow attaching
a remote java debugger (e. g. - eclipse)
Diffstat (limited to 'base/deploy/src/scriptlets/configuration.py')
-rw-r--r-- | base/deploy/src/scriptlets/configuration.py | 69 |
1 files changed, 56 insertions, 13 deletions
diff --git a/base/deploy/src/scriptlets/configuration.py b/base/deploy/src/scriptlets/configuration.py index f40573940..421e08dc0 100644 --- a/base/deploy/src/scriptlets/configuration.py +++ b/base/deploy/src/scriptlets/configuration.py @@ -36,9 +36,13 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): extra=config.PKI_INDENTATION_LEVEL_1) if not config.pki_dry_run_flag: util.directory.create(master['pki_client_path'], uid=0, gid=0) + # Since 'certutil' does NOT strip the 'token=' portion of + # the 'token=password' entries, create a client password file + # which ONLY contains the 'password' for the purposes of + # allowing 'certutil' to generate the security databases util.password.create_password_conf( master['pki_client_password_conf'], - master['pki_client_pin']) + master['pki_client_pin'], pin_sans_token=True) util.directory.create(master['pki_client_database_path'], uid=0, gid=0) util.certutil.create_security_databases( @@ -47,19 +51,60 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): master['pki_client_key_database'], master['pki_client_secmod_database'], password_file=master['pki_client_password_conf']) - util.symlink.create( - config.pki_master_dict['pki_systemd_service'], - config.pki_master_dict['pki_systemd_service_link']) + util.symlink.create(master['pki_systemd_service'], + master['pki_systemd_service_link']) else: + # Since 'certutil' does NOT strip the 'token=' portion of + # the 'token=password' entries, create a client password file + # which ONLY contains the 'password' for the purposes of + # allowing 'certutil' to generate the security databases util.password.create_password_conf( master['pki_client_password_conf'], - master['pki_client_pin']) + master['pki_client_pin'], pin_sans_token=True) util.certutil.create_security_databases( master['pki_client_database_path'], master['pki_client_cert_database'], master['pki_client_key_database'], master['pki_client_secmod_database'], password_file=master['pki_client_password_conf']) + # Start/Restart this Apache/Tomcat PKI Process + if not config.pki_dry_run_flag: + if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: + apache_instances = util.instance.apache_instances() + if apache_instances == 1: + util.systemd.start() + elif apache_instances > 1: + util.systemd.restart() + elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + # Optionally prepare to enable a java debugger + # (e. g. - 'eclipse'): + if config.str2bool(master['pki_enable_java_debugger']): + config.prepare_for_an_external_java_debugger( + master['pki_target_tomcat_conf_instance_id']) + tomcat_instances = util.instance.tomcat_instances() + if tomcat_instances == 1: + util.systemd.start() + elif tomcat_instances > 1: + util.systemd.restart() + else: + # ALWAYS display correct information (even during dry_run) + if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: + apache_instances = util.instance.apache_instances() + if apache_instances == 0: + util.systemd.start() + elif apache_instances > 0: + util.systemd.restart() + elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + # Optionally prepare to enable a java debugger + # (e. g. - 'eclipse'): + if config.str2bool(master['pki_enable_java_debugger']): + config.prepare_for_an_external_java_debugger( + master['pki_target_tomcat_conf_instance_id']) + tomcat_instances = util.instance.tomcat_instances() + if tomcat_instances == 0: + util.systemd.start() + elif tomcat_instances > 0: + util.systemd.restart() # Pass control to the Java servlet via Jython 2.2 'configuration.jy' util.jython.invoke(master['pki_jython_configuration_scriptlet']) return self.rv @@ -67,6 +112,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def respawn(self): config.pki_log.info(log.CONFIGURATION_RESPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) + # ALWAYS Restart this Apache/Tomcat PKI Process + util.systemd.restart() return self.rv def destroy(self): @@ -76,23 +123,19 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ util.instance.apache_instances() == 1: util.directory.delete(master['pki_client_path']) - util.symlink.delete( - config.pki_master_dict['pki_systemd_service_link']) + util.symlink.delete(master['pki_systemd_service_link']) elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ util.instance.tomcat_instances() == 1: util.directory.delete(master['pki_client_path']) - util.symlink.delete( - config.pki_master_dict['pki_systemd_service_link']) + util.symlink.delete(master['pki_systemd_service_link']) else: # ALWAYS display correct information (even during dry_run) if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ util.instance.apache_instances() == 0: util.directory.delete(master['pki_client_path']) - util.symlink.delete( - config.pki_master_dict['pki_systemd_service_link']) + util.symlink.delete(master['pki_systemd_service_link']) elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ util.instance.tomcat_instances() == 0: util.directory.delete(master['pki_client_path']) - util.symlink.delete( - config.pki_master_dict['pki_systemd_service_link']) + util.symlink.delete(master['pki_systemd_service_link']) return self.rv |