diff options
author | Matthew Harmsen <mharmsen@redhat.com> | 2012-07-19 01:04:54 -0700 |
---|---|---|
committer | Matthew Harmsen <mharmsen@redhat.com> | 2012-07-19 10:17:18 -0700 |
commit | 5b004df074027d1eba33c2f9038030406830cc3c (patch) | |
tree | c14cfe0d4123d6fa704d9f837f37d1688c15bf5c /base/deploy/src/scriptlets/pkiparser.py | |
parent | 3fcefc1b67e7afe0455267b3876d9e6ef47531cc (diff) | |
download | pki-5b004df074027d1eba33c2f9038030406830cc3c.tar.gz pki-5b004df074027d1eba33c2f9038030406830cc3c.tar.xz pki-5b004df074027d1eba33c2f9038030406830cc3c.zip |
PKI Deployment Scriptlets
* In 'catalina.properties', removed commented out jars
for each of the subsystems in the 'common.loader'
* In 'server.xml', removed the line containing a '1'
* Moved all parameters from the [Mandatory] and [Optional]
sections of the 'pkideployment.cfg' file to other more
appropriate sections (e.g. - [Common], [CA], [KRA], etc.),
and removed these sections and all of their associated
logic from the 'pki-deploy' package
* Resolved Dogtag TRAC Ticket #225
Dogtag 10: Move "pkispawn"/"pkidestroy" logs
* Removed all security domain references from
external CA logic
* Added new 'pki_subsystem_name' parameter to
'pkideployment.cfg' file, and applied logic
throughout 'pki-deploy'
* Added new error message in the case of an
unset DNS domain name, and replaced the
log message with a simple print in the
case of a 'domainname' exception
Diffstat (limited to 'base/deploy/src/scriptlets/pkiparser.py')
-rw-r--r-- | base/deploy/src/scriptlets/pkiparser.py | 94 |
1 files changed, 82 insertions, 12 deletions
diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py index 6c4574add..e824c8ac9 100644 --- a/base/deploy/src/scriptlets/pkiparser.py +++ b/base/deploy/src/scriptlets/pkiparser.py @@ -261,8 +261,6 @@ def read_pki_configuration_file(): parser.optionxform = str parser.read(config.pkideployment_cfg) config.pki_sensitive_dict = dict(parser._sections['Sensitive']) - config.pki_mandatory_dict = dict(parser._sections['Mandatory']) - config.pki_optional_dict = dict(parser._sections['Optional']) config.pki_common_dict = dict(parser._sections['Common']) if config.pki_subsystem == "CA": config.pki_web_server_dict = dict(parser._sections['Tomcat']) @@ -284,8 +282,6 @@ def read_pki_configuration_file(): config.pki_subsystem_dict = dict(parser._sections['TPS']) # Insert empty record into dictionaries for "pretty print" statements # NEVER print "sensitive" key value pairs!!! - config.pki_mandatory_dict[0] = None - config.pki_optional_dict[0] = None config.pki_common_dict[0] = None config.pki_web_server_dict[0] = None config.pki_subsystem_dict[0] = None @@ -316,8 +312,6 @@ def compose_pki_master_dictionary(): config.pki_master_dict['pki_deployment_cfg'] = config.pkideployment_cfg # Configuration file name/value pairs # NEVER add "sensitive" key value pairs to the master dictionary!!! - config.pki_master_dict.update(config.pki_mandatory_dict) - config.pki_master_dict.update(config.pki_optional_dict) config.pki_master_dict.update(config.pki_common_dict) config.pki_master_dict.update(config.pki_web_server_dict) config.pki_master_dict.update(config.pki_subsystem_dict) @@ -1435,6 +1429,7 @@ def compose_pki_master_dictionary(): config.pki_master_dict['pki_subsystem'].lower() + "/" + "pki" # Jython scriptlet # 'Security Domain' Configuration name/value pairs + # 'Subsystem Name' Configuration name/value pairs # # Apache - [RA], [TPS] # Tomcat - [CA], [KRA], [OCSP], [TKS] @@ -1459,16 +1454,19 @@ def compose_pki_master_dictionary(): # # config.pki_master_dict['pki_security_domain_hostname'] # config.pki_master_dict['pki_security_domain_name'] + # config.pki_master_dict['pki_subsystem_name'] # if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: if config.pki_subsystem == "CA": if config.str2bool(config.pki_master_dict['pki_external']): # External CA - config.pki_master_dict['pki_security_domain_type'] = "new" - if not len(config.pki_master_dict\ - ['pki_security_domain_name']): - config.pki_master_dict['pki_security_domain_name'] =\ - "External CA Security Domain" + # + # NOTE: External CA's DO NOT require a security domain + if not len(config.pki_master_dict['pki_subsystem_name']): + config.pki_master_dict['pki_subsystem_name'] =\ + "External CA" + " " +\ + config.pki_master_dict['pki_hostname'] + " " +\ + config.pki_master_dict['pki_https_port'] elif not config.str2bool(config.pki_master_dict['pki_clone'])\ and not\ config.str2bool(config.pki_master_dict['pki_subordinate']): @@ -1479,6 +1477,11 @@ def compose_pki_master_dictionary(): config.pki_master_dict['pki_security_domain_name'] =\ config.pki_master_dict['pki_dns_domainname'] +\ " " + "Security Domain" + if not len(config.pki_master_dict['pki_subsystem_name']): + config.pki_master_dict['pki_subsystem_name'] =\ + "PKI CA" + " " +\ + config.pki_master_dict['pki_hostname'] + " " +\ + config.pki_master_dict['pki_https_port'] else: # PKI Cloned or Subordinate CA config.pki_master_dict['pki_security_domain_type'] =\ @@ -1492,8 +1495,24 @@ def compose_pki_master_dictionary(): "https" + "://" +\ config.pki_master_dict['pki_security_domain_hostname']\ + ":" + config.pki_security_domain_https_port + if config.str2bool(config.pki_master_dict['pki_clone']): + # Cloned CA + if not\ + len(config.pki_master_dict['pki_subsystem_name']): + config.pki_master_dict['pki_subsystem_name'] =\ + "Cloned CA" + " " +\ + config.pki_master_dict['pki_hostname'] + " " +\ + config.pki_master_dict['pki_https_port'] + else: + # Subordinate CA + if not\ + len(config.pki_master_dict['pki_subsystem_name']): + config.pki_master_dict['pki_subsystem_name'] =\ + "Subordinate CA" + " " +\ + config.pki_master_dict['pki_hostname'] + " " +\ + config.pki_master_dict['pki_https_port'] else: - # PKI KRA, OCSP, or TKS + # PKI or Cloned KRA, OCSP, or TKS config.pki_master_dict['pki_security_domain_type'] = "existing" if not len(config.pki_master_dict\ ['pki_security_domain_hostname']): @@ -1505,6 +1524,57 @@ def compose_pki_master_dictionary(): config.pki_master_dict['pki_security_domain_hostname'] +\ ":" +\ config.pki_master_dict['pki_security_domain_https_port'] + if config.pki_subsystem == "KRA": + if config.str2bool(config.pki_master_dict['pki_clone']): + # Cloned KRA + if not\ + len(config.pki_master_dict['pki_subsystem_name']): + config.pki_master_dict['pki_subsystem_name'] =\ + "Cloned KRA" + " " +\ + config.pki_master_dict['pki_hostname'] + " " +\ + config.pki_master_dict['pki_https_port'] + else: + # PKI KRA + if not\ + len(config.pki_master_dict['pki_subsystem_name']): + config.pki_master_dict['pki_subsystem_name'] =\ + "PKI KRA" + " " +\ + config.pki_master_dict['pki_hostname'] + " " +\ + config.pki_master_dict['pki_https_port'] + elif config.pki_subsystem == "OCSP": + if config.str2bool(config.pki_master_dict['pki_clone']): + # Cloned OCSP + if not\ + len(config.pki_master_dict['pki_subsystem_name']): + config.pki_master_dict['pki_subsystem_name'] =\ + "Cloned OCSP" + " " +\ + config.pki_master_dict['pki_hostname'] + " " +\ + config.pki_master_dict['pki_https_port'] + else: + # PKI OCSP + if not\ + len(config.pki_master_dict['pki_subsystem_name']): + config.pki_master_dict['pki_subsystem_name'] =\ + "PKI OCSP" + " " +\ + config.pki_master_dict['pki_hostname'] + " " +\ + config.pki_master_dict['pki_https_port'] + elif config.pki_subsystem == "TKS": + if config.str2bool(config.pki_master_dict['pki_clone']): + # Cloned TKS + if not\ + len(config.pki_master_dict['pki_subsystem_name']): + config.pki_master_dict['pki_subsystem_name'] =\ + "Cloned TKS" + " " +\ + config.pki_master_dict['pki_hostname'] + " " +\ + config.pki_master_dict['pki_https_port'] + else: + # PKI TKS + if not\ + len(config.pki_master_dict['pki_subsystem_name']): + config.pki_master_dict['pki_subsystem_name'] =\ + "PKI TKS" + " " +\ + config.pki_master_dict['pki_hostname'] + " " +\ + config.pki_master_dict['pki_https_port'] # Jython scriptlet # 'Directory Server' Configuration name/value pairs # |