diff options
| author | Endi Sukma Dewata <edewata@redhat.com> | 2013-02-21 19:47:35 -0500 |
|---|---|---|
| committer | Endi Sukma Dewata <edewata@redhat.com> | 2013-03-07 17:51:32 -0500 |
| commit | c87a65024177ed67cd4ec0f7d533d973f8e1f971 (patch) | |
| tree | dcceb0a14d514c62773ee07a1fcb09e787dae6e4 /base/deploy/src | |
| parent | b18a44db98f19c4d9b9d8d586d2bd1772a5d9f41 (diff) | |
Added security domain info validation.
The installer script has been modified to validate security domain
info in both interactive and silent installation.
A basic Python API has been added to access the REST interface.
Ticket #473
Diffstat (limited to 'base/deploy/src')
| -rwxr-xr-x | base/deploy/src/pkispawn | 73 | ||||
| -rw-r--r-- | base/deploy/src/scriptlets/pkilogging.py | 40 | ||||
| -rw-r--r-- | base/deploy/src/scriptlets/pkiparser.py | 23 |
3 files changed, 94 insertions, 42 deletions
diff --git a/base/deploy/src/pkispawn b/base/deploy/src/pkispawn index bca496e1d..65bbaa4a8 100755 --- a/base/deploy/src/pkispawn +++ b/base/deploy/src/pkispawn @@ -30,10 +30,12 @@ try: import ldap import logging import os + import requests import socket import struct import subprocess import time + import urllib2 from time import strftime as date from pki.deployment import pkiconfig as config from pki.deployment.pkiparser import PKIConfigParser @@ -225,15 +227,33 @@ def main(argv): print print "Security Domain:" - parser.read_text('Name', config.pki_subsystem, 'pki_security_domain_name') - if config.pki_subsystem != "CA": - parser.read_text('Hostname', config.pki_subsystem, 'pki_security_domain_hostname') - parser.read_text('Secure HTTP port', config.pki_subsystem, 'pki_security_domain_https_port') - parser.read_text('Username', config.pki_subsystem, 'pki_security_domain_user') - parser.read_password( - 'Password', config.pki_subsystem, 'pki_security_domain_password', - verifyMessage='Verify password') + if config.pki_subsystem == "CA": + parser.read_text('Name', config.pki_subsystem, 'pki_security_domain_name') + + else: + while True: + parser.read_text('Hostname', config.pki_subsystem, 'pki_security_domain_hostname') + parser.read_text('Secure HTTP port', config.pki_subsystem, 'pki_security_domain_https_port') + + try: + parser.sd_connect() + info = parser.sd_get_info() + parser.print_text('Name: ' + info.name) + parser.set_property(config.pki_subsystem, 'pki_security_domain_name', info.name) + break + except requests.exceptions.ConnectionError as e: + parser.print_text('ERROR: ' + str(e)) + + while True: + parser.read_text('Username', config.pki_subsystem, 'pki_security_domain_user') + parser.read_password('Password', config.pki_subsystem, 'pki_security_domain_password') + + try: + parser.sd_authenticate() + break + except requests.exceptions.HTTPError as e: + parser.print_text('ERROR: ' + str(e)) print @@ -321,23 +341,40 @@ def main(argv): config.pki_log.debug(pkilogging.format(config.pki_master_dict), extra=config.PKI_INDENTATION_LEVEL_0) - if not interactive: + if not interactive and\ + not config.str2bool(config.pki_master_dict['pki_skip_configuration']): try: - if not config.str2bool(config.pki_master_dict['pki_skip_configuration']): - parser.ds_connect() - parser.ds_bind() + parser.ds_connect() + parser.ds_bind() - if parser.ds_base_dn_exists() and\ - not config.str2bool(config.pki_master_dict['pki_ds_remove_data']): - print 'ERROR: Base DN already exists.' - sys.exit(1) + if parser.ds_base_dn_exists() and\ + not config.str2bool(config.pki_master_dict['pki_ds_remove_data']): + print 'ERROR: Base DN already exists.' + sys.exit(1) - parser.ds_close() + parser.ds_close() except ldap.LDAPError as e: - print 'ERROR: ' + e.message['desc'] + print 'ERROR: Unable to access directory server: ' + e.message['desc'] sys.exit(1) + if config.pki_subsystem != "CA" or\ + config.str2bool(config.pki_master_dict['pki_clone']) or\ + config.str2bool(config.pki_master_dict['pki_subordinate']): + try: + parser.sd_connect() + info = parser.sd_get_info() + parser.set_property(config.pki_subsystem, 'pki_security_domain_name', info.name) + parser.sd_authenticate() + + except requests.exceptions.ConnectionError as e: + print('ERROR: Unable to access security domain: ' + str(e)) + sys.exit(1) + + except requests.exceptions.HTTPError as e: + print('ERROR: Unable to access security domain: ' + str(e)) + sys.exit(1) + print "Installing " + config.pki_subsystem + " into " + config.pki_master_dict['pki_instance_path'] + "." # Process the various "scriptlets" to create the specified PKI subsystem. diff --git a/base/deploy/src/scriptlets/pkilogging.py b/base/deploy/src/scriptlets/pkilogging.py index 3c146a12c..319616145 100644 --- a/base/deploy/src/scriptlets/pkilogging.py +++ b/base/deploy/src/scriptlets/pkilogging.py @@ -43,42 +43,34 @@ def format(dict): return pp.pformat(new_dict) # PKI Deployment Logging Functions -def enable_pki_logger(log_dir, log_name, log_level, console_log_level, logger): +def enable_pki_logger(log_dir, log_name, log_level, console_log_level, name): if not os.path.isdir(log_dir): try: os.makedirs(log_dir) except OSError: return OSError - # Establish 'file' logger using 'basicConfig()' - logging.LoggerAdapter(logging.getLogger(''), {'indent' : ''}) - logging.basicConfig(level=log_level, - format='%(asctime)s %(name)-12s ' +\ - '%(levelname)-8s ' +\ - '%(indent)s%(message)s', - datefmt='%Y-%m-%d %H:%M:%S', - filename=log_dir + "/" + log_name, - filemode='w') + # Configure logger + logger = logging.getLogger(name) + logger.setLevel(log_level) - # Establish 'console' logger + # Configure console handler console = logging.StreamHandler() - logging.LoggerAdapter(console, {'indent' : ''}) console.setLevel(console_log_level) console_format = logging.Formatter('%(name)-12s: ' +\ '%(levelname)-8s ' +\ '%(indent)s%(message)s') console.setFormatter(console_format) - logging.getLogger('').addHandler(console) + logger.addHandler(console) - # Establish 'file' logger -# file = logging.FileHandler(log_dir + "/" + log_name, 'w') -# logging.LoggerAdapter(file, {'indent' : ''}) -# file.setLevel(log_level) -# file_format = logging.Formatter('%(asctime)s %(name)-12s: ' +\ -# '%(levelname)-8s ' +\ -# '%(indent)s%(message)s', -# '%Y-%m-%d %H:%M:%S') -# file.setFormatter(file_format) -# logging.getLogger('').addHandler(file) + # Configure file handler + file = logging.FileHandler(log_dir + "/" + log_name, 'w') + file.setLevel(log_level) + file_format = logging.Formatter('%(asctime)s %(name)-12s: ' +\ + '%(levelname)-8s ' +\ + '%(indent)s%(message)s', + '%Y-%m-%d %H:%M:%S') + file.setFormatter(file_format) + logger.addHandler(file) - return logging.getLogger(logger) + return logger diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py index eee56ca3e..32a3da154 100644 --- a/base/deploy/src/scriptlets/pkiparser.py +++ b/base/deploy/src/scriptlets/pkiparser.py @@ -38,6 +38,9 @@ import pkilogging import pkiconfig as config import pkimessages as log +import pki.account +import pki.client +import pki.system class PKIConfigParser: @@ -391,6 +394,26 @@ class PKIConfigParser: def ds_close(self): self.ds_connection.unbind_s() + def sd_connect(self): + self.sd_connection = pki.client.PKIConnection( + protocol='https', + hostname=config.pki_master_dict['pki_security_domain_hostname'], + port=config.pki_master_dict['pki_security_domain_https_port'], + subsystem='ca') + + def sd_get_info(self): + sd = pki.system.SecurityDomainClient(self.sd_connection) + return sd.getSecurityDomainInfo() + + def sd_authenticate(self): + self.sd_connection.authenticate( + config.pki_master_dict['pki_security_domain_user'], + config.pki_master_dict['pki_security_domain_password']) + + account = pki.account.AccountClient(self.sd_connection) + account.login() + account.logout() + def compose_pki_master_dictionary(self): "Create a single master PKI dictionary from the sectional dictionaries" try: |