summaryrefslogtreecommitdiffstats
path: root/base/deploy/src/scriptlets/pkiparser.py
diff options
context:
space:
mode:
authorMatthew Harmsen <mharmsen@redhat.com>2012-07-28 18:59:30 -0700
committerAde Lee <alee@redhat.com>2012-07-30 23:51:19 -0400
commitf589cc1e267d6d7b67a6463b4495b7a9c982669f (patch)
tree765428401ea3072d768b6d5f52f366e617bcc927 /base/deploy/src/scriptlets/pkiparser.py
parent2d427ce0008fb43ae9f6c02301ce6793a42904b9 (diff)
downloadpki-f589cc1e267d6d7b67a6463b4495b7a9c982669f.tar.gz
pki-f589cc1e267d6d7b67a6463b4495b7a9c982669f.tar.xz
pki-f589cc1e267d6d7b67a6463b4495b7a9c982669f.zip
PKI Deployment Scriptlets
* TRAC Ticket #263 - Dogtag 10: Fix 'pkidestroy' problem of sporadically "not" removing "/etc/sysconfig/{pki_instance_id}" . . . * TRAC Ticket #264 - Dogtag 10: Enable various other subsystems for configuration . . . * TRAC Ticket #261 - Dogtag 10: Revisit command-line options of 'pkispawn' and 'pkidestroy' . . . * TRAC Ticket #268 - Dogtag 10: Create a parameter for optional restart of configured PKI instance . . . * TRAC Ticket #270 - Dogtag 10: Add missing parameters to 'pkideployment.cfg' . . . * TRAC Ticket #265 - Dogtag 10: Provide configurable options for PKI client information . . . * TRAC Ticket #275 - Dogtag 10: Add debug information (comments) to Tomcat 7 "logging.properties" * TRAC Ticket #276 - Dogtag 10: Relocate all 'pin' data to the 'sensitive' dictionary * TRAC Ticket #277 - Dogtag 10: Create an 'archive' for 'manifest' and 'pkideployment.cfg' files * TRAC Ticket #278 - Dogtag 10: Fix Miscellaneous PKI Deployment Scriptlet Issues . . .
Diffstat (limited to 'base/deploy/src/scriptlets/pkiparser.py')
-rw-r--r--base/deploy/src/scriptlets/pkiparser.py654
1 files changed, 305 insertions, 349 deletions
diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py
index 6e1404180..e39b19700 100644
--- a/base/deploy/src/scriptlets/pkiparser.py
+++ b/base/deploy/src/scriptlets/pkiparser.py
@@ -24,6 +24,8 @@ import ConfigParser
import argparse
import logging
import os
+import random
+import string
import sys
import time
@@ -36,16 +38,20 @@ import pkimessages as log
# PKI Deployment Helper Functions
def process_command_line_arguments(argv):
"Read and process command-line options"
+ config.pki_deployment_executable = os.path.basename(argv[0])
description = None
- if os.path.basename(argv[0]) == 'pkispawn':
+ if config.pki_deployment_executable == 'pkispawn':
description = 'PKI Instance Installation and Configuration'
- elif os.path.basename(argv[0]) == 'pkidestroy':
+ epilog = log.PKISPAWN_EPILOG
+ elif config.pki_deployment_executable == 'pkidestroy':
description = 'PKI Instance Removal'
+ epilog = log.PKIDESTROY_EPILOG
parser = argparse.ArgumentParser(
description=description,
add_help=False,
formatter_class=argparse.RawDescriptionHelpFormatter,
- epilog=log.PKI_VERBOSITY)
+ epilog=epilog)
+ # Establish 'Mandatory' command-line options
mandatory = parser.add_argument_group('mandatory arguments')
mandatory.add_argument('-s',
dest='pki_subsystem', action='store',
@@ -53,12 +59,20 @@ def process_command_line_arguments(argv):
required=True, metavar='<subsystem>',
help='where <subsystem> is '
'CA, KRA, OCSP, RA, TKS, or TPS')
- if os.path.basename(argv[0]) == 'pkispawn':
+ if config.pki_deployment_executable == 'pkispawn':
mandatory.add_argument('-f',
dest='pkideployment_cfg', action='store',
nargs=1, required=True, metavar='<file>',
- help='specifies configuration filename')
-
+ help='configuration filename '
+ '(MUST specify complete path)')
+ elif config.pki_deployment_executable == 'pkidestroy':
+ mandatory.add_argument('-i',
+ dest='pki_deployed_instance_name',
+ action='store',
+ nargs=1, metavar='<instance>',
+ help='FORMAT: ${pki_instance_name}'
+ '[.${pki_admin_domain_name}]')
+ # Establish 'Optional' command-line options
optional = parser.add_argument_group('optional arguments')
optional.add_argument('--dry_run',
dest='pki_dry_run_flag', action='store_true',
@@ -66,73 +80,40 @@ def process_command_line_arguments(argv):
optional.add_argument('-h', '--help',
dest='help', action='help',
help='show this help message and exit')
- if os.path.basename(argv[0]) == 'pkispawn':
+ if config.pki_deployment_executable == 'pkispawn':
optional.add_argument('-u',
dest='pki_update_flag', action='store_true',
help='update instance of specified subsystem')
optional.add_argument('-v',
dest='pki_verbosity', action='count',
help='display verbose information (details below)')
- custom = parser.add_argument_group('custom arguments '
- '(OVERRIDES configuration file values)')
- if os.path.basename(argv[0]) == 'pkispawn':
- custom.add_argument('-i',
- dest='custom_pki_instance_name', action='store',
- nargs=1, metavar='<instance>',
- help='PKI instance name '
- '(MUST specify REQUIRED ports)')
- custom.add_argument('-d',
- dest='custom_pki_admin_domain_name', action='store',
- nargs=1, metavar='<admin_domain>',
- help='PKI admin domain name (instance name suffix)')
- custom.add_argument('--http_port',
- dest='custom_pki_http_port', action='store',
- nargs=1, metavar='<port>',
- help='HTTP port (CA, KRA, OCSP, RA, TKS, TPS)')
- custom.add_argument('--https_port',
- dest='custom_pki_https_port', action='store',
- nargs=1, metavar='<port>',
- help='HTTPS port (CA, KRA, OCSP, RA, TKS, TPS)')
- custom.add_argument('--ajp_port',
- dest='custom_pki_ajp_port', action='store',
- nargs=1, metavar='<port>',
- help='AJP port (CA, KRA, OCSP, TKS)')
- elif os.path.basename(argv[0]) == 'pkidestroy':
- custom.add_argument('-i',
- dest='custom_pki_instance_name', action='store',
- nargs=1, metavar='<instance>',
- help='PKI instance name')
- custom.add_argument('-d',
- dest='custom_pki_admin_domain_name', action='store',
- nargs=1, metavar='<admin_domain>',
- help='PKI admin domain name (instance name suffix)')
-
+ # Establish 'Test' command-line options
test = parser.add_argument_group('test arguments')
test.add_argument('-p',
dest='pki_root_prefix', action='store',
nargs=1, metavar='<prefix>',
help='directory prefix to specify local directory '
'[TEST ONLY]')
+ # Parse command-line options
args = parser.parse_args()
-
+ # Process 'Mandatory' command-line options
+ # '-s'
config.pki_subsystem = str(args.pki_subsystem).strip('[\']')
+ if config.pki_deployment_executable == 'pkispawn':
+ # '-f'
+ config.pkideployment_cfg = str(args.pkideployment_cfg).strip('[\']')
+ elif config.pki_deployment_executable == 'pkidestroy':
+ # '-i'
+ config.pki_deployed_instance_name =\
+ str(args.pki_deployed_instance_name).strip('[\']')
+ # Process 'Optional' command-line options
+ # '--dry_run'
if args.pki_dry_run_flag:
config.pki_dry_run_flag = args.pki_dry_run_flag
- if not args.pki_root_prefix is None:
- config.pki_root_prefix = str(args.pki_root_prefix).strip('[\']')
- if config.pki_root_prefix is None or\
- len(config.pki_root_prefix) == 0:
- config.pki_root_prefix = ""
- elif not os.path.exists(config.pki_root_prefix) or\
- not os.path.isdir(config.pki_root_prefix):
- print "ERROR: " +\
- log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 %\
- config.pki_root_prefix
- print
- parser.print_help()
- parser.exit(-1);
- if os.path.basename(argv[0]) == 'pkispawn':
+ if config.pki_deployment_executable == 'pkispawn':
+ # '-u'
config.pki_update_flag = args.pki_update_flag
+ # '-v'
if args.pki_verbosity == 1:
config.pki_jython_log_level = config.PKI_JYTHON_INFO_LOG_LEVEL
config.pki_console_log_level = logging.INFO
@@ -155,151 +136,47 @@ def process_command_line_arguments(argv):
config.pki_jython_log_level = config.PKI_JYTHON_WARNING_LOG_LEVEL
config.pki_console_log_level = logging.WARNING
config.pki_log_level = logging.INFO
- if not args.custom_pki_instance_name is None:
- config.custom_pki_instance_name =\
- str(args.custom_pki_instance_name).strip('[\']')
- if not args.custom_pki_admin_domain_name is None:
- config.custom_pki_admin_domain_name =\
- str(args.custom_pki_admin_domain_name).strip('[\']')
- if config.pki_subsystem in config.PKI_APACHE_SUBSYSTEMS:
- if not config.custom_pki_instance_name is None:
- default_pki_instance_name = config.custom_pki_instance_name
- else:
- default_pki_instance_name =\
- config.PKI_DEPLOYMENT_DEFAULT_APACHE_INSTANCE_NAME
- if not config.custom_pki_admin_domain_name is None:
- default_pki_instance_path =\
- config.pki_root_prefix +\
- config.PKI_DEPLOYMENT_BASE_ROOT + "/" +\
- default_pki_instance_name + "." +\
- config.custom_pki_admin_domain_name + "/" +\
- config.pki_subsystem.lower()
- else:
- default_pki_instance_path =\
- config.pki_root_prefix +\
- config.PKI_DEPLOYMENT_BASE_ROOT + "/" +\
- default_pki_instance_name + "/" +\
- config.pki_subsystem.lower()
- elif config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
- if not config.custom_pki_instance_name is None:
- default_pki_instance_name = config.custom_pki_instance_name
- else:
- default_pki_instance_name =\
- config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME
- if not config.custom_pki_admin_domain_name is None:
- default_pki_instance_path =\
- config.pki_root_prefix +\
- config.PKI_DEPLOYMENT_BASE_ROOT + "/" +\
- default_pki_instance_name + "." +\
- config.custom_pki_admin_domain_name + "/" +\
- config.pki_subsystem.lower()
- else:
- default_pki_instance_path =\
- config.pki_root_prefix +\
- config.PKI_DEPLOYMENT_BASE_ROOT + "/" +\
- default_pki_instance_name + "/" +\
- config.pki_subsystem.lower()
- if os.path.basename(argv[0]) == 'pkispawn':
- if args.pki_update_flag:
- # "respawn"
- if not os.path.exists(default_pki_instance_path):
- print "ERROR: " + log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2 %\
- (config.pki_subsystem, default_pki_instance_name)
- print
- parser.exit(-1);
- else:
- # "spawn"
- if os.path.exists(default_pki_instance_path):
- print "ERROR: " + log.PKI_SUBSYSTEM_ALREADY_EXISTS_2 %\
- (config.pki_subsystem, default_pki_instance_name)
- print
- parser.exit(-1);
- config.pkideployment_cfg = str(args.pkideployment_cfg).strip('[\']')
- if not args.custom_pki_http_port is None:
- config.custom_pki_http_port =\
- str(args.custom_pki_http_port).strip('[\']')
- if not args.custom_pki_https_port is None:
- config.custom_pki_https_port =\
- str(args.custom_pki_https_port).strip('[\']')
- if not args.custom_pki_ajp_port is None:
- if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
- config.custom_pki_ajp_port =\
- str(args.custom_pki_ajp_port).strip('[\']')
- else:
- print "ERROR: " +\
- log.PKI_CUSTOM_TOMCAT_AJP_PORT_1 %\
- config.pki_subsystem
- print
- parser.print_help()
- parser.exit(-1);
- if not args.custom_pki_instance_name is None or\
- not args.custom_pki_http_port is None or\
- not args.custom_pki_https_port is None or\
- not args.custom_pki_ajp_port is None:
- if config.pki_subsystem in config.PKI_APACHE_SUBSYSTEMS:
- if args.custom_pki_instance_name is None or\
- args.custom_pki_http_port is None or\
- args.custom_pki_https_port is None:
- print "ERROR: " + log.PKI_CUSTOM_APACHE_INSTANCE_1 %\
- config.pki_subsystem
- print
- parser.print_help()
- parser.exit(-1);
- elif config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
- if args.custom_pki_instance_name is None or\
- args.custom_pki_http_port is None or\
- args.custom_pki_https_port is None or\
- args.custom_pki_ajp_port is None:
- print "ERROR: " + log.PKI_CUSTOM_TOMCAT_INSTANCE_1 %\
- config.pki_subsystem
- print
- parser.print_help()
- parser.exit(-1);
- elif os.path.basename(argv[0]) == 'pkidestroy':
- # NOTE: When performing 'pkidestroy', a 'pki_instance_name' and/or
- # a 'pki_admin_domain_name' MUST be explicitly specified if
- # a PKI instance has NOT been installed in the default location
- # using the default PKI instance name!
- if not os.path.exists(default_pki_instance_path):
+ # Process 'Test' command-line options
+ # '-p'
+ if not args.pki_root_prefix is None:
+ config.pki_root_prefix = str(args.pki_root_prefix).strip('[\']')
+ # Validate command-line options
+ if config.pki_root_prefix is None or\
+ len(config.pki_root_prefix) == 0:
+ config.pki_root_prefix = ""
+ elif not os.path.exists(config.pki_root_prefix) or\
+ not os.path.isdir(config.pki_root_prefix):
+ print "ERROR: " +\
+ log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 %\
+ config.pki_root_prefix
+ print
+ parser.print_help()
+ parser.exit(-1);
+ if config.pki_deployment_executable == 'pkidestroy':
+ # verify that previously deployed instance exists
+ deployed_pki_instance_path = config.pki_root_prefix +\
+ config.PKI_DEPLOYMENT_BASE_ROOT + "/" +\
+ config.pki_deployed_instance_name
+ if not os.path.exists(deployed_pki_instance_path):
+ print "ERROR: " + log.PKI_INSTANCE_DOES_NOT_EXIST_1 %\
+ deployed_pki_instance_path
+ print
+ parser.exit(-1);
+ # verify that previously deployed subsystem for this instance exists
+ deployed_pki_subsystem_path = deployed_pki_instance_path + "/" +\
+ config.pki_subsystem.lower()
+ if not os.path.exists(deployed_pki_subsystem_path):
print "ERROR: " + log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2 %\
- (config.pki_subsystem, default_pki_instance_name)
+ (config.pki_subsystem, deployed_pki_instance_path)
print
parser.exit(-1);
- if config.pki_subsystem in config.PKI_APACHE_SUBSYSTEMS:
- if not config.custom_pki_admin_domain_name is None:
- default_pki_instance_registry_path =\
- config.pki_root_prefix +\
- config.PKI_DEPLOYMENT_REGISTRY_ROOT + "/" +\
- config.PKI_DEPLOYMENT_DEFAULT_APACHE_SERVICE_NAME + "/" +\
- default_pki_instance_name + "." +\
- config.custom_pki_admin_domain_name + "/" +\
- config.pki_subsystem.lower()
- else:
- default_pki_instance_registry_path =\
- config.pki_root_prefix +\
- config.PKI_DEPLOYMENT_REGISTRY_ROOT + "/" +\
- config.PKI_DEPLOYMENT_DEFAULT_APACHE_SERVICE_NAME + "/" +\
- default_pki_instance_name + "/" +\
- config.pki_subsystem.lower()
- elif config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
- if not config.custom_pki_admin_domain_name is None:
- default_pki_instance_registry_path =\
- config.pki_root_prefix +\
- config.PKI_DEPLOYMENT_REGISTRY_ROOT + "/" +\
- config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_SERVICE_NAME + "/" +\
- default_pki_instance_name + "." +\
- config.custom_pki_admin_domain_name + "/" +\
- config.pki_subsystem.lower()
- else:
- default_pki_instance_registry_path =\
- config.pki_root_prefix +\
- config.PKI_DEPLOYMENT_REGISTRY_ROOT + "/" +\
- config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_SERVICE_NAME + "/" +\
- default_pki_instance_name + "/" +\
- config.pki_subsystem.lower()
+ # establish complete path to previously deployed configuration file
config.pkideployment_cfg =\
- default_pki_instance_registry_path + "/" +\
+ deployed_pki_subsystem_path + "/" +\
+ "registry" + "/" +\
+ config.pki_subsystem.lower() + "/" +\
config.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE
+ # always verify that configuration file exists
if not os.path.exists(config.pkideployment_cfg) or\
not os.path.isfile(config.pkideployment_cfg):
print "ERROR: " +\
@@ -354,6 +231,8 @@ def compose_pki_master_dictionary():
try:
config.pki_master_dict = dict()
# 'pkispawn'/'pkirespawn'/'pkidestroy' name/value pairs
+ config.pki_master_dict['pki_deployment_executable'] =\
+ config.pki_deployment_executable
config.pki_master_dict['pki_install_time'] = config.pki_install_time
config.pki_master_dict['pki_timestamp'] = config.pki_timestamp
config.pki_master_dict['pki_certificate_timestamp'] =\
@@ -362,13 +241,27 @@ def compose_pki_master_dictionary():
config.pki_master_dict['pki_hostname'] = config.pki_hostname
config.pki_master_dict['pki_dns_domainname'] =\
config.pki_dns_domainname
- config.pki_master_dict['pki_pin'] = config.pki_pin
- config.pki_master_dict['pki_client_pin'] = config.pki_client_pin
- config.pki_master_dict['pki_one_time_pin'] = config.pki_one_time_pin
config.pki_master_dict['pki_dry_run_flag'] = config.pki_dry_run_flag
config.pki_master_dict['pki_jython_log_level'] =\
config.pki_jython_log_level
config.pki_master_dict['pki_deployment_cfg'] = config.pkideployment_cfg
+ config.pki_master_dict['pki_deployed_instance_name'] =\
+ config.pki_deployed_instance_name
+ # Generate random 'pin's for use as security database passwords
+ # and add these to the "sensitive" key value pairs read in from
+ # the configuration file
+ pin_low = 100000000000
+ pin_high = 999999999999
+ config.pki_sensitive_dict['pki_pin'] =\
+ random.randint(pin_low, pin_high)
+ config.pki_sensitive_dict['pki_client_pin'] =\
+ random.randint(pin_low, pin_high)
+ # Generate a one-time pin to be used prior to configuration
+ # and add this to the "sensitive" key value pairs read in from
+ # the configuration file
+ config.pki_sensitive_dict['pki_one_time_pin'] =\
+ ''.join(random.choice(string.ascii_letters + string.digits)\
+ for x in range(20))
# Configuration file name/value pairs
# NEVER add "sensitive" key value pairs to the master dictionary!!!
config.pki_master_dict.update(config.pki_common_dict)
@@ -420,7 +313,7 @@ def compose_pki_master_dictionary():
# OLD: "pki-${pki_subsystem}"
# (e. g. Tomcat: "pki-ca", "pki-kra", "pki-ocsp", "pki-tks")
# (e. g. Apache: "pki-ra", "pki-tps")
- # NEW: "[${pki_admin_domain_name}-]${pki_instance_name}"
+ # NEW: "${pki_instance_name}[.${pki_admin_domain_name}]"
# (e. g. Tomcat: "pki-tomcat", "pki-tomcat.example.com")
# (e. g. Apache: "pki-apache", "pki-apache.example.com")
#
@@ -487,7 +380,7 @@ def compose_pki_master_dictionary():
"lib")
config.pki_master_dict['pki_tomcat_systemd'] =\
config.PKI_DEPLOYMENT_TOMCAT_SYSTEMD
- config.pki_master_dict['pki_war_path'] =\
+ config.pki_master_dict['pki_war_source_dir'] =\
os.path.join(config.PKI_DEPLOYMENT_SOURCE_ROOT,
config.pki_master_dict['pki_subsystem'].lower(),
"war")
@@ -496,8 +389,8 @@ def compose_pki_master_dictionary():
config.pki_master_dict['pki_subsystem'].lower(),
"webapps")
config.pki_master_dict['pki_war'] =\
- os.path.join(config.pki_master_dict['pki_war_path'],
- config.pki_master_dict['pki_war_name'])
+ os.path.join(config.pki_master_dict['pki_war_source_dir'],
+ config.pki_master_dict['pki_war_file'])
config.pki_master_dict['pki_source_catalina_properties'] =\
os.path.join(config.pki_master_dict['pki_source_shared_path'],
"catalina.properties")
@@ -932,6 +825,9 @@ def compose_pki_master_dictionary():
config.pki_master_dict['pki_subsystem_log_path'] =\
os.path.join(config.pki_master_dict['pki_instance_log_path'],
config.pki_master_dict['pki_subsystem'].lower())
+ config.pki_master_dict['pki_subsystem_archive_log_path'] =\
+ os.path.join(config.pki_master_dict['pki_subsystem_log_path'],
+ "archive")
# Instance-based PKI subsystem configuration name/value pairs
config.pki_master_dict['pki_subsystem_configuration_path'] =\
os.path.join(
@@ -983,6 +879,9 @@ def compose_pki_master_dictionary():
config.pki_master_dict['pki_subsystem_logs_link'] =\
os.path.join(config.pki_master_dict['pki_subsystem_path'],
"logs")
+ config.pki_master_dict['pki_subsystem_registry_link'] =\
+ os.path.join(config.pki_master_dict['pki_subsystem_path'],
+ "registry")
# PKI Target (war file) name/value pairs
if config.pki_master_dict['pki_subsystem'] in\
config.PKI_TOMCAT_SUBSYSTEMS:
@@ -1232,13 +1131,9 @@ def compose_pki_master_dictionary():
config.pki_master_dict['PKI_AJP_REDIRECT_PORT_SLOT'] =\
config.pki_master_dict['pki_https_port']
config.pki_master_dict['PKI_CERT_DB_PASSWORD_SLOT'] =\
- config.pki_master_dict['pki_pin']
+ config.pki_sensitive_dict['pki_pin']
config.pki_master_dict['PKI_CFG_PATH_NAME_SLOT'] =\
config.pki_master_dict['pki_target_cs_cfg']
- config.pki_master_dict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] =\
- "-->"
- config.pki_master_dict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] =\
- "-->"
config.pki_master_dict\
['PKI_CLOSE_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] =\
"-->"
@@ -1272,10 +1167,6 @@ def compose_pki_master_dictionary():
"tomcat")
config.pki_master_dict['PKI_MACHINE_NAME_SLOT'] =\
config.pki_master_dict['pki_hostname']
- config.pki_master_dict['PKI_OPEN_AJP_PORT_COMMENT_SLOT'] =\
- "<!--"
- config.pki_master_dict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] =\
- "<!--"
config.pki_master_dict\
['PKI_OPEN_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] =\
"<!--"
@@ -1285,14 +1176,34 @@ def compose_pki_master_dictionary():
config.pki_master_dict['PKI_PIDDIR_SLOT'] =\
os.path.join("/var/run/pki",
"tomcat")
- config.pki_master_dict['PKI_PROXY_SECURE_PORT_SLOT'] =\
- config.pki_master_dict['pki_proxy_https_port']
+ if config.str2bool(config.pki_master_dict['pki_enable_proxy']):
+ config.pki_master_dict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] =\
+ ""
+ config.pki_master_dict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] =\
+ ""
+ config.pki_master_dict['PKI_PROXY_SECURE_PORT_SLOT'] =\
+ config.pki_master_dict['pki_proxy_https_port']
+ config.pki_master_dict['PKI_PROXY_UNSECURE_PORT_SLOT'] =\
+ config.pki_master_dict['pki_proxy_http_port']
+ config.pki_master_dict['PKI_OPEN_AJP_PORT_COMMENT_SLOT'] =\
+ ""
+ config.pki_master_dict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] =\
+ ""
+ else:
+ config.pki_master_dict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] =\
+ "-->"
+ config.pki_master_dict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] =\
+ "-->"
+ config.pki_master_dict['PKI_PROXY_SECURE_PORT_SLOT'] = ""
+ config.pki_master_dict['PKI_PROXY_UNSECURE_PORT_SLOT'] = ""
+ config.pki_master_dict['PKI_OPEN_AJP_PORT_COMMENT_SLOT'] =\
+ "<!--"
+ config.pki_master_dict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] =\
+ "<!--"
config.pki_master_dict['PKI_TMPDIR_SLOT'] =\
config.pki_master_dict['pki_tomcat_tmpdir_path']
- config.pki_master_dict['PKI_PROXY_UNSECURE_PORT_SLOT'] =\
- config.pki_master_dict['pki_proxy_http_port']
config.pki_master_dict['PKI_RANDOM_NUMBER_SLOT'] =\
- config.pki_master_dict['pki_one_time_pin']
+ config.pki_sensitive_dict['pki_one_time_pin']
config.pki_master_dict['PKI_SECURE_PORT_SLOT'] =\
config.pki_master_dict['pki_https_port']
config.pki_master_dict['PKI_SECURE_PORT_CONNECTOR_NAME_SLOT'] =\
@@ -1427,72 +1338,58 @@ def compose_pki_master_dictionary():
"password.conf")
# Client NSS security database name/value pairs
#
- # The following variable is established via the specified PKI
+ # The following variables are established via the specified PKI
# deployment configuration file and is NOT redefined below:
#
# config.pki_sensitive_dict['pki_client_pkcs12_password']
+ # config.pki_master_dict['pki_client_database_purge']
#
- config.pki_master_dict['pki_client_path'] =\
- os.path.join(
- "/tmp",
- config.pki_master_dict['pki_instance_id'] + "_" + "client")
+ # The following variables are established via the specified PKI
+ # deployment configuration file and potentially overridden below:
+ #
+ # config.pki_sensitive_dict['pki_client_database_password']
+ # config.pki_master_dict['pki_client_dir']
+ #
+ if not len(config.pki_sensitive_dict['pki_client_database_password']):
+ # use randomly generated client 'pin'
+ config.pki_sensitive_dict['pki_client_database_password'] =\
+ str(config.pki_sensitive_dict['pki_client_pin'])
+ if not len(config.pki_master_dict['pki_client_dir']):
+ config.pki_master_dict['pki_client_dir'] =\
+ os.path.join(
+ "/tmp",
+ config.pki_master_dict['pki_instance_id'] + "_" + "client")
+ if not len(config.pki_master_dict['pki_client_database_dir']):
+ config.pki_master_dict['pki_client_database_dir'] =\
+ os.path.join(
+ config.pki_master_dict['pki_client_dir'],
+ "alias")
config.pki_master_dict['pki_client_password_conf'] =\
os.path.join(
- config.pki_master_dict['pki_client_path'],
+ config.pki_master_dict['pki_client_dir'],
"password.conf")
config.pki_master_dict['pki_client_pkcs12_password_conf'] =\
os.path.join(
- config.pki_master_dict['pki_client_path'],
+ config.pki_master_dict['pki_client_dir'],
"pkcs12_password.conf")
- config.pki_master_dict['pki_client_database_path'] =\
- os.path.join(
- config.pki_master_dict['pki_client_path'],
- "alias")
config.pki_master_dict['pki_client_cert_database'] =\
- os.path.join(config.pki_master_dict['pki_client_database_path'],
+ os.path.join(config.pki_master_dict['pki_client_database_dir'],
"cert8.db")
config.pki_master_dict['pki_client_key_database'] =\
- os.path.join(config.pki_master_dict['pki_client_database_path'],
+ os.path.join(config.pki_master_dict['pki_client_database_dir'],
"key3.db")
config.pki_master_dict['pki_client_secmod_database'] =\
- os.path.join(config.pki_master_dict['pki_client_database_path'],
+ os.path.join(config.pki_master_dict['pki_client_database_dir'],
"secmod.db")
- if config.pki_master_dict['pki_subsystem'] == "CA":
- config.pki_master_dict['pki_client_admin_cert'] = "ca_admin.cert"
- config.pki_master_dict['pki_client_admin_cert_p12'] =\
- os.path.join(
- config.pki_master_dict['pki_client_path'],
- "ca_admin_cert.p12")
- elif config.pki_master_dict['pki_subsystem'] == "KRA":
- config.pki_master_dict['pki_client_admin_cert'] = "kra_admin.cert"
- config.pki_master_dict['pki_client_admin_cert_p12'] =\
- os.path.join(
- config.pki_master_dict['pki_client_path'],
- "kra_admin_cert.p12")
- elif config.pki_master_dict['pki_subsystem'] == "OCSP":
- config.pki_master_dict['pki_client_admin_cert'] = "ocsp_admin.cert"
- config.pki_master_dict['pki_client_admin_cert_p12'] =\
- os.path.join(
- config.pki_master_dict['pki_client_path'],
- "ocsp_admin_cert.p12")
- elif config.pki_master_dict['pki_subsystem'] == "RA":
- config.pki_master_dict['pki_client_admin_cert'] = "ra_admin.cert"
- config.pki_master_dict['pki_client_admin_cert_p12'] =\
- os.path.join(
- config.pki_master_dict['pki_client_path'],
- "ra_admin_cert.p12")
- elif config.pki_master_dict['pki_subsystem'] == "TKS":
- config.pki_master_dict['pki_client_admin_cert'] = "tks_admin.cert"
- config.pki_master_dict['pki_client_admin_cert_p12'] =\
- os.path.join(
- config.pki_master_dict['pki_client_path'],
- "tks_admin_cert.p12")
- elif config.pki_master_dict['pki_subsystem'] == "TPS":
- config.pki_master_dict['pki_client_admin_cert'] = "tps_admin.cert"
- config.pki_master_dict['pki_client_admin_cert_p12'] =\
- os.path.join(
- config.pki_master_dict['pki_client_path'],
- "tps_admin_cert.p12")
+ config.pki_master_dict['pki_client_admin_cert'] =\
+ config.pki_master_dict['pki_subsystem'].lower() + "_" +\
+ "admin" + "." + "cert"
+ # NOTE: ALWAYS store the PKCS #12 "client" Admin Cert file
+ # in with the NSS "server" security databases
+ config.pki_master_dict['pki_client_admin_cert_p12'] =\
+ config.pki_master_dict['pki_database_path'] + "/" +\
+ config.pki_master_dict['pki_subsystem'].lower() + "_" +\
+ "admin" + "_" + "cert" + "." + "p12"
# Jython scriptlet name/value pairs
config.pki_master_dict['pki_jython_configuration_scriptlet'] =\
os.path.join(sys.prefix,
@@ -1510,6 +1407,7 @@ def compose_pki_master_dictionary():
# Jython scriptlet
# 'Security Domain' Configuration name/value pairs
# 'Subsystem Name' Configuration name/value pairs
+ # 'Token' Configuration name/value pairs
#
# Apache - [RA], [TPS]
# Tomcat - [CA], [KRA], [OCSP], [TKS]
@@ -1525,9 +1423,14 @@ def compose_pki_master_dictionary():
# The following variables are established via the specified PKI
# deployment configuration file and are NOT redefined below:
#
- # config.pki_master_dict['pki_security_domain_https_port']
+ # config.pki_sensitive_dict['pki_clone_pkcs12_password']
# config.pki_sensitive_dict['pki_security_domain_password']
+ # config.pki_sensitive_dict['pki_token_password']
+ # config.pki_master_dict['pki_clone_pkcs12_path']
+ # config.pki_master_dict['pki_clone_uri']
+ # config.pki_master_dict['pki_security_domain_https_port']
# config.pki_master_dict['pki_security_domain_user']
+ # config.pki_master_dict['pki_token_name']
#
# The following variables are established via the specified PKI
# deployment configuration file and potentially overridden below:
@@ -1536,7 +1439,23 @@ def compose_pki_master_dictionary():
# config.pki_master_dict['pki_security_domain_name']
# config.pki_master_dict['pki_subsystem_name']
#
- if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
+ if config.pki_subsystem in config.PKI_APACHE_SUBSYSTEMS:
+ # PKI RA or TPS
+ config.pki_master_dict['pki_security_domain_type'] = "existing"
+ if not len(config.pki_master_dict['pki_security_domain_hostname']):
+ # Guess that it is the local host
+ config.pki_master_dict['pki_security_domain_hostname'] =\
+ config.pki_master_dict['pki_hostname']
+ config.pki_master_dict['pki_security_domain_uri'] =\
+ "https" + "://" +\
+ config.pki_master_dict['pki_security_domain_hostname'] + ":" +\
+ config.pki_master_dict['pki_security_domain_https_port']
+ if not len(config.pki_master_dict['pki_security_domain_name']):
+ # Guess that security domain is on the local host
+ config.pki_master_dict['pki_security_domain_name'] =\
+ config.pki_master_dict['pki_dns_domainname'] +\
+ " " + "Security Domain"
+ elif config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
if config.pki_subsystem == "CA":
if config.str2bool(config.pki_master_dict['pki_external']):
# External CA
@@ -1591,6 +1510,12 @@ def compose_pki_master_dictionary():
"Subordinate CA" + " " +\
config.pki_master_dict['pki_hostname'] + " " +\
config.pki_master_dict['pki_https_port']
+ if not len(config.pki_master_dict\
+ ['pki_security_domain_name']):
+ # Guess that security domain is on the local host
+ config.pki_master_dict['pki_security_domain_name']\
+ = config.pki_master_dict['pki_dns_domainname']\
+ + " " + "Security Domain"
else:
# PKI or Cloned KRA, OCSP, or TKS
config.pki_master_dict['pki_security_domain_type'] = "existing"
@@ -1604,6 +1529,13 @@ def compose_pki_master_dictionary():
config.pki_master_dict['pki_security_domain_hostname'] +\
":" +\
config.pki_master_dict['pki_security_domain_https_port']
+ if not config.str2bool(config.pki_master_dict['pki_clone']):
+ if not len(config.pki_master_dict\
+ ['pki_security_domain_name']):
+ # Guess that security domain is on the local host
+ config.pki_master_dict['pki_security_domain_name'] =\
+ config.pki_master_dict['pki_dns_domainname'] +\
+ " " + "Security Domain"
if config.pki_subsystem == "KRA":
if config.str2bool(config.pki_master_dict['pki_clone']):
# Cloned KRA
@@ -1667,10 +1599,11 @@ def compose_pki_master_dictionary():
# The following variables are established via the specified PKI
# deployment configuration file and are NOT redefined below:
#
+ # config.pki_sensitive_dict['pki_ds_password']
+ # config.pki_master_dict['pki_clone_replication_security']
# config.pki_master_dict['pki_ds_bind_dn']
# config.pki_master_dict['pki_ds_ldap_port']
# config.pki_master_dict['pki_ds_ldaps_port']
- # config.pki_sensitive_dict['pki_ds_password']
# config.pki_master_dict['pki_ds_remove_data']
# config.pki_master_dict['pki_ds_secure_connection']
#
@@ -1692,6 +1625,20 @@ def compose_pki_master_dictionary():
config.pki_master_dict['pki_ds_hostname'] =\
config.pki_master_dict['pki_hostname']
# Jython scriptlet
+ # 'External CA' Configuration name/value pairs
+ #
+ # Tomcat - [External CA]
+ #
+ # The following variables are established via the specified PKI
+ # deployment configuration file and are NOT redefined below:
+ #
+ # config.pki_master_dict['pki_external_ca_cert_chain_path']
+ # config.pki_master_dict['pki_external_ca_cert_path']
+ # config.pki_master_dict['pki_external_csr_path']
+ # config.pki_master_dict['pki_external_step_two']
+ #
+
+ # Jython scriptlet
# 'Backup' Configuration name/value pairs
#
# Apache - [RA], [TPS]
@@ -1702,51 +1649,16 @@ def compose_pki_master_dictionary():
# The following variables are established via the specified PKI
# deployment configuration file and are NOT redefined below:
#
- # config.pki_master_dict['pki_backup_keys']
# config.pki_sensitive_dict['pki_backup_password']
- #
- # The following variables are established via the specified PKI
- # deployment configuration file and potentially overridden below:
- #
- # config.pki_master_dict['pki_backup_file']
+ # config.pki_master_dict['pki_backup_keys']
#
if config.str2bool(config.pki_master_dict['pki_backup_keys']):
- if not len(config.pki_master_dict['pki_backup_file']):
- if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
- if not config.str2bool(config.pki_master_dict['pki_clone']):
- if config.pki_master_dict['pki_subsystem'] == "CA":
- if config.str2bool(
- config.pki_master_dict['pki_external']):
- # External CA
- config.pki_master_dict['pki_backup_file'] =\
- "/tmp" + "/" + "externalca.p12" + "." +\
- config.pki_master_dict['pki_timestamp']
- elif config.str2bool(
- config.pki_master_dict['pki_subordinate']):
- # Subordinate CA
- config.pki_master_dict['pki_backup_file'] =\
- "/tmp" + "/" + "subca.p12" + "." +\
- config.pki_master_dict['pki_timestamp']
- else:
- # PKI CA
- config.pki_master_dict['pki_backup_file'] =\
- "/tmp" + "/" + "ca.p12" + "." +\
- config.pki_master_dict['pki_timestamp']
- elif config.pki_master_dict['pki_subsystem'] == "KRA":
- # PKI KRA
- config.pki_master_dict['pki_backup_file'] =\
- "/tmp" + "/" + "kra.p12" + "." +\
- config.pki_master_dict['pki_timestamp']
- elif config.pki_master_dict['pki_subsystem'] == "OCSP":
- # PKI OCSP
- config.pki_master_dict['pki_backup_file'] =\
- "/tmp" + "/" + "ocsp.p12" + "." +\
- config.pki_master_dict['pki_timestamp']
- elif config.pki_master_dict['pki_subsystem'] == "TKS":
- # PKI TKS
- config.pki_master_dict['pki_backup_file'] =\
- "/tmp" + "/" + "tks.p12" + "." +\
- config.pki_master_dict['pki_timestamp']
+ # NOTE: ALWAYS store the PKCS #12 backup keys file
+ # in with the NSS "server" security databases
+ config.pki_master_dict['pki_backup_keys_p12'] =\
+ config.pki_master_dict['pki_database_path'] + "/" +\
+ config.pki_master_dict['pki_subsystem'].lower() + "_" +\
+ "backup" + "_" + "keys" + "." + "p12"
# Jython scriptlet
# 'Admin Certificate' Configuration name/value pairs
#
@@ -1758,11 +1670,11 @@ def compose_pki_master_dictionary():
# The following variables are established via the specified PKI
# deployment configuration file and are NOT redefined below:
#
+ # config.pki_sensitive_dict['pki_admin_password']
# config.pki_master_dict['pki_admin_cert_request_type']
# config.pki_master_dict['pki_admin_dualkey']
# config.pki_master_dict['pki_admin_keysize']
# config.pki_master_dict['pki_admin_name']
- # config.pki_sensitive_dict['pki_admin_password']
# config.pki_master_dict['pki_admin_uid']
#
# The following variables are established via the specified PKI
@@ -1794,13 +1706,22 @@ def compose_pki_master_dictionary():
elif config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
if not config.str2bool(config.pki_master_dict['pki_clone']):
if config.pki_master_dict['pki_subsystem'] == "CA":
- # PKI CA, Subordinate CA, or External CA
- config.pki_master_dict['pki_admin_nickname'] =\
- "CA Administrator of Instance" + " " +\
- config.pki_master_dict['pki_instance_id'] +\
- "&#39;s" + " " +\
- config.pki_master_dict['pki_security_domain_name']\
- + " " + "ID"
+ if config.str2bool(
+ config.pki_master_dict['pki_external']):
+ # External CA
+ config.pki_master_dict['pki_admin_nickname'] =\
+ "CA Administrator of Instance" + " " +\
+ config.pki_master_dict['pki_instance_id'] +\
+ "&#39;s" + " " +\
+ "External CA ID"
+ else:
+ # PKI CA or Subordinate CA
+ config.pki_master_dict['pki_admin_nickname'] =\
+ "CA Administrator of Instance" + " " +\
+ config.pki_master_dict['pki_instance_id'] +\
+ "&#39;s" + " " +\
+ config.pki_master_dict\
+ ['pki_security_domain_name'] + " " + "ID"
elif config.pki_master_dict['pki_subsystem'] == "KRA":
# PKI KRA
config.pki_master_dict['pki_admin_nickname'] =\
@@ -1848,15 +1769,29 @@ def compose_pki_master_dictionary():
elif config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
if not config.str2bool(config.pki_master_dict['pki_clone']):
if config.pki_master_dict['pki_subsystem'] == "CA":
- # PKI CA, Subordinate CA, or External CA
- config.pki_master_dict['pki_admin_subject_dn'] =\
- "cn=" + "CA Administrator of Instance" + " " +\
- config.pki_master_dict['pki_instance_id'] + "," +\
- "uid=" + config.pki_master_dict['pki_admin_uid'] +\
- "," + "e=" +\
- config.pki_master_dict['pki_admin_email'] +\
- "," + "o=" +\
- config.pki_master_dict['pki_security_domain_name']
+ if config.str2bool(
+ config.pki_master_dict['pki_external']):
+ # External CA
+ config.pki_master_dict['pki_admin_subject_dn'] =\
+ "cn=" + "CA Administrator of Instance" + " " +\
+ config.pki_master_dict['pki_instance_id'] +\
+ "," + "uid=" +\
+ config.pki_master_dict['pki_admin_uid']\
+ + "," + "e=" +\
+ config.pki_master_dict['pki_admin_email'] +\
+ "," + "o=" + "External CA"
+ else:
+ # PKI CA or Subordinate CA
+ config.pki_master_dict['pki_admin_subject_dn'] =\
+ "cn=" + "CA Administrator of Instance" + " " +\
+ config.pki_master_dict['pki_instance_id'] +\
+ "," + "uid=" +\
+ config.pki_master_dict['pki_admin_uid']\
+ + "," + "e=" +\
+ config.pki_master_dict['pki_admin_email'] +\
+ "," + "o=" +\
+ config.pki_master_dict\
+ ['pki_security_domain_name']
elif config.pki_master_dict['pki_subsystem'] == "KRA":
# PKI KRA
config.pki_master_dict['pki_admin_subject_dn'] =\
@@ -1928,10 +1863,7 @@ def compose_pki_master_dictionary():
if not len(config.pki_master_dict\
['pki_ca_signing_subject_dn']):
config.pki_master_dict['pki_ca_signing_subject_dn']\
- = "cn=" + "External CA Signing Certificate" +\
- "," + "o=" +\
- config.pki_master_dict\
- ['pki_security_domain_name']
+ = "cn=" + "External CA Signing Certificate"
elif config.str2bool(
config.pki_master_dict['pki_subordinate']):
# Subordinate CA
@@ -1998,10 +1930,7 @@ def compose_pki_master_dictionary():
['pki_ocsp_signing_subject_dn']):
config.pki_master_dict\
['pki_ocsp_signing_subject_dn'] =\
- "cn=" + "External CA OCSP Signing Certificate"\
- + "," + "o=" +\
- config.pki_master_dict\
- ['pki_security_domain_name']
+ "cn=" + "External CA OCSP Signing Certificate"
elif config.str2bool(
config.pki_master_dict['pki_subordinate']):
# Subordinate CA
@@ -2086,10 +2015,18 @@ def compose_pki_master_dictionary():
"," + "o=" +\
config.pki_master_dict['pki_security_domain_name']
elif config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
- config.pki_master_dict['pki_ssl_server_subject_dn'] =\
- "cn=" + config.pki_master_dict['pki_hostname'] +\
- "," + "o=" +\
- config.pki_master_dict['pki_security_domain_name']
+ if config.pki_master_dict['pki_subsystem'] == "CA" and\
+ config.str2bool(config.pki_master_dict['pki_external']):
+ # External CA
+ config.pki_master_dict['pki_ssl_server_subject_dn'] =\
+ "cn=" + config.pki_master_dict['pki_hostname'] +\
+ "," + "o=" + "External CA"
+ else:
+ # PKI or Cloned CA, KRA, OCSP, TKS, or Subordinate CA
+ config.pki_master_dict['pki_ssl_server_subject_dn'] =\
+ "cn=" + config.pki_master_dict['pki_hostname'] +\
+ "," + "o=" +\
+ config.pki_master_dict['pki_security_domain_name']
config.pki_master_dict['pki_ssl_server_tag'] = "sslserver"
if not len(config.pki_master_dict['pki_ssl_server_token']):
config.pki_master_dict['pki_ssl_server_token'] =\
@@ -2156,10 +2093,7 @@ def compose_pki_master_dictionary():
config.pki_master_dict['pki_external']):
# External CA
config.pki_master_dict['pki_subsystem_subject_dn']\
- = "cn=" + "External CA Subsystem Certificate" +\
- "," + "o=" +\
- config.pki_master_dict\
- ['pki_security_domain_name']
+ = "cn=" + "External CA Subsystem Certificate"
elif config.str2bool(
config.pki_master_dict['pki_subordinate']):
# Subordinate CA
@@ -2261,10 +2195,7 @@ def compose_pki_master_dictionary():
# External CA
config.pki_master_dict\
['pki_audit_signing_subject_dn'] =\
- "cn=" + "External CA Audit Signing Certificate"\
- + "," + "o=" +\
- config.pki_master_dict\
- ['pki_security_domain_name']
+ "cn=" + "External CA Audit Signing Certificate"
elif config.str2bool(
config.pki_master_dict['pki_subordinate']):
# Subordinate CA
@@ -2392,6 +2323,31 @@ def compose_pki_master_dictionary():
if not len(config.pki_master_dict['pki_storage_token']):
config.pki_master_dict['pki_storage_token'] =\
"Internal Key Storage Token"
+ # Finalization name/value pairs
+ config.pki_master_dict['pki_deployment_cfg_replica'] =\
+ os.path.join(config.pki_master_dict['pki_subsystem_registry_path'],
+ config.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE)
+ config.pki_master_dict['pki_deployment_cfg_spawn_archive'] =\
+ config.pki_master_dict['pki_subsystem_archive_log_path'] + "/" +\
+ "spawn" + "_" +\
+ config.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE + "." +\
+ config.pki_master_dict['pki_timestamp']
+ config.pki_master_dict['pki_deployment_cfg_respawn_archive'] =\
+ config.pki_master_dict['pki_subsystem_archive_log_path'] + "/" +\
+ "respawn" + "_" +\
+ config.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE + "." +\
+ config.pki_master_dict['pki_timestamp']
+ config.pki_master_dict['pki_manifest'] =\
+ config.pki_master_dict['pki_subsystem_registry_path'] + "/" +\
+ "manifest"
+ config.pki_master_dict['pki_manifest_spawn_archive'] =\
+ config.pki_master_dict['pki_subsystem_archive_log_path'] + "/" +\
+ "spawn" + "_" + "manifest" + "." +\
+ config.pki_master_dict['pki_timestamp']
+ config.pki_master_dict['pki_manifest_respawn_archive'] =\
+ config.pki_master_dict['pki_subsystem_archive_log_path'] + "/" +\
+ "respawn" + "_" + "manifest" + "." +\
+ config.pki_master_dict['pki_timestamp']
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)