summaryrefslogtreecommitdiffstats
path: root/base/deploy/src/scriptlets/pkihelper.py
diff options
context:
space:
mode:
authorMatthew Harmsen <mharmsen@redhat.com>2012-07-24 11:28:29 -0700
committerMatthew Harmsen <mharmsen@redhat.com>2012-07-25 14:19:38 -0700
commit14243746edd14be2564b625c4a940c4723c168f1 (patch)
tree08a04fca8621eea207d3df1e55e56c931e1c4f64 /base/deploy/src/scriptlets/pkihelper.py
parentca401c4f9e30ab59cb12fc4098aec21b660f686f (diff)
downloadpki-14243746edd14be2564b625c4a940c4723c168f1.tar.gz
pki-14243746edd14be2564b625c4a940c4723c168f1.tar.xz
pki-14243746edd14be2564b625c4a940c4723c168f1.zip
PKI Deployment Scriptlets
* PKI TRAC Ticket #244 - Non-user-friendly message when deleting non-existent subsystem with pkidestroy * PKI TRAC Ticket #246 - Incorrect parameter names in pkispawn configuration * PKI TRAC Ticket #248 - pki_ds_database should not be a DN * PKI TRAC Ticket #249 - pki_ds_base_dn causing pkispawn failure * PKI TRAC Ticket #250 - Creating/removing custom instances should not require http/ajp ports * PKI TRAC Ticket #251 - Instance name may conflict with other files * PKI TRAC Ticket #253 - Fix pki-destroy removal of '/var/log/pki/{pki_instance_id}' directory . . . * PKI TRAC Ticket #254 - Dogtag 10: Fix spec file to build successfully via mock on Fedora 17 . . . * PKI TRAC Ticket #255 - Missing resteasy-atom-provider.jar * PKI TRAC Ticket #260 - Dogtag 10: Change the layout of 'pki_instance_id' . . .
Diffstat (limited to 'base/deploy/src/scriptlets/pkihelper.py')
-rw-r--r--base/deploy/src/scriptlets/pkihelper.py156
1 files changed, 117 insertions, 39 deletions
diff --git a/base/deploy/src/scriptlets/pkihelper.py b/base/deploy/src/scriptlets/pkihelper.py
index 1ceb65898..31877bf4f 100644
--- a/base/deploy/src/scriptlets/pkihelper.py
+++ b/base/deploy/src/scriptlets/pkihelper.py
@@ -305,6 +305,113 @@ class identity:
return pki_gid
+# PKI Deployment Namespace Class
+class namespace:
+ # Silently verify that the selected 'pki_instance_name' will
+ # NOT produce any namespace collisions
+ def collision_detection(self):
+ # Run simple checks for pre-existing namespace collisions
+ if os.path.exists(master['pki_instance_path']):
+ if os.path.exists(master['pki_subsystem_path']):
+ # Top-Level PKI base path collision
+ config.pki_log.error(
+ log.PKIHELPER_NAMESPACE_COLLISION_2,
+ master['pki_instance_id'],
+ master['pki_instance_path'],
+ extra=config.PKI_INDENTATION_LEVEL_2)
+ sys.exit(1)
+ else:
+ if os.path.exists(master['pki_target_tomcat_conf_instance_id']):
+ # Top-Level "/etc/sysconfig" path collision
+ config.pki_log.error(
+ log.PKIHELPER_NAMESPACE_COLLISION_2,
+ master['pki_instance_id'],
+ master['pki_target_tomcat_conf_instance_id'],
+ extra=config.PKI_INDENTATION_LEVEL_2)
+ sys.exit(1)
+ if os.path.exists(master['pki_cgroup_systemd_service']):
+ # Systemd cgroup path collision
+ config.pki_log.error(
+ log.PKIHELPER_NAMESPACE_COLLISION_2,
+ master['pki_instance_id'],
+ master['pki_cgroup_systemd_service_path'],
+ extra=config.PKI_INDENTATION_LEVEL_2)
+ sys.exit(1)
+ if os.path.exists(master['pki_cgroup_cpu_systemd_service']):
+ # Systemd cgroup CPU path collision
+ config.pki_log.error(
+ log.PKIHELPER_NAMESPACE_COLLISION_2,
+ master['pki_instance_id'],
+ master['pki_cgroup_cpu_systemd_service_path'],
+ extra=config.PKI_INDENTATION_LEVEL_2)
+ sys.exit(1)
+ if os.path.exists(master['pki_instance_log_path']) and\
+ os.path.exists(master['pki_subsystem_log_path']):
+ # Top-Level PKI log path collision
+ config.pki_log.error(
+ log.PKIHELPER_NAMESPACE_COLLISION_2,
+ master['pki_instance_id'],
+ master['pki_instance_log_path'],
+ extra=config.PKI_INDENTATION_LEVEL_2)
+ sys.exit(1)
+ if os.path.exists(master['pki_instance_configuration_path']) and\
+ os.path.exists(master['pki_subsystem_configuration_path']):
+ # Top-Level PKI configuration path collision
+ config.pki_log.error(
+ log.PKIHELPER_NAMESPACE_COLLISION_2,
+ master['pki_instance_id'],
+ master['pki_instance_configuration_path'],
+ extra=config.PKI_INDENTATION_LEVEL_2)
+ sys.exit(1)
+ if os.path.exists(master['pki_instance_registry_path']) and\
+ os.path.exists(master['pki_subsystem_registry_path']):
+ # Top-Level PKI registry path collision
+ config.pki_log.error(
+ log.PKIHELPER_NAMESPACE_COLLISION_2,
+ master['pki_instance_id'],
+ master['pki_instance_registry_path'],
+ extra=config.PKI_INDENTATION_LEVEL_2)
+ sys.exit(1)
+ # Run simple checks for reserved name namespace collisions
+ if master['pki_instance_id'] in config.PKI_BASE_RESERVED_NAMES:
+ # Top-Level PKI base path reserved name collision
+ config.pki_log.error(
+ log.PKIHELPER_NAMESPACE_RESERVED_NAME_2,
+ master['pki_instance_id'],
+ master['pki_instance_path'],
+ extra=config.PKI_INDENTATION_LEVEL_2)
+ sys.exit(1)
+ # No need to check for reserved name under Top-Level PKI log path
+ if master['pki_instance_id'] in config.PKI_CONFIGURATION_RESERVED_NAMES:
+ # Top-Level PKI configuration path reserved name collision
+ config.pki_log.error(
+ log.PKIHELPER_NAMESPACE_RESERVED_NAME_2,
+ master['pki_instance_id'],
+ master['pki_instance_configuration_path'],
+ extra=config.PKI_INDENTATION_LEVEL_2)
+ sys.exit(1)
+ if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS:
+ # Top-Level Apache PKI registry path reserved name collision
+ if master['pki_instance_id'] in\
+ config.PKI_APACHE_REGISTRY_RESERVED_NAMES:
+ config.pki_log.error(
+ log.PKIHELPER_NAMESPACE_RESERVED_NAME_2,
+ master['pki_instance_id'],
+ master['pki_instance_registry_path'],
+ extra=config.PKI_INDENTATION_LEVEL_2)
+ sys.exit(1)
+ elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
+ # Top-Level Tomcat PKI registry path reserved name collision
+ if master['pki_instance_id'] in\
+ config.PKI_TOMCAT_REGISTRY_RESERVED_NAMES:
+ config.pki_log.error(
+ log.PKIHELPER_NAMESPACE_RESERVED_NAME_2,
+ master['pki_instance_id'],
+ master['pki_instance_registry_path'],
+ extra=config.PKI_INDENTATION_LEVEL_2)
+ sys.exit(1)
+
+
# PKI Deployment Configuration File Class
class configuration_file:
def verify_sensitive_data(self):
@@ -346,22 +453,18 @@ class configuration_file:
sys.exit(1)
# Verify existence of PKCS #12 Password (ONLY for Clones)
if config.str2bool(master['pki_clone']):
- if not sensitive.has_key('pki_pkcs12_password') or\
- not len(sensitive['pki_pkcs12_password']):
+ if not sensitive.has_key('pki_clone_pkcs12_password') or\
+ not len(sensitive['pki_clone_pkcs12_password']):
config.pki_log.error(
- log.PKIHELPER_UNDEFINED_PKCS12_PASSWORD_1,
+ log.PKIHELPER_UNDEFINED_CLONE_PKCS12_PASSWORD_1,
config.pkideployment_cfg,
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# Verify existence of Security Domain Password File
- # (ONLY for Clones, Subordinate CA, KRA, OCSP, RA, TKS, or TPS)
+ # (ONLY for Clones, KRA, OCSP, TKS, or Subordinate CA)
if config.str2bool(master['pki_clone']) or\
- config.str2bool(master['pki_subordinate']) or\
- master['pki_subsystem'] == "KRA" or\
- master['pki_subsystem'] == "OCSP" or\
- master['pki_subsystem'] == "RA" or\
- master['pki_subsystem'] == "TKS" or\
- master['pki_subsystem'] == "TPS":
+ not master['pki_subsystem'] == "CA" or\
+ config.str2bool(master['pki_subordinate']):
if not sensitive.has_key('pki_security_domain_password') or\
not len(sensitive['pki_security_domain_password']):
config.pki_log.error(
@@ -407,16 +510,16 @@ class configuration_file:
def populate_non_default_ports(self):
if master['pki_http_port'] != \
- config.PKI_DEPLOYMENT_DEFAULT_HTTP_PORT:
+ config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTP_PORT:
ports.append(master['pki_http_port'])
if master['pki_https_port'] != \
- config.PKI_DEPLOYMENT_DEFAULT_HTTPS_PORT:
+ config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTPS_PORT:
ports.append(master['pki_https_port'])
if master['pki_tomcat_server_port'] != \
config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_SERVER_PORT:
ports.append(master['pki_tomcat_server_port'])
if master['pki_ajp_port'] != \
- config.PKI_DEPLOYMENT_DEFAULT_AJP_PORT:
+ config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_AJP_PORT:
ports.append(master['pki_ajp_port'])
return
@@ -574,32 +677,6 @@ class instance:
sys.exit(1)
return rv
- def verify_subsystem_exists(self):
- try:
- if not os.path.exists(master['pki_subsystem_path']):
- config.pki_log.error(log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2,
- master['pki_subsystem'],
- master['pki_instance_id'],
- extra=config.PKI_INDENTATION_LEVEL_1)
- sys.exit(1)
- except OSError as exc:
- config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
- sys.exit(1)
-
- def verify_subsystem_does_not_exist(self):
- try:
- if os.path.exists(master['pki_subsystem_path']):
- config.pki_log.error(log.PKI_SUBSYSTEM_ALREADY_EXISTS_2,
- master['pki_subsystem'],
- master['pki_instance_id'],
- extra=config.PKI_INDENTATION_LEVEL_1)
- sys.exit(1)
- except OSError as exc:
- config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra=config.PKI_INDENTATION_LEVEL_2)
- sys.exit(1)
-
# PKI Deployment Directory Class
class directory:
@@ -2099,6 +2176,7 @@ class jython:
# PKI Deployment Helper Class Instances
identity = identity()
+namespace = namespace()
configuration_file = configuration_file()
#xml_file = xml_file()
instance = instance()