diff options
| author | Endi Sukma Dewata <edewata@redhat.com> | 2013-04-05 15:20:01 -0400 |
|---|---|---|
| committer | Endi Sukma Dewata <edewata@redhat.com> | 2013-04-09 09:40:09 -0400 |
| commit | 62ccd4ca0addd8a4c74bcbdfca6aea0c9381907f (patch) | |
| tree | ad78a933e29a517bae7876248820c40b9b5db197 /base/deploy/src/scriptlets | |
| parent | 2e0194dd7791eaf07d6e9eb26df57e5a4677f426 (diff) | |
| download | pki-62ccd4ca0addd8a4c74bcbdfca6aea0c9381907f.tar.gz pki-62ccd4ca0addd8a4c74bcbdfca6aea0c9381907f.tar.xz pki-62ccd4ca0addd8a4c74bcbdfca6aea0c9381907f.zip | |
Renamed base/deploy to base/server.
The base/deploy folder has been renamed to base/server to match the
package name. The pki.conf has been moved into pki-base package.
Ticket #553, #564
Diffstat (limited to 'base/deploy/src/scriptlets')
| -rw-r--r-- | base/deploy/src/scriptlets/configuration.py | 150 | ||||
| -rw-r--r-- | base/deploy/src/scriptlets/finalization.py | 114 | ||||
| -rw-r--r-- | base/deploy/src/scriptlets/infrastructure_layout.py | 116 | ||||
| -rw-r--r-- | base/deploy/src/scriptlets/initialization.py | 126 | ||||
| -rw-r--r-- | base/deploy/src/scriptlets/instance_layout.py | 190 | ||||
| -rw-r--r-- | base/deploy/src/scriptlets/security_databases.py | 119 | ||||
| -rw-r--r-- | base/deploy/src/scriptlets/selinux_setup.py | 175 | ||||
| -rw-r--r-- | base/deploy/src/scriptlets/slot_substitution.py | 103 | ||||
| -rw-r--r-- | base/deploy/src/scriptlets/subsystem_layout.py | 126 | ||||
| -rw-r--r-- | base/deploy/src/scriptlets/webapp_deployment.py | 170 |
10 files changed, 0 insertions, 1389 deletions
diff --git a/base/deploy/src/scriptlets/configuration.py b/base/deploy/src/scriptlets/configuration.py deleted file mode 100644 index 7bd1b017a..000000000 --- a/base/deploy/src/scriptlets/configuration.py +++ /dev/null @@ -1,150 +0,0 @@ -#!/usr/bin/python -t -# Authors: -# Matthew Harmsen <mharmsen@redhat.com> -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2012 Red Hat, Inc. -# All rights reserved. -# - -# PKI Deployment Imports -import pkiconfig as config -from pkiconfig import pki_master_dict as master -import pkihelper as util -import pkimessages as log -import pkiscriptlet -import json -import pki.system -import pki.encoder - - -# PKI Deployment Configuration Scriptlet -class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): - rv = 0 - - def spawn(self): - if config.str2bool(master['pki_skip_configuration']): - config.pki_log.info(log.SKIP_CONFIGURATION_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - return self.rv - config.pki_log.info(log.CONFIGURATION_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - - # Place "slightly" less restrictive permissions on - # the top-level client directory ONLY - util.directory.create(master['pki_client_subsystem_dir'], - uid=0, gid=0, - perms=config.PKI_DEPLOYMENT_DEFAULT_CLIENT_DIR_PERMISSIONS) - # Since 'certutil' does NOT strip the 'token=' portion of - # the 'token=password' entries, create a client password file - # which ONLY contains the 'password' for the purposes of - # allowing 'certutil' to generate the security databases - util.password.create_password_conf( - master['pki_client_password_conf'], - master['pki_client_database_password'], pin_sans_token=True) - util.file.modify(master['pki_client_password_conf'], - uid=0, gid=0) - # Similarly, create a simple password file containing the - # PKCS #12 password used when exporting the "Admin Certificate" - # into a PKCS #12 file - util.password.create_client_pkcs12_password_conf( - master['pki_client_pkcs12_password_conf']) - util.file.modify(master['pki_client_pkcs12_password_conf']) - util.directory.create(master['pki_client_database_dir'], - uid=0, gid=0) - util.certutil.create_security_databases( - master['pki_client_database_dir'], - master['pki_client_cert_database'], - master['pki_client_key_database'], - master['pki_client_secmod_database'], - password_file=master['pki_client_password_conf']) - util.symlink.create(master['pki_systemd_service'], - master['pki_systemd_service_link']) - - # Start/Restart this Apache/Tomcat PKI Process - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: - apache_instance_subsystems =\ - util.instance.apache_instance_subsystems() - if apache_instance_subsystems == 1: - util.systemd.start() - elif apache_instance_subsystems > 1: - util.systemd.restart() - elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: - # Optionally prepare to enable a java debugger - # (e. g. - 'eclipse'): - if config.str2bool(master['pki_enable_java_debugger']): - config.prepare_for_an_external_java_debugger( - master['pki_target_tomcat_conf_instance_id']) - tomcat_instance_subsystems =\ - len(util.instance.tomcat_instance_subsystems()) - if tomcat_instance_subsystems == 1: - util.systemd.start() - elif tomcat_instance_subsystems > 1: - util.systemd.restart() - - # wait for startup - status = util.instance.wait_for_startup(60) - if status == None: - config.pki_log.error("server failed to restart", - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) - - # Optionally wait for debugger to attach (e. g. - 'eclipse'): - if config.str2bool(master['pki_enable_java_debugger']): - config.wait_to_attach_an_external_java_debugger() - - config_client = util.config_client() - # Construct PKI Subsystem Configuration Data - data = None - if master['pki_instance_type'] == "Apache": - if master['pki_subsystem'] == "RA": - config.pki_log.info(log.PKI_CONFIG_NOT_YET_IMPLEMENTED_1, - master['pki_subsystem'], - extra=config.PKI_INDENTATION_LEVEL_2) - return rv - elif master['pki_subsystem'] == "TPS": - config.pki_log.info(log.PKI_CONFIG_NOT_YET_IMPLEMENTED_1, - master['pki_subsystem'], - extra=config.PKI_INDENTATION_LEVEL_2) - return rv - elif master['pki_instance_type'] == "Tomcat": - # CA, KRA, OCSP, or TKS - data = config_client.construct_pki_configuration_data() - - # Configure the substem - config_client.configure_pki_data( - json.dumps(data, cls=pki.encoder.CustomTypeEncoder)) - - return self.rv - - def respawn(self): - config.pki_log.info(log.CONFIGURATION_RESPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - return self.rv - - def destroy(self): - config.pki_log.info(log.CONFIGURATION_DESTROY_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ - util.instance.apache_instance_subsystems() == 1: - if util.directory.exists(master['pki_client_dir']): - util.directory.delete(master['pki_client_dir']) - util.symlink.delete(master['pki_systemd_service_link']) - elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ - len(util.instance.tomcat_instance_subsystems()) == 1: - if util.directory.exists(master['pki_client_dir']): - util.directory.delete(master['pki_client_dir']) - util.symlink.delete(master['pki_systemd_service_link']) - return self.rv diff --git a/base/deploy/src/scriptlets/finalization.py b/base/deploy/src/scriptlets/finalization.py deleted file mode 100644 index 6ddc98d03..000000000 --- a/base/deploy/src/scriptlets/finalization.py +++ /dev/null @@ -1,114 +0,0 @@ -#!/usr/bin/python -t -# Authors: -# Matthew Harmsen <mharmsen@redhat.com> -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2012 Red Hat, Inc. -# All rights reserved. -# - -# PKI Deployment Imports -import pkiconfig as config -from pkiconfig import pki_master_dict as master -import pkihelper as util -import pkimanifest as manifest -import pkimessages as log -import pkiscriptlet - - -# PKI Deployment Finalization Scriptlet -class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): - rv = 0 - - def spawn(self): - if master['pki_subsystem'] == "CA" and\ - config.str2bool(master['pki_external_step_two']): - # must check for 'External CA Step 2' installation PRIOR to - # 'pki_skip_installation' since this value has been set to true - # by the initialization scriptlet - pass - elif config.str2bool(master['pki_skip_installation']): - config.pki_log.info(log.SKIP_FINALIZATION_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - return self.rv - config.pki_log.info(log.FINALIZATION_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - # For debugging/auditing purposes, save a timestamped copy of - # this configuration file in the subsystem archive - util.file.copy(master['pki_user_deployment_cfg_replica'], - master['pki_user_deployment_cfg_spawn_archive']) - # Save a copy of the installation manifest file - config.pki_log.info(log.PKI_MANIFEST_MESSAGE_1, master['pki_manifest'], - extra=config.PKI_INDENTATION_LEVEL_2) - # for record in manifest.database: - # print tuple(record) - manifest.file.register(master['pki_manifest']) - manifest.file.write() - util.file.modify(master['pki_manifest'], silent=True) - - # Also, for debugging/auditing purposes, save a timestamped copy of - # this installation manifest file - util.file.copy(master['pki_manifest'], - master['pki_manifest_spawn_archive']) - # Optionally, programmatically 'restart' the configured PKI instance - if config.str2bool(master['pki_restart_configured_instance']): - util.systemd.restart() - # Optionally, 'purge' the entire temporary client infrastructure - # including the client NSS security databases and password files - # - # WARNING: If the PKCS #12 file containing the Admin Cert was - # placed under this infrastructure, it may accidentally - # be deleted! - # - if config.str2bool(master['pki_client_database_purge']): - if util.directory.exists(master['pki_client_subsystem_dir']): - util.directory.delete(master['pki_client_subsystem_dir']) - # If instance has not been configured, print the - # configuration URL to the log - if config.str2bool(master['pki_skip_configuration']): - util.configuration_file.log_configuration_url() - # Log final process messages - config.pki_log.info(log.PKISPAWN_END_MESSAGE_2, - master['pki_subsystem'], - master['pki_instance_name'], - extra=config.PKI_INDENTATION_LEVEL_0) - util.file.modify(master['pki_spawn_log'], silent=True) - # If instance has not been configured, print the - # configuration URL to the screen - if config.str2bool(master['pki_skip_configuration']): - util.configuration_file.display_configuration_url() - return self.rv - - def respawn(self): - config.pki_log.info(log.FINALIZATION_RESPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - return self.rv - - def destroy(self): - config.pki_log.info(log.FINALIZATION_DESTROY_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - util.file.modify(master['pki_destroy_log'], silent=True) - # Start this Apache/Tomcat PKI Process - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ - util.instance.apache_instance_subsystems() >= 1: - util.systemd.start() - elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ - len(util.instance.tomcat_instance_subsystems()) >= 1: - util.systemd.start() - config.pki_log.info(log.PKIDESTROY_END_MESSAGE_2, - master['pki_subsystem'], - master['pki_instance_name'], - extra=config.PKI_INDENTATION_LEVEL_0) - return self.rv diff --git a/base/deploy/src/scriptlets/infrastructure_layout.py b/base/deploy/src/scriptlets/infrastructure_layout.py deleted file mode 100644 index 69a905849..000000000 --- a/base/deploy/src/scriptlets/infrastructure_layout.py +++ /dev/null @@ -1,116 +0,0 @@ -#!/usr/bin/python -t -# Authors: -# Matthew Harmsen <mharmsen@redhat.com> -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2012 Red Hat, Inc. -# All rights reserved. -# - -# PKI Deployment Imports -import pkiconfig as config -from pkiconfig import pki_master_dict as master -import pkihelper as util -import pkimessages as log -import pkiscriptlet - - -# PKI Deployment Top-Level Infrastructure Layout Scriptlet -class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): - rv = 0 - - def spawn(self): - if config.str2bool(master['pki_skip_installation']): - config.pki_log.info(log.SKIP_ADMIN_DOMAIN_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - return self.rv - config.pki_log.info(log.ADMIN_DOMAIN_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - # NOTE: It was determined that since the "pkidestroy" command - # relies upon a symbolic link to a replica of the original - # deployment configuration file used by the - # "pkispawn" command of an instance, it is necessary to - # create any required instance and subsystem directories - # in this top-level "infrastructure_layout" scriptlet - # (rather than the "instance_layout" and "subsystem_layout" - # scriptlets) so that a copy of this configuration file can - # be saved, and the required symbolic link can be created. - # - # establish the top-level infrastructure, instance, and subsystem - # registry directories for storage of a copy of the original - # deployment configuration file used to spawn this instance, - # and save a copy of this file - util.directory.create(master['pki_registry_path']) - util.directory.create(master['pki_instance_type_registry_path']) - util.directory.create(master['pki_instance_registry_path']) - util.directory.create(master['pki_subsystem_registry_path']) - util.file.copy(master['pki_default_deployment_cfg'], - master['pki_default_deployment_cfg_replica']) - - print "Storing deployment configuration into " + config.pki_master_dict['pki_user_deployment_cfg_replica'] + "." - if master['pki_user_deployment_cfg']: - util.file.copy(master['pki_user_deployment_cfg'], - master['pki_user_deployment_cfg_replica']) - else: - with open(master['pki_user_deployment_cfg_replica'], 'w') as f: - config.user_config.write(f) - - # establish top-level infrastructure, instance, and subsystem - # base directories and create the "registry" symbolic link that - # the "pkidestroy" executable relies upon - util.directory.create(master['pki_path']) - util.directory.create(master['pki_instance_path']) - util.directory.create(master['pki_subsystem_path']) - util.symlink.create(master['pki_instance_registry_path'], - master['pki_subsystem_registry_link']) - # - # NOTE: If "infrastructure_layout" scriptlet execution has been - # successfully executed to this point, the "pkidestroy" command - # may always be utilized to remove the entire infrastructure. - # - # no need to establish top-level infrastructure logs - # since it now stores 'pkispawn'/'pkidestroy' logs - # and will already exist - # util.directory.create(master['pki_log_path']) - # establish top-level infrastructure configuration - if master['pki_configuration_path'] !=\ - config.PKI_DEPLOYMENT_CONFIGURATION_ROOT: - util.directory.create(master['pki_configuration_path']) - return self.rv - - def respawn(self): - config.pki_log.info(log.ADMIN_DOMAIN_RESPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - return self.rv - - def destroy(self): - config.pki_log.info(log.ADMIN_DOMAIN_DESTROY_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - # remove top-level infrastructure base - if master['pki_subsystem'] in config.PKI_SUBSYSTEMS and\ - util.instance.pki_instance_subsystems() == 0: - # remove top-level infrastructure base - util.directory.delete(master['pki_path']) - # do NOT remove top-level infrastructure logs - # since it now stores 'pkispawn'/'pkidestroy' logs - # util.directory.delete(master['pki_log_path']) - # remove top-level infrastructure configuration - if util.directory.is_empty(master['pki_configuration_path'])\ - and master['pki_configuration_path'] !=\ - config.PKI_DEPLOYMENT_CONFIGURATION_ROOT: - util.directory.delete(master['pki_configuration_path']) - # remove top-level infrastructure registry - util.directory.delete(master['pki_registry_path']) - return self.rv diff --git a/base/deploy/src/scriptlets/initialization.py b/base/deploy/src/scriptlets/initialization.py deleted file mode 100644 index 3494ebdc7..000000000 --- a/base/deploy/src/scriptlets/initialization.py +++ /dev/null @@ -1,126 +0,0 @@ -#!/usr/bin/python -t -# Authors: -# Matthew Harmsen <mharmsen@redhat.com> -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2012 Red Hat, Inc. -# All rights reserved. -# - -# PKI Deployment Imports -import pkiconfig as config -from pkiconfig import pki_master_dict as master -import pkihelper as util -import pkimessages as log -import pkiscriptlet - - -# PKI Deployment Initialization Scriptlet -class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): - rv = 0 - - def spawn(self): - # begin official logging - config.pki_log.info(log.PKISPAWN_BEGIN_MESSAGE_2, - master['pki_subsystem'], - master['pki_instance_name'], - extra=config.PKI_INDENTATION_LEVEL_0) - if config.str2bool(master['pki_skip_installation']): - config.pki_log.info(log.SKIP_INITIALIZATION_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - return self.rv - else: - config.pki_log.info(log.INITIALIZATION_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - if master['pki_subsystem'] == "CA" and\ - config.str2bool(master['pki_external_step_two']): - # verify that this type of "subsystem" currently EXISTS - # for this "instance" (External CA Step 2) - util.instance.verify_subsystem_exists() - master['pki_skip_installation'] = "True"; - else: - # verify that this type of "subsystem" does NOT yet - # exist for this "instance" - util.instance.verify_subsystem_does_not_exist() - # detect and avoid any namespace collisions - util.namespace.collision_detection() - # initialize 'uid' and 'gid' - util.identity.add_uid_and_gid(master['pki_user'], master['pki_group']) - # establish 'uid' and 'gid' - util.identity.set_uid(master['pki_user']) - util.identity.set_gid(master['pki_group']) - # verify existence of SENSITIVE configuration file data - util.configuration_file.verify_sensitive_data() - # verify existence of MUTUALLY EXCLUSIVE configuration file data - util.configuration_file.verify_mutually_exclusive_data() - # verify existence of PREDEFINED configuration file data - util.configuration_file.verify_predefined_configuration_file_data() - # verify selinux context of selected ports - util.configuration_file.populate_non_default_ports() - util.configuration_file.verify_selinux_ports() - return self.rv - - def respawn(self): - # begin official logging - config.pki_log.info(log.PKIRESPAWN_BEGIN_MESSAGE_2, - master['pki_subsystem'], - master['pki_instance_name'], - extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.info(log.INITIALIZATION_RESPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - # verify that this type of "subsystem" currently EXISTS - # for this "instance" - util.instance.verify_subsystem_exists() - return self.rv - - def destroy(self): - # begin official logging - config.pki_log.info(log.PKIDESTROY_BEGIN_MESSAGE_2, - master['pki_subsystem'], - master['pki_instance_name'], - extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.info(log.INITIALIZATION_DESTROY_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - # verify that this type of "subsystem" currently EXISTS - # for this "instance" - util.instance.verify_subsystem_exists() - # verify that the command-line parameters match the values - # that are present in the corresponding configuration file - util.configuration_file.verify_command_matches_configuration_file() - # establish 'uid' and 'gid' - util.identity.set_uid(master['pki_user']) - util.identity.set_gid(master['pki_group']) - # get ports to remove selinux context - util.configuration_file.populate_non_default_ports() - - # get deinstallation token - token = util.security_domain.get_installation_token( - config.pki_secdomain_user, config.pki_secdomain_pass) - - # remove kra connector from CA if this is a KRA - util.kra_connector.deregister() - - # de-register instance from its Security Domain - # - # NOTE: Since the security domain of an instance must be up - # and running in order to be de-registered, this step - # must be done PRIOR to instance shutdown because this - # instance's security domain may be a part of a - # tightly-coupled shared instance. - # - util.security_domain.deregister(token) - # ALWAYS Stop this Apache/Tomcat PKI Process - util.systemd.stop() - return self.rv diff --git a/base/deploy/src/scriptlets/instance_layout.py b/base/deploy/src/scriptlets/instance_layout.py deleted file mode 100644 index 843227a84..000000000 --- a/base/deploy/src/scriptlets/instance_layout.py +++ /dev/null @@ -1,190 +0,0 @@ -#!/usr/bin/python -t -# Authors: -# Matthew Harmsen <mharmsen@redhat.com> -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2012 Red Hat, Inc. -# All rights reserved. -# - -# System Imports -import os - - -# PKI Deployment Imports -import pkiconfig as config -from pkiconfig import pki_master_dict as master -import pkihelper as util -import pkimessages as log -import pkiscriptlet -import os - - -# PKI Deployment Instance Layout Scriptlet -class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): - rv = 0 - - def spawn(self): - if config.str2bool(master['pki_skip_installation']): - config.pki_log.info(log.SKIP_INSTANCE_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - return self.rv - config.pki_log.info(log.INSTANCE_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - # establish instance logs - util.directory.create(master['pki_instance_log_path']) - # establish instance configuration - util.directory.create(master['pki_instance_configuration_path']) - # establish Apache/Tomcat specific instance - if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: - # establish Tomcat instance configuration - util.directory.copy(master['pki_source_server_path'], - master['pki_instance_configuration_path'], - overwrite_flag=True) - # establish Tomcat instance base - util.directory.create(master['pki_tomcat_common_path']) - util.directory.create(master['pki_tomcat_common_lib_path']) - # establish Tomcat instance library - util.directory.create(master['pki_instance_lib']) - for name in os.listdir(master['pki_tomcat_lib_path']): - util.symlink.create( - os.path.join( - master['pki_tomcat_lib_path'], - name), - os.path.join( - master['pki_instance_lib'], - name)) - util.symlink.create(master['pki_instance_conf_log4j_properties'], - master['pki_instance_lib_log4j_properties']) - util.directory.create(master['pki_tomcat_tmpdir_path']) - util.directory.create(master['pki_tomcat_webapps_path']) - util.directory.create(master['pki_tomcat_work_path']) - util.directory.create(master['pki_tomcat_work_catalina_path']) - util.directory.create(master['pki_tomcat_work_catalina_host_path']) - util.directory.create( - master['pki_tomcat_work_catalina_host_run_path']) - util.directory.create( - master['pki_tomcat_work_catalina_host_subsystem_path']) - # establish Tomcat instance logs - # establish Tomcat instance registry - # establish Tomcat instance convenience symbolic links - util.symlink.create(master['pki_tomcat_bin_path'], - master['pki_tomcat_bin_link']) - util.symlink.create(master['pki_tomcat_systemd'], - master['pki_instance_systemd_link'], - uid=0, gid=0) - # establish Tomcat instance common lib jar symbolic links - util.symlink.create(master['pki_apache_commons_collections_jar'], - master['pki_apache_commons_collections_jar_link']) - util.symlink.create(master['pki_apache_commons_lang_jar'], - master['pki_apache_commons_lang_jar_link']) - util.symlink.create(master['pki_apache_commons_logging_jar'], - master['pki_apache_commons_logging_jar_link']) - util.symlink.create(master['pki_commons_codec_jar'], - master['pki_commons_codec_jar_link']) - util.symlink.create(master['pki_httpclient_jar'], - master['pki_httpclient_jar_link']) - util.symlink.create(master['pki_httpcore_jar'], - master['pki_httpcore_jar_link']) - util.symlink.create(master['pki_javassist_jar'], - master['pki_javassist_jar_link']) - util.symlink.create(master['pki_resteasy_jaxrs_api_jar'], - master['pki_resteasy_jaxrs_api_jar_link']) - util.symlink.create(master['pki_jettison_jar'], - master['pki_jettison_jar_link']) - util.symlink.create(master['pki_jss_jar'], - master['pki_jss_jar_link']) - util.symlink.create(master['pki_ldapjdk_jar'], - master['pki_ldapjdk_jar_link']) - util.symlink.create(master['pki_tomcat_jar'], - master['pki_tomcat_jar_link']) - util.symlink.create(master['pki_resteasy_atom_provider_jar'], - master['pki_resteasy_atom_provider_jar_link']) - util.symlink.create(master['pki_resteasy_jaxb_provider_jar'], - master['pki_resteasy_jaxb_provider_jar_link']) - util.symlink.create(master['pki_resteasy_jaxrs_jar'], - master['pki_resteasy_jaxrs_jar_link']) - util.symlink.create(master['pki_resteasy_jettison_provider_jar'], - master['pki_resteasy_jettison_provider_jar_link']) - util.symlink.create(master['pki_scannotation_jar'], - master['pki_scannotation_jar_link']) - if master['pki_subsystem'] == 'TKS': - util.symlink.create(master['pki_symkey_jar'], - master['pki_symkey_jar_link']) - util.symlink.create(master['pki_tomcatjss_jar'], - master['pki_tomcatjss_jar_link']) - util.symlink.create(master['pki_velocity_jar'], - master['pki_velocity_jar_link']) - util.symlink.create(master['pki_xerces_j2_jar'], - master['pki_xerces_j2_jar_link']) - util.symlink.create(master['pki_xml_commons_apis_jar'], - master['pki_xml_commons_apis_jar_link']) - util.symlink.create(master['pki_xml_commons_resolver_jar'], - master['pki_xml_commons_resolver_jar_link']) - # establish shared NSS security databases for this instance - util.directory.create(master['pki_database_path']) - # establish instance convenience symbolic links - util.symlink.create(master['pki_database_path'], - master['pki_instance_database_link']) - util.symlink.create(master['pki_instance_configuration_path'], - master['pki_instance_conf_link']) - util.symlink.create(master['pki_instance_log_path'], - master['pki_instance_logs_link']) - return self.rv - - def respawn(self): - config.pki_log.info(log.INSTANCE_RESPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - return self.rv - - def destroy(self): - config.pki_log.info(log.INSTANCE_DESTROY_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - if master['pki_subsystem'] == 'TKS': - util.symlink.delete(master['pki_symkey_jar_link']) - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ - util.instance.apache_instance_subsystems() == 0: - # remove Apache instance base - util.directory.delete(master['pki_instance_path']) - # remove Apache instance logs - # remove shared NSS security database path for this instance - util.directory.delete(master['pki_database_path']) - # remove Apache instance configuration - util.directory.delete(master['pki_instance_configuration_path']) - # remove Apache instance registry - util.directory.delete(master['pki_instance_registry_path']) - # remove Apache PKI registry (if empty) - if util.instance.apache_instances() == 0: - util.directory.delete( - master['pki_instance_type_registry_path']) - elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ - len(util.instance.tomcat_instance_subsystems()) == 0: - # remove Tomcat instance base - util.directory.delete(master['pki_instance_path']) - # remove Tomcat instance logs - util.directory.delete(master['pki_instance_log_path']) - # remove shared NSS security database path for this instance - util.directory.delete(master['pki_database_path']) - # remove Tomcat instance configuration - util.directory.delete(master['pki_instance_configuration_path']) - # remove PKI 'tomcat.conf' instance file - util.file.delete(master['pki_target_tomcat_conf_instance_id']) - # remove Tomcat instance registry - util.directory.delete(master['pki_instance_registry_path']) - # remove Tomcat PKI registry (if empty) - if util.instance.tomcat_instances() == 0: - util.directory.delete( - master['pki_instance_type_registry_path']) - return self.rv diff --git a/base/deploy/src/scriptlets/security_databases.py b/base/deploy/src/scriptlets/security_databases.py deleted file mode 100644 index 9ac4784e5..000000000 --- a/base/deploy/src/scriptlets/security_databases.py +++ /dev/null @@ -1,119 +0,0 @@ -#!/usr/bin/python -t -# Authors: -# Matthew Harmsen <mharmsen@redhat.com> -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2012 Red Hat, Inc. -# All rights reserved. -# - -# PKI Deployment Imports -import pkiconfig as config -from pkiconfig import pki_master_dict as master -import pkihelper as util -import pkimessages as log -import pkiscriptlet - - -# PKI Deployment Security Databases Scriptlet -class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): - rv = 0 - - def spawn(self): - if config.str2bool(master['pki_skip_installation']): - config.pki_log.info(log.SKIP_SECURITY_DATABASES_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - return self.rv - config.pki_log.info(log.SECURITY_DATABASES_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - util.password.create_password_conf( - master['pki_shared_password_conf'], - master['pki_pin']) - # Since 'certutil' does NOT strip the 'token=' portion of - # the 'token=password' entries, create a temporary server 'pfile' - # which ONLY contains the 'password' for the purposes of - # allowing 'certutil' to generate the security databases - util.password.create_password_conf( - master['pki_shared_pfile'], - master['pki_pin'], pin_sans_token=True) - util.file.modify(master['pki_shared_password_conf']) - util.certutil.create_security_databases( - master['pki_database_path'], - master['pki_cert_database'], - master['pki_key_database'], - master['pki_secmod_database'], - password_file=master['pki_shared_pfile']) - util.file.modify(master['pki_cert_database'], perms=\ - config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) - util.file.modify(master['pki_key_database'], perms=\ - config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) - util.file.modify(master['pki_secmod_database'], perms=\ - config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) - - if len(util.instance.tomcat_instance_subsystems()) < 2: - # only create a self signed cert for a new instance - rv = util.certutil.verify_certificate_exists( - master['pki_database_path'], - master['pki_cert_database'], - master['pki_key_database'], - master['pki_secmod_database'], - master['pki_self_signed_token'], - master['pki_self_signed_nickname'], - password_file=master['pki_shared_pfile']) - if not rv: - util.file.generate_noise_file( - master['pki_self_signed_noise_file'], - master['pki_self_signed_noise_bytes']) - util.certutil.generate_self_signed_certificate( - master['pki_database_path'], - master['pki_cert_database'], - master['pki_key_database'], - master['pki_secmod_database'], - master['pki_self_signed_token'], - master['pki_self_signed_nickname'], - master['pki_self_signed_subject'], - master['pki_self_signed_serial_number'], - master['pki_self_signed_validity_period'], - master['pki_self_signed_issuer_name'], - master['pki_self_signed_trustargs'], - master['pki_self_signed_noise_file'], - password_file=master['pki_shared_pfile']) - # Delete the temporary 'noise' file - util.file.delete(master['pki_self_signed_noise_file']) - # Delete the temporary 'pfile' - util.file.delete(master['pki_shared_pfile']) - return self.rv - - def respawn(self): - config.pki_log.info(log.SECURITY_DATABASES_RESPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - return self.rv - - def destroy(self): - config.pki_log.info(log.SECURITY_DATABASES_DESTROY_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ - util.instance.apache_instance_subsystems() == 0: - util.file.delete(master['pki_cert_database']) - util.file.delete(master['pki_key_database']) - util.file.delete(master['pki_secmod_database']) - util.file.delete(master['pki_shared_password_conf']) - elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ - len(util.instance.tomcat_instance_subsystems()) == 0: - util.file.delete(master['pki_cert_database']) - util.file.delete(master['pki_key_database']) - util.file.delete(master['pki_secmod_database']) - util.file.delete(master['pki_shared_password_conf']) - return self.rv diff --git a/base/deploy/src/scriptlets/selinux_setup.py b/base/deploy/src/scriptlets/selinux_setup.py deleted file mode 100644 index 552ab3f41..000000000 --- a/base/deploy/src/scriptlets/selinux_setup.py +++ /dev/null @@ -1,175 +0,0 @@ -#!/usr/bin/python -t -# Authors: -# Ade Lee <alee@redhat.com> -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2012 Red Hat, Inc. -# All rights reserved. -# - -# PKI Deployment Imports -import pkiconfig as config -from pkiconfig import pki_master_dict as master -from pkiconfig import pki_selinux_config_ports as ports -import pkihelper as util -import pkimessages as log -import pkiscriptlet -import selinux -if selinux.is_selinux_enabled(): - import seobject - - -# PKI Deployment Selinux Setup Scriptlet -class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): - rv = 0 - suffix = "(/.*)?" - - def restore_context(self): - selinux.restorecon(master['pki_instance_path'], True) - selinux.restorecon(config.PKI_DEPLOYMENT_LOG_ROOT, True) - selinux.restorecon(master['pki_instance_log_path'], True) - selinux.restorecon(master['pki_instance_configuration_path'], True) - - def spawn(self): - if config.str2bool(master['pki_skip_installation']): - config.pki_log.info(log.SKIP_SELINUX_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - return self.rv - - if not bool(selinux.is_selinux_enabled()): - config.pki_log.info(log.SELINUX_DISABLED_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - return self.rv - - config.pki_log.info(log.SELINUX_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - - # check first if any transactions are required - if len(ports) == 0 and master['pki_instance_name'] == \ - config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: - self.restore_context() - return self.rv - - # add SELinux contexts when adding the first subsystem - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ - util.instance.apache_instance_subsystems() == 1 or\ - master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ - len(util.instance.tomcat_instance_subsystems()) == 1: - - trans = seobject.semanageRecords("targeted") - trans.start() - if master['pki_instance_name'] != \ - config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: - - fcon = seobject.fcontextRecords() - - config.pki_log.info("adding selinux fcontext \"%s\"", - master['pki_instance_path'] + self.suffix, - extra=config.PKI_INDENTATION_LEVEL_2) - fcon.add(master['pki_instance_path'] + self.suffix, - config.PKI_INSTANCE_SELINUX_CONTEXT, "", "s0", "") - - config.pki_log.info("adding selinux fcontext \"%s\"", - master['pki_instance_log_path'] + self.suffix, - extra=config.PKI_INDENTATION_LEVEL_2) - fcon.add(master['pki_instance_log_path'] + self.suffix, - config.PKI_LOG_SELINUX_CONTEXT, "", "s0", "") - - config.pki_log.info("adding selinux fcontext \"%s\"", - master['pki_instance_configuration_path'] + self.suffix, - extra=config.PKI_INDENTATION_LEVEL_2) - fcon.add(master['pki_instance_configuration_path'] + self.suffix, - config.PKI_CFG_SELINUX_CONTEXT, "", "s0", "") - - config.pki_log.info("adding selinux fcontext \"%s\"", - master['pki_database_path'] + self.suffix, - extra=config.PKI_INDENTATION_LEVEL_2) - fcon.add(master['pki_database_path'] + self.suffix, - config.PKI_CERTDB_SELINUX_CONTEXT, "", "s0", "") - - portRecords = seobject.portRecords() - for port in ports: - config.pki_log.info("adding selinux port %s", port, - extra=config.PKI_INDENTATION_LEVEL_2) - portRecords.add(port, "tcp", "s0", config.PKI_PORT_SELINUX_CONTEXT) - - trans.finish() - - self.restore_context() - return self.rv - - def respawn(self): - config.pki_log.info(log.SELINUX_RESPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - self.restore_context() - return self.rv - - def destroy(self): - if not bool(selinux.is_selinux_enabled()): - config.pki_log.info(log.SELINUX_DISABLED_DESTROY_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - return self.rv - config.pki_log.info(log.SELINUX_DESTROY_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - - # check first if any transactions are required - if len(ports) == 0 and master['pki_instance_name'] == \ - config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: - return self.rv - - # remove SELinux contexts when removing the last subsystem - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ - util.instance.apache_instance_subsystems() == 0 or\ - master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ - len(util.instance.tomcat_instance_subsystems()) == 0: - - trans = seobject.semanageRecords("targeted") - trans.start() - - if master['pki_instance_name'] != \ - config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: - - fcon = seobject.fcontextRecords() - - config.pki_log.info("deleting selinux fcontext \"%s\"", - master['pki_instance_path'] + self.suffix, - extra=config.PKI_INDENTATION_LEVEL_2) - fcon.delete(master['pki_instance_path'] + self.suffix , "") - - config.pki_log.info("deleting selinux fcontext \"%s\"", - master['pki_instance_log_path'] + self.suffix, - extra=config.PKI_INDENTATION_LEVEL_2) - fcon.delete(master['pki_instance_log_path'] + self.suffix, "") - - config.pki_log.info("deleting selinux fcontext \"%s\"", - master['pki_instance_configuration_path'] + self.suffix, - extra=config.PKI_INDENTATION_LEVEL_2) - fcon.delete(master['pki_instance_configuration_path'] + \ - self.suffix, "") - - config.pki_log.info("deleting selinux fcontext \"%s\"", - master['pki_database_path'] + self.suffix, - extra=config.PKI_INDENTATION_LEVEL_2) - fcon.delete(master['pki_database_path'] + self.suffix , "") - - portRecords = seobject.portRecords() - for port in ports: - config.pki_log.info("deleting selinux port %s", port, - extra=config.PKI_INDENTATION_LEVEL_2) - portRecords.delete(port, "tcp") - - trans.finish() - - return self.rv diff --git a/base/deploy/src/scriptlets/slot_substitution.py b/base/deploy/src/scriptlets/slot_substitution.py deleted file mode 100644 index 205ed49f6..000000000 --- a/base/deploy/src/scriptlets/slot_substitution.py +++ /dev/null @@ -1,103 +0,0 @@ -#!/usr/bin/python -t -# Authors: -# Matthew Harmsen <mharmsen@redhat.com> -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2012 Red Hat, Inc. -# All rights reserved. -# - -# PKI Deployment Imports -import pkiconfig as config -from pkiconfig import pki_master_dict as master -from pkiconfig import pki_slots_dict as slots -import pkihelper as util -import pkimessages as log -import pkiscriptlet - - -# PKI Deployment Slot Substitution Scriptlet -class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): - rv = 0 - - def spawn(self): - if config.str2bool(master['pki_skip_installation']): - config.pki_log.info(log.SKIP_SLOT_ASSIGNMENT_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - return self.rv - config.pki_log.info(log.SLOT_ASSIGNMENT_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - util.file.copy_with_slot_substitution(master['pki_source_cs_cfg'], - master['pki_target_cs_cfg']) - util.file.copy_with_slot_substitution(master['pki_source_registry'], - master['pki_target_registry'], - uid=0, gid=0, overwrite_flag=True) - if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: - util.file.copy_with_slot_substitution( - master['pki_source_catalina_properties'], - master['pki_target_catalina_properties'], - overwrite_flag=True) - util.file.copy_with_slot_substitution( - master['pki_source_servercertnick_conf'], - master['pki_target_servercertnick_conf'], - overwrite_flag=True) - util.file.copy_with_slot_substitution( - master['pki_source_server_xml'], - master['pki_target_server_xml'], - overwrite_flag=True) - util.file.copy_with_slot_substitution( - master['pki_source_context_xml'], - master['pki_target_context_xml'], - overwrite_flag=True) - util.file.copy_with_slot_substitution( - master['pki_source_tomcat_conf'], - master['pki_target_tomcat_conf_instance_id'], - uid=0, gid=0, overwrite_flag=True) - util.file.copy_with_slot_substitution( - master['pki_source_tomcat_conf'], - master['pki_target_tomcat_conf'], - overwrite_flag=True) - util.file.apply_slot_substitution( - master['pki_target_velocity_properties']) - util.file.apply_slot_substitution( - master['pki_target_subsystem_web_xml']) - # Strip "<filter>" section from subsystem "web.xml" - # This is ONLY necessary because XML comments cannot be "nested"! - #util.file.copy(master['pki_target_subsystem_web_xml'], - # master['pki_target_subsystem_web_xml_orig']) - #util.file.delete(master['pki_target_subsystem_web_xml']) - #util.xml_file.remove_filter_section_from_web_xml( - # master['pki_target_subsystem_web_xml_orig'], - # master['pki_target_subsystem_web_xml']) - #util.file.delete(master['pki_target_subsystem_web_xml_orig']) - if master['pki_subsystem'] == "CA": - util.file.copy_with_slot_substitution( - master['pki_source_proxy_conf'], - master['pki_target_proxy_conf']) - util.file.apply_slot_substitution( - master['pki_target_profileselect_template']) - return self.rv - - def respawn(self): - config.pki_log.info(log.SLOT_ASSIGNMENT_RESPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - return self.rv - - def destroy(self): - config.pki_log.info(log.SLOT_ASSIGNMENT_DESTROY_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - config.pki_log.info("NOTHING NEEDS TO BE IMPLEMENTED", - extra=config.PKI_INDENTATION_LEVEL_2) - return self.rv diff --git a/base/deploy/src/scriptlets/subsystem_layout.py b/base/deploy/src/scriptlets/subsystem_layout.py deleted file mode 100644 index c4c4c2283..000000000 --- a/base/deploy/src/scriptlets/subsystem_layout.py +++ /dev/null @@ -1,126 +0,0 @@ -#!/usr/bin/python -t -# Authors: -# Matthew Harmsen <mharmsen@redhat.com> -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2012 Red Hat, Inc. -# All rights reserved. -# - -# PKI Deployment Imports -import pkiconfig as config -from pkiconfig import pki_master_dict as master -import pkihelper as util -import pkimessages as log -import pkiscriptlet - - -# PKI Deployment Subsystem Layout Scriptlet -class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): - rv = 0 - - def spawn(self): - if config.str2bool(master['pki_skip_installation']): - config.pki_log.info(log.SKIP_SUBSYSTEM_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - return self.rv - config.pki_log.info(log.SUBSYSTEM_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - # establish instance-based subsystem logs - util.directory.create(master['pki_subsystem_log_path']) - util.directory.create(master['pki_subsystem_archive_log_path']) - if master['pki_subsystem'] in config.PKI_SIGNED_AUDIT_SUBSYSTEMS: - util.directory.create(master['pki_subsystem_signed_audit_log_path']) - # establish instance-based subsystem configuration - util.directory.create(master['pki_subsystem_configuration_path']) - # util.directory.copy(master['pki_source_conf_path'], - # master['pki_subsystem_configuration_path']) - # establish instance-based Apache/Tomcat specific subsystems - if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: - # establish instance-based Tomcat PKI subsystem base - if master['pki_subsystem'] == "CA": - util.directory.copy(master['pki_source_emails'], - master['pki_subsystem_emails_path']) - util.directory.copy(master['pki_source_profiles'], - master['pki_subsystem_profiles_path']) - # establish instance-based Tomcat PKI subsystem logs - # establish instance-based Tomcat PKI subsystem configuration - if master['pki_subsystem'] == "CA": - util.file.copy(master['pki_source_flatfile_txt'], - master['pki_target_flatfile_txt']) - util.file.copy(master['pki_source_registry_cfg'], - master['pki_target_registry_cfg']) - # '*.profile' - util.file.copy(master['pki_source_admincert_profile'], - master['pki_target_admincert_profile']) - util.file.copy(master['pki_source_caauditsigningcert_profile'], - master['pki_target_caauditsigningcert_profile']) - util.file.copy(master['pki_source_cacert_profile'], - master['pki_target_cacert_profile']) - util.file.copy(master['pki_source_caocspcert_profile'], - master['pki_target_caocspcert_profile']) - util.file.copy(master['pki_source_servercert_profile'], - master['pki_target_servercert_profile']) - util.file.copy(master['pki_source_subsystemcert_profile'], - master['pki_target_subsystemcert_profile']) - elif master['pki_subsystem'] == "KRA": - # '*.profile' - util.file.copy(master['pki_source_servercert_profile'], - master['pki_target_servercert_profile']) - util.file.copy(master['pki_source_storagecert_profile'], - master['pki_target_storagecert_profile']) - util.file.copy(master['pki_source_subsystemcert_profile'], - master['pki_target_subsystemcert_profile']) - util.file.copy(master['pki_source_transportcert_profile'], - master['pki_target_transportcert_profile']) - # establish instance-based Tomcat PKI subsystem registry - # establish instance-based Tomcat PKI subsystem convenience - # symbolic links - util.symlink.create(master['pki_tomcat_webapps_path'], - master['pki_subsystem_tomcat_webapps_link']) - # establish instance-based subsystem convenience symbolic links - util.symlink.create(master['pki_instance_database_link'], - master['pki_subsystem_database_link']) - util.symlink.create(master['pki_subsystem_configuration_path'], - master['pki_subsystem_conf_link']) - util.symlink.create(master['pki_subsystem_log_path'], - master['pki_subsystem_logs_link']) - util.symlink.create(master['pki_instance_registry_path'], - master['pki_subsystem_registry_link']) - return self.rv - - def respawn(self): - config.pki_log.info(log.SUBSYSTEM_RESPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - return self.rv - - def destroy(self): - config.pki_log.info(log.SUBSYSTEM_DESTROY_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - # remove instance-based subsystem base - if master['pki_subsystem'] == "CA": - util.directory.delete(master['pki_subsystem_emails_path']) - util.directory.delete(master['pki_subsystem_profiles_path']) - util.directory.delete(master['pki_subsystem_path']) - # remove instance-based subsystem logs - if master['pki_subsystem'] in config.PKI_SIGNED_AUDIT_SUBSYSTEMS: - util.directory.delete(master['pki_subsystem_signed_audit_log_path']) - util.directory.delete(master['pki_subsystem_archive_log_path']) - util.directory.delete(master['pki_subsystem_log_path']) - # remove instance-based subsystem configuration - util.directory.delete(master['pki_subsystem_configuration_path']) - # remove instance-based subsystem registry - util.directory.delete(master['pki_subsystem_registry_path']) - return self.rv diff --git a/base/deploy/src/scriptlets/webapp_deployment.py b/base/deploy/src/scriptlets/webapp_deployment.py deleted file mode 100644 index e72752ee8..000000000 --- a/base/deploy/src/scriptlets/webapp_deployment.py +++ /dev/null @@ -1,170 +0,0 @@ -#!/usr/bin/python -t -# Authors: -# Matthew Harmsen <mharmsen@redhat.com> -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2012 Red Hat, Inc. -# All rights reserved. -# - -# System Imports -import os - - -# PKI Deployment Imports -import pkiconfig as config -from pkiconfig import pki_master_dict as master -import pkihelper as util -import pkimessages as log -import pkiscriptlet - - -# PKI Web Application Deployment Scriptlet -class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): - rv = 0 - - def spawn(self): - if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: - if config.str2bool(master['pki_skip_installation']): - config.pki_log.info(log.SKIP_WEBAPP_DEPLOYMENT_SPAWN_1, - __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - return self.rv - config.pki_log.info(log.WEBAPP_DEPLOYMENT_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - - # Copy /usr/share/pki/server/webapps/ROOT - # to <instance>/webapps/ROOT - util.directory.create(master['pki_tomcat_webapps_root_path']) - util.directory.copy( - os.path.join( - config.PKI_DEPLOYMENT_SOURCE_ROOT, - "server", - "webapps", - "ROOT"), - master['pki_tomcat_webapps_root_path'], - overwrite_flag=True) - - util.directory.create(master['pki_tomcat_webapps_common_path']) - - # If desired and available, - # copy selected server theme - # to <instance>/webapps/pki - if config.str2bool(master['pki_theme_enable']) and\ - os.path.exists(master['pki_theme_server_dir']): - util.directory.copy(master['pki_theme_server_dir'], - master['pki_tomcat_webapps_common_path'], - overwrite_flag=True) - - # Copy /usr/share/pki/server/webapps/pki/js - # to <instance>/webapps/pki/js - util.directory.copy( - os.path.join( - config.PKI_DEPLOYMENT_SOURCE_ROOT, - "server", - "webapps", - "pki", - "js"), - os.path.join( - master['pki_tomcat_webapps_common_path'], - "js"), - overwrite_flag=True) - - # Copy /usr/share/pki/server/webapps/pki/META-INF - # to <instance>/webapps/pki/META-INF - util.directory.copy( - os.path.join( - config.PKI_DEPLOYMENT_SOURCE_ROOT, - "server", - "webapps", - "pki", - "META-INF"), - os.path.join( - master['pki_tomcat_webapps_common_path'], - "META-INF"), - overwrite_flag=True) - - # Copy /usr/share/pki/server/webapps/pki/admin - # to <instance>/webapps/<subsystem>/admin - # TODO: common templates should be deployed in common webapp - util.directory.create(master['pki_tomcat_webapps_subsystem_path']) - util.directory.copy( - os.path.join( - config.PKI_DEPLOYMENT_SOURCE_ROOT, - "server", - "webapps", - "pki", - "admin"), - os.path.join( - master['pki_tomcat_webapps_subsystem_path'], - "admin"), - overwrite_flag=True) - - # Copy /usr/share/pki/<subsystem>/webapps/<subsystem> - # to <instance>/webapps/<subsystem> - util.directory.copy( - os.path.join( - config.PKI_DEPLOYMENT_SOURCE_ROOT, - master['pki_subsystem'].lower(), - "webapps", - master['pki_subsystem'].lower()), - master['pki_tomcat_webapps_subsystem_path'], - overwrite_flag=True) - - util.directory.create( - master['pki_tomcat_webapps_subsystem_webinf_classes_path']) - util.directory.create( - master['pki_tomcat_webapps_subsystem_webinf_lib_path']) - # establish Tomcat webapps subsystem WEB-INF lib symbolic links - util.symlink.create(master['pki_certsrv_jar'], - master['pki_certsrv_jar_link']) - util.symlink.create(master['pki_cmsbundle'], - master['pki_cmsbundle_jar_link']) - util.symlink.create(master['pki_cmscore'], - master['pki_cmscore_jar_link']) - util.symlink.create(master['pki_cms'], - master['pki_cms_jar_link']) - util.symlink.create(master['pki_cmsutil'], - master['pki_cmsutil_jar_link']) - util.symlink.create(master['pki_nsutil'], - master['pki_nsutil_jar_link']) - if master['pki_subsystem'] == "CA": - util.symlink.create(master['pki_ca_jar'], - master['pki_ca_jar_link']) - elif master['pki_subsystem'] == "KRA": - util.symlink.create(master['pki_kra_jar'], - master['pki_kra_jar_link']) - elif master['pki_subsystem'] == "OCSP": - util.symlink.create(master['pki_ocsp_jar'], - master['pki_ocsp_jar_link']) - elif master['pki_subsystem'] == "TKS": - util.symlink.create(master['pki_tks_jar'], - master['pki_tks_jar_link']) - # set ownerships, permissions, and acls - util.directory.set_mode(master['pki_tomcat_webapps_subsystem_path']) - return self.rv - - def respawn(self): - if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: - config.pki_log.info(log.WEBAPP_DEPLOYMENT_RESPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - return self.rv - - def destroy(self): - if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: - config.pki_log.info(log.WEBAPP_DEPLOYMENT_DESTROY_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - util.directory.delete(master['pki_tomcat_webapps_subsystem_path']) - return self.rv |