diff options
author | Ade Lee <alee@redhat.com> | 2015-04-27 15:29:26 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2015-04-28 17:02:35 -0400 |
commit | 43d56010e1eb09f62223bc870da9184b81a599f3 (patch) | |
tree | 5374fc91117282075cee7a4cd041119134858039 /base/server/python/pki/server/cli | |
parent | ef0efaa14c65f2a19569851b6b07b6bc79eaa7f0 (diff) | |
download | pki-43d56010e1eb09f62223bc870da9184b81a599f3.tar.gz pki-43d56010e1eb09f62223bc870da9184b81a599f3.tar.xz pki-43d56010e1eb09f62223bc870da9184b81a599f3.zip |
Add ability to pki-server to enable/disable nuxwdog for an instance
This adds the ability to either enable or disable an instance using
the pki-server utility. Additional documentation and additions to the
man pages will be added in a separate patch.
Diffstat (limited to 'base/server/python/pki/server/cli')
-rw-r--r-- | base/server/python/pki/server/cli/instance.py | 117 | ||||
-rw-r--r-- | base/server/python/pki/server/cli/nuxwdog.py | 329 |
2 files changed, 444 insertions, 2 deletions
diff --git a/base/server/python/pki/server/cli/instance.py b/base/server/python/pki/server/cli/instance.py index b4a9ec05a..37db03988 100644 --- a/base/server/python/pki/server/cli/instance.py +++ b/base/server/python/pki/server/cli/instance.py @@ -25,18 +25,22 @@ import sys import pki.cli import pki.server +import pki.server.cli.nuxwdog class InstanceCLI(pki.cli.CLI): def __init__(self): - super(InstanceCLI, self).__init__('instance', 'Instance management commands') + super(InstanceCLI, self).__init__('instance', + 'Instance management commands') self.add_module(InstanceFindCLI()) self.add_module(InstanceShowCLI()) self.add_module(InstanceStartCLI()) self.add_module(InstanceStopCLI()) self.add_module(InstanceMigrateCLI()) + self.add_module(InstanceNuxwdogEnableCLI()) + self.add_module(InstanceNuxwdogDisableCLI()) @staticmethod def print_instance(instance): @@ -252,6 +256,7 @@ class InstanceStopCLI(pki.cli.CLI): self.print_message('%s instance stopped' % instance_name) + class InstanceMigrateCLI(pki.cli.CLI): def __init__(self): @@ -317,6 +322,114 @@ class InstanceMigrateCLI(pki.cli.CLI): instance = pki.server.PKIInstance(instance_name) instance.load() - module.migrate(instance, tomcat_version) # pylint: disable=no-member,maybe-no-member + module.migrate(instance, tomcat_version) # pylint: disable=no-member,maybe-no-member self.print_message('%s instance migrated' % instance_name) + + +class InstanceNuxwdogEnableCLI(pki.cli.CLI): + + def __init__(self): + super(InstanceNuxwdogEnableCLI, self).__init__( + 'nuxwdog-enable', + 'Instance enable nuxwdog') + + def print_help(self): + print 'Usage: pki-server instance-nuxwdog-enable [OPTIONS] <instance ID>' + print + print ' -v, --verbose Run in verbose mode.' + print ' --help Show help message.' + print + + def execute(self, argv): + try: + opts, args = getopt.getopt(argv, 'i:v', [ + 'verbose', 'help']) + + except getopt.GetoptError as e: + print 'ERROR: ' + str(e) + self.print_help() + sys.exit(1) + + if len(args) != 1: + print 'ERROR: missing instance ID' + self.print_help() + sys.exit(1) + + instance_name = args[0] + + for o, _ in opts: + if o in ('-v', '--verbose'): + self.set_verbose(True) + elif o == '--help': + self.print_help() + sys.exit() + else: + print 'ERROR: unknown option ' + o + self.print_help() + sys.exit(1) + + #module = self.top.find_module('nuxwdog-enable') + module = pki.server.cli.nuxwdog.NuxwdogEnableCLI() + module.set_verbose(self.verbose) + + instance = pki.server.PKIInstance(instance_name) + instance.load() + + module.enable_nuxwdog(instance) # pylint: disable=no-member,maybe-no-member + + self.print_message('nuxwdog enabled for instance %s' % instance_name) + + +class InstanceNuxwdogDisableCLI(pki.cli.CLI): + + def __init__(self): + super(InstanceNuxwdogDisableCLI, self).__init__( + 'nuxwdog-disable', + 'Instance disable nuxwdog') + + def print_help(self): + print 'Usage: pki-server instance-nuxwdog-disable [OPTIONS] <instance ID>' + print + print ' -v, --verbose Run in verbose mode.' + print ' --help Show help message.' + print + + def execute(self, argv): + try: + opts, args = getopt.getopt(argv, 'i:v', [ + 'verbose', 'help']) + + except getopt.GetoptError as e: + print 'ERROR: ' + str(e) + self.print_help() + sys.exit(1) + + if len(args) != 1: + print 'ERROR: missing instance ID' + self.print_help() + sys.exit(1) + + instance_name = args[0] + + for o, _ in opts: + if o in ('-v', '--verbose'): + self.set_verbose(True) + elif o == '--help': + self.print_help() + sys.exit() + else: + print 'ERROR: unknown option ' + o + self.print_help() + sys.exit(1) + + # module = self.top.find_module('nuxwdog-disable') + module = pki.server.cli.nuxwdog.NuxwdogDisableCLI() + module.set_verbose(self.verbose) + + instance = pki.server.PKIInstance(instance_name) + instance.load() + + module.disable_nuxwdog(instance) # pylint: disable=no-member,maybe-no-member + + self.print_message('nuxwdog disabled for instance %s' % instance_name) diff --git a/base/server/python/pki/server/cli/nuxwdog.py b/base/server/python/pki/server/cli/nuxwdog.py new file mode 100644 index 000000000..d439dd7db --- /dev/null +++ b/base/server/python/pki/server/cli/nuxwdog.py @@ -0,0 +1,329 @@ +#!/usr/bin/python +# Authors: +# Ade Lee <alee@redhat.com> +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2015 Red Hat, Inc. +# All rights reserved. +# + +import getopt +import fileinput +import os +import re +import struct +import subprocess +import sys + +from lxml import etree + +import pki.cli +import pki.server + + +class NuxwdogCLI(pki.cli.CLI): + + def __init__(self): + super(NuxwdogCLI, self).__init__( + 'nuxwdog', + 'Nuxwdog related commands') + self.add_module(NuxwdogEnableCLI()) + self.add_module(NuxwdogDisableCLI()) + + +class NuxwdogEnableCLI(pki.cli.CLI): + + def __init__(self): + self.parser = etree.XMLParser(remove_blank_text=True) + self.nuxwdog_listener_class = ( + 'com.netscape.cms.tomcat.NuxwdogPasswordStoreInitializer' + ) + self.nuxwdog_pwstore_class = ( + 'com.netscape.cms.tomcat.NuxwdogPasswordStore' + ) + super(NuxwdogEnableCLI, self).__init__( + 'enable', + 'Enable nuxwdog') + + def print_help(self): + print 'Usage: pki-server nuxwdog-enable [OPTIONS]' + print + print ' -v, --verbose Run in verbose mode.' + print ' --help Show help message.' + print + + def execute(self, argv): + try: + opts, _ = getopt.getopt(argv, 'i:v', [ + 'verbose', 'help']) + + except getopt.GetoptError as e: + print 'ERROR: ' + str(e) + self.print_help() + sys.exit(1) + + for o, _ in opts: + if o in ('-v', '--verbose'): + self.set_verbose(True) + + elif o == '--help': + self.print_help() + sys.exit() + + else: + print 'ERROR: unknown option ' + o + self.print_help() + sys.exit(1) + + instances = pki.server.PKIServer.instances() + + for instance in instances: + self.enable_nuxwdog(instance) + + self.print_message('Nuxwdog enabled for system.') + + def enable_nuxwdog(self, instance): + # add nuxwdog link + self.add_nuxwdog_link(instance) + + # modify sysconfig file + self.enable_nuxwdog_sysconfig_file(instance) + + # create nuxwdog conf file + subprocess.call(['pki-server-nuxwdog', instance.name]) + + # modify server.xml + server_xml = os.path.join(instance.conf_dir, 'server.xml') + self.enable_nuxwdog_server_xml(server_xml, instance) + + def add_nuxwdog_link(self, instance): + nuxwdog_jar_path = '/usr/lib/java/nuxwdog.jar' + if not os.path.exists(nuxwdog_jar_path): + print ( + "Error: nuxwdog jar file does not exist. " + "Is nuxwdog installed?" + ) + sys.exit(1) + instance_jar_path = os.path.join( + instance.base_dir, + 'common', + 'lib', + 'nuxwdog.jar') + + if os.path.exists(instance_jar_path): + os.remove(instance_jar_path) + + os.symlink(nuxwdog_jar_path, instance_jar_path) + + def enable_nuxwdog_sysconfig_file(self, instance): + sysconfig_file = os.path.join('/etc/sysconfig', instance.name) + + arch = struct.calcsize("P") * 8 + if arch == 64: + jni_str = "-Djava.library.path=/usr/lib64/nuxwdog-jni" + else: + jni_str = "-Djava.library.path=/usr/lib/nuxwdog-jni" + + got_use_nuxwdog = False + + for line in fileinput.input(sysconfig_file, inplace=1): + match = re.search("^JAVA_OPTS=\"(.*)\"", line) + if match: + opts = match.group(1) + if jni_str not in opts: + line = "JAVA_OPTS=\"" + opts + " " + jni_str + "\"\n" + + match = re.search("^USE_NUXWDOG=.*", line) + if match: + line = "USE_NUXWDOG=\"true\"\n" + got_use_nuxwdog = True + + sys.stdout.write(line) + + if not got_use_nuxwdog: + with open(sysconfig_file, 'a') as f: + f.write("USE_NUXWDOG=\"true\"\n") + + def get_conf_file(self, instance): + if not instance.subsystems: + print "Error: Instance has no subsystems." + sys.exit(1) + + # return the path to the first instance + subsystem = instance.subsystems[0] + return os.path.join(subsystem.conf_dir, 'CS.cfg') + + def enable_nuxwdog_server_xml(self, filename, instance): + if self.verbose: + print 'Enabling nuxwdog in %s' % filename + + conf_file = self.get_conf_file(instance) + + document = etree.parse(filename, self.parser) + + server = document.getroot() + + global_naming_resources = None + + nuxwdog_listener = etree.Element('Listener') + nuxwdog_listener.set('className', self.nuxwdog_listener_class) + + children = list(server) + for child in children: + + if child.tag == 'Listener': + class_name = child.get('className') + if class_name == self.nuxwdog_listener_class: + nuxwdog_listener = None + elif child.tag == 'GlobalNamingResources': + global_naming_resources = child + + # add before GlobalResourcesLifecycleListener if exists + if global_naming_resources is not None: + index = list(server).index(global_naming_resources) + else: + index = 0 + + if nuxwdog_listener is not None: + server.insert(index, nuxwdog_listener) + + connectors = server.findall('Service/Connector') + for connector in connectors: + if connector.get('secure') == 'true': + connector.set('passwordClass', self.nuxwdog_pwstore_class) + connector.set('passwordFile', conf_file) + + with open(filename, 'w') as f: + f.write(etree.tostring(document, pretty_print=True)) + + +class NuxwdogDisableCLI(pki.cli.CLI): + + def __init__(self): + self.parser = etree.XMLParser(remove_blank_text=True) + self.nuxwdog_listener_class = ( + 'com.netscape.cms.tomcat.NuxwdogPasswordStoreInitializer' + ) + self.plain_pwstore_class = ( + 'org.apache.tomcat.util.net.jss.PlainPasswordFile' + ) + super(NuxwdogDisableCLI, self).__init__( + 'disable', + 'Disable nuxwdog') + + def print_help(self): + print 'Usage: pki-server nuxwdog-disable [OPTIONS]' + print + print ' -v, --verbose Run in verbose mode.' + print ' --help Show help message.' + print + + def execute(self, argv): + try: + opts, _ = getopt.getopt(argv, 'i:v', [ + 'verbose', 'help']) + + except getopt.GetoptError as e: + print 'ERROR: ' + str(e) + self.print_help() + sys.exit(1) + + for o, _ in opts: + if o in ('-v', '--verbose'): + self.set_verbose(True) + + elif o == '--help': + self.print_help() + sys.exit() + + else: + print 'ERROR: unknown option ' + o + self.print_help() + sys.exit(1) + + instances = pki.server.PKIServer.instances() + + for instance in instances: + self.disable_nuxwdog(instance) + + self.print_message('Nuxwdog disabled for system.') + + def disable_nuxwdog(self, instance): + self.disable_nuxwdog_sysconfig_file(instance) + self.remove_nuxwdog_link(instance) + + nuxwdog_conf = os.path.join(instance.conf_dir, 'nuxwdog.conf') + if os.path.exists(nuxwdog_conf): + os.remove(nuxwdog_conf) + + server_xml = os.path.join(instance.conf_dir, 'server.xml') + self.disable_nuxwdog_server_xml(server_xml, instance) + + def disable_nuxwdog_sysconfig_file(self, instance): + sysconfig_file = os.path.join('/etc/sysconfig', instance.name) + + arch = struct.calcsize("P") * 8 + if arch == 64: + jni_str = "-Djava.library.path=/usr/lib64/nuxwdog-jni" + else: + jni_str = "-Djava.library.path=/usr/lib/nuxwdog-jni" + + for line in fileinput.input(sysconfig_file, inplace=1): + match = re.search("^JAVA_OPTS=\"(.*)\"", line) + if match: + opts = match.group(1) + line = "JAVA_OPTS=\"" + opts.replace(jni_str, '') + "\"\n" + + match = re.search("^USE_NUXWDOG=.*", line) + if match: + line = "USE_NUXWDOG=\"false\"\n" + + sys.stdout.write(line) + + def remove_nuxwdog_link(self, instance): + instance_jar_path = os.path.join( + instance.base_dir, + 'common', + 'lib', + 'nuxwdog.jar') + + if os.path.exists(instance_jar_path): + os.remove(instance_jar_path) + + def disable_nuxwdog_server_xml(self, filename, instance): + if self.verbose: + print 'Disabling nuxwdog in %s' % filename + + pw_conf = os.path.join(instance.conf_dir, 'password.conf') + + document = etree.parse(filename, self.parser) + + server = document.getroot() + + children = list(server) + for child in children: + if child.tag == 'Listener': + class_name = child.get('className') + if class_name == self.nuxwdog_listener_class: + server.remove(child) + + connectors = server.findall('Service/Connector') + for connector in connectors: + if connector.get('secure') == 'true': + connector.set('passwordClass', self.plain_pwstore_class) + connector.set('passwordFile', pw_conf) + + with open(filename, 'w') as f: + f.write(etree.tostring(document, pretty_print=True)) |