diff options
author | Ade Lee <alee@redhat.com> | 2012-10-26 12:36:14 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2012-11-04 22:12:57 -0500 |
commit | db9537d210a20b90115374e5b406db6c9658bc3a (patch) | |
tree | 0adfb22bd00842c2e3cae2b46ddbf7caa313b19d /base/deploy/src/scriptlets/pkiparser.py | |
parent | d9a9e23aae83f1d3d6c0e5968097fde12cfff3d2 (diff) | |
download | pki-db9537d210a20b90115374e5b406db6c9658bc3a.tar.gz pki-db9537d210a20b90115374e5b406db6c9658bc3a.tar.xz pki-db9537d210a20b90115374e5b406db6c9658bc3a.zip |
Set paths for default instance
With this patch, it will be possible to install a default instance
simply by adding the passwords in the pkideployment.cfg. This file
can then be used without additional alteration to add subsystems to the
same instance, by re-running pkispawn against the config file.
The patch makes sure that cert nicknames, database and baseDN , admin users
and client db are unique per subsystem. An option is added to reuse the
existing server cert generated by the first subsystem and copy the
required data to all subsystems.
Ticket 379, 385
Diffstat (limited to 'base/deploy/src/scriptlets/pkiparser.py')
-rw-r--r-- | base/deploy/src/scriptlets/pkiparser.py | 52 |
1 files changed, 36 insertions, 16 deletions
diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py index d8fc6d98b..ac77c9f87 100644 --- a/base/deploy/src/scriptlets/pkiparser.py +++ b/base/deploy/src/scriptlets/pkiparser.py @@ -1369,7 +1369,8 @@ def compose_pki_master_dictionary(): config.pki_master_dict['pki_client_dir'] =\ os.path.join( "/tmp", - config.pki_master_dict['pki_instance_id'] + "_" + "client") + config.pki_master_dict['pki_instance_id'] + "_" +\ + config.pki_subsystem + "_" + "client") if not len(config.pki_master_dict['pki_client_database_dir']): config.pki_master_dict['pki_client_database_dir'] =\ os.path.join( @@ -1440,17 +1441,19 @@ def compose_pki_master_dictionary(): # config.pki_master_dict['pki_clone_pkcs12_path'] # config.pki_master_dict['pki_clone_uri'] # config.pki_master_dict['pki_security_domain_https_port'] - # config.pki_master_dict['pki_security_domain_user'] # config.pki_master_dict['pki_token_name'] # # The following variables are established via the specified PKI # deployment configuration file and potentially overridden below: # + # config.pki_master_dict['pki_security_domain_user'] # config.pki_master_dict['pki_issuing_ca'] # config.pki_master_dict['pki_security_domain_hostname'] # config.pki_master_dict['pki_security_domain_name'] # config.pki_master_dict['pki_subsystem_name'] # + if not len(config.pki_master_dict['pki_security_domain_user']): + config.pki_master_dict['pki_security_domain_user'] = "caadmin" if not len(config.pki_master_dict['pki_subsystem_name']): config.pki_master_dict['pki_subsystem_name'] =\ config.pki_subsystem + " " +\ @@ -1534,10 +1537,12 @@ def compose_pki_master_dictionary(): # place a master and clone on the same machine (the method # most often used for testing purposes) config.pki_master_dict['pki_ds_base_dn'] =\ - "o=" + config.pki_master_dict['pki_instance_id'] + "o=" + config.pki_master_dict['pki_instance_id'] +\ + "-" + config.pki_subsystem if not len(config.pki_master_dict['pki_ds_database']): config.pki_master_dict['pki_ds_database'] =\ - config.pki_master_dict['pki_instance_id'] + config.pki_master_dict['pki_instance_id'] +\ + "-" + config.pki_subsystem if not len(config.pki_master_dict['pki_ds_hostname']): # Guess that the Directory Server resides on the local host config.pki_master_dict['pki_ds_hostname'] =\ @@ -1592,17 +1597,23 @@ def compose_pki_master_dictionary(): # config.pki_master_dict['pki_admin_cert_request_type'] # config.pki_master_dict['pki_admin_dualkey'] # config.pki_master_dict['pki_admin_keysize'] - # config.pki_master_dict['pki_admin_name'] - # config.pki_master_dict['pki_admin_uid'] # # The following variables are established via the specified PKI # deployment configuration file and potentially overridden below: # + # config.pki_master_dict['pki_admin_name'] + # config.pki_master_dict['pki_admin_uid'] # config.pki_master_dict['pki_admin_email'] # config.pki_master_dict['pki_admin_nickname'] # config.pki_master_dict['pki_admin_subject_dn'] # config.pki_master_dict['pki_admin_profile_id'] = "caAdminCert" + if not len(config.pki_master_dict['pki_admin_uid']): + config.pki_master_dict['pki_admin_uid'] =\ + config.pki_subsystem.lower() + "admin" + if not len (config.pki_master_dict['pki_admin_name']): + config.pki_master_dict['pki_admin_name'] =\ + config.pki_master_dict['pki_admin_uid'] if not len(config.pki_master_dict['pki_admin_email']): config.pki_master_dict['pki_admin_email'] =\ config.pki_master_dict['pki_admin_name'] + "@" +\ @@ -1774,7 +1785,8 @@ def compose_pki_master_dictionary(): ['pki_ca_signing_nickname']): config.pki_master_dict['pki_ca_signing_nickname'] =\ "caSigningCert" + " " + "cert-" +\ - config.pki_master_dict['pki_instance_id'] + config.pki_master_dict['pki_instance_id'] + " " +\ + config.pki_subsystem # config.pki_master_dict['pki_ca_signing_subject_dn'] if config.str2bool(config.pki_master_dict['pki_external']): # External CA @@ -1841,7 +1853,8 @@ def compose_pki_master_dictionary(): ['pki_ocsp_signing_nickname']): config.pki_master_dict['pki_ocsp_signing_nickname'] =\ "ocspSigningCert" + " " + "cert-" +\ - config.pki_master_dict['pki_instance_id'] + config.pki_master_dict['pki_instance_id'] + " " +\ + config.pki_subsystem if config.str2bool(config.pki_master_dict['pki_external']): # External CA if not len(config.pki_master_dict\ @@ -1882,7 +1895,8 @@ def compose_pki_master_dictionary(): ['pki_ocsp_signing_nickname']): config.pki_master_dict['pki_ocsp_signing_nickname'] =\ "ocspSigningCert" + " " + "cert-" +\ - config.pki_master_dict['pki_instance_id'] + config.pki_master_dict['pki_instance_id'] + " " +\ + config.pki_subsystem if not len(config.pki_master_dict\ ['pki_ocsp_signing_subject_dn']): config.pki_master_dict['pki_ocsp_signing_subject_dn'] =\ @@ -1913,11 +1927,11 @@ def compose_pki_master_dictionary(): # config.pki_master_dict['pki_ssl_server_key_algorithm'] # config.pki_master_dict['pki_ssl_server_key_size'] # config.pki_master_dict['pki_ssl_server_key_type'] + # config.pki_master_dict['pki_ssl_server_nickname'] # # The following variables are established via the specified PKI # deployment configuration file and potentially overridden below: # - # config.pki_master_dict['pki_ssl_server_nickname'] # config.pki_master_dict['pki_ssl_server_subject_dn'] # config.pki_master_dict['pki_ssl_server_token'] # @@ -1979,7 +1993,8 @@ def compose_pki_master_dictionary(): if not len(config.pki_master_dict['pki_subsystem_nickname']): config.pki_master_dict['pki_subsystem_nickname'] =\ "subsystemCert" + " " + "cert-" +\ - config.pki_master_dict['pki_instance_id'] + config.pki_master_dict['pki_instance_id'] + " " +\ + config.pki_subsystem if not len(config.pki_master_dict['pki_subsystem_subject_dn']): if config.pki_master_dict['pki_subsystem'] == "RA": # PKI RA @@ -2004,7 +2019,8 @@ def compose_pki_master_dictionary(): if not len(config.pki_master_dict['pki_subsystem_nickname']): config.pki_master_dict['pki_subsystem_nickname'] =\ "subsystemCert" + " " + "cert-" +\ - config.pki_master_dict['pki_instance_id'] + config.pki_master_dict['pki_instance_id'] + " " +\ + config.pki_subsystem if not len(config.pki_master_dict['pki_subsystem_subject_dn']): if config.pki_master_dict['pki_subsystem'] == "CA": if config.str2bool( @@ -2085,7 +2101,8 @@ def compose_pki_master_dictionary(): ['pki_audit_signing_nickname']): config.pki_master_dict['pki_audit_signing_nickname'] =\ "auditSigningCert" + " " + "cert-" +\ - config.pki_master_dict['pki_instance_id'] + config.pki_master_dict['pki_instance_id'] +" " +\ + config.pki_subsystem if not len(config.pki_master_dict\ ['pki_audit_signing_subject_dn']): config.pki_master_dict['pki_audit_signing_subject_dn'] =\ @@ -2104,7 +2121,8 @@ def compose_pki_master_dictionary(): ['pki_audit_signing_nickname']): config.pki_master_dict['pki_audit_signing_nickname'] =\ "auditSigningCert" + " " + "cert-" +\ - config.pki_master_dict['pki_instance_id'] + config.pki_master_dict['pki_instance_id'] + " " +\ + config.pki_subsystem if not len(config.pki_master_dict\ ['pki_audit_signing_subject_dn']): if config.pki_master_dict['pki_subsystem'] == "CA": @@ -2186,7 +2204,8 @@ def compose_pki_master_dictionary(): ['pki_transport_nickname']): config.pki_master_dict['pki_transport_nickname'] =\ "transportCert" + " " + "cert-" +\ - config.pki_master_dict['pki_instance_id'] + config.pki_master_dict['pki_instance_id'] + " " +\ + config.pki_subsystem if not len(config.pki_master_dict\ ['pki_transport_subject_dn']): config.pki_master_dict['pki_transport_subject_dn']\ @@ -2229,7 +2248,8 @@ def compose_pki_master_dictionary(): if not len(config.pki_master_dict['pki_storage_nickname']): config.pki_master_dict['pki_storage_nickname'] =\ "storageCert" + " " + "cert-" +\ - config.pki_master_dict['pki_instance_id'] + config.pki_master_dict['pki_instance_id'] + " " +\ + config.pki_subsystem if not len(config.pki_master_dict\ ['pki_storage_subject_dn']): config.pki_master_dict['pki_storage_subject_dn']\ |