summaryrefslogtreecommitdiffstats
path: root/base/deploy/src/scriptlets
diff options
context:
space:
mode:
authorMatthew Harmsen <mharmsen@redhat.com>2012-07-19 01:04:54 -0700
committerMatthew Harmsen <mharmsen@redhat.com>2012-07-19 10:17:18 -0700
commit5b004df074027d1eba33c2f9038030406830cc3c (patch)
treec14cfe0d4123d6fa704d9f837f37d1688c15bf5c /base/deploy/src/scriptlets
parent3fcefc1b67e7afe0455267b3876d9e6ef47531cc (diff)
downloadpki-5b004df074027d1eba33c2f9038030406830cc3c.tar.gz
pki-5b004df074027d1eba33c2f9038030406830cc3c.tar.xz
pki-5b004df074027d1eba33c2f9038030406830cc3c.zip
PKI Deployment Scriptlets
* In 'catalina.properties', removed commented out jars for each of the subsystems in the 'common.loader' * In 'server.xml', removed the line containing a '1' * Moved all parameters from the [Mandatory] and [Optional] sections of the 'pkideployment.cfg' file to other more appropriate sections (e.g. - [Common], [CA], [KRA], etc.), and removed these sections and all of their associated logic from the 'pki-deploy' package * Resolved Dogtag TRAC Ticket #225 Dogtag 10: Move "pkispawn"/"pkidestroy" logs * Removed all security domain references from external CA logic * Added new 'pki_subsystem_name' parameter to 'pkideployment.cfg' file, and applied logic throughout 'pki-deploy' * Added new error message in the case of an unset DNS domain name, and replaced the log message with a simple print in the case of a 'domainname' exception
Diffstat (limited to 'base/deploy/src/scriptlets')
-rw-r--r--base/deploy/src/scriptlets/infrastructure_layout.py16
-rw-r--r--base/deploy/src/scriptlets/initialization.py3
-rw-r--r--base/deploy/src/scriptlets/pkiconfig.py4
-rw-r--r--base/deploy/src/scriptlets/pkijython.py23
-rw-r--r--base/deploy/src/scriptlets/pkimessages.py10
-rw-r--r--base/deploy/src/scriptlets/pkiparser.py94
6 files changed, 102 insertions, 48 deletions
diff --git a/base/deploy/src/scriptlets/infrastructure_layout.py b/base/deploy/src/scriptlets/infrastructure_layout.py
index 471739700..d5ce233c6 100644
--- a/base/deploy/src/scriptlets/infrastructure_layout.py
+++ b/base/deploy/src/scriptlets/infrastructure_layout.py
@@ -36,8 +36,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
extra=config.PKI_INDENTATION_LEVEL_1)
# establish top-level infrastructure base
util.directory.create(master['pki_path'])
- # establish top-level infrastructure logs
- util.directory.create(master['pki_log_path'])
+ # no need to establish top-level infrastructure logs
+ # since it now stores 'pkispawn'/'pkidestroy' logs
+ # and will already exist
+ # util.directory.create(master['pki_log_path'])
# establish top-level infrastructure configuration
if master['pki_configuration_path'] !=\
config.PKI_DEPLOYMENT_CONFIGURATION_ROOT:
@@ -70,8 +72,9 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
util.instance.pki_subsystem_instances() == 0:
# remove top-level infrastructure base
util.directory.delete(master['pki_path'])
- # remove top-level infrastructure logs
- util.directory.delete(master['pki_log_path'])
+ # do NOT remove top-level infrastructure logs
+ # since it now stores 'pkispawn'/'pkidestroy' logs
+ # util.directory.delete(master['pki_log_path'])
# remove top-level infrastructure configuration
if util.directory.is_empty(master['pki_configuration_path'])\
and master['pki_configuration_path'] !=\
@@ -89,8 +92,9 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
util.instance.pki_subsystem_instances() == 1:
# remove top-level infrastructure base
util.directory.delete(master['pki_path'])
- # remove top-level infrastructure logs
- util.directory.delete(master['pki_log_path'])
+ # do NOT remove top-level infrastructure logs
+ # since it now stores 'pkispawn'/'pkidestroy' logs
+ # util.directory.delete(master['pki_log_path'])
# remove top-level infrastructure configuration
if util.directory.is_empty(master['pki_configuration_path'])\
and master['pki_configuration_path'] !=\
diff --git a/base/deploy/src/scriptlets/initialization.py b/base/deploy/src/scriptlets/initialization.py
index 1ff8522ed..cc516532e 100644
--- a/base/deploy/src/scriptlets/initialization.py
+++ b/base/deploy/src/scriptlets/initialization.py
@@ -46,8 +46,9 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
# establish 'uid' and 'gid'
util.identity.set_uid(master['pki_user'])
util.identity.set_gid(master['pki_group'])
- # verify existence of MANDATORY configuration file data
+ # verify existence of SENSITIVE configuration file data
util.configuration_file.verify_sensitive_data()
+ # verify existence of MUTUALLY EXCLUSIVE configuration file data
util.configuration_file.verify_mutually_exclusive_data()
return self.rv
diff --git a/base/deploy/src/scriptlets/pkiconfig.py b/base/deploy/src/scriptlets/pkiconfig.py
index 59526e667..fc8ddac90 100644
--- a/base/deploy/src/scriptlets/pkiconfig.py
+++ b/base/deploy/src/scriptlets/pkiconfig.py
@@ -100,9 +100,9 @@ pki_one_time_pin = None
# PKI Deployment "Mandatory" Command-Line Variables
pki_subsystem = None
+pkideployment_cfg = "/usr/share/pki/deployment/config/pkideployment.cfg"
# PKI Deployment "Optional" Command-Line Variables
-pkideployment_cfg = "/usr/share/pki/deployment/config/pkideployment.cfg"
pki_dry_run_flag = False
pki_root_prefix = None
pki_update_flag = False
@@ -168,8 +168,6 @@ pki_console_log_level = None
# PKI Deployment Global Dictionaries
pki_sensitive_dict = None
-pki_mandatory_dict = None
-pki_optional_dict = None
pki_common_dict = None
pki_web_server_dict = None
pki_subsystem_dict = None
diff --git a/base/deploy/src/scriptlets/pkijython.py b/base/deploy/src/scriptlets/pkijython.py
index 7856ba8c1..b55c9ecec 100644
--- a/base/deploy/src/scriptlets/pkijython.py
+++ b/base/deploy/src/scriptlets/pkijython.py
@@ -299,65 +299,52 @@ class rest_client:
data.setPin(master['pki_one_time_pin'])
data.setToken(ConfigurationData.TOKEN_DEFAULT)
if master['pki_instance_type'] == "Tomcat":
+ data.setSubsystemName(master['pki_subsystem_name'])
if master['pki_subsystem'] == "CA":
if config.str2bool(master['pki_clone']):
# Cloned CA
data.setHierarchy("root")
data.setIsClone("true")
- data.setSubsystemName("Cloned CA Subsystem")
elif config.str2bool(master['pki_external']):
# External CA
data.setHierarchy("join")
data.setIsClone("false")
- data.setSubsystemName("External CA Subsystem")
elif config.str2bool(master['pki_subordinate']):
# Subordinate CA
data.setHierarchy("join")
data.setIsClone("false")
- data.setSubsystemName("Subordinate CA Subsystem")
else:
# PKI CA
data.setHierarchy("root")
data.setIsClone("false")
- data.setSubsystemName("PKI CA Subsystem")
elif master['pki_subsystem'] == "KRA":
if config.str2bool(master['pki_clone']):
# Cloned KRA
data.setIsClone("true")
- data.setSubsystemName("Cloned KRA Subsystem")
else:
# PKI KRA
data.setIsClone("false")
- data.setSubsystemName("PKI KRA Subsystem")
elif master['pki_subsystem'] == "OCSP":
if config.str2bool(master['pki_clone']):
# Cloned OCSP
data.setIsClone("true")
- data.setSubsystemName("Cloned OCSP Subsystem")
else:
# PKI OCSP
data.setIsClone("false")
- data.setSubsystemName("PKI OCSP Subsystem")
elif master['pki_subsystem'] == "TKS":
if config.str2bool(master['pki_clone']):
# Cloned TKS
data.setIsClone("true")
- data.setSubsystemName("Cloned TKS Subsystem")
else:
# PKI TKS
data.setIsClone("false")
- data.setSubsystemName("PKI TKS Subsystem")
# Security Domain Information
+ #
+ # NOTE: External CA's DO NOT require a security domain
if master['pki_instance_type'] == "Tomcat":
if master['pki_subsystem'] == "CA":
- if config.str2bool(master['pki_external']):
- # External CA
- data.setSecurityDomainType(
- ConfigurationData.NEW_DOMAIN)
- data.setSecurityDomainName(
- master['pki_security_domain_name'])
- elif not config.str2bool(master['pki_clone']) and\
- not config.str2bool(master['pki_subordinate']):
+ if not config.str2bool(master['pki_clone']) and\
+ not config.str2bool(master['pki_subordinate']):
# PKI CA
data.setSecurityDomainType(
ConfigurationData.NEW_DOMAIN)
diff --git a/base/deploy/src/scriptlets/pkimessages.py b/base/deploy/src/scriptlets/pkimessages.py
index 58b09dca3..d1326edb3 100644
--- a/base/deploy/src/scriptlets/pkimessages.py
+++ b/base/deploy/src/scriptlets/pkimessages.py
@@ -20,14 +20,6 @@
#
# PKI Deployment Engine Messages
-PKI_DICTIONARY_MANDATORY ="\n"\
-"=====================================================\n"\
-" DISPLAY CONTENTS OF PKI MANDATORY DICTIONARY\n"\
-"====================================================="
-PKI_DICTIONARY_OPTIONAL ="\n"\
-"=====================================================\n"\
-" DISPLAY CONTENTS OF PKI OPTIONAL DICTIONARY\n"\
-"====================================================="
PKI_DICTIONARY_COMMON ="\n"\
"=====================================================\n"\
" DISPLAY CONTENTS OF PKI COMMON DICTIONARY\n"\
@@ -80,6 +72,8 @@ PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1 = "Directory '%s' already "\
"directory!"
PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 = "Directory '%s' is either "\
"missing or is NOT a directory!"
+PKI_DNS_DOMAIN_NOT_SET = "A valid DNS domain name MUST be established "\
+ "to use PKI services!"
PKI_FILE_ALREADY_EXISTS_1 = "File '%s' already exists!"
PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1 = "File '%s' already "\
"exists BUT it is NOT a "\
diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py
index 6c4574add..e824c8ac9 100644
--- a/base/deploy/src/scriptlets/pkiparser.py
+++ b/base/deploy/src/scriptlets/pkiparser.py
@@ -261,8 +261,6 @@ def read_pki_configuration_file():
parser.optionxform = str
parser.read(config.pkideployment_cfg)
config.pki_sensitive_dict = dict(parser._sections['Sensitive'])
- config.pki_mandatory_dict = dict(parser._sections['Mandatory'])
- config.pki_optional_dict = dict(parser._sections['Optional'])
config.pki_common_dict = dict(parser._sections['Common'])
if config.pki_subsystem == "CA":
config.pki_web_server_dict = dict(parser._sections['Tomcat'])
@@ -284,8 +282,6 @@ def read_pki_configuration_file():
config.pki_subsystem_dict = dict(parser._sections['TPS'])
# Insert empty record into dictionaries for "pretty print" statements
# NEVER print "sensitive" key value pairs!!!
- config.pki_mandatory_dict[0] = None
- config.pki_optional_dict[0] = None
config.pki_common_dict[0] = None
config.pki_web_server_dict[0] = None
config.pki_subsystem_dict[0] = None
@@ -316,8 +312,6 @@ def compose_pki_master_dictionary():
config.pki_master_dict['pki_deployment_cfg'] = config.pkideployment_cfg
# Configuration file name/value pairs
# NEVER add "sensitive" key value pairs to the master dictionary!!!
- config.pki_master_dict.update(config.pki_mandatory_dict)
- config.pki_master_dict.update(config.pki_optional_dict)
config.pki_master_dict.update(config.pki_common_dict)
config.pki_master_dict.update(config.pki_web_server_dict)
config.pki_master_dict.update(config.pki_subsystem_dict)
@@ -1435,6 +1429,7 @@ def compose_pki_master_dictionary():
config.pki_master_dict['pki_subsystem'].lower() + "/" + "pki"
# Jython scriptlet
# 'Security Domain' Configuration name/value pairs
+ # 'Subsystem Name' Configuration name/value pairs
#
# Apache - [RA], [TPS]
# Tomcat - [CA], [KRA], [OCSP], [TKS]
@@ -1459,16 +1454,19 @@ def compose_pki_master_dictionary():
#
# config.pki_master_dict['pki_security_domain_hostname']
# config.pki_master_dict['pki_security_domain_name']
+ # config.pki_master_dict['pki_subsystem_name']
#
if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
if config.pki_subsystem == "CA":
if config.str2bool(config.pki_master_dict['pki_external']):
# External CA
- config.pki_master_dict['pki_security_domain_type'] = "new"
- if not len(config.pki_master_dict\
- ['pki_security_domain_name']):
- config.pki_master_dict['pki_security_domain_name'] =\
- "External CA Security Domain"
+ #
+ # NOTE: External CA's DO NOT require a security domain
+ if not len(config.pki_master_dict['pki_subsystem_name']):
+ config.pki_master_dict['pki_subsystem_name'] =\
+ "External CA" + " " +\
+ config.pki_master_dict['pki_hostname'] + " " +\
+ config.pki_master_dict['pki_https_port']
elif not config.str2bool(config.pki_master_dict['pki_clone'])\
and not\
config.str2bool(config.pki_master_dict['pki_subordinate']):
@@ -1479,6 +1477,11 @@ def compose_pki_master_dictionary():
config.pki_master_dict['pki_security_domain_name'] =\
config.pki_master_dict['pki_dns_domainname'] +\
" " + "Security Domain"
+ if not len(config.pki_master_dict['pki_subsystem_name']):
+ config.pki_master_dict['pki_subsystem_name'] =\
+ "PKI CA" + " " +\
+ config.pki_master_dict['pki_hostname'] + " " +\
+ config.pki_master_dict['pki_https_port']
else:
# PKI Cloned or Subordinate CA
config.pki_master_dict['pki_security_domain_type'] =\
@@ -1492,8 +1495,24 @@ def compose_pki_master_dictionary():
"https" + "://" +\
config.pki_master_dict['pki_security_domain_hostname']\
+ ":" + config.pki_security_domain_https_port
+ if config.str2bool(config.pki_master_dict['pki_clone']):
+ # Cloned CA
+ if not\
+ len(config.pki_master_dict['pki_subsystem_name']):
+ config.pki_master_dict['pki_subsystem_name'] =\
+ "Cloned CA" + " " +\
+ config.pki_master_dict['pki_hostname'] + " " +\
+ config.pki_master_dict['pki_https_port']
+ else:
+ # Subordinate CA
+ if not\
+ len(config.pki_master_dict['pki_subsystem_name']):
+ config.pki_master_dict['pki_subsystem_name'] =\
+ "Subordinate CA" + " " +\
+ config.pki_master_dict['pki_hostname'] + " " +\
+ config.pki_master_dict['pki_https_port']
else:
- # PKI KRA, OCSP, or TKS
+ # PKI or Cloned KRA, OCSP, or TKS
config.pki_master_dict['pki_security_domain_type'] = "existing"
if not len(config.pki_master_dict\
['pki_security_domain_hostname']):
@@ -1505,6 +1524,57 @@ def compose_pki_master_dictionary():
config.pki_master_dict['pki_security_domain_hostname'] +\
":" +\
config.pki_master_dict['pki_security_domain_https_port']
+ if config.pki_subsystem == "KRA":
+ if config.str2bool(config.pki_master_dict['pki_clone']):
+ # Cloned KRA
+ if not\
+ len(config.pki_master_dict['pki_subsystem_name']):
+ config.pki_master_dict['pki_subsystem_name'] =\
+ "Cloned KRA" + " " +\
+ config.pki_master_dict['pki_hostname'] + " " +\
+ config.pki_master_dict['pki_https_port']
+ else:
+ # PKI KRA
+ if not\
+ len(config.pki_master_dict['pki_subsystem_name']):
+ config.pki_master_dict['pki_subsystem_name'] =\
+ "PKI KRA" + " " +\
+ config.pki_master_dict['pki_hostname'] + " " +\
+ config.pki_master_dict['pki_https_port']
+ elif config.pki_subsystem == "OCSP":
+ if config.str2bool(config.pki_master_dict['pki_clone']):
+ # Cloned OCSP
+ if not\
+ len(config.pki_master_dict['pki_subsystem_name']):
+ config.pki_master_dict['pki_subsystem_name'] =\
+ "Cloned OCSP" + " " +\
+ config.pki_master_dict['pki_hostname'] + " " +\
+ config.pki_master_dict['pki_https_port']
+ else:
+ # PKI OCSP
+ if not\
+ len(config.pki_master_dict['pki_subsystem_name']):
+ config.pki_master_dict['pki_subsystem_name'] =\
+ "PKI OCSP" + " " +\
+ config.pki_master_dict['pki_hostname'] + " " +\
+ config.pki_master_dict['pki_https_port']
+ elif config.pki_subsystem == "TKS":
+ if config.str2bool(config.pki_master_dict['pki_clone']):
+ # Cloned TKS
+ if not\
+ len(config.pki_master_dict['pki_subsystem_name']):
+ config.pki_master_dict['pki_subsystem_name'] =\
+ "Cloned TKS" + " " +\
+ config.pki_master_dict['pki_hostname'] + " " +\
+ config.pki_master_dict['pki_https_port']
+ else:
+ # PKI TKS
+ if not\
+ len(config.pki_master_dict['pki_subsystem_name']):
+ config.pki_master_dict['pki_subsystem_name'] =\
+ "PKI TKS" + " " +\
+ config.pki_master_dict['pki_hostname'] + " " +\
+ config.pki_master_dict['pki_https_port']
# Jython scriptlet
# 'Directory Server' Configuration name/value pairs
#