summaryrefslogtreecommitdiffstats
path: root/base/server/python/pki/server/cli
diff options
context:
space:
mode:
authorAde Lee <alee@redhat.com>2015-05-06 16:06:34 -0400
committerAde Lee <alee@redhat.com>2015-05-10 16:09:24 -0400
commit7dca020819b7573cd05bd54482fb5d1afe9bb658 (patch)
tree871e3a9d350c081e52a26b0583bd02e8f2dd761b /base/server/python/pki/server/cli
parent2db074c39334a6ec48a6fac52722f684a14bb00a (diff)
downloadpki-7dca020819b7573cd05bd54482fb5d1afe9bb658.tar.gz
pki-7dca020819b7573cd05bd54482fb5d1afe9bb658.tar.xz
pki-7dca020819b7573cd05bd54482fb5d1afe9bb658.zip
Patches to get nuxwdog working with systemd
This patch adds some new unit files and targets for starting instances with nuxwdog, as well as logic within the pki-server nuxwdog module to switch to/from the old and new systemd unit files. It also corrects some issues found in additional testing of the nuxwdog change scripts. To use nuxwdog to start the instance, a user needs to do the following: 1. Create an instance normally. 2. Run: pki-server instance-nuxwdog-enable <instance_name> 3. Start the instance using: systemctl start pki-tomcatd-nuxwdog@<instance_name>.service To revert the instance, simply do the following: 1. Run: pki-server instance-nuxwdog-disable <instance_name> 2. Start the instance using: systemctl start pki-tomcatd@<instance_name>.service
Diffstat (limited to 'base/server/python/pki/server/cli')
-rw-r--r--base/server/python/pki/server/cli/instance.py4
-rw-r--r--base/server/python/pki/server/cli/nuxwdog.py103
-rw-r--r--base/server/python/pki/server/cli/subsystem.py3
3 files changed, 93 insertions, 17 deletions
diff --git a/base/server/python/pki/server/cli/instance.py b/base/server/python/pki/server/cli/instance.py
index 37db03988..becad1447 100644
--- a/base/server/python/pki/server/cli/instance.py
+++ b/base/server/python/pki/server/cli/instance.py
@@ -378,7 +378,7 @@ class InstanceNuxwdogEnableCLI(pki.cli.CLI):
module.enable_nuxwdog(instance) # pylint: disable=no-member,maybe-no-member
- self.print_message('nuxwdog enabled for instance %s' % instance_name)
+ self.print_message('Nuxwdog enabled for instance %s.' % instance_name)
class InstanceNuxwdogDisableCLI(pki.cli.CLI):
@@ -432,4 +432,4 @@ class InstanceNuxwdogDisableCLI(pki.cli.CLI):
module.disable_nuxwdog(instance) # pylint: disable=no-member,maybe-no-member
- self.print_message('nuxwdog disabled for instance %s' % instance_name)
+ self.print_message('Nuxwdog disabled for instance %s.' % instance_name)
diff --git a/base/server/python/pki/server/cli/nuxwdog.py b/base/server/python/pki/server/cli/nuxwdog.py
index d439dd7db..d6ef91e43 100644
--- a/base/server/python/pki/server/cli/nuxwdog.py
+++ b/base/server/python/pki/server/cli/nuxwdog.py
@@ -48,7 +48,7 @@ class NuxwdogEnableCLI(pki.cli.CLI):
def __init__(self):
self.parser = etree.XMLParser(remove_blank_text=True)
self.nuxwdog_listener_class = (
- 'com.netscape.cms.tomcat.NuxwdogPasswordStoreInitializer'
+ 'com.netscape.cms.tomcat.PKIListener'
)
self.nuxwdog_pwstore_class = (
'com.netscape.cms.tomcat.NuxwdogPasswordStore'
@@ -108,6 +108,12 @@ class NuxwdogEnableCLI(pki.cli.CLI):
server_xml = os.path.join(instance.conf_dir, 'server.xml')
self.enable_nuxwdog_server_xml(server_xml, instance)
+ # change systemd links
+ self.change_systemd_links(instance)
+
+ # modify CS.cfg
+ self.modify_password_class_in_cs_cfg(instance)
+
def add_nuxwdog_link(self, instance):
nuxwdog_jar_path = '/usr/lib/java/nuxwdog.jar'
if not os.path.exists(nuxwdog_jar_path):
@@ -156,11 +162,9 @@ class NuxwdogEnableCLI(pki.cli.CLI):
with open(sysconfig_file, 'a') as f:
f.write("USE_NUXWDOG=\"true\"\n")
- def get_conf_file(self, instance):
- if not instance.subsystems:
- print "Error: Instance has no subsystems."
- sys.exit(1)
+ os.chown(sysconfig_file, instance.uid, instance.gid)
+ def get_conf_file(self, instance):
# return the path to the first instance
subsystem = instance.subsystems[0]
return os.path.join(subsystem.conf_dir, 'CS.cfg')
@@ -192,7 +196,7 @@ class NuxwdogEnableCLI(pki.cli.CLI):
# add before GlobalResourcesLifecycleListener if exists
if global_naming_resources is not None:
- index = list(server).index(global_naming_resources)
+ index = list(server).index(global_naming_resources) - 1
else:
index = 0
@@ -208,13 +212,49 @@ class NuxwdogEnableCLI(pki.cli.CLI):
with open(filename, 'w') as f:
f.write(etree.tostring(document, pretty_print=True))
+ os.chown(filename, instance.uid, instance.gid)
+
+ def change_systemd_links(self, instance):
+ old_systemd_unit_file = 'pki-tomcatd@' + instance.name + '.service'
+ old_systemd_link = os.path.join(
+ '/etc/systemd/system/pki-tomcatd.target.wants',
+ old_systemd_unit_file)
+
+ new_systemd_unit_file = ('pki-tomcatd-nuxwdog@' + instance.name
+ + '.service')
+ new_systemd_link = os.path.join(
+ '/etc/systemd/system/pki-tomcatd-nuxwdog.target.wants',
+ new_systemd_unit_file)
+ new_systemd_source = '/lib/systemd/system/pki-tomcatd-nuxwdog@.service'
+
+ if os.path.exists(old_systemd_link):
+ os.unlink(old_systemd_link)
+
+ if os.path.exists(new_systemd_link):
+ os.unlink(new_systemd_link)
+ os.symlink(new_systemd_source, new_systemd_link)
+
+ subprocess.check_call(['systemctl', 'daemon-reload'])
+
+ def modify_password_class_in_cs_cfg(self, instance):
+ pclass = "com.netscape.cmsutil.password.NuxwdogPasswordStore"
+
+ for subsystem in instance.subsystems:
+ cs_cfg = os.path.join(subsystem.conf_dir, 'CS.cfg')
+ for line in fileinput.input(cs_cfg, inplace=1):
+ match = re.search("^passwordClass=(.*)", line)
+ if match:
+ line = "passwordClass=" + pclass + "\n"
+ sys.stdout.write(line)
+ os.chown(cs_cfg, instance.uid, instance.gid)
+
class NuxwdogDisableCLI(pki.cli.CLI):
def __init__(self):
self.parser = etree.XMLParser(remove_blank_text=True)
self.nuxwdog_listener_class = (
- 'com.netscape.cms.tomcat.NuxwdogPasswordStoreInitializer'
+ 'com.netscape.cms.tomcat.PKIListener'
)
self.plain_pwstore_class = (
'org.apache.tomcat.util.net.jss.PlainPasswordFile'
@@ -271,6 +311,10 @@ class NuxwdogDisableCLI(pki.cli.CLI):
server_xml = os.path.join(instance.conf_dir, 'server.xml')
self.disable_nuxwdog_server_xml(server_xml, instance)
+ self.change_systemd_links(instance)
+
+ self.modify_password_class_in_cs_cfg(instance)
+
def disable_nuxwdog_sysconfig_file(self, instance):
sysconfig_file = os.path.join('/etc/sysconfig', instance.name)
@@ -292,6 +336,8 @@ class NuxwdogDisableCLI(pki.cli.CLI):
sys.stdout.write(line)
+ os.chown(sysconfig_file, instance.uid, instance.gid)
+
def remove_nuxwdog_link(self, instance):
instance_jar_path = os.path.join(
instance.base_dir,
@@ -312,13 +358,6 @@ class NuxwdogDisableCLI(pki.cli.CLI):
server = document.getroot()
- children = list(server)
- for child in children:
- if child.tag == 'Listener':
- class_name = child.get('className')
- if class_name == self.nuxwdog_listener_class:
- server.remove(child)
-
connectors = server.findall('Service/Connector')
for connector in connectors:
if connector.get('secure') == 'true':
@@ -327,3 +366,39 @@ class NuxwdogDisableCLI(pki.cli.CLI):
with open(filename, 'w') as f:
f.write(etree.tostring(document, pretty_print=True))
+
+ os.chown(filename, instance.uid, instance.gid)
+
+ def change_systemd_links(self, instance):
+ old_systemd_unit_file = ('pki-tomcatd-nuxwdog@' + instance.name
+ + '.service')
+ old_systemd_link = os.path.join(
+ '/etc/systemd/system/pki-tomcatd-nuxwdog.target.wants',
+ old_systemd_unit_file)
+
+ new_systemd_unit_file = 'pki-tomcatd@' + instance.name + '.service'
+ new_systemd_link = os.path.join(
+ '/etc/systemd/system/pki-tomcatd.target.wants',
+ new_systemd_unit_file)
+ new_systemd_source = '/lib/systemd/system/pki-tomcatd@.service'
+
+ if os.path.exists(old_systemd_link):
+ os.unlink(old_systemd_link)
+
+ if os.path.exists(new_systemd_link):
+ os.unlink(new_systemd_link)
+ os.symlink(new_systemd_source, new_systemd_link)
+
+ subprocess.check_call(['systemctl', 'daemon-reload'])
+
+ def modify_password_class_in_cs_cfg(self, instance):
+ pclass = "com.netscape.cmsutil.password.PlainPasswordFile"
+
+ for subsystem in instance.subsystems:
+ cs_cfg = os.path.join(subsystem.conf_dir, 'CS.cfg')
+ for line in fileinput.input(cs_cfg, inplace=1):
+ match = re.search("^passwordClass=(.*)", line)
+ if match:
+ line = "passwordClass=" + pclass + "\n"
+ sys.stdout.write(line)
+ os.chown(cs_cfg, instance.uid, instance.gid)
diff --git a/base/server/python/pki/server/cli/subsystem.py b/base/server/python/pki/server/cli/subsystem.py
index 3aad00a05..43eb564ee 100644
--- a/base/server/python/pki/server/cli/subsystem.py
+++ b/base/server/python/pki/server/cli/subsystem.py
@@ -30,7 +30,8 @@ import pki.server
class SubsystemCLI(pki.cli.CLI):
def __init__(self):
- super(SubsystemCLI, self).__init__('subsystem', 'Subsystem management commands')
+ super(SubsystemCLI, self).__init__('subsystem',
+ 'Subsystem management commands')
self.add_module(SubsystemDisableCLI())
self.add_module(SubsystemEnableCLI())