diff options
| author | Endi Sukma Dewata <edewata@redhat.com> | 2012-12-18 14:46:41 -0500 |
|---|---|---|
| committer | Endi Sukma Dewata <edewata@redhat.com> | 2013-01-29 17:24:58 -0500 |
| commit | 53b6f1d1dabff720c68eb7615830476b97f973cc (patch) | |
| tree | beab24e89cde7d2a3337cf9e311add33ed689256 /base/deploy/src/scriptlets/pkiparser.py | |
| parent | a076bc976666f1713b3f2e3982f4700b88397e74 (diff) | |
| download | pki-ticket-380-7.tar.gz pki-ticket-380-7.tar.xz pki-ticket-380-7.zip | |
Added interactive subsystem installation.ticket-380-7
The pkispawn has been modified such that the configuration file
and subsystem type are optional. The pkidestroy has been modified
such that the instance name and subsystem type are optional.
If any of these options are not specified they will enter an
interactive mode.
Ticket #380
Diffstat (limited to 'base/deploy/src/scriptlets/pkiparser.py')
| -rw-r--r-- | base/deploy/src/scriptlets/pkiparser.py | 271 |
1 files changed, 180 insertions, 91 deletions
diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py index ba4f376da..cadd1402b 100644 --- a/base/deploy/src/scriptlets/pkiparser.py +++ b/base/deploy/src/scriptlets/pkiparser.py @@ -22,6 +22,7 @@ # System Imports import ConfigParser import argparse +import getpass import logging import os import random @@ -54,14 +55,15 @@ class PKIConfigParser: # Establish 'Mandatory' command-line options self.mandatory = self.arg_parser.add_argument_group('mandatory arguments') - self.mandatory.add_argument('-s', + + # Establish 'Optional' command-line options + self.optional = self.arg_parser.add_argument_group('optional arguments') + self.optional.add_argument('-s', dest='pki_subsystem', action='store', nargs=1, choices=config.PKI_SUBSYSTEMS, - required=True, metavar='<subsystem>', + metavar='<subsystem>', help='where <subsystem> is ' 'CA, KRA, OCSP, RA, TKS, or TPS') - # Establish 'Optional' command-line options - self.optional = self.arg_parser.add_argument_group('optional arguments') self.optional.add_argument('-h', '--help', dest='help', action='help', help='show this help message and exit') @@ -84,8 +86,6 @@ class PKIConfigParser: args = self.arg_parser.parse_args() # Process 'Mandatory' command-line options - # '-s' - config.pki_subsystem = str(args.pki_subsystem).strip('[\']') # Process 'Optional' command-line options # '-v' @@ -122,7 +122,7 @@ class PKIConfigParser: return args - def validate(self): + def initialize(self): # Validate command-line options if len(config.pki_root_prefix) > 0: @@ -145,15 +145,63 @@ class PKIConfigParser: self.arg_parser.print_help() self.arg_parser.exit(-1); - # verify user configuration file exists - if not os.path.exists(config.user_deployment_cfg) or\ - not os.path.isfile(config.user_deployment_cfg): - print "ERROR: " +\ - log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 %\ - config.user_deployment_cfg - print - self.arg_parser.print_help() - self.arg_parser.exit(-1); + if config.user_deployment_cfg: + # verify user configuration file exists + if not os.path.exists(config.user_deployment_cfg) or\ + not os.path.isfile(config.user_deployment_cfg): + print "ERROR: " +\ + log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 %\ + config.user_deployment_cfg + print + parser.arg_parser.print_help() + parser.arg_parser.exit(-1); + + + def initialize_config(self): + + # RESTEasy + resteasy_lib = subprocess.check_output(\ + 'source /etc/pki/pki.conf && echo $RESTEASY_LIB', + shell=True).strip() + + # arch dependent libpath + if config.pki_architecture == 64: + arch_java_lib = '/usr/lib64/java' + else: + arch_java_lib = '/usr/lib/java' + + if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: + default_instance_name = 'pki-tomcat' + default_http_port = '8080' + default_https_port = '8443' + else: + default_instance_name = 'pki-apache' + default_http_port = '80' + default_https_port = '443' + + self.pki_config = ConfigParser.SafeConfigParser({ + 'pki_instance_name': default_instance_name, + 'pki_http_port': default_http_port, + 'pki_https_port': default_https_port, + 'pki_dns_domainname': config.pki_dns_domainname, + 'pki_subsystem': config.pki_subsystem, + 'pki_subsystem_type': config.pki_subsystem.lower(), + 'pki_root_prefix' : config.pki_root_prefix, + 'resteasy_lib': resteasy_lib, + 'arch_java_lib': arch_java_lib, + 'home_dir': os.path.expanduser("~"), + 'pki_hostname': config.pki_hostname}) + + # Make keys case-sensitive! + self.pki_config.optionxform = str + + config.user_config = ConfigParser.SafeConfigParser() + config.user_config.optionxform = str + + with open(config.default_deployment_cfg) as f: + self.pki_config.readfp(f) + + self.flatten_master_dict() # The following code is based heavily upon @@ -180,83 +228,130 @@ class PKIConfigParser: return values + def set_property(self, section, property, value): + if section != "DEFAULT" and not self.pki_config.has_section(section): + self.pki_config.add_section(section) + self.pki_config.set(section, property, value) + self.flatten_master_dict() + + if section != "DEFAULT" and not config.user_config.has_section(section): + config.user_config.add_section(section) + config.user_config.set(section, property, value) + + + def read_text(self, message, + section=None, property=None, default=None, + options=None, sign=':', allowEmpty=True, caseSensitive=True, + indent=0): + + if default is None and not property is None: + default = config.pki_master_dict[property] + if default: + message = message + ' [' + default + ']' + message = ' ' * indent + message + sign + ' ' + + done = False + while not done: + value = raw_input(message) + value = value.strip() + + if len(value) == 0: # empty value + if allowEmpty: + value = default + done = True + break + + else: # non-empty value + if options is not None: + for v in options: + if caseSensitive: + if v == value: + done = True + break + else: + if v.lower() == value.lower(): + done = True + break + else: + done = True + break + + if section: + self.set_property(section, property, value) + + return value + + + def read_password(self, message, section=None, property=None, + verifyMessage=None, indent=0): + message = ' ' * indent + message + ': ' + verifyMessage = ' ' * indent + verifyMessage + ': ' + while True: + password = '' + while len(password) == 0: + password = getpass.getpass(prompt=message) + + verification = '' + while len(verification) == 0: + verification = getpass.getpass(prompt=verifyMessage) + + if password == verification: + break + else: + print ' ' * indent + 'Passwords do not match.' + + if section: + self.pki_config.set(section, property, password) + self.flatten_master_dict() + + if section != "DEFAULT" and not config.user_config.has_section(section): + config.user_config.add_section(section) + config.user_config.set(section, property, password) + + return password + def read_pki_configuration_file(self): "Read configuration file sections into dictionaries" rv = 0 try: - if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: - default_instance_name = 'pki-tomcat' - default_http_port = '8080' - default_https_port = '8443' - else: - default_instance_name = 'pki-apache' - default_http_port = '80' - default_https_port = '443' - - # RESTEasy - resteasy_lib = subprocess.check_output(\ - 'source /etc/pki/pki.conf && echo $RESTEASY_LIB', - shell=True).strip() - - # arch dependent libpath - if config.pki_architecture == 64: - arch_java_lib = '/usr/lib64/java' - else: - arch_java_lib = '/usr/lib/java' - - predefined_dict = {'pki_instance_name': default_instance_name, - 'pki_http_port': default_http_port, - 'pki_https_port': default_https_port, - 'pki_dns_domainname': config.pki_dns_domainname, - 'pki_subsystem' : config.pki_subsystem, - 'pki_subsystem_type': config.pki_subsystem.lower(), - 'pki_root_prefix' : config.pki_root_prefix, - 'resteasy_lib': resteasy_lib, - 'arch_java_lib': arch_java_lib, - 'home_dir': os.path.expanduser("~"), - 'pki_hostname': config.pki_hostname} - - self.pki_config = ConfigParser.SafeConfigParser(predefined_dict) - # Make keys case-sensitive! - self.pki_config.optionxform = str - self.pki_config.read([ - config.default_deployment_cfg, - config.user_deployment_cfg]) - config.pki_default_dict = dict(self.pki_config.items('DEFAULT')) - pkilogging.sensitive_parameters = config.pki_default_dict['sensitive_parameters'].split() - if config.pki_subsystem == "CA": - config.pki_web_server_dict = dict(self.pki_config.items('Tomcat')) - config.pki_subsystem_dict = dict(self.pki_config.items('CA')) - elif config.pki_subsystem == "KRA": - config.pki_web_server_dict = dict(self.pki_config.items('Tomcat')) - config.pki_subsystem_dict = dict(self.pki_config.items('KRA')) - elif config.pki_subsystem == "OCSP": - config.pki_web_server_dict = dict(self.pki_config.items('Tomcat')) - config.pki_subsystem_dict = dict(self.pki_config.items('OCSP')) - elif config.pki_subsystem == "RA": - config.pki_web_server_dict = dict(self.pki_config.items('Apache')) - config.pki_subsystem_dict = dict(self.pki_config.items('RA')) - elif config.pki_subsystem == "TKS": - config.pki_web_server_dict = dict(self.pki_config.items('Tomcat')) - config.pki_subsystem_dict = dict(self.pki_config.items('TKS')) - elif config.pki_subsystem == "TPS": - config.pki_web_server_dict = dict(self.pki_config.items('Apache')) - config.pki_subsystem_dict = dict(self.pki_config.items('TPS')) - # Insert empty record into dictionaries for "pretty print" statements - # NEVER print "sensitive" key value pairs!!! - config.pki_default_dict[0] = None - config.pki_web_server_dict[0] = None - config.pki_subsystem_dict[0] = None + if config.user_deployment_cfg: + print 'Reading configuration file ' + config.user_deployment_cfg + '.' + self.pki_config.read([config.user_deployment_cfg]) + except ConfigParser.ParsingError, err: print err rv = err return rv + def flatten_master_dict(self): + config.pki_master_dict.update(__name__="PKI Master Dictionary") + + default_dict = dict(self.pki_config.items('DEFAULT')) + default_dict[0] = None + config.pki_master_dict.update(default_dict) + + web_server_dict = None + if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: + if self.pki_config.has_section('Tomcat'): + web_server_dict = dict(self.pki_config.items('Tomcat')) + else: + if self.pki_config.has_section('Apache'): + web_server_dict = dict(self.pki_config.items('Apache')) + + if web_server_dict: + web_server_dict[0] = None + config.pki_master_dict.update(web_server_dict) + + if self.pki_config.has_section(config.pki_subsystem): + subsystem_dict = dict(self.pki_config.items(config.pki_subsystem)) + subsystem_dict[0] = None + config.pki_master_dict.update(subsystem_dict) + + def compose_pki_master_dictionary(self): "Create a single master PKI dictionary from the sectional dictionaries" try: - config.pki_master_dict = dict() # 'pkispawn'/'pkirespawn'/'pkidestroy' name/value pairs config.pki_master_dict['pki_deployment_executable'] =\ config.pki_deployment_executable @@ -280,12 +375,10 @@ class PKIConfigParser: random.randint(pin_low, pin_high) config.pki_master_dict['pki_client_pin'] =\ random.randint(pin_low, pin_high) - # Configuration file name/value pairs - # NEVER add "sensitive" key value pairs to the master dictionary!!! - config.pki_master_dict.update(config.pki_default_dict) - config.pki_master_dict.update(config.pki_web_server_dict) - config.pki_master_dict.update(config.pki_subsystem_dict) - config.pki_master_dict.update(__name__="PKI Master Dictionary") + + self.flatten_master_dict() + + pkilogging.sensitive_parameters = config.pki_master_dict['sensitive_parameters'].split() # PKI Target (slot substitution) name/value pairs config.pki_master_dict['pki_target_cs_cfg'] =\ @@ -783,11 +876,7 @@ class PKIConfigParser: "https" + "://" +\ config.pki_master_dict['pki_security_domain_hostname'] + ":" +\ config.pki_master_dict['pki_security_domain_https_port'] - if not len(config.pki_master_dict['pki_issuing_ca']): - # Guess that it is the same as the - # config.pki_master_dict['pki_security_domain_uri'] - config.pki_master_dict['pki_issuing_ca'] =\ - config.pki_master_dict['pki_security_domain_uri'] + elif config.str2bool(config.pki_master_dict['pki_external']): # External CA config.pki_master_dict['pki_security_domain_type'] = "new" |