PKI Deployment Scriptlets

* Integration of Tomcat 7
* Introduction of dependency upon tomcatjss 7.0
* Removal of http filtering configuration mechanisms
* Introduction of additional slot substitution to
  support revised filesystem layout
* Addition of 'pkiuser' uid:gid creation methods
* Inclusion of per instance '*.profile' files
* Introduction of configurable 'configurationRoot'
  parameter
* Introduction of default configuration of 'log4j'
  mechanism (alee)
* Modify web.xml to use new Application classes to
  bootstrap servers (alee)
* Introduction of "Wrapper" logic to support
  Tomcat 6 --> Tomcat 7 API change (jmagne)
* Added jython helper function to allow attaching
  a remote java debugger (e. g. - eclipse)

1 files changed, 56 insertions, 13 deletions

diff --git a/base/deploy/src/scriptlets/configuration.py b/base/deploy/src/scriptlets/configuration.py
index f40573940..421e08dc0 100644
--- a/base/deploy/src/scriptlets/configuration.py
+++ b/base/deploy/src/scriptlets/configuration.py
@@ -36,9 +36,13 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
                             extra=config.PKI_INDENTATION_LEVEL_1)
         if not config.pki_dry_run_flag:
             util.directory.create(master['pki_client_path'], uid=0, gid=0)
+            # Since 'certutil' does NOT strip the 'token=' portion of
+            # the 'token=password' entries, create a client password file
+            # which ONLY contains the 'password' for the purposes of
+            # allowing 'certutil' to generate the security databases
             util.password.create_password_conf(
                 master['pki_client_password_conf'],
-                master['pki_client_pin'])
+                master['pki_client_pin'], pin_sans_token=True)
             util.directory.create(master['pki_client_database_path'],
                                   uid=0, gid=0)
             util.certutil.create_security_databases(
@@ -47,19 +51,60 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
                 master['pki_client_key_database'],
                 master['pki_client_secmod_database'],
                 password_file=master['pki_client_password_conf'])
-            util.symlink.create(
-                config.pki_master_dict['pki_systemd_service'],
-                config.pki_master_dict['pki_systemd_service_link'])
+            util.symlink.create(master['pki_systemd_service'],
+                                master['pki_systemd_service_link'])
         else:
+            # Since 'certutil' does NOT strip the 'token=' portion of
+            # the 'token=password' entries, create a client password file
+            # which ONLY contains the 'password' for the purposes of
+            # allowing 'certutil' to generate the security databases
             util.password.create_password_conf(
                 master['pki_client_password_conf'],
-                master['pki_client_pin'])
+                master['pki_client_pin'], pin_sans_token=True)
             util.certutil.create_security_databases(
                 master['pki_client_database_path'],
                 master['pki_client_cert_database'],
                 master['pki_client_key_database'],
                 master['pki_client_secmod_database'],
                 password_file=master['pki_client_password_conf'])
+        # Start/Restart this Apache/Tomcat PKI Process
+        if not config.pki_dry_run_flag:
+            if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS:
+                apache_instances = util.instance.apache_instances()
+                if apache_instances == 1:
+                    util.systemd.start()
+                elif apache_instances > 1:
+                    util.systemd.restart()
+            elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
+                # Optionally prepare to enable a java debugger
+                # (e. g. - 'eclipse'):
+                if config.str2bool(master['pki_enable_java_debugger']):
+                    config.prepare_for_an_external_java_debugger(
+                        master['pki_target_tomcat_conf_instance_id'])
+                tomcat_instances = util.instance.tomcat_instances()
+                if tomcat_instances == 1:
+                    util.systemd.start()
+                elif tomcat_instances > 1:
+                    util.systemd.restart()
+        else:
+            # ALWAYS display correct information (even during dry_run)
+            if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS:
+                apache_instances = util.instance.apache_instances()
+                if apache_instances == 0:
+                    util.systemd.start()
+                elif apache_instances > 0:
+                    util.systemd.restart()
+            elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
+                # Optionally prepare to enable a java debugger
+                # (e. g. - 'eclipse'):
+                if config.str2bool(master['pki_enable_java_debugger']):
+                    config.prepare_for_an_external_java_debugger(
+                        master['pki_target_tomcat_conf_instance_id'])
+                tomcat_instances = util.instance.tomcat_instances()
+                if tomcat_instances == 0:
+                    util.systemd.start()
+                elif tomcat_instances > 0:
+                    util.systemd.restart()
         # Pass control to the Java servlet via Jython 2.2 'configuration.jy'
         util.jython.invoke(master['pki_jython_configuration_scriptlet'])
         return self.rv
@@ -67,6 +112,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
     def respawn(self):
         config.pki_log.info(log.CONFIGURATION_RESPAWN_1, __name__,
                             extra=config.PKI_INDENTATION_LEVEL_1)
+        # ALWAYS Restart this Apache/Tomcat PKI Process
+        util.systemd.restart()
         return self.rv
 
     def destroy(self):
@@ -76,23 +123,19 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
             if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\
                util.instance.apache_instances() == 1:
                 util.directory.delete(master['pki_client_path'])
-                util.symlink.delete(
-                    config.pki_master_dict['pki_systemd_service_link'])
+                util.symlink.delete(master['pki_systemd_service_link'])
             elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\
                  util.instance.tomcat_instances() == 1:
                 util.directory.delete(master['pki_client_path'])
-                util.symlink.delete(
-                    config.pki_master_dict['pki_systemd_service_link'])
+                util.symlink.delete(master['pki_systemd_service_link'])
         else:
             # ALWAYS display correct information (even during dry_run)
             if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\
                util.instance.apache_instances() == 0:
                 util.directory.delete(master['pki_client_path'])
-                util.symlink.delete(
-                    config.pki_master_dict['pki_systemd_service_link'])
+                util.symlink.delete(master['pki_systemd_service_link'])
             elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\
                  util.instance.tomcat_instances() == 0:
                 util.directory.delete(master['pki_client_path'])
-                util.symlink.delete(
-                    config.pki_master_dict['pki_systemd_service_link'])
+                util.symlink.delete(master['pki_systemd_service_link'])
         return self.rv