diff options
| author | Ade Lee <alee@redhat.com> | 2015-04-29 10:57:09 -0400 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2015-04-29 17:28:19 -0400 |
| commit | 161c5b2f048b577404b8a28f662fda6f72ba5c12 (patch) | |
| tree | c80b6800154cd726004e7944ac8e501cb35c8041 /base/server/python/pki | |
| parent | 267635f87c5ba9382f0931ad3e1b7cb9e42c6a6d (diff) | |
| download | pki-161c5b2f048b577404b8a28f662fda6f72ba5c12.tar.gz pki-161c5b2f048b577404b8a28f662fda6f72ba5c12.tar.xz pki-161c5b2f048b577404b8a28f662fda6f72ba5c12.zip | |
Code cleanup - simplify pkispawn code
All subsystems are now tomcat instances. Conditionals based on
whether the subsystem is a tomcat instance or not are no longer required.
Diffstat (limited to 'base/server/python/pki')
10 files changed, 716 insertions, 749 deletions
diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index 884215e85..b9d48eea3 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -425,19 +425,19 @@ class Namespace: log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % ( self.mdict['pki_instance_name'], self.mdict['pki_instance_configuration_path'])) - if self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: - # Top-Level Tomcat PKI registry path reserved name collision - if self.mdict['pki_instance_name'] in\ - config.PKI_TOMCAT_REGISTRY_RESERVED_NAMES: - config.pki_log.error( - log.PKIHELPER_NAMESPACE_RESERVED_NAME_2, + + # Top-Level Tomcat PKI registry path reserved name collision + if self.mdict['pki_instance_name'] in\ + config.PKI_TOMCAT_REGISTRY_RESERVED_NAMES: + config.pki_log.error( + log.PKIHELPER_NAMESPACE_RESERVED_NAME_2, + self.mdict['pki_instance_name'], + self.mdict['pki_instance_registry_path'], + extra=config.PKI_INDENTATION_LEVEL_2) + raise Exception( + log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % ( self.mdict['pki_instance_name'], - self.mdict['pki_instance_registry_path'], - extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception( - log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % ( - self.mdict['pki_instance_name'], - self.mdict['pki_instance_registry_path'])) + self.mdict['pki_instance_registry_path'])) class ConfigurationFile: @@ -551,95 +551,93 @@ class ConfigurationFile: def verify_sensitive_data(self): # Silently verify the existence of 'sensitive' data - if self.subsystem in config.PKI_TOMCAT_SUBSYSTEMS: - # Verify existence of Directory Server Password - # (unless configuration will not be automatically executed) - if not self.skip_configuration: - self.confirm_data_exists("pki_ds_password") - # Verify existence of Admin Password (except for Clones) - if not self.clone: - self.confirm_data_exists("pki_admin_password") - # If required, verify existence of Backup Password - if config.str2bool(self.mdict['pki_backup_keys']): - self.confirm_data_exists("pki_backup_password") - # Verify existence of Client Pin for NSS client security databases - self.confirm_data_exists("pki_client_database_password") - # Verify existence of Client PKCS #12 Password for Admin Cert - self.confirm_data_exists("pki_client_pkcs12_password") - # Verify existence of PKCS #12 Password (ONLY for Clones) - if self.clone: - self.confirm_data_exists("pki_clone_pkcs12_password") - # Verify existence of Security Domain Password - # (ONLY for PKI KRA, PKI OCSP, PKI TKS, PKI TPS, Clones, or - # Subordinate CA that will be automatically configured and - # are not Stand-alone PKI) - if (self.subsystem == "KRA" or - self.subsystem == "OCSP" or - self.subsystem == "TKS" or - self.subsystem == "TPS" or - self.clone or - self.subordinate): - if not self.skip_configuration and not self.standalone: - self.confirm_data_exists("pki_security_domain_password") - # If required, verify existence of Token Password - if config.str2bool(self.mdict['pki_hsm_enable']): - self.confirm_data_exists("pki_hsm_libfile") - self.confirm_data_exists("pki_hsm_modulename") - self.confirm_data_exists("pki_token_name") - if self.mdict['pki_token_name'] == "internal": - config.pki_log.error( - log.PKIHELPER_UNDEFINED_HSM_TOKEN, - extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_UNDEFINED_HSM_TOKEN) - if not self.mdict['pki_token_name'] == "internal": - self.confirm_data_exists("pki_token_password") - return + + # Verify existence of Directory Server Password + # (unless configuration will not be automatically executed) + if not self.skip_configuration: + self.confirm_data_exists("pki_ds_password") + # Verify existence of Admin Password (except for Clones) + if not self.clone: + self.confirm_data_exists("pki_admin_password") + # If required, verify existence of Backup Password + if config.str2bool(self.mdict['pki_backup_keys']): + self.confirm_data_exists("pki_backup_password") + # Verify existence of Client Pin for NSS client security databases + self.confirm_data_exists("pki_client_database_password") + # Verify existence of Client PKCS #12 Password for Admin Cert + self.confirm_data_exists("pki_client_pkcs12_password") + # Verify existence of PKCS #12 Password (ONLY for Clones) + if self.clone: + self.confirm_data_exists("pki_clone_pkcs12_password") + # Verify existence of Security Domain Password + # (ONLY for PKI KRA, PKI OCSP, PKI TKS, PKI TPS, Clones, or + # Subordinate CA that will be automatically configured and + # are not Stand-alone PKI) + if (self.subsystem == "KRA" or + self.subsystem == "OCSP" or + self.subsystem == "TKS" or + self.subsystem == "TPS" or + self.clone or + self.subordinate): + if not self.skip_configuration and not self.standalone: + self.confirm_data_exists("pki_security_domain_password") + # If required, verify existence of Token Password + if config.str2bool(self.mdict['pki_hsm_enable']): + self.confirm_data_exists("pki_hsm_libfile") + self.confirm_data_exists("pki_hsm_modulename") + self.confirm_data_exists("pki_token_name") + if self.mdict['pki_token_name'] == "internal": + config.pki_log.error( + log.PKIHELPER_UNDEFINED_HSM_TOKEN, + extra=config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_UNDEFINED_HSM_TOKEN) + if not self.mdict['pki_token_name'] == "internal": + self.confirm_data_exists("pki_token_password") def verify_mutually_exclusive_data(self): # Silently verify the existence of 'mutually exclusive' data - if self.subsystem in config.PKI_TOMCAT_SUBSYSTEMS: - if self.subsystem == "CA": - if self.clone and self.external and self.subordinate: - config.pki_log.error( - log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_SUB_CA, - self.mdict['pki_user_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception( - log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_SUB_CA % - self.mdict['pki_user_deployment_cfg']) - elif self.clone and self.external: - config.pki_log.error( - log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_CA, - self.mdict['pki_user_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception( - log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_CA % - self.mdict['pki_user_deployment_cfg']) - elif self.clone and self.subordinate: - config.pki_log.error( - log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_SUB_CA, - self.mdict['pki_user_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception( - log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_SUB_CA % - self.mdict['pki_user_deployment_cfg']) - elif self.external and self.subordinate: - config.pki_log.error( - log.PKIHELPER_MUTUALLY_EXCLUSIVE_EXTERNAL_SUB_CA, - self.mdict['pki_user_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception( - log.PKIHELPER_MUTUALLY_EXCLUSIVE_EXTERNAL_SUB_CA % - self.mdict['pki_user_deployment_cfg']) - elif self.standalone: - if self.clone: - config.pki_log.error( - log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_STANDALONE_PKI, - self.mdict['pki_user_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception( - log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_STANDALONE_PKI % - self.mdict['pki_user_deployment_cfg']) + if self.subsystem == "CA": + if self.clone and self.external and self.subordinate: + config.pki_log.error( + log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_SUB_CA, + self.mdict['pki_user_deployment_cfg'], + extra=config.PKI_INDENTATION_LEVEL_2) + raise Exception( + log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_SUB_CA % + self.mdict['pki_user_deployment_cfg']) + elif self.clone and self.external: + config.pki_log.error( + log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_CA, + self.mdict['pki_user_deployment_cfg'], + extra=config.PKI_INDENTATION_LEVEL_2) + raise Exception( + log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_CA % + self.mdict['pki_user_deployment_cfg']) + elif self.clone and self.subordinate: + config.pki_log.error( + log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_SUB_CA, + self.mdict['pki_user_deployment_cfg'], + extra=config.PKI_INDENTATION_LEVEL_2) + raise Exception( + log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_SUB_CA % + self.mdict['pki_user_deployment_cfg']) + elif self.external and self.subordinate: + config.pki_log.error( + log.PKIHELPER_MUTUALLY_EXCLUSIVE_EXTERNAL_SUB_CA, + self.mdict['pki_user_deployment_cfg'], + extra=config.PKI_INDENTATION_LEVEL_2) + raise Exception( + log.PKIHELPER_MUTUALLY_EXCLUSIVE_EXTERNAL_SUB_CA % + self.mdict['pki_user_deployment_cfg']) + elif self.standalone: + if self.clone: + config.pki_log.error( + log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_STANDALONE_PKI, + self.mdict['pki_user_deployment_cfg'], + extra=config.PKI_INDENTATION_LEVEL_2) + raise Exception( + log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_STANDALONE_PKI % + self.mdict['pki_user_deployment_cfg']) def verify_predefined_configuration_file_data(self): # Silently verify the existence of any required 'predefined' data @@ -652,127 +650,125 @@ class ConfigurationFile: # etc.), and "correctness" (e. g. - file, directory, boolean # 'True' or 'False', etc.) of ALL required "value" parameters. # - if self.subsystem in config.PKI_TOMCAT_SUBSYSTEMS: - self.confirm_external() - self.confirm_standalone() - self.confirm_subordinate() - self.confirm_external_step_two() - if self.clone: - # Verify existence of clone parameters - # - # NOTE: Although this will be checked prior to getting to - # this method, this clone's 'pki_instance_name' MUST - # be different from the master's 'pki_instance_name' - # IF AND ONLY IF the master and clone are located on - # the same host! - # - self.confirm_data_exists("pki_ds_base_dn") - # FUTURE: Check for unused port value(s) - # (e. g. - must be different from master if the - # master is located on the same host) - self.confirm_data_exists("pki_ds_ldap_port") - self.confirm_data_exists("pki_ds_ldaps_port") - self.confirm_data_exists("pki_ajp_port") - self.confirm_data_exists("pki_http_port") - self.confirm_data_exists("pki_https_port") - self.confirm_data_exists("pki_tomcat_server_port") - self.confirm_data_exists("pki_clone_pkcs12_path") - self.confirm_file_exists("pki_clone_pkcs12_path") - self.confirm_data_exists("pki_clone_replication_security") - self.confirm_data_exists("pki_clone_uri") - elif self.external: - # External CA - if not self.external_step_two: - # External CA (Step 1) - self.confirm_data_exists("pki_external_csr_path") - self.confirm_missing_file("pki_external_csr_path") - # generic extension support in CSR - for external CA - if self.add_req_ext: - self.confirm_data_exists("pki_req_ext_oid") - self.confirm_data_exists("pki_req_ext_critical") - self.confirm_data_exists("pki_req_ext_data") - else: - # External CA (Step 2) - self.confirm_data_exists("pki_external_ca_cert_chain_path") - self.confirm_file_exists("pki_external_ca_cert_chain_path") - self.confirm_data_exists("pki_external_ca_cert_path") - self.confirm_file_exists("pki_external_ca_cert_path") - elif not self.skip_configuration and self.standalone: - if not self.external_step_two: - # Stand-alone PKI Admin CSR (Step 1) - self.confirm_data_exists("pki_external_admin_csr_path") - self.confirm_missing_file("pki_external_admin_csr_path") - # Stand-alone PKI Audit Signing CSR (Step 1) + self.confirm_external() + self.confirm_standalone() + self.confirm_subordinate() + self.confirm_external_step_two() + if self.clone: + # Verify existence of clone parameters + # + # NOTE: Although this will be checked prior to getting to + # this method, this clone's 'pki_instance_name' MUST + # be different from the master's 'pki_instance_name' + # IF AND ONLY IF the master and clone are located on + # the same host! + # + self.confirm_data_exists("pki_ds_base_dn") + # FUTURE: Check for unused port value(s) + # (e. g. - must be different from master if the + # master is located on the same host) + self.confirm_data_exists("pki_ds_ldap_port") + self.confirm_data_exists("pki_ds_ldaps_port") + self.confirm_data_exists("pki_ajp_port") + self.confirm_data_exists("pki_http_port") + self.confirm_data_exists("pki_https_port") + self.confirm_data_exists("pki_tomcat_server_port") + self.confirm_data_exists("pki_clone_pkcs12_path") + self.confirm_file_exists("pki_clone_pkcs12_path") + self.confirm_data_exists("pki_clone_replication_security") + self.confirm_data_exists("pki_clone_uri") + elif self.external: + # External CA + if not self.external_step_two: + # External CA (Step 1) + self.confirm_data_exists("pki_external_csr_path") + self.confirm_missing_file("pki_external_csr_path") + # generic extension support in CSR - for external CA + if self.add_req_ext: + self.confirm_data_exists("pki_req_ext_oid") + self.confirm_data_exists("pki_req_ext_critical") + self.confirm_data_exists("pki_req_ext_data") + else: + # External CA (Step 2) + self.confirm_data_exists("pki_external_ca_cert_chain_path") + self.confirm_file_exists("pki_external_ca_cert_chain_path") + self.confirm_data_exists("pki_external_ca_cert_path") + self.confirm_file_exists("pki_external_ca_cert_path") + elif not self.skip_configuration and self.standalone: + if not self.external_step_two: + # Stand-alone PKI Admin CSR (Step 1) + self.confirm_data_exists("pki_external_admin_csr_path") + self.confirm_missing_file("pki_external_admin_csr_path") + # Stand-alone PKI Audit Signing CSR (Step 1) + self.confirm_data_exists( + "pki_external_audit_signing_csr_path") + self.confirm_missing_file( + "pki_external_audit_signing_csr_path") + # Stand-alone PKI SSL Server CSR (Step 1) + self.confirm_data_exists("pki_external_sslserver_csr_path") + self.confirm_missing_file("pki_external_sslserver_csr_path") + # Stand-alone PKI Subsystem CSR (Step 1) + self.confirm_data_exists("pki_external_subsystem_csr_path") + self.confirm_missing_file("pki_external_subsystem_csr_path") + # Stand-alone PKI KRA CSRs + if self.subsystem == "KRA": + # Stand-alone PKI KRA Storage CSR (Step 1) self.confirm_data_exists( - "pki_external_audit_signing_csr_path") + "pki_external_storage_csr_path") self.confirm_missing_file( - "pki_external_audit_signing_csr_path") - # Stand-alone PKI SSL Server CSR (Step 1) - self.confirm_data_exists("pki_external_sslserver_csr_path") - self.confirm_missing_file("pki_external_sslserver_csr_path") - # Stand-alone PKI Subsystem CSR (Step 1) - self.confirm_data_exists("pki_external_subsystem_csr_path") - self.confirm_missing_file("pki_external_subsystem_csr_path") - # Stand-alone PKI KRA CSRs - if self.subsystem == "KRA": - # Stand-alone PKI KRA Storage CSR (Step 1) - self.confirm_data_exists( - "pki_external_storage_csr_path") - self.confirm_missing_file( - "pki_external_storage_csr_path") - # Stand-alone PKI KRA Transport CSR (Step 1) - self.confirm_data_exists( - "pki_external_transport_csr_path") - self.confirm_missing_file( - "pki_external_transport_csr_path") - # Stand-alone PKI OCSP CSRs - if self.subsystem == "OCSP": - # Stand-alone PKI OCSP OCSP Signing CSR (Step 1) - self.confirm_data_exists( - "pki_external_signing_csr_path") - self.confirm_missing_file( - "pki_external_signing_csr_path") - else: - # Stand-alone PKI External CA Certificate Chain (Step 2) - self.confirm_data_exists("pki_external_ca_cert_chain_path") - self.confirm_file_exists("pki_external_ca_cert_chain_path") - # Stand-alone PKI External CA Certificate (Step 2) - self.confirm_data_exists("pki_external_ca_cert_path") - self.confirm_file_exists("pki_external_ca_cert_path") - # Stand-alone PKI Admin Certificate (Step 2) - self.confirm_data_exists("pki_external_admin_cert_path") - self.confirm_file_exists("pki_external_admin_cert_path") - # Stand-alone PKI Audit Signing Certificate (Step 2) + "pki_external_storage_csr_path") + # Stand-alone PKI KRA Transport CSR (Step 1) + self.confirm_data_exists( + "pki_external_transport_csr_path") + self.confirm_missing_file( + "pki_external_transport_csr_path") + # Stand-alone PKI OCSP CSRs + if self.subsystem == "OCSP": + # Stand-alone PKI OCSP OCSP Signing CSR (Step 1) self.confirm_data_exists( - "pki_external_audit_signing_cert_path") + "pki_external_signing_csr_path") + self.confirm_missing_file( + "pki_external_signing_csr_path") + else: + # Stand-alone PKI External CA Certificate Chain (Step 2) + self.confirm_data_exists("pki_external_ca_cert_chain_path") + self.confirm_file_exists("pki_external_ca_cert_chain_path") + # Stand-alone PKI External CA Certificate (Step 2) + self.confirm_data_exists("pki_external_ca_cert_path") + self.confirm_file_exists("pki_external_ca_cert_path") + # Stand-alone PKI Admin Certificate (Step 2) + self.confirm_data_exists("pki_external_admin_cert_path") + self.confirm_file_exists("pki_external_admin_cert_path") + # Stand-alone PKI Audit Signing Certificate (Step 2) + self.confirm_data_exists( + "pki_external_audit_signing_cert_path") + self.confirm_file_exists( + "pki_external_audit_signing_cert_path") + # Stand-alone PKI SSL Server Certificate (Step 2) + self.confirm_data_exists("pki_external_sslserver_cert_path") + self.confirm_file_exists("pki_external_sslserver_cert_path") + # Stand-alone PKI Subsystem Certificate (Step 2) + self.confirm_data_exists("pki_external_subsystem_cert_path") + self.confirm_file_exists("pki_external_subsystem_cert_path") + # Stand-alone PKI KRA Certificates + if self.subsystem == "KRA": + # Stand-alone PKI KRA Storage Certificate (Step 2) + self.confirm_data_exists( + "pki_external_storage_cert_path") self.confirm_file_exists( - "pki_external_audit_signing_cert_path") - # Stand-alone PKI SSL Server Certificate (Step 2) - self.confirm_data_exists("pki_external_sslserver_cert_path") - self.confirm_file_exists("pki_external_sslserver_cert_path") - # Stand-alone PKI Subsystem Certificate (Step 2) - self.confirm_data_exists("pki_external_subsystem_cert_path") - self.confirm_file_exists("pki_external_subsystem_cert_path") - # Stand-alone PKI KRA Certificates - if self.subsystem == "KRA": - # Stand-alone PKI KRA Storage Certificate (Step 2) - self.confirm_data_exists( - "pki_external_storage_cert_path") - self.confirm_file_exists( - "pki_external_storage_cert_path") - # Stand-alone PKI KRA Transport Certificate (Step 2) - self.confirm_data_exists( - "pki_external_transport_cert_path") - self.confirm_file_exists( - "pki_external_transport_cert_path") - # Stand-alone PKI OCSP Certificates - if self.subsystem == "OCSP": - # Stand-alone PKI OCSP OCSP Signing Certificate (Step 2) - self.confirm_data_exists( - "pki_external_signing_cert_path") - self.confirm_file_exists( - "pki_external_signing_cert_path") - return + "pki_external_storage_cert_path") + # Stand-alone PKI KRA Transport Certificate (Step 2) + self.confirm_data_exists( + "pki_external_transport_cert_path") + self.confirm_file_exists( + "pki_external_transport_cert_path") + # Stand-alone PKI OCSP Certificates + if self.subsystem == "OCSP": + # Stand-alone PKI OCSP OCSP Signing Certificate (Step 2) + self.confirm_data_exists( + "pki_external_signing_cert_path") + self.confirm_file_exists( + "pki_external_signing_cert_path") def populate_non_default_ports(self): if (self.mdict['pki_http_port'] != @@ -3489,10 +3485,9 @@ class Systemd(object): if reload_daemon: self.daemon_reload(critical_failure) # Compose this "systemd" execution management command - if self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: - service = "pki-tomcatd" + "@" +\ - self.mdict['pki_instance_name'] + "." +\ - "service" + service = "pki-tomcatd" + "@" +\ + self.mdict['pki_instance_name'] + "." +\ + "service" if pki.system.SYSTEM_TYPE == "debian": command = ["/etc/init.d/pki-tomcatd", "start", @@ -3540,10 +3535,9 @@ class Systemd(object): try: service = None # Compose this "systemd" execution management command - if self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: - service = "pki-tomcatd" + "@" +\ - self.mdict['pki_instance_name'] + "." +\ - "service" + service = "pki-tomcatd" + "@" +\ + self.mdict['pki_instance_name'] + "." +\ + "service" if pki.system.SYSTEM_TYPE == "debian": command = ["/etc/init.d/pki-tomcatd", "stop", @@ -3595,10 +3589,10 @@ class Systemd(object): # Execute the "systemd daemon-reload" management lifecycle command if reload_daemon: self.daemon_reload(critical_failure) - if self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: - service = "pki-tomcatd" + "@" +\ - self.mdict['pki_instance_name'] + "." +\ - "service" + + service = "pki-tomcatd" + "@" +\ + self.mdict['pki_instance_name'] + "." +\ + "service" if pki.system.SYSTEM_TYPE == "debian": command = ["/etc/init.d/pki-tomcatd", "restart", diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py index 3d178ba7c..b39075f6c 100644 --- a/base/server/python/pki/server/deployment/pkiparser.py +++ b/base/server/python/pki/server/deployment/pkiparser.py @@ -179,10 +179,9 @@ class PKIConfigParser: # workaround for pylint error E1103 jni_jar_dir = str(jni_jar_dir).strip() - if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: - default_instance_name = 'pki-tomcat' - default_http_port = '8080' - default_https_port = '8443' + default_instance_name = 'pki-tomcat' + default_http_port = '8080' + default_https_port = '8443' application_version = str(pki.upgrade.Version( pki.implementation_version())) @@ -380,9 +379,8 @@ class PKIConfigParser: self.mdict.update(default_dict) web_server_dict = None - if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: - if self.pki_config.has_section('Tomcat'): - web_server_dict = dict(self.pki_config.items('Tomcat')) + if self.pki_config.has_section('Tomcat'): + web_server_dict = dict(self.pki_config.items('Tomcat')) if web_server_dict: web_server_dict[0] = None @@ -630,114 +628,115 @@ class PKIConfigParser: self.mdict['pki_one_time_pin'] = \ ''.join(random.choice(string.ascii_letters + string.digits)\ for x in range(20)) - if self.mdict['pki_subsystem'] in\ - config.PKI_TOMCAT_SUBSYSTEMS: - self.mdict['pki_target_catalina_properties'] = \ + + self.mdict['pki_target_catalina_properties'] = \ + os.path.join( + self.mdict['pki_instance_configuration_path'], + "catalina.properties") + self.mdict['pki_target_servercertnick_conf'] = \ + os.path.join( + self.mdict['pki_instance_configuration_path'], + "serverCertNick.conf") + self.mdict['pki_target_server_xml'] = \ + os.path.join( + self.mdict['pki_instance_configuration_path'], + "server.xml") + self.mdict['pki_target_context_xml'] = \ + os.path.join( + self.mdict['pki_instance_configuration_path'], + "context.xml") + self.mdict['pki_target_tomcat_conf_instance_id'] = \ + self.mdict['pki_root_prefix'] + \ + "/etc/sysconfig/" + \ + self.mdict['pki_instance_name'] + self.mdict['pki_target_tomcat_conf'] = \ + os.path.join( + self.mdict['pki_instance_configuration_path'], + "tomcat.conf") + # in-place slot substitution name/value pairs + self.mdict['pki_target_subsystem_web_xml'] = \ + os.path.join( + self.mdict['pki_tomcat_webapps_subsystem_path'], + "WEB-INF", + "web.xml") + self.mdict['pki_target_subsystem_web_xml_orig'] = \ + os.path.join( + self.mdict['pki_tomcat_webapps_subsystem_path'], + "WEB-INF", + "web.xml.orig") + # subystem-specific slot substitution name/value pairs + if self.mdict['pki_subsystem'] == "CA": + self.mdict['pki_target_flatfile_txt'] = \ + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "flatfile.txt") + self.mdict['pki_target_proxy_conf'] = \ + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "proxy.conf") + self.mdict['pki_target_registry_cfg'] = \ os.path.join( - self.mdict['pki_instance_configuration_path'], - "catalina.properties") - self.mdict['pki_target_servercertnick_conf'] = \ + self.mdict['pki_subsystem_configuration_path'], + "registry.cfg") + # '*.profile' + self.mdict['pki_target_admincert_profile'] = \ os.path.join( - self.mdict['pki_instance_configuration_path'], - "serverCertNick.conf") - self.mdict['pki_target_server_xml'] = \ + self.mdict['pki_subsystem_configuration_path'], + "adminCert.profile") + self.mdict['pki_target_caauditsigningcert_profile'] = \ os.path.join( - self.mdict['pki_instance_configuration_path'], - "server.xml") - self.mdict['pki_target_context_xml'] = \ + self.mdict['pki_subsystem_configuration_path'], + "caAuditSigningCert.profile") + self.mdict['pki_target_cacert_profile'] = \ os.path.join( - self.mdict['pki_instance_configuration_path'], - "context.xml") - self.mdict['pki_target_tomcat_conf_instance_id'] = \ - self.mdict['pki_root_prefix'] + \ - "/etc/sysconfig/" + \ - self.mdict['pki_instance_name'] - self.mdict['pki_target_tomcat_conf'] = \ + self.mdict['pki_subsystem_configuration_path'], + "caCert.profile") + self.mdict['pki_target_caocspcert_profile'] = \ os.path.join( - self.mdict['pki_instance_configuration_path'], - "tomcat.conf") + self.mdict['pki_subsystem_configuration_path'], + "caOCSPCert.profile") + self.mdict['pki_target_servercert_profile'] = \ + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "serverCert.profile") + self.mdict['pki_target_subsystemcert_profile'] = \ + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "subsystemCert.profile") # in-place slot substitution name/value pairs - self.mdict['pki_target_subsystem_web_xml'] = \ + if config.str2bool(self.mdict['pki_profiles_in_ldap']): + self.mdict['PKI_PROFILE_SUBSYSTEM_SLOT'] = \ + 'LDAPProfileSubsystem' + else: + self.mdict['PKI_PROFILE_SUBSYSTEM_SLOT'] = \ + 'ProfileSubsystem' + elif self.mdict['pki_subsystem'] == "KRA": + # '*.profile' + self.mdict['pki_target_servercert_profile'] = \ os.path.join( - self.mdict['pki_tomcat_webapps_subsystem_path'], - "WEB-INF", - "web.xml") - self.mdict['pki_target_subsystem_web_xml_orig'] = \ + self.mdict['pki_subsystem_configuration_path'], + "serverCert.profile") + self.mdict['pki_target_storagecert_profile'] = \ os.path.join( - self.mdict['pki_tomcat_webapps_subsystem_path'], - "WEB-INF", - "web.xml.orig") - # subystem-specific slot substitution name/value pairs - if self.mdict['pki_subsystem'] == "CA": - self.mdict['pki_target_flatfile_txt'] = \ - os.path.join( - self.mdict['pki_subsystem_configuration_path'], - "flatfile.txt") - self.mdict['pki_target_proxy_conf'] = \ - os.path.join( - self.mdict['pki_subsystem_configuration_path'], - "proxy.conf") - self.mdict['pki_target_registry_cfg'] = \ - os.path.join( - self.mdict['pki_subsystem_configuration_path'], - "registry.cfg") - # '*.profile' - self.mdict['pki_target_admincert_profile'] = \ - os.path.join( - self.mdict['pki_subsystem_configuration_path'], - "adminCert.profile") - self.mdict['pki_target_caauditsigningcert_profile'] = \ - os.path.join( - self.mdict['pki_subsystem_configuration_path'], - "caAuditSigningCert.profile") - self.mdict['pki_target_cacert_profile'] = \ - os.path.join( - self.mdict['pki_subsystem_configuration_path'], - "caCert.profile") - self.mdict['pki_target_caocspcert_profile'] = \ - os.path.join( - self.mdict['pki_subsystem_configuration_path'], - "caOCSPCert.profile") - self.mdict['pki_target_servercert_profile'] = \ - os.path.join( - self.mdict['pki_subsystem_configuration_path'], - "serverCert.profile") - self.mdict['pki_target_subsystemcert_profile'] = \ - os.path.join( - self.mdict['pki_subsystem_configuration_path'], - "subsystemCert.profile") - # in-place slot substitution name/value pairs - if config.str2bool(self.mdict['pki_profiles_in_ldap']): - self.mdict['PKI_PROFILE_SUBSYSTEM_SLOT'] = 'LDAPProfileSubsystem' - else: - self.mdict['PKI_PROFILE_SUBSYSTEM_SLOT'] = 'ProfileSubsystem' - elif self.mdict['pki_subsystem'] == "KRA": - # '*.profile' - self.mdict['pki_target_servercert_profile'] = \ - os.path.join( - self.mdict['pki_subsystem_configuration_path'], - "serverCert.profile") - self.mdict['pki_target_storagecert_profile'] = \ - os.path.join( - self.mdict['pki_subsystem_configuration_path'], - "storageCert.profile") - self.mdict['pki_target_subsystemcert_profile'] = \ - os.path.join( - self.mdict['pki_subsystem_configuration_path'], - "subsystemCert.profile") - self.mdict['pki_target_transportcert_profile'] = \ - os.path.join( - self.mdict['pki_subsystem_configuration_path'], - "transportCert.profile") - elif self.mdict['pki_subsystem'] == "TPS": - self.mdict['pki_target_registry_cfg'] = \ - os.path.join( - self.mdict['pki_subsystem_configuration_path'], - "registry.cfg") - self.mdict['pki_target_phone_home_xml'] = \ - os.path.join( - self.mdict['pki_subsystem_configuration_path'], - "phoneHome.xml") + self.mdict['pki_subsystem_configuration_path'], + "storageCert.profile") + self.mdict['pki_target_subsystemcert_profile'] = \ + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "subsystemCert.profile") + self.mdict['pki_target_transportcert_profile'] = \ + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "transportCert.profile") + elif self.mdict['pki_subsystem'] == "TPS": + self.mdict['pki_target_registry_cfg'] = \ + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "registry.cfg") + self.mdict['pki_target_phone_home_xml'] = \ + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "phoneHome.xml") # Slot assignment name/value pairs # NOTE: Master key == Slots key; Master value ==> Slots value @@ -749,280 +748,280 @@ class PKIConfigParser: self.mdict['PKI_REGISTRY_FILE_SLOT'] = \ os.path.join(self.mdict['pki_subsystem_registry_path'], self.mdict['pki_instance_name']) - if self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: - self.mdict['INSTALL_TIME_SLOT'] = \ - self.mdict['pki_install_time'] - self.mdict['PKI_ADMIN_SECURE_PORT_SLOT'] = \ - self.mdict['pki_https_port'] - self.mdict['PKI_ADMIN_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \ - "Unused" - self.mdict['PKI_ADMIN_SECURE_PORT_SERVER_COMMENT_SLOT'] = "" - self.mdict['PKI_AGENT_CLIENTAUTH_SLOT'] = "want" - self.mdict['PKI_AGENT_SECURE_PORT_SLOT'] = \ - self.mdict['pki_https_port'] - self.mdict['PKI_AJP_PORT_SLOT'] = \ - self.mdict['pki_ajp_port'] - self.mdict['PKI_AJP_REDIRECT_PORT_SLOT'] = \ - self.mdict['pki_https_port'] - self.mdict['PKI_CA_HOSTNAME_SLOT'] = \ - self.mdict['pki_ca_hostname'] - self.mdict['PKI_CA_PORT_SLOT'] = \ - self.mdict['pki_ca_port'] - self.mdict['PKI_CERT_DB_PASSWORD_SLOT'] = \ - self.mdict['pki_pin'] - self.mdict['PKI_CFG_PATH_NAME_SLOT'] = \ - self.mdict['pki_target_cs_cfg'] - self.mdict['PKI_CLOSE_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] = \ + + self.mdict['INSTALL_TIME_SLOT'] = \ + self.mdict['pki_install_time'] + self.mdict['PKI_ADMIN_SECURE_PORT_SLOT'] = \ + self.mdict['pki_https_port'] + self.mdict['PKI_ADMIN_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \ + "Unused" + self.mdict['PKI_ADMIN_SECURE_PORT_SERVER_COMMENT_SLOT'] = "" + self.mdict['PKI_AGENT_CLIENTAUTH_SLOT'] = "want" + self.mdict['PKI_AGENT_SECURE_PORT_SLOT'] = \ + self.mdict['pki_https_port'] + self.mdict['PKI_AJP_PORT_SLOT'] = \ + self.mdict['pki_ajp_port'] + self.mdict['PKI_AJP_REDIRECT_PORT_SLOT'] = \ + self.mdict['pki_https_port'] + self.mdict['PKI_CA_HOSTNAME_SLOT'] = \ + self.mdict['pki_ca_hostname'] + self.mdict['PKI_CA_PORT_SLOT'] = \ + self.mdict['pki_ca_port'] + self.mdict['PKI_CERT_DB_PASSWORD_SLOT'] = \ + self.mdict['pki_pin'] + self.mdict['PKI_CFG_PATH_NAME_SLOT'] = \ + self.mdict['pki_target_cs_cfg'] + self.mdict['PKI_CLOSE_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] = \ + "-->" + self.mdict['PKI_CLOSE_SEPARATE_PORTS_WEB_COMMENT_SLOT'] = \ + "-->" + self.mdict['PKI_DS_SECURE_CONNECTION_SLOT'] = \ + self.mdict['pki_ds_secure_connection'].lower() + self.mdict['PKI_EE_SECURE_CLIENT_AUTH_PORT_SLOT'] = \ + self.mdict['pki_https_port'] + self.mdict\ + ['PKI_EE_SECURE_CLIENT_AUTH_PORT_CONNECTOR_NAME_SLOT'] = \ + "Unused" + self.mdict\ + ['PKI_EE_SECURE_CLIENT_AUTH_PORT_SERVER_COMMENT_SLOT'] = \ + "" + self.mdict['PKI_EE_SECURE_CLIENT_AUTH_PORT_UI_SLOT'] = \ + self.mdict['pki_https_port'] + self.mdict['PKI_EE_SECURE_PORT_SLOT'] = \ + self.mdict['pki_https_port'] + self.mdict['PKI_EE_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \ + "Unused" + self.mdict['PKI_EE_SECURE_PORT_SERVER_COMMENT_SLOT'] = \ + "" + self.mdict['PKI_GROUP_SLOT'] = \ + self.mdict['pki_group'] + self.mdict['PKI_INSTANCE_PATH_SLOT'] = \ + self.mdict['pki_instance_path'] + self.mdict['PKI_INSTANCE_ROOT_SLOT'] = \ + self.mdict['pki_path'] + self.mdict['PKI_LOCKDIR_SLOT'] = \ + os.path.join("/var/lock/pki", + "tomcat") + self.mdict['PKI_HOSTNAME_SLOT'] = \ + self.mdict['pki_hostname'] + self.mdict['PKI_OPEN_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] = \ + "<!--" + self.mdict['PKI_OPEN_SEPARATE_PORTS_WEB_COMMENT_SLOT'] = \ + "<!--" + self.mdict['PKI_PIDDIR_SLOT'] = \ + os.path.join("/var/run/pki", "tomcat") + if config.str2bool(self.mdict['pki_enable_proxy']): + self.mdict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] = \ + "" + self.mdict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] = \ + "" + self.mdict['PKI_PROXY_SECURE_PORT_SLOT'] = \ + self.mdict['pki_proxy_https_port'] + self.mdict['PKI_PROXY_UNSECURE_PORT_SLOT'] = \ + self.mdict['pki_proxy_http_port'] + self.mdict['PKI_OPEN_AJP_PORT_COMMENT_SLOT'] = \ + "" + self.mdict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] = \ + "" + else: + self.mdict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] = \ "-->" - self.mdict['PKI_CLOSE_SEPARATE_PORTS_WEB_COMMENT_SLOT'] = \ + self.mdict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] = \ "-->" - self.mdict['PKI_DS_SECURE_CONNECTION_SLOT'] = \ - self.mdict['pki_ds_secure_connection'].lower() - self.mdict['PKI_EE_SECURE_CLIENT_AUTH_PORT_SLOT'] = \ - self.mdict['pki_https_port'] - self.mdict\ - ['PKI_EE_SECURE_CLIENT_AUTH_PORT_CONNECTOR_NAME_SLOT'] = \ - "Unused" - self.mdict\ - ['PKI_EE_SECURE_CLIENT_AUTH_PORT_SERVER_COMMENT_SLOT'] = \ + self.mdict['PKI_PROXY_SECURE_PORT_SLOT'] = "" + self.mdict['PKI_PROXY_UNSECURE_PORT_SLOT'] = "" + self.mdict['PKI_OPEN_AJP_PORT_COMMENT_SLOT'] = \ + "<!--" + self.mdict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] = \ + "<!--" + if config.str2bool(self.mdict['pki_standalone']): + # Stand-alone PKI + self.mdict['PKI_CLOSE_STANDALONE_COMMENT_SLOT'] = \ "" - self.mdict['PKI_EE_SECURE_CLIENT_AUTH_PORT_UI_SLOT'] = \ - self.mdict['pki_https_port'] - self.mdict['PKI_EE_SECURE_PORT_SLOT'] = \ - self.mdict['pki_https_port'] - self.mdict['PKI_EE_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \ - "Unused" - self.mdict['PKI_EE_SECURE_PORT_SERVER_COMMENT_SLOT'] = \ + self.mdict['PKI_OPEN_STANDALONE_COMMENT_SLOT'] = \ "" - self.mdict['PKI_GROUP_SLOT'] = \ - self.mdict['pki_group'] - self.mdict['PKI_INSTANCE_PATH_SLOT'] = \ - self.mdict['pki_instance_path'] - self.mdict['PKI_INSTANCE_ROOT_SLOT'] = \ - self.mdict['pki_path'] - self.mdict['PKI_LOCKDIR_SLOT'] = \ - os.path.join("/var/lock/pki", - "tomcat") - self.mdict['PKI_HOSTNAME_SLOT'] = \ - self.mdict['pki_hostname'] - self.mdict['PKI_OPEN_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] = \ - "<!--" - self.mdict['PKI_OPEN_SEPARATE_PORTS_WEB_COMMENT_SLOT'] = \ + self.mdict['PKI_STANDALONE_SLOT'] = "true" + else: + self.mdict['PKI_CLOSE_STANDALONE_COMMENT_SLOT'] = \ + "-->" + self.mdict['PKI_OPEN_STANDALONE_COMMENT_SLOT'] = \ "<!--" - self.mdict['PKI_PIDDIR_SLOT'] = \ - os.path.join("/var/run/pki", "tomcat") - if config.str2bool(self.mdict['pki_enable_proxy']): - self.mdict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] = \ - "" - self.mdict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] = \ - "" - self.mdict['PKI_PROXY_SECURE_PORT_SLOT'] = \ - self.mdict['pki_proxy_https_port'] - self.mdict['PKI_PROXY_UNSECURE_PORT_SLOT'] = \ - self.mdict['pki_proxy_http_port'] - self.mdict['PKI_OPEN_AJP_PORT_COMMENT_SLOT'] = \ - "" - self.mdict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] = \ - "" - else: - self.mdict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] = \ - "-->" - self.mdict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] = \ - "-->" - self.mdict['PKI_PROXY_SECURE_PORT_SLOT'] = "" - self.mdict['PKI_PROXY_UNSECURE_PORT_SLOT'] = "" - self.mdict['PKI_OPEN_AJP_PORT_COMMENT_SLOT'] = \ - "<!--" - self.mdict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] = \ - "<!--" - if config.str2bool(self.mdict['pki_standalone']): - # Stand-alone PKI - self.mdict['PKI_CLOSE_STANDALONE_COMMENT_SLOT'] = \ - "" - self.mdict['PKI_OPEN_STANDALONE_COMMENT_SLOT'] = \ - "" - self.mdict['PKI_STANDALONE_SLOT'] = "true" - else: - self.mdict['PKI_CLOSE_STANDALONE_COMMENT_SLOT'] = \ - "-->" - self.mdict['PKI_OPEN_STANDALONE_COMMENT_SLOT'] = \ - "<!--" - self.mdict['PKI_STANDALONE_SLOT'] = "false" - if config.str2bool(self.mdict['pki_enable_access_log']): - self.mdict['PKI_CLOSE_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \ - "" - self.mdict['PKI_OPEN_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \ - "" - else: - self.mdict['PKI_CLOSE_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \ - "-->" - self.mdict['PKI_OPEN_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \ - "<!--" - self.mdict['PKI_TMPDIR_SLOT'] = \ - self.mdict['pki_tomcat_tmpdir_path'] - self.mdict['PKI_RESTEASY_LIB_SLOT'] = \ - self.mdict['resteasy_lib'] - self.mdict['PKI_RANDOM_NUMBER_SLOT'] = \ - self.mdict['pki_one_time_pin'] - self.mdict['PKI_SECURE_PORT_SLOT'] = \ - self.mdict['pki_https_port'] - self.mdict['PKI_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \ - "Secure" - self.mdict['PKI_SECURE_PORT_SERVER_COMMENT_SLOT'] = \ - "<!-- " + \ - "Shared Ports: Agent, EE, and Admin Secure Port Connector " + \ + self.mdict['PKI_STANDALONE_SLOT'] = "false" + if config.str2bool(self.mdict['pki_enable_access_log']): + self.mdict['PKI_CLOSE_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \ + "" + self.mdict['PKI_OPEN_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \ + "" + else: + self.mdict['PKI_CLOSE_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \ "-->" - self.mdict['PKI_SECURITY_MANAGER_SLOT'] = \ - self.mdict['pki_security_manager'] - self.mdict['PKI_SERVER_XML_CONF_SLOT'] = \ - self.mdict['pki_target_server_xml'] - self.mdict['PKI_SSL_SERVER_NICKNAME_SLOT'] = \ - self.mdict['pki_ssl_server_nickname'] - self.mdict['PKI_SUBSYSTEM_TYPE_SLOT'] = \ - self.mdict['pki_subsystem'].lower() - self.mdict['PKI_SYSTEMD_SERVICENAME_SLOT'] = \ - "pki-tomcatd" + "@" + \ - self.mdict['pki_instance_name'] + ".service" - self.mdict['PKI_UNSECURE_PORT_SLOT'] = \ - self.mdict['pki_http_port'] - self.mdict['PKI_UNSECURE_PORT_CONNECTOR_NAME_SLOT'] = \ - "Unsecure" - self.mdict['PKI_UNSECURE_PORT_SERVER_COMMENT_SLOT'] = \ - "<!-- Shared Ports: Unsecure Port Connector -->" - self.mdict['PKI_USER_SLOT'] = \ - self.mdict['pki_user'] - self.mdict['PKI_WEB_SERVER_TYPE_SLOT'] = \ - "tomcat" - self.mdict['PKI_WEBAPPS_NAME_SLOT'] = \ - "webapps" - self.mdict['TOMCAT_CFG_SLOT'] = \ - self.mdict['pki_target_tomcat_conf'] - self.mdict['TOMCAT_INSTANCE_COMMON_LIB_SLOT'] = \ - os.path.join( - self.mdict['pki_tomcat_common_lib_path'], - "*.jar") - self.mdict['TOMCAT_LOG_DIR_SLOT'] = \ - self.mdict['pki_instance_log_path'] - self.mdict['TOMCAT_PIDFILE_SLOT'] = \ - "/var/run/pki/tomcat/" + self.mdict['pki_instance_name'] + \ - ".pid" - self.mdict['TOMCAT_SERVER_PORT_SLOT'] = \ - self.mdict['pki_tomcat_server_port'] - self.mdict['TOMCAT_SSL_VERSION_RANGE_STREAM_SLOT'] = \ - "tls1_0:tls1_2" - self.mdict['TOMCAT_SSL_VERSION_RANGE_DATAGRAM_SLOT'] = \ - "tls1_1:tls1_2" - self.mdict['TOMCAT_SSL_RANGE_CIPHERS_SLOT'] = \ - "-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA," + \ - "-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA," + \ - "+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA," + \ - "+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA," + \ - "+TLS_ECDH_RSA_WITH_AES_256_CBC_SHA," + \ - "-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," + \ - "+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," + \ - "+TLS_RSA_WITH_3DES_EDE_CBC_SHA," + \ - "+TLS_RSA_WITH_AES_128_CBC_SHA," + \ - "+TLS_RSA_WITH_AES_256_CBC_SHA," + \ - "+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," + \ - "+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," + \ - "-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," + \ - "-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," + \ - "-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," + \ - "+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA," + \ - "+TLS_DHE_DSS_WITH_AES_128_CBC_SHA," + \ - "+TLS_DHE_DSS_WITH_AES_256_CBC_SHA," + \ - "+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA," + \ - "+TLS_DHE_RSA_WITH_AES_128_CBC_SHA," + \ - "+TLS_DHE_RSA_WITH_AES_256_CBC_SHA," + \ - "+TLS_DHE_RSA_WITH_AES_128_CBC_SHA256," + \ - "+TLS_DHE_RSA_WITH_AES_256_CBC_SHA256," + \ - "+TLS_RSA_WITH_AES_128_CBC_SHA256," + \ - "+TLS_RSA_WITH_AES_256_CBC_SHA256," + \ - "+TLS_RSA_WITH_AES_128_GCM_SHA256," + \ - "+TLS_DHE_RSA_WITH_AES_128_GCM_SHA256," + \ - "+TLS_DHE_DSS_WITH_AES_128_GCM_SHA256," + \ - "+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256," + \ - "+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256," + \ - "+TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256," + \ - "+TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256," + \ - "+TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256," + \ - "+TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" - self.mdict['TOMCAT_SSL2_CIPHERS_SLOT'] = \ - "-SSL2_RC4_128_WITH_MD5," + \ - "-SSL2_RC4_128_EXPORT40_WITH_MD5," + \ - "-SSL2_RC2_128_CBC_WITH_MD5," + \ - "-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5," + \ - "-SSL2_DES_64_CBC_WITH_MD5," + \ - "-SSL2_DES_192_EDE3_CBC_WITH_MD5" - self.mdict['TOMCAT_SSL3_CIPHERS_SLOT'] = \ - "-SSL3_FORTEZZA_DMS_WITH_NULL_SHA," + \ - "-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA," + \ - "+SSL3_RSA_WITH_RC4_128_SHA," + \ - "-SSL3_RSA_EXPORT_WITH_RC4_40_MD5," + \ - "+SSL3_RSA_WITH_3DES_EDE_CBC_SHA," + \ - "-SSL3_RSA_WITH_DES_CBC_SHA," + \ - "-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5," + \ - "-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA," + \ - "-SSL_RSA_FIPS_WITH_DES_CBC_SHA," + \ - "+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA," + \ - "-SSL3_RSA_WITH_NULL_MD5," + \ - "-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA," + \ - "-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," + \ - "+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" - self.mdict['TOMCAT_SSL_OPTIONS_SLOT'] = \ - "ssl2=false," + \ - "ssl3=false," + \ - "tls=true" - self.mdict['TOMCAT_TLS_CIPHERS_SLOT'] = \ - "-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA," + \ - "-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA," + \ - "+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA," + \ - "+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA," + \ - "+TLS_ECDH_RSA_WITH_AES_256_CBC_SHA," + \ - "-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," + \ - "+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," + \ - "+TLS_RSA_WITH_3DES_EDE_CBC_SHA," + \ - "+TLS_RSA_WITH_AES_128_CBC_SHA," + \ - "+TLS_RSA_WITH_AES_256_CBC_SHA," + \ - "+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," + \ - "+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," + \ - "-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," + \ - "-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," + \ - "-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," + \ - "+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA," + \ - "+TLS_DHE_DSS_WITH_AES_128_CBC_SHA," + \ - "+TLS_DHE_DSS_WITH_AES_256_CBC_SHA," + \ - "+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA," + \ - "+TLS_DHE_RSA_WITH_AES_128_CBC_SHA," + \ - "+TLS_DHE_RSA_WITH_AES_256_CBC_SHA" - - if config.pki_architecture == 64: - self.mdict['NUXWDOG_JNI_PATH_SLOT'] = ( - '/usr/lib64/nuxwdog-jni') - else: - self.mdict['NUXWDOG_JNI_PATH_SLOT'] = ( - '/usr/lib/nuxwdog-jni') + self.mdict['PKI_OPEN_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \ + "<!--" + self.mdict['PKI_TMPDIR_SLOT'] = \ + self.mdict['pki_tomcat_tmpdir_path'] + self.mdict['PKI_RESTEASY_LIB_SLOT'] = \ + self.mdict['resteasy_lib'] + self.mdict['PKI_RANDOM_NUMBER_SLOT'] = \ + self.mdict['pki_one_time_pin'] + self.mdict['PKI_SECURE_PORT_SLOT'] = \ + self.mdict['pki_https_port'] + self.mdict['PKI_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \ + "Secure" + self.mdict['PKI_SECURE_PORT_SERVER_COMMENT_SLOT'] = \ + "<!-- " + \ + "Shared Ports: Agent, EE, and Admin Secure Port Connector " + \ + "-->" + self.mdict['PKI_SECURITY_MANAGER_SLOT'] = \ + self.mdict['pki_security_manager'] + self.mdict['PKI_SERVER_XML_CONF_SLOT'] = \ + self.mdict['pki_target_server_xml'] + self.mdict['PKI_SSL_SERVER_NICKNAME_SLOT'] = \ + self.mdict['pki_ssl_server_nickname'] + self.mdict['PKI_SUBSYSTEM_TYPE_SLOT'] = \ + self.mdict['pki_subsystem'].lower() + self.mdict['PKI_SYSTEMD_SERVICENAME_SLOT'] = \ + "pki-tomcatd" + "@" + \ + self.mdict['pki_instance_name'] + ".service" + self.mdict['PKI_UNSECURE_PORT_SLOT'] = \ + self.mdict['pki_http_port'] + self.mdict['PKI_UNSECURE_PORT_CONNECTOR_NAME_SLOT'] = \ + "Unsecure" + self.mdict['PKI_UNSECURE_PORT_SERVER_COMMENT_SLOT'] = \ + "<!-- Shared Ports: Unsecure Port Connector -->" + self.mdict['PKI_USER_SLOT'] = \ + self.mdict['pki_user'] + self.mdict['PKI_WEB_SERVER_TYPE_SLOT'] = \ + "tomcat" + self.mdict['PKI_WEBAPPS_NAME_SLOT'] = \ + "webapps" + self.mdict['TOMCAT_CFG_SLOT'] = \ + self.mdict['pki_target_tomcat_conf'] + self.mdict['TOMCAT_INSTANCE_COMMON_LIB_SLOT'] = \ + os.path.join( + self.mdict['pki_tomcat_common_lib_path'], + "*.jar") + self.mdict['TOMCAT_LOG_DIR_SLOT'] = \ + self.mdict['pki_instance_log_path'] + self.mdict['TOMCAT_PIDFILE_SLOT'] = \ + "/var/run/pki/tomcat/" + self.mdict['pki_instance_name'] + \ + ".pid" + self.mdict['TOMCAT_SERVER_PORT_SLOT'] = \ + self.mdict['pki_tomcat_server_port'] + self.mdict['TOMCAT_SSL_VERSION_RANGE_STREAM_SLOT'] = \ + "tls1_0:tls1_2" + self.mdict['TOMCAT_SSL_VERSION_RANGE_DATAGRAM_SLOT'] = \ + "tls1_1:tls1_2" + self.mdict['TOMCAT_SSL_RANGE_CIPHERS_SLOT'] = \ + "-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA," + \ + "-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA," + \ + "+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA," + \ + "+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA," + \ + "+TLS_ECDH_RSA_WITH_AES_256_CBC_SHA," + \ + "-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," + \ + "+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," + \ + "+TLS_RSA_WITH_3DES_EDE_CBC_SHA," + \ + "+TLS_RSA_WITH_AES_128_CBC_SHA," + \ + "+TLS_RSA_WITH_AES_256_CBC_SHA," + \ + "+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," + \ + "+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," + \ + "-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," + \ + "-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," + \ + "-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," + \ + "+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA," + \ + "+TLS_DHE_DSS_WITH_AES_128_CBC_SHA," + \ + "+TLS_DHE_DSS_WITH_AES_256_CBC_SHA," + \ + "+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA," + \ + "+TLS_DHE_RSA_WITH_AES_128_CBC_SHA," + \ + "+TLS_DHE_RSA_WITH_AES_256_CBC_SHA," + \ + "+TLS_DHE_RSA_WITH_AES_128_CBC_SHA256," + \ + "+TLS_DHE_RSA_WITH_AES_256_CBC_SHA256," + \ + "+TLS_RSA_WITH_AES_128_CBC_SHA256," + \ + "+TLS_RSA_WITH_AES_256_CBC_SHA256," + \ + "+TLS_RSA_WITH_AES_128_GCM_SHA256," + \ + "+TLS_DHE_RSA_WITH_AES_128_GCM_SHA256," + \ + "+TLS_DHE_DSS_WITH_AES_128_GCM_SHA256," + \ + "+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256," + \ + "+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256," + \ + "+TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256," + \ + "+TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256," + \ + "+TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256," + \ + "+TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" + self.mdict['TOMCAT_SSL2_CIPHERS_SLOT'] = \ + "-SSL2_RC4_128_WITH_MD5," + \ + "-SSL2_RC4_128_EXPORT40_WITH_MD5," + \ + "-SSL2_RC2_128_CBC_WITH_MD5," + \ + "-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5," + \ + "-SSL2_DES_64_CBC_WITH_MD5," + \ + "-SSL2_DES_192_EDE3_CBC_WITH_MD5" + self.mdict['TOMCAT_SSL3_CIPHERS_SLOT'] = \ + "-SSL3_FORTEZZA_DMS_WITH_NULL_SHA," + \ + "-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA," + \ + "+SSL3_RSA_WITH_RC4_128_SHA," + \ + "-SSL3_RSA_EXPORT_WITH_RC4_40_MD5," + \ + "+SSL3_RSA_WITH_3DES_EDE_CBC_SHA," + \ + "-SSL3_RSA_WITH_DES_CBC_SHA," + \ + "-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5," + \ + "-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA," + \ + "-SSL_RSA_FIPS_WITH_DES_CBC_SHA," + \ + "+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA," + \ + "-SSL3_RSA_WITH_NULL_MD5," + \ + "-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA," + \ + "-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," + \ + "+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" + self.mdict['TOMCAT_SSL_OPTIONS_SLOT'] = \ + "ssl2=false," + \ + "ssl3=false," + \ + "tls=true" + self.mdict['TOMCAT_TLS_CIPHERS_SLOT'] = \ + "-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA," + \ + "-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA," + \ + "+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA," + \ + "+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA," + \ + "+TLS_ECDH_RSA_WITH_AES_256_CBC_SHA," + \ + "-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," + \ + "+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," + \ + "+TLS_RSA_WITH_3DES_EDE_CBC_SHA," + \ + "+TLS_RSA_WITH_AES_128_CBC_SHA," + \ + "+TLS_RSA_WITH_AES_256_CBC_SHA," + \ + "+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," + \ + "+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," + \ + "-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," + \ + "-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," + \ + "-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," + \ + "+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA," + \ + "+TLS_DHE_DSS_WITH_AES_128_CBC_SHA," + \ + "+TLS_DHE_DSS_WITH_AES_256_CBC_SHA," + \ + "+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA," + \ + "+TLS_DHE_RSA_WITH_AES_128_CBC_SHA," + \ + "+TLS_DHE_RSA_WITH_AES_256_CBC_SHA" + + if config.pki_architecture == 64: + self.mdict['NUXWDOG_JNI_PATH_SLOT'] = ( + '/usr/lib64/nuxwdog-jni') + else: + self.mdict['NUXWDOG_JNI_PATH_SLOT'] = ( + '/usr/lib/nuxwdog-jni') - # tps parameters - self.mdict['TOKENDB_HOST_SLOT'] = \ - self.mdict['pki_ds_hostname'] + # tps parameters + self.mdict['TOKENDB_HOST_SLOT'] = \ + self.mdict['pki_ds_hostname'] - if config.str2bool(self.mdict['pki_ds_secure_connection']): - self.mdict['TOKENDB_PORT_SLOT'] = \ - self.mdict['pki_ds_ldaps_port'] - else: - self.mdict['TOKENDB_PORT_SLOT'] = \ - self.mdict['pki_ds_ldap_port'] + if config.str2bool(self.mdict['pki_ds_secure_connection']): + self.mdict['TOKENDB_PORT_SLOT'] = \ + self.mdict['pki_ds_ldaps_port'] + else: + self.mdict['TOKENDB_PORT_SLOT'] = \ + self.mdict['pki_ds_ldap_port'] - self.mdict['TOKENDB_ROOT_SLOT'] = \ - self.mdict['pki_ds_base_dn'] + self.mdict['TOKENDB_ROOT_SLOT'] = \ + self.mdict['pki_ds_base_dn'] - self.mdict['TPS_DIR_SLOT'] = \ - self.mdict['pki_source_subsystem_path'] + self.mdict['TPS_DIR_SLOT'] = \ + self.mdict['pki_source_subsystem_path'] - if self.mdict['pki_subsystem'] == "CA": - self.mdict['PKI_ENABLE_RANDOM_SERIAL_NUMBERS'] = \ - self.mdict['pki_random_serial_numbers_enable'].lower() + if self.mdict['pki_subsystem'] == "CA": + self.mdict['PKI_ENABLE_RANDOM_SERIAL_NUMBERS'] = \ + self.mdict['pki_random_serial_numbers_enable'].lower() # Tomcat NSS security database name/value pairs self.mdict['pki_shared_pfile'] = \ os.path.join( @@ -1224,12 +1223,11 @@ class PKIConfigParser: "spawn" + "_" + "manifest" + "." + \ self.mdict['pki_timestamp'] # Compose this "systemd" execution management command - if self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: - self.mdict['pki_registry_initscript_command'] = \ - "systemctl" + " " + \ - "restart" + " " + \ - "pki-tomcatd" + "@" + \ - self.mdict['pki_instance_name'] + "." + "service" + self.mdict['pki_registry_initscript_command'] = \ + "systemctl" + " " + \ + "restart" + " " + \ + "pki-tomcatd" + "@" + \ + self.mdict['pki_instance_name'] + "." + "service" except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, @@ -1257,8 +1255,7 @@ class PKIConfigParser: parser.optionxform = str parser.read(config.PKI_DEPLOYMENT_SLOTS_CONFIGURATION_FILE) # Slots configuration file name/value pairs - if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: - self.slots_dict = dict(parser.items('Tomcat')) + self.slots_dict = dict(parser.items('Tomcat')) except ConfigParser.ParsingError, err: rv = err return rv diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py index 464473625..fbcb1ccaa 100644 --- a/base/server/python/pki/server/deployment/scriptlets/configuration.py +++ b/base/server/python/pki/server/deployment/scriptlets/configuration.py @@ -81,18 +81,17 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): password_file=deployer.mdict['pki_client_password_conf']) # Start/Restart this Tomcat PKI Process - if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: - # Optionally prepare to enable a java debugger - # (e. g. - 'eclipse'): - if config.str2bool(deployer.mdict['pki_enable_java_debugger']): - config.prepare_for_an_external_java_debugger( - deployer.mdict['pki_target_tomcat_conf_instance_id']) - tomcat_instance_subsystems = \ - len(deployer.instance.tomcat_instance_subsystems()) - if tomcat_instance_subsystems == 1: - deployer.systemd.start() - elif tomcat_instance_subsystems > 1: - deployer.systemd.restart() + # Optionally prepare to enable a java debugger + # (e. g. - 'eclipse'): + if config.str2bool(deployer.mdict['pki_enable_java_debugger']): + config.prepare_for_an_external_java_debugger( + deployer.mdict['pki_target_tomcat_conf_instance_id']) + tomcat_instance_subsystems = \ + len(deployer.instance.tomcat_instance_subsystems()) + if tomcat_instance_subsystems == 1: + deployer.systemd.start() + elif tomcat_instance_subsystems > 1: + deployer.systemd.restart() # wait for startup status = deployer.instance.wait_for_startup(60) @@ -122,8 +121,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): config.pki_log.info(log.CONFIGURATION_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS \ - and len(deployer.instance.tomcat_instance_subsystems()) == 1: + if len(deployer.instance.tomcat_instance_subsystems()) == 1: if deployer.directory.exists(deployer.mdict['pki_client_dir']): deployer.directory.delete(deployer.mdict['pki_client_dir']) deployer.symlink.delete(deployer.mdict['pki_systemd_service_link']) diff --git a/base/server/python/pki/server/deployment/scriptlets/finalization.py b/base/server/python/pki/server/deployment/scriptlets/finalization.py index c8b54097a..f41f1d55a 100644 --- a/base/server/python/pki/server/deployment/scriptlets/finalization.py +++ b/base/server/python/pki/server/deployment/scriptlets/finalization.py @@ -96,8 +96,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): deployer.instance.pki_instance_subsystems() == 0: deployer.systemd.disable() # Start this Tomcat PKI Process - if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS \ - and len(deployer.instance.tomcat_instance_subsystems()) >= 1: + if len(deployer.instance.tomcat_instance_subsystems()) >= 1: deployer.systemd.start() config.pki_log.info(log.PKIDESTROY_END_MESSAGE_2, deployer.mdict['pki_subsystem'], diff --git a/base/server/python/pki/server/deployment/scriptlets/instance_layout.py b/base/server/python/pki/server/deployment/scriptlets/instance_layout.py index 8938057ae..62e387942 100644 --- a/base/server/python/pki/server/deployment/scriptlets/instance_layout.py +++ b/base/server/python/pki/server/deployment/scriptlets/instance_layout.py @@ -43,13 +43,13 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): extra=config.PKI_INDENTATION_LEVEL_1) # if this is the first subsystem - if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS \ - and len(deployer.instance.tomcat_instance_subsystems()) == 1: + if len(deployer.instance.tomcat_instance_subsystems()) == 1: # establish instance logs deployer.directory.create(deployer.mdict['pki_instance_log_path']) - # copy /usr/share/pki/server/conf tree into /var/lib/pki/<instance>/conf + # copy /usr/share/pki/server/conf tree into + # /var/lib/pki/<instance>/conf # except common ldif files and theme deployment descriptor deployer.directory.copy( deployer.mdict['pki_source_server_path'], @@ -301,8 +301,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): if deployer.mdict['pki_subsystem'] == 'TKS': deployer.symlink.delete(deployer.mdict['pki_symkey_jar_link']) - if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS \ - and len(deployer.instance.tomcat_instance_subsystems()) == 0: + if len(deployer.instance.tomcat_instance_subsystems()) == 0: # remove Tomcat instance base deployer.directory.delete(deployer.mdict['pki_instance_path']) # remove Tomcat instance logs diff --git a/base/server/python/pki/server/deployment/scriptlets/security_databases.py b/base/server/python/pki/server/deployment/scriptlets/security_databases.py index 83ecdf130..3f8623af1 100644 --- a/base/server/python/pki/server/deployment/scriptlets/security_databases.py +++ b/base/server/python/pki/server/deployment/scriptlets/security_databases.py @@ -146,8 +146,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): config.pki_log.info(log.SECURITY_DATABASES_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS \ - and len(deployer.instance.tomcat_instance_subsystems()) == 0: + if len(deployer.instance.tomcat_instance_subsystems()) == 0: deployer.file.delete(deployer.mdict['pki_cert_database']) deployer.file.delete(deployer.mdict['pki_key_database']) deployer.file.delete(deployer.mdict['pki_secmod_database']) diff --git a/base/server/python/pki/server/deployment/scriptlets/selinux_setup.py b/base/server/python/pki/server/deployment/scriptlets/selinux_setup.py index dce5648a0..7075f6e56 100644 --- a/base/server/python/pki/server/deployment/scriptlets/selinux_setup.py +++ b/base/server/python/pki/server/deployment/scriptlets/selinux_setup.py @@ -68,10 +68,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): return self.rv # add SELinux contexts when adding the first subsystem - if deployer.mdict['pki_subsystem'] in \ - config.PKI_TOMCAT_SUBSYSTEMS and \ - len(deployer.instance.tomcat_instance_subsystems()) == 1: - + if len(deployer.instance.tomcat_instance_subsystems()) == 1: trans = seobject.semanageRecords("targeted") trans.start() if deployer.mdict['pki_instance_name'] != \ @@ -163,10 +160,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): while True: try: # remove SELinux contexts when removing the last subsystem - if (deployer.mdict['pki_subsystem'] in - config.PKI_TOMCAT_SUBSYSTEMS and - len(deployer.instance.tomcat_instance_subsystems()) == 0): - + if len(deployer.instance.tomcat_instance_subsystems()) == 0: trans = seobject.semanageRecords("targeted") trans.start() diff --git a/base/server/python/pki/server/deployment/scriptlets/slot_substitution.py b/base/server/python/pki/server/deployment/scriptlets/slot_substitution.py index 3baef04b9..2f2b13567 100644 --- a/base/server/python/pki/server/deployment/scriptlets/slot_substitution.py +++ b/base/server/python/pki/server/deployment/scriptlets/slot_substitution.py @@ -70,28 +70,17 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): deployer.mdict['pki_target_tomcat_conf'], overwrite_flag=True) - # Strip "<filter>" section from subsystem "web.xml" - # This is ONLY necessary because XML comments cannot be "nested"! - # deployer.file.copy(deployer.mdict['pki_target_subsystem_web_xml'], - # deployer.mdict['pki_target_subsystem_web_xml_orig']) - # deployer.file.delete( - # deployer.mdict['pki_target_subsystem_web_xml']) - # util.xml_file.remove_filter_section_from_web_xml( - # deployer.mdict['pki_target_subsystem_web_xml_orig'], - # deployer.mdict['pki_target_subsystem_web_xml']) - # deployer.file.delete( - # deployer.mdict['pki_target_subsystem_web_xml_orig']) - if deployer.mdict['pki_subsystem'] == "CA": - deployer.file.copy_with_slot_substitution( - deployer.mdict['pki_source_proxy_conf'], - deployer.mdict['pki_target_proxy_conf']) - elif deployer.mdict['pki_subsystem'] == "TPS": - deployer.file.copy_with_slot_substitution( - deployer.mdict['pki_source_registry_cfg'], - deployer.mdict['pki_target_registry_cfg']) - deployer.file.copy_with_slot_substitution( - deployer.mdict['pki_source_phone_home_xml'], - deployer.mdict['pki_target_phone_home_xml']) + if deployer.mdict['pki_subsystem'] == "CA": + deployer.file.copy_with_slot_substitution( + deployer.mdict['pki_source_proxy_conf'], + deployer.mdict['pki_target_proxy_conf']) + elif deployer.mdict['pki_subsystem'] == "TPS": + deployer.file.copy_with_slot_substitution( + deployer.mdict['pki_source_registry_cfg'], + deployer.mdict['pki_target_registry_cfg']) + deployer.file.copy_with_slot_substitution( + deployer.mdict['pki_source_phone_home_xml'], + deployer.mdict['pki_target_phone_home_xml']) return self.rv def destroy(self, deployer): diff --git a/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py b/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py index c3d06c079..2cad0cf4a 100644 --- a/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py +++ b/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py @@ -52,57 +52,58 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # deployer.mdict['pki_source_conf_path'], # deployer.mdict['pki_subsystem_configuration_path']) # establish instance-based Tomcat specific subsystems - if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: - # establish instance-based Tomcat PKI subsystem base - if deployer.mdict['pki_subsystem'] == "CA": - deployer.directory.copy( - deployer.mdict['pki_source_emails'], - deployer.mdict['pki_subsystem_emails_path']) - deployer.directory.copy( - deployer.mdict['pki_source_profiles'], - deployer.mdict['pki_subsystem_profiles_path']) - # establish instance-based Tomcat PKI subsystem logs - # establish instance-based Tomcat PKI subsystem configuration - if deployer.mdict['pki_subsystem'] == "CA": - deployer.file.copy( - deployer.mdict['pki_source_flatfile_txt'], - deployer.mdict['pki_target_flatfile_txt']) - deployer.file.copy( - deployer.mdict['pki_source_registry_cfg'], - deployer.mdict['pki_target_registry_cfg']) - # '*.profile' - deployer.file.copy( - deployer.mdict['pki_source_admincert_profile'], - deployer.mdict['pki_target_admincert_profile']) - deployer.file.copy( - deployer.mdict['pki_source_caauditsigningcert_profile'], - deployer.mdict['pki_target_caauditsigningcert_profile']) - deployer.file.copy( - deployer.mdict['pki_source_cacert_profile'], - deployer.mdict['pki_target_cacert_profile']) - deployer.file.copy( - deployer.mdict['pki_source_caocspcert_profile'], - deployer.mdict['pki_target_caocspcert_profile']) - deployer.file.copy( - deployer.mdict['pki_source_servercert_profile'], - deployer.mdict['pki_target_servercert_profile']) - deployer.file.copy( - deployer.mdict['pki_source_subsystemcert_profile'], - deployer.mdict['pki_target_subsystemcert_profile']) - elif deployer.mdict['pki_subsystem'] == "KRA": - # '*.profile' - deployer.file.copy( - deployer.mdict['pki_source_servercert_profile'], - deployer.mdict['pki_target_servercert_profile']) - deployer.file.copy( - deployer.mdict['pki_source_storagecert_profile'], - deployer.mdict['pki_target_storagecert_profile']) - deployer.file.copy( - deployer.mdict['pki_source_subsystemcert_profile'], - deployer.mdict['pki_target_subsystemcert_profile']) - deployer.file.copy( - deployer.mdict['pki_source_transportcert_profile'], - deployer.mdict['pki_target_transportcert_profile']) + + # establish instance-based Tomcat PKI subsystem base + if deployer.mdict['pki_subsystem'] == "CA": + deployer.directory.copy( + deployer.mdict['pki_source_emails'], + deployer.mdict['pki_subsystem_emails_path']) + deployer.directory.copy( + deployer.mdict['pki_source_profiles'], + deployer.mdict['pki_subsystem_profiles_path']) + # establish instance-based Tomcat PKI subsystem logs + # establish instance-based Tomcat PKI subsystem configuration + if deployer.mdict['pki_subsystem'] == "CA": + deployer.file.copy( + deployer.mdict['pki_source_flatfile_txt'], + deployer.mdict['pki_target_flatfile_txt']) + deployer.file.copy( + deployer.mdict['pki_source_registry_cfg'], + deployer.mdict['pki_target_registry_cfg']) + # '*.profile' + deployer.file.copy( + deployer.mdict['pki_source_admincert_profile'], + deployer.mdict['pki_target_admincert_profile']) + deployer.file.copy( + deployer.mdict['pki_source_caauditsigningcert_profile'], + deployer.mdict['pki_target_caauditsigningcert_profile']) + deployer.file.copy( + deployer.mdict['pki_source_cacert_profile'], + deployer.mdict['pki_target_cacert_profile']) + deployer.file.copy( + deployer.mdict['pki_source_caocspcert_profile'], + deployer.mdict['pki_target_caocspcert_profile']) + deployer.file.copy( + deployer.mdict['pki_source_servercert_profile'], + deployer.mdict['pki_target_servercert_profile']) + deployer.file.copy( + deployer.mdict['pki_source_subsystemcert_profile'], + deployer.mdict['pki_target_subsystemcert_profile']) + elif deployer.mdict['pki_subsystem'] == "KRA": + # '*.profile' + deployer.file.copy( + deployer.mdict['pki_source_servercert_profile'], + deployer.mdict['pki_target_servercert_profile']) + deployer.file.copy( + deployer.mdict['pki_source_storagecert_profile'], + deployer.mdict['pki_target_storagecert_profile']) + deployer.file.copy( + deployer.mdict['pki_source_subsystemcert_profile'], + deployer.mdict['pki_target_subsystemcert_profile']) + deployer.file.copy( + deployer.mdict['pki_source_transportcert_profile'], + deployer.mdict['pki_target_transportcert_profile']) + # establish instance-based subsystem convenience symbolic links deployer.symlink.create( deployer.mdict['pki_instance_database_link'], diff --git a/base/server/python/pki/server/deployment/scriptlets/webapp_deployment.py b/base/server/python/pki/server/deployment/scriptlets/webapp_deployment.py index b0a1113e6..edbfafab3 100644 --- a/base/server/python/pki/server/deployment/scriptlets/webapp_deployment.py +++ b/base/server/python/pki/server/deployment/scriptlets/webapp_deployment.py @@ -33,55 +33,52 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 def spawn(self, deployer): - - if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: - if config.str2bool(deployer.mdict['pki_skip_installation']): - config.pki_log.info(log.SKIP_WEBAPP_DEPLOYMENT_SPAWN_1, - __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - return self.rv - - config.pki_log.info(log.WEBAPP_DEPLOYMENT_SPAWN_1, __name__, + if config.str2bool(deployer.mdict['pki_skip_installation']): + config.pki_log.info(log.SKIP_WEBAPP_DEPLOYMENT_SPAWN_1, + __name__, extra=config.PKI_INDENTATION_LEVEL_1) + return self.rv + + config.pki_log.info(log.WEBAPP_DEPLOYMENT_SPAWN_1, __name__, + extra=config.PKI_INDENTATION_LEVEL_1) - # Create subsystem webapps folder to store custom webapps: - # <instance>/<subsystem>/webapps. - deployer.directory.create( - deployer.mdict['pki_tomcat_subsystem_webapps_path']) + # Create subsystem webapps folder to store custom webapps: + # <instance>/<subsystem>/webapps. + deployer.directory.create( + deployer.mdict['pki_tomcat_subsystem_webapps_path']) - # set ownerships, permissions, and acls - deployer.directory.set_mode( - deployer.mdict['pki_tomcat_subsystem_webapps_path']) + # set ownerships, permissions, and acls + deployer.directory.set_mode( + deployer.mdict['pki_tomcat_subsystem_webapps_path']) - # Deploy web application directly from /usr/share/pki. - deployer.deploy_webapp( + # Deploy web application directly from /usr/share/pki. + deployer.deploy_webapp( + deployer.mdict['pki_subsystem'].lower(), + os.path.join( + config.PKI_DEPLOYMENT_SOURCE_ROOT, deployer.mdict['pki_subsystem'].lower(), - os.path.join( - config.PKI_DEPLOYMENT_SOURCE_ROOT, - deployer.mdict['pki_subsystem'].lower(), - "webapps", - deployer.mdict['pki_subsystem'].lower()), - os.path.join( - config.PKI_DEPLOYMENT_SOURCE_ROOT, - deployer.mdict['pki_subsystem'].lower(), - "conf", - "Catalina", - "localhost", - deployer.mdict['pki_subsystem'].lower() + ".xml")) + "webapps", + deployer.mdict['pki_subsystem'].lower()), + os.path.join( + config.PKI_DEPLOYMENT_SOURCE_ROOT, + deployer.mdict['pki_subsystem'].lower(), + "conf", + "Catalina", + "localhost", + deployer.mdict['pki_subsystem'].lower() + ".xml")) return self.rv def destroy(self, deployer): - if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: - config.pki_log.info(log.WEBAPP_DEPLOYMENT_DESTROY_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) + config.pki_log.info(log.WEBAPP_DEPLOYMENT_DESTROY_1, __name__, + extra=config.PKI_INDENTATION_LEVEL_1) - # Delete <instance>/conf/Catalina/localhost/<subsystem>.xml - deployer.file.delete( - os.path.join( - deployer.mdict['pki_instance_configuration_path'], - "Catalina", - "localhost", - deployer.mdict['pki_subsystem'].lower() + ".xml")) + # Delete <instance>/conf/Catalina/localhost/<subsystem>.xml + deployer.file.delete( + os.path.join( + deployer.mdict['pki_instance_configuration_path'], + "Catalina", + "localhost", + deployer.mdict['pki_subsystem'].lower() + ".xml")) return self.rv |