diff options
| author | Ade Lee <alee@redhat.com> | 2012-10-26 12:36:14 -0400 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2012-11-04 22:12:57 -0500 |
| commit | db9537d210a20b90115374e5b406db6c9658bc3a (patch) | |
| tree | 0adfb22bd00842c2e3cae2b46ddbf7caa313b19d /base/deploy/src/scriptlets/security_databases.py | |
| parent | d9a9e23aae83f1d3d6c0e5968097fde12cfff3d2 (diff) | |
| download | pki-db9537d210a20b90115374e5b406db6c9658bc3a.tar.gz pki-db9537d210a20b90115374e5b406db6c9658bc3a.tar.xz pki-db9537d210a20b90115374e5b406db6c9658bc3a.zip | |
Set paths for default instance
With this patch, it will be possible to install a default instance
simply by adding the passwords in the pkideployment.cfg. This file
can then be used without additional alteration to add subsystems to the
same instance, by re-running pkispawn against the config file.
The patch makes sure that cert nicknames, database and baseDN , admin users
and client db are unique per subsystem. An option is added to reuse the
existing server cert generated by the first subsystem and copy the
required data to all subsystems.
Ticket 379, 385
Diffstat (limited to 'base/deploy/src/scriptlets/security_databases.py')
| -rw-r--r-- | base/deploy/src/scriptlets/security_databases.py | 49 |
1 files changed, 26 insertions, 23 deletions
diff --git a/base/deploy/src/scriptlets/security_databases.py b/base/deploy/src/scriptlets/security_databases.py index e60c5f24d..f8de0c78c 100644 --- a/base/deploy/src/scriptlets/security_databases.py +++ b/base/deploy/src/scriptlets/security_databases.py @@ -63,7 +63,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) util.file.modify(master['pki_secmod_database'], perms=\ config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) - rv = util.certutil.verify_certificate_exists( + + if util.instance.tomcat_instance_subsystems() < 2: + # only create a self signed cert for a new instance + rv = util.certutil.verify_certificate_exists( master['pki_database_path'], master['pki_cert_database'], master['pki_key_database'], @@ -71,28 +74,28 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): master['pki_self_signed_token'], master['pki_self_signed_nickname'], password_file=master['pki_shared_pfile']) - if not rv: - util.file.generate_noise_file( - master['pki_self_signed_noise_file'], - master['pki_self_signed_noise_bytes']) - util.certutil.generate_self_signed_certificate( - master['pki_database_path'], - master['pki_cert_database'], - master['pki_key_database'], - master['pki_secmod_database'], - master['pki_self_signed_token'], - master['pki_self_signed_nickname'], - master['pki_self_signed_subject'], - master['pki_self_signed_serial_number'], - master['pki_self_signed_validity_period'], - master['pki_self_signed_issuer_name'], - master['pki_self_signed_trustargs'], - master['pki_self_signed_noise_file'], - password_file=master['pki_shared_pfile']) - # Delete the temporary 'noise' file - util.file.delete(master['pki_self_signed_noise_file']) - # Delete the temporary 'pfile' - util.file.delete(master['pki_shared_pfile']) + if not rv: + util.file.generate_noise_file( + master['pki_self_signed_noise_file'], + master['pki_self_signed_noise_bytes']) + util.certutil.generate_self_signed_certificate( + master['pki_database_path'], + master['pki_cert_database'], + master['pki_key_database'], + master['pki_secmod_database'], + master['pki_self_signed_token'], + master['pki_self_signed_nickname'], + master['pki_self_signed_subject'], + master['pki_self_signed_serial_number'], + master['pki_self_signed_validity_period'], + master['pki_self_signed_issuer_name'], + master['pki_self_signed_trustargs'], + master['pki_self_signed_noise_file'], + password_file=master['pki_shared_pfile']) + # Delete the temporary 'noise' file + util.file.delete(master['pki_self_signed_noise_file']) + # Delete the temporary 'pfile' + util.file.delete(master['pki_shared_pfile']) else: util.password.create_password_conf( master['pki_shared_password_conf'], |