PKI Deployment Scriptlets

* TRAC Ticket #263 - Dogtag 10: Fix 'pkidestroy' problem of sporadically "not"
  removing "/etc/sysconfig/{pki_instance_id}" . . .
* TRAC Ticket #264 - Dogtag 10: Enable various other subsystems for
  configuration . . .
* TRAC Ticket #261 - Dogtag 10: Revisit command-line options of 'pkispawn' and
  'pkidestroy' . . .
* TRAC Ticket #268 - Dogtag 10: Create a parameter for optional restart of
  configured PKI instance . . .
* TRAC Ticket #270 - Dogtag 10: Add missing parameters to
  'pkideployment.cfg' . . .
* TRAC Ticket #265 - Dogtag 10: Provide configurable options for PKI client
  information . . .
* TRAC Ticket #275 - Dogtag 10: Add debug information (comments) to Tomcat 7
  "logging.properties"
* TRAC Ticket #276 - Dogtag 10: Relocate all 'pin' data to the 'sensitive'
  dictionary
* TRAC Ticket #277 - Dogtag 10: Create an 'archive' for 'manifest' and
  'pkideployment.cfg' files
* TRAC Ticket #278 - Dogtag 10: Fix Miscellaneous PKI Deployment Scriptlet
  Issues . . .

1 files changed, 56 insertions, 26 deletions

diff --git a/base/deploy/src/scriptlets/finalization.py b/base/deploy/src/scriptlets/finalization.py
index bceec67e0..ab66cd74a 100644
--- a/base/deploy/src/scriptlets/finalization.py
+++ b/base/deploy/src/scriptlets/finalization.py
@@ -35,23 +35,36 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
     def spawn(self):
         config.pki_log.info(log.FINALIZATION_SPAWN_1, __name__,
                             extra=config.PKI_INDENTATION_LEVEL_1)
-        # Save a copy of the configuration file used by this process
-        # (which may be used later by 'pkidestroy')
-        util.file.copy(config.pkideployment_cfg,
-                       master['pki_subsystem_registry_path'] +\
-                       "/" + config.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE)
-        # Save a timestamped copy of the installation manifest file
-        filename = master['pki_subsystem_registry_path'] + "/" +\
-                   "spawn" + "_" + "manifest" + "." +\
-                   master['pki_timestamp'] + "." + "csv"
-        config.pki_log.info(log.PKI_MANIFEST_MESSAGE_1, filename,
+        # For debugging/auditing purposes, save a timestamped copy of
+        # this configuration file in the subsystem archive
+        util.file.copy(master['pki_deployment_cfg_replica'],
+                       master['pki_deployment_cfg_spawn_archive'])
+        # Save a copy of the installation manifest file
+        config.pki_log.info(log.PKI_MANIFEST_MESSAGE_1, master['pki_manifest'],
                             extra=config.PKI_INDENTATION_LEVEL_2)
         # for record in manifest.database:
         #     print tuple(record)
         if not config.pki_dry_run_flag:
-            manifest.file.register(filename)
+            manifest.file.register(master['pki_manifest'])
             manifest.file.write()
-            util.file.modify(filename, silent=True)
+            util.file.modify(master['pki_manifest'], silent=True)
+        # Also, for debugging/auditing purposes, save a timestamped copy of
+        # this installation manifest file
+        util.file.copy(master['pki_manifest'],
+                       master['pki_manifest_spawn_archive'])
+        # Optionally, programmatically 'restart' the configured PKI instance
+        if config.str2bool(master['pki_restart_configured_instance']):
+            util.systemd.restart()
+        # Optionally, 'purge' the entire temporary client infrastructure
+        # including the client NSS security databases and password files
+        #
+        #     WARNING:  If the PKCS #12 file containing the Admin Cert was
+        #               placed under this infrastructure, it may accidentally
+        #               be deleted!
+        #
+        if config.str2bool(master['pki_client_database_purge']):
+            if util.directory.exists(master['pki_client_dir']):
+                util.directory.delete(master['pki_client_dir'])
         # Log final process messages
         config.pki_log.info(log.PKISPAWN_END_MESSAGE_2,
                             master['pki_subsystem'],
@@ -66,22 +79,39 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
                             extra=config.PKI_INDENTATION_LEVEL_1)
         # Save a copy of the configuration file used by this process
         # (which may be used later by 'pkidestroy')
-        util.file.copy(config.pkideployment_cfg,
-                       master['pki_subsystem_registry_path'] +\
-                       "/" + config.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE,
+        util.file.copy(master['pki_deployment_cfg'],
+                       master['pki_deployment_cfg_replica'],
                        overwrite_flag=True)
-        # Save a timestamped copy of the updated manifest file
-        filename = master['pki_subsystem_registry_path'] + "/" +\
-                   "respawn" + "_" + "manifest" + "." +\
-                   master['pki_timestamp'] + "." + "csv"
-        config.pki_log.info(log.PKI_MANIFEST_MESSAGE_1, filename,
+        # Also, for debugging/auditing purposes, save a timestamped copy of
+        # this configuration file in the subsystem archive
+        util.file.copy(master['pki_deployment_cfg_replica'],
+                       master['pki_deployment_cfg_respawn_archive'])
+        # Save a copy of the updated manifest file
+        config.pki_log.info(log.PKI_MANIFEST_MESSAGE_1, master['pki_manifest'],
                             extra=config.PKI_INDENTATION_LEVEL_2)
         # for record in manifest.database:
         #     print tuple(record)
         if not config.pki_dry_run_flag:
-            manifest.file.register(filename)
+            manifest.file.register(master['pki_manifest'])
             manifest.file.write()
-            util.file.modify(filename, silent=True)
+            util.file.modify(master['pki_manifest'], silent=True)
+        # Also, for debugging/auditing purposes, save a timestamped copy of
+        # this installation manifest file
+        util.file.copy(master['pki_manifest'],
+                       master['pki_manifest_respawn_archive'])
+        # Optionally, programmatically 'restart' the configured PKI instance
+        if config.str2bool(master['pki_restart_configured_instance']):
+            util.systemd.restart()
+        # Optionally, 'purge' the entire temporary client infrastructure
+        # including the client NSS security databases and password files
+        #
+        #     WARNING:  If the PKCS #12 file containing the Admin Cert was
+        #               placed under this infrastructure, it may accidentally
+        #               be deleted!
+        #
+        if config.str2bool(master['pki_client_database_purge']):
+            if util.directory.exists(master['pki_client_dir']):
+                util.directory.delete(master['pki_client_dir'])
         # Log final process messages
         config.pki_log.info(log.PKIRESPAWN_END_MESSAGE_2,
                             master['pki_subsystem'],
@@ -94,10 +124,6 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
     def destroy(self):
         config.pki_log.info(log.FINALIZATION_DESTROY_1, __name__,
                             extra=config.PKI_INDENTATION_LEVEL_1)
-        config.pki_log.info(log.PKIDESTROY_END_MESSAGE_2,
-                            master['pki_subsystem'],
-                            master['pki_instance_id'],
-                            extra=config.PKI_INDENTATION_LEVEL_0)
         if not config.pki_dry_run_flag:
             util.file.modify(master['pki_destroy_log'], silent=True)
         # Start this Apache/Tomcat PKI Process
@@ -116,4 +142,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
             elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\
                  util.instance.tomcat_instances() >= 0:
                 util.systemd.start()
+        config.pki_log.info(log.PKIDESTROY_END_MESSAGE_2,
+                            master['pki_subsystem'],
+                            master['pki_instance_id'],
+                            extra=config.PKI_INDENTATION_LEVEL_0)
         return self.rv