diff options
| author | Abhishek Koneru <akoneru@redhat.com> | 2013-06-20 16:25:40 -0400 |
|---|---|---|
| committer | Abhishek Koneru <akoneru@redhat.com> | 2013-06-27 08:08:06 -0400 |
| commit | 66c34cfbe1ca67c7ad7b5fddae26cd1b2d53e8c4 (patch) | |
| tree | b83d9d4d357e7c028f87e5224f1bbbfeea87f503 /base/server/src/scriptlets | |
| parent | 3e1d74f6ddf90e2499420add9bb9bfafa968722a (diff) | |
| download | pki-66c34cfbe1ca67c7ad7b5fddae26cd1b2d53e8c4.tar.gz pki-66c34cfbe1ca67c7ad7b5fddae26cd1b2d53e8c4.tar.xz pki-66c34cfbe1ca67c7ad7b5fddae26cd1b2d53e8c4.zip | |
Code refactored for global variables and utility classes.
Added a new class PKIDeployer, whose object holds references to
global dictionaries for master and slots and also objects of
utility classes in pkihelper.py. This object once created in
pkispawn/pkidestroy will be passed on to the PKIScriptlets and
used. This also fixes few pylint related errors (E1120)
Ticket #316
Diffstat (limited to 'base/server/src/scriptlets')
| -rw-r--r-- | base/server/src/scriptlets/configuration.py | 101 | ||||
| -rw-r--r-- | base/server/src/scriptlets/finalization.py | 66 | ||||
| -rw-r--r-- | base/server/src/scriptlets/infrastructure_layout.py | 60 | ||||
| -rw-r--r-- | base/server/src/scriptlets/initialization.py | 64 | ||||
| -rw-r--r-- | base/server/src/scriptlets/instance_layout.py | 217 | ||||
| -rw-r--r-- | base/server/src/scriptlets/security_databases.py | 122 | ||||
| -rw-r--r-- | base/server/src/scriptlets/selinux_setup.py | 78 | ||||
| -rw-r--r-- | base/server/src/scriptlets/slot_substitution.py | 90 | ||||
| -rw-r--r-- | base/server/src/scriptlets/subsystem_layout.py | 128 | ||||
| -rw-r--r-- | base/server/src/scriptlets/webapp_deployment.py | 117 |
10 files changed, 519 insertions, 524 deletions
diff --git a/base/server/src/scriptlets/configuration.py b/base/server/src/scriptlets/configuration.py index c13e7eba2..970d1aefd 100644 --- a/base/server/src/scriptlets/configuration.py +++ b/base/server/src/scriptlets/configuration.py @@ -21,8 +21,6 @@ # PKI Deployment Imports import pkiconfig as config -from pkiconfig import pki_master_dict as master -import pkihelper as util import pkimessages as log import pkiscriptlet import json @@ -34,8 +32,9 @@ import pki.encoder class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 - def spawn(self): - if config.str2bool(master['pki_skip_configuration']): + def spawn(self, deployer): + + if config.str2bool(deployer.master_dict['pki_skip_configuration']): config.pki_log.info(log.SKIP_CONFIGURATION_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) return self.rv @@ -44,97 +43,97 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # Place "slightly" less restrictive permissions on # the top-level client directory ONLY - util.directory.create(master['pki_client_subsystem_dir'], + deployer.directory.create(deployer.master_dict['pki_client_subsystem_dir'], uid=0, gid=0, perms=config.PKI_DEPLOYMENT_DEFAULT_CLIENT_DIR_PERMISSIONS) # Since 'certutil' does NOT strip the 'token=' portion of # the 'token=password' entries, create a client password file # which ONLY contains the 'password' for the purposes of # allowing 'certutil' to generate the security databases - util.password.create_password_conf( - master['pki_client_password_conf'], - master['pki_client_database_password'], pin_sans_token=True) - util.file.modify(master['pki_client_password_conf'], + deployer.password.create_password_conf( + deployer.master_dict['pki_client_password_conf'], + deployer.master_dict['pki_client_database_password'], pin_sans_token=True) + deployer.file.modify(deployer.master_dict['pki_client_password_conf'], uid=0, gid=0) # Similarly, create a simple password file containing the # PKCS #12 password used when exporting the "Admin Certificate" # into a PKCS #12 file - util.password.create_client_pkcs12_password_conf( - master['pki_client_pkcs12_password_conf']) - util.file.modify(master['pki_client_pkcs12_password_conf']) - util.directory.create(master['pki_client_database_dir'], + deployer.password.create_client_pkcs12_password_conf( + deployer.master_dict['pki_client_pkcs12_password_conf']) + deployer.file.modify(deployer.master_dict['pki_client_pkcs12_password_conf']) + deployer.directory.create(deployer.master_dict['pki_client_database_dir'], uid=0, gid=0) - util.certutil.create_security_databases( - master['pki_client_database_dir'], - master['pki_client_cert_database'], - master['pki_client_key_database'], - master['pki_client_secmod_database'], - password_file=master['pki_client_password_conf']) - util.symlink.create(master['pki_systemd_service'], - master['pki_systemd_service_link']) + deployer.certutil.create_security_databases( + deployer.master_dict['pki_client_database_dir'], + deployer.master_dict['pki_client_cert_database'], + deployer.master_dict['pki_client_key_database'], + deployer.master_dict['pki_client_secmod_database'], + password_file=deployer.master_dict['pki_client_password_conf']) + deployer.symlink.create(deployer.master_dict['pki_systemd_service'], + deployer.master_dict['pki_systemd_service_link']) # Start/Restart this Apache/Tomcat PKI Process - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: + if deployer.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: apache_instance_subsystems =\ - util.instance.apache_instance_subsystems() + deployer.instance.apache_instance_subsystems() if apache_instance_subsystems == 1: - util.systemd.start() + deployer.systemd.start() elif apache_instance_subsystems > 1: - util.systemd.restart() - elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + deployer.systemd.restart() + elif deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: # Optionally prepare to enable a java debugger # (e. g. - 'eclipse'): - if config.str2bool(master['pki_enable_java_debugger']): + if config.str2bool(deployer.master_dict['pki_enable_java_debugger']): config.prepare_for_an_external_java_debugger( - master['pki_target_tomcat_conf_instance_id']) + deployer.master_dict['pki_target_tomcat_conf_instance_id']) tomcat_instance_subsystems =\ - len(util.instance.tomcat_instance_subsystems()) + len(deployer.instance.tomcat_instance_subsystems()) if tomcat_instance_subsystems == 1: - util.systemd.start() + deployer.systemd.start() elif tomcat_instance_subsystems > 1: - util.systemd.restart() + deployer.systemd.restart() # wait for startup - status = util.instance.wait_for_startup(60) + status = deployer.instance.wait_for_startup(60) if status == None: config.pki_log.error("server failed to restart", extra=config.PKI_INDENTATION_LEVEL_2) raise Exception("server failed to restart") # Optionally wait for debugger to attach (e. g. - 'eclipse'): - if config.str2bool(master['pki_enable_java_debugger']): + if config.str2bool(deployer.master_dict['pki_enable_java_debugger']): config.wait_to_attach_an_external_java_debugger() - config_client = util.config_client() # Construct PKI Subsystem Configuration Data data = None - if master['pki_instance_type'] == "Apache": - if master['pki_subsystem'] == "RA": + if deployer.master_dict['pki_instance_type'] == "Apache": + if deployer.master_dict['pki_subsystem'] == "RA": config.pki_log.info(log.PKI_CONFIG_NOT_YET_IMPLEMENTED_1, - master['pki_subsystem'], + deployer.master_dict['pki_subsystem'], extra=config.PKI_INDENTATION_LEVEL_2) return self.rv - elif master['pki_instance_type'] == "Tomcat": + elif deployer.master_dict['pki_instance_type'] == "Tomcat": # CA, KRA, OCSP, TKS, or TPS - data = config_client.construct_pki_configuration_data() + data = deployer.config_client.construct_pki_configuration_data() # Configure the substem - config_client.configure_pki_data( + deployer.config_client.configure_pki_data( json.dumps(data, cls=pki.encoder.CustomTypeEncoder)) return self.rv - def destroy(self): + def destroy(self, deployer): + config.pki_log.info(log.CONFIGURATION_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ - util.instance.apache_instance_subsystems() == 1: - if util.directory.exists(master['pki_client_dir']): - util.directory.delete(master['pki_client_dir']) - util.symlink.delete(master['pki_systemd_service_link']) - elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ - len(util.instance.tomcat_instance_subsystems()) == 1: - if util.directory.exists(master['pki_client_dir']): - util.directory.delete(master['pki_client_dir']) - util.symlink.delete(master['pki_systemd_service_link']) + if deployer.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ + deployer.instance.apache_instance_subsystems() == 1: + if deployer.directory.exists(deployer.master_dict['pki_client_dir']): + deployer.directory.delete(deployer.master_dict['pki_client_dir']) + deployer.symlink.delete(deployer.master_dict['pki_systemd_service_link']) + elif deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ + len(deployer.instance.tomcat_instance_subsystems()) == 1: + if deployer.directory.exists(deployer.master_dict['pki_client_dir']): + deployer.directory.delete(deployer.master_dict['pki_client_dir']) + deployer.symlink.delete(deployer.master_dict['pki_systemd_service_link']) return self.rv diff --git a/base/server/src/scriptlets/finalization.py b/base/server/src/scriptlets/finalization.py index 6387146c7..45b4a3ceb 100644 --- a/base/server/src/scriptlets/finalization.py +++ b/base/server/src/scriptlets/finalization.py @@ -21,8 +21,6 @@ # PKI Deployment Imports import pkiconfig as config -from pkiconfig import pki_master_dict as master -import pkihelper as util import pkimanifest as manifest import pkimessages as log import pkiscriptlet @@ -32,14 +30,15 @@ import pkiscriptlet class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 - def spawn(self): - if master['pki_subsystem'] == "CA" and\ - config.str2bool(master['pki_external_step_two']): + def spawn(self, deployer): + + if deployer.master_dict['pki_subsystem'] == "CA" and\ + config.str2bool(deployer.master_dict['pki_external_step_two']): # must check for 'External CA Step 2' installation PRIOR to # 'pki_skip_installation' since this value has been set to true # by the initialization scriptlet pass - elif config.str2bool(master['pki_skip_installation']): + elif config.str2bool(deployer.master_dict['pki_skip_installation']): config.pki_log.info(log.SKIP_FINALIZATION_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) return self.rv @@ -47,24 +46,24 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): extra=config.PKI_INDENTATION_LEVEL_1) # For debugging/auditing purposes, save a timestamped copy of # this configuration file in the subsystem archive - util.file.copy(master['pki_user_deployment_cfg_replica'], - master['pki_user_deployment_cfg_spawn_archive']) + deployer.file.copy(deployer.master_dict['pki_user_deployment_cfg_replica'], + deployer.master_dict['pki_user_deployment_cfg_spawn_archive']) # Save a copy of the installation manifest file - config.pki_log.info(log.PKI_MANIFEST_MESSAGE_1, master['pki_manifest'], + config.pki_log.info(log.PKI_MANIFEST_MESSAGE_1, deployer.master_dict['pki_manifest'], extra=config.PKI_INDENTATION_LEVEL_2) # for record in manifest.database: # print tuple(record) - manifest.file.register(master['pki_manifest']) + manifest.file.register(deployer.master_dict['pki_manifest']) manifest.file.write() - util.file.modify(master['pki_manifest'], silent=True) + deployer.file.modify(deployer.master_dict['pki_manifest'], silent=True) # Also, for debugging/auditing purposes, save a timestamped copy of # this installation manifest file - util.file.copy(master['pki_manifest'], - master['pki_manifest_spawn_archive']) + deployer.file.copy(deployer.master_dict['pki_manifest'], + deployer.master_dict['pki_manifest_spawn_archive']) # Optionally, programmatically 'restart' the configured PKI instance - if config.str2bool(master['pki_restart_configured_instance']): - util.systemd.restart() + if config.str2bool(deployer.master_dict['pki_restart_configured_instance']): + deployer.systemd.restart() # Optionally, 'purge' the entire temporary client infrastructure # including the client NSS security databases and password files # @@ -72,34 +71,35 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # placed under this infrastructure, it may accidentally # be deleted! # - if config.str2bool(master['pki_client_database_purge']): - if util.directory.exists(master['pki_client_subsystem_dir']): - util.directory.delete(master['pki_client_subsystem_dir']) + if config.str2bool(deployer.master_dict['pki_client_database_purge']): + if deployer.directory.exists(deployer.master_dict['pki_client_subsystem_dir']): + deployer.directory.delete(deployer.master_dict['pki_client_subsystem_dir']) # If instance has not been configured, print the # configuration URL to the log - if config.str2bool(master['pki_skip_configuration']): - util.configuration_file.log_configuration_url() + if config.str2bool(deployer.master_dict['pki_skip_configuration']): + deployer.configuration_file.log_configuration_url() # Log final process messages config.pki_log.info(log.PKISPAWN_END_MESSAGE_2, - master['pki_subsystem'], - master['pki_instance_name'], + deployer.master_dict['pki_subsystem'], + deployer.master_dict['pki_instance_name'], extra=config.PKI_INDENTATION_LEVEL_0) - util.file.modify(master['pki_spawn_log'], silent=True) + deployer.file.modify(deployer.master_dict['pki_spawn_log'], silent=True) return self.rv - def destroy(self): + def destroy(self, deployer): + config.pki_log.info(log.FINALIZATION_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - util.file.modify(master['pki_destroy_log'], silent=True) + deployer.file.modify(deployer.master_dict['pki_destroy_log'], silent=True) # Start this Apache/Tomcat PKI Process - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ - util.instance.apache_instance_subsystems() >= 1: - util.systemd.start() - elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ - len(util.instance.tomcat_instance_subsystems()) >= 1: - util.systemd.start() + if deployer.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ + deployer.instance.apache_instance_subsystems() >= 1: + deployer.systemd.start() + elif deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ + len(deployer.instance.tomcat_instance_subsystems()) >= 1: + deployer.systemd.start() config.pki_log.info(log.PKIDESTROY_END_MESSAGE_2, - master['pki_subsystem'], - master['pki_instance_name'], + deployer.master_dict['pki_subsystem'], + deployer.master_dict['pki_instance_name'], extra=config.PKI_INDENTATION_LEVEL_0) return self.rv diff --git a/base/server/src/scriptlets/infrastructure_layout.py b/base/server/src/scriptlets/infrastructure_layout.py index f3535d767..4fe31ef3d 100644 --- a/base/server/src/scriptlets/infrastructure_layout.py +++ b/base/server/src/scriptlets/infrastructure_layout.py @@ -21,8 +21,6 @@ # PKI Deployment Imports import pkiconfig as config -from pkiconfig import pki_master_dict as master -import pkihelper as util import pkimessages as log import pkiscriptlet @@ -31,8 +29,9 @@ import pkiscriptlet class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 - def spawn(self): - if config.str2bool(master['pki_skip_installation']): + def spawn(self, deployer): + + if config.str2bool(deployer.master_dict['pki_skip_installation']): config.pki_log.info(log.SKIP_ADMIN_DOMAIN_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) return self.rv @@ -52,32 +51,32 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # registry directories for storage of a copy of the original # deployment configuration file used to spawn this instance, # and save a copy of this file - util.directory.create(master['pki_registry_path']) - util.directory.create(master['pki_instance_type_registry_path']) - util.directory.create(master['pki_instance_registry_path']) - util.directory.create(master['pki_subsystem_registry_path']) - util.file.copy(master['pki_default_deployment_cfg'], - master['pki_default_deployment_cfg_replica']) + deployer.directory.create(deployer.master_dict['pki_registry_path']) + deployer.directory.create(deployer.master_dict['pki_instance_type_registry_path']) + deployer.directory.create(deployer.master_dict['pki_instance_registry_path']) + deployer.directory.create(deployer.master_dict['pki_subsystem_registry_path']) + deployer.file.copy(deployer.master_dict['pki_default_deployment_cfg'], + deployer.master_dict['pki_default_deployment_cfg_replica']) - print "Storing deployment configuration into " + config.pki_master_dict['pki_user_deployment_cfg_replica'] + "." + print "Storing deployment configuration into " + deployer.master_dict['pki_user_deployment_cfg_replica'] + "." #Archive the user deployment configuration excluding the sensitive parameters - sensitive_parameters = config.pki_master_dict['sensitive_parameters'].split() + sensitive_parameters = deployer.master_dict['sensitive_parameters'].split() sections = config.user_config.sections() for s in sections: for k in sensitive_parameters: config.user_config.set(s, k, 'XXXXXXXX') - with open(master['pki_user_deployment_cfg_replica'], 'w') as f: + with open(deployer.master_dict['pki_user_deployment_cfg_replica'], 'w') as f: config.user_config.write(f) # establish top-level infrastructure, instance, and subsystem # base directories and create the "registry" symbolic link that # the "pkidestroy" executable relies upon - util.directory.create(master['pki_path']) - util.directory.create(master['pki_instance_path']) - util.directory.create(master['pki_subsystem_path']) - util.symlink.create(master['pki_instance_registry_path'], - master['pki_subsystem_registry_link']) + deployer.directory.create(deployer.master_dict['pki_path']) + deployer.directory.create(deployer.master_dict['pki_instance_path']) + deployer.directory.create(deployer.master_dict['pki_subsystem_path']) + deployer.symlink.create(deployer.master_dict['pki_instance_registry_path'], + deployer.master_dict['pki_subsystem_registry_link']) # # NOTE: If "infrastructure_layout" scriptlet execution has been # successfully executed to this point, the "pkidestroy" command @@ -86,29 +85,30 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # no need to establish top-level infrastructure logs # since it now stores 'pkispawn'/'pkidestroy' logs # and will already exist - # util.directory.create(master['pki_log_path']) + # deployer.directory.create(deployer.master_dict['pki_log_path']) # establish top-level infrastructure configuration - if master['pki_configuration_path'] !=\ + if deployer.master_dict['pki_configuration_path'] !=\ config.PKI_DEPLOYMENT_CONFIGURATION_ROOT: - util.directory.create(master['pki_configuration_path']) + deployer.directory.create(deployer.master_dict['pki_configuration_path']) return self.rv - def destroy(self): + def destroy(self, deployer): + config.pki_log.info(log.ADMIN_DOMAIN_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) # remove top-level infrastructure base - if master['pki_subsystem'] in config.PKI_SUBSYSTEMS and\ - util.instance.pki_instance_subsystems() == 0: + if deployer.master_dict['pki_subsystem'] in config.PKI_SUBSYSTEMS and\ + deployer.instance.pki_instance_subsystems() == 0: # remove top-level infrastructure base - util.directory.delete(master['pki_path']) + deployer.directory.delete(deployer.master_dict['pki_path']) # do NOT remove top-level infrastructure logs # since it now stores 'pkispawn'/'pkidestroy' logs - # util.directory.delete(master['pki_log_path']) + # deployer.directory.delete(deployer.master_dict['pki_log_path']) # remove top-level infrastructure configuration - if util.directory.is_empty(master['pki_configuration_path'])\ - and master['pki_configuration_path'] !=\ + if deployer.directory.is_empty(deployer.master_dict['pki_configuration_path'])\ + and deployer.master_dict['pki_configuration_path'] !=\ config.PKI_DEPLOYMENT_CONFIGURATION_ROOT: - util.directory.delete(master['pki_configuration_path']) + deployer.directory.delete(deployer.master_dict['pki_configuration_path']) # remove top-level infrastructure registry - util.directory.delete(master['pki_registry_path']) + deployer.directory.delete(deployer.master_dict['pki_registry_path']) return self.rv diff --git a/base/server/src/scriptlets/initialization.py b/base/server/src/scriptlets/initialization.py index f3839fb05..80b28a663 100644 --- a/base/server/src/scriptlets/initialization.py +++ b/base/server/src/scriptlets/initialization.py @@ -21,8 +21,6 @@ # PKI Deployment Imports import pkiconfig as config -from pkiconfig import pki_master_dict as master -import pkihelper as util import pkimessages as log import pkiscriptlet @@ -31,73 +29,75 @@ import pkiscriptlet class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 - def spawn(self): + def spawn(self, deployer): + # begin official logging config.pki_log.info(log.PKISPAWN_BEGIN_MESSAGE_2, - master['pki_subsystem'], - master['pki_instance_name'], + deployer.master_dict['pki_subsystem'], + deployer.master_dict['pki_instance_name'], extra=config.PKI_INDENTATION_LEVEL_0) - if config.str2bool(master['pki_skip_installation']): + if config.str2bool(deployer.master_dict['pki_skip_installation']): config.pki_log.info(log.SKIP_INITIALIZATION_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) return self.rv else: config.pki_log.info(log.INITIALIZATION_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - if master['pki_subsystem'] == "CA" and\ - config.str2bool(master['pki_external_step_two']): + if deployer.master_dict['pki_subsystem'] == "CA" and\ + config.str2bool(deployer.master_dict['pki_external_step_two']): # verify that this type of "subsystem" currently EXISTS # for this "instance" (External CA Step 2) - util.instance.verify_subsystem_exists() - master['pki_skip_installation'] = "True"; + deployer.instance.verify_subsystem_exists() + deployer.master_dict['pki_skip_installation'] = "True"; else: # verify that this type of "subsystem" does NOT yet # exist for this "instance" - util.instance.verify_subsystem_does_not_exist() + deployer.instance.verify_subsystem_does_not_exist() # detect and avoid any namespace collisions - util.namespace.collision_detection() + deployer.namespace.collision_detection() # initialize 'uid' and 'gid' - util.identity.add_uid_and_gid(master['pki_user'], master['pki_group']) + deployer.identity.add_uid_and_gid(deployer.master_dict['pki_user'], deployer.master_dict['pki_group']) # establish 'uid' and 'gid' - util.identity.set_uid(master['pki_user']) - util.identity.set_gid(master['pki_group']) + deployer.identity.set_uid(deployer.master_dict['pki_user']) + deployer.identity.set_gid(deployer.master_dict['pki_group']) # verify existence of SENSITIVE configuration file data - util.configuration_file.verify_sensitive_data() + deployer.configuration_file.verify_sensitive_data() # verify existence of MUTUALLY EXCLUSIVE configuration file data - util.configuration_file.verify_mutually_exclusive_data() + deployer.configuration_file.verify_mutually_exclusive_data() # verify existence of PREDEFINED configuration file data - util.configuration_file.verify_predefined_configuration_file_data() + deployer.configuration_file.verify_predefined_configuration_file_data() # verify selinux context of selected ports - util.configuration_file.populate_non_default_ports() - util.configuration_file.verify_selinux_ports() + deployer.configuration_file.populate_non_default_ports() + deployer.configuration_file.verify_selinux_ports() return self.rv - def destroy(self): + def destroy(self, deployer): + # begin official logging config.pki_log.info(log.PKIDESTROY_BEGIN_MESSAGE_2, - master['pki_subsystem'], - master['pki_instance_name'], + deployer.master_dict['pki_subsystem'], + deployer.master_dict['pki_instance_name'], extra=config.PKI_INDENTATION_LEVEL_0) config.pki_log.info(log.INITIALIZATION_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) # verify that this type of "subsystem" currently EXISTS # for this "instance" - util.instance.verify_subsystem_exists() + deployer.instance.verify_subsystem_exists() # verify that the command-line parameters match the values # that are present in the corresponding configuration file - util.configuration_file.verify_command_matches_configuration_file() + deployer.configuration_file.verify_command_matches_configuration_file() # establish 'uid' and 'gid' - util.identity.set_uid(master['pki_user']) - util.identity.set_gid(master['pki_group']) + deployer.identity.set_uid(deployer.master_dict['pki_user']) + deployer.identity.set_gid(deployer.master_dict['pki_group']) # get ports to remove selinux context - util.configuration_file.populate_non_default_ports() + deployer.configuration_file.populate_non_default_ports() # get deinstallation token - token = util.security_domain.get_installation_token( + token = deployer.security_domain.get_installation_token( config.pki_secdomain_user, config.pki_secdomain_pass) # remove kra connector from CA if this is a KRA - util.kra_connector.deregister() + deployer.kra_connector.deregister() # de-register instance from its Security Domain # @@ -107,7 +107,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # instance's security domain may be a part of a # tightly-coupled shared instance. # - util.security_domain.deregister(token) + deployer.security_domain.deregister(token) # ALWAYS Stop this Apache/Tomcat PKI Process - util.systemd.stop() + deployer.systemd.stop() return self.rv diff --git a/base/server/src/scriptlets/instance_layout.py b/base/server/src/scriptlets/instance_layout.py index 07ae03e9a..99a97532b 100644 --- a/base/server/src/scriptlets/instance_layout.py +++ b/base/server/src/scriptlets/instance_layout.py @@ -25,161 +25,160 @@ import os # PKI Deployment Imports import pkiconfig as config -from pkiconfig import pki_master_dict as master -import pkihelper as util import pkimessages as log import pkiscriptlet -import os # PKI Deployment Instance Layout Scriptlet class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 - def spawn(self): - if config.str2bool(master['pki_skip_installation']): + def spawn(self, deployer): + + if config.str2bool(deployer.master_dict['pki_skip_installation']): config.pki_log.info(log.SKIP_INSTANCE_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) return self.rv config.pki_log.info(log.INSTANCE_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) # establish instance logs - util.directory.create(master['pki_instance_log_path']) + deployer.directory.create(deployer.master_dict['pki_instance_log_path']) # establish instance configuration - util.directory.create(master['pki_instance_configuration_path']) + deployer.directory.create(deployer.master_dict['pki_instance_configuration_path']) # establish Apache/Tomcat specific instance - if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + if deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: # establish Tomcat instance configuration - util.directory.copy(master['pki_source_server_path'], - master['pki_instance_configuration_path'], + deployer.directory.copy(deployer.master_dict['pki_source_server_path'], + deployer.master_dict['pki_instance_configuration_path'], overwrite_flag=True) # establish Tomcat instance base - util.directory.create(master['pki_tomcat_common_path']) - util.directory.create(master['pki_tomcat_common_lib_path']) + deployer.directory.create(deployer.master_dict['pki_tomcat_common_path']) + deployer.directory.create(deployer.master_dict['pki_tomcat_common_lib_path']) # establish Tomcat instance library - util.directory.create(master['pki_instance_lib']) - for name in os.listdir(master['pki_tomcat_lib_path']): - util.symlink.create( + deployer.directory.create(deployer.master_dict['pki_instance_lib']) + for name in os.listdir(deployer.master_dict['pki_tomcat_lib_path']): + deployer.symlink.create( os.path.join( - master['pki_tomcat_lib_path'], + deployer.master_dict['pki_tomcat_lib_path'], name), os.path.join( - master['pki_instance_lib'], + deployer.master_dict['pki_instance_lib'], name)) - util.symlink.create(master['pki_instance_conf_log4j_properties'], - master['pki_instance_lib_log4j_properties']) - util.directory.create(master['pki_tomcat_tmpdir_path']) - util.directory.create(master['pki_tomcat_webapps_path']) - util.directory.create(master['pki_tomcat_work_path']) - util.directory.create(master['pki_tomcat_work_catalina_path']) - util.directory.create(master['pki_tomcat_work_catalina_host_path']) - util.directory.create( - master['pki_tomcat_work_catalina_host_run_path']) - util.directory.create( - master['pki_tomcat_work_catalina_host_subsystem_path']) + deployer.symlink.create(deployer.master_dict['pki_instance_conf_log4j_properties'], + deployer.master_dict['pki_instance_lib_log4j_properties']) + deployer.directory.create(deployer.master_dict['pki_tomcat_tmpdir_path']) + deployer.directory.create(deployer.master_dict['pki_tomcat_webapps_path']) + deployer.directory.create(deployer.master_dict['pki_tomcat_work_path']) + deployer.directory.create(deployer.master_dict['pki_tomcat_work_catalina_path']) + deployer.directory.create(deployer.master_dict['pki_tomcat_work_catalina_host_path']) + deployer.directory.create( + deployer.master_dict['pki_tomcat_work_catalina_host_run_path']) + deployer.directory.create( + deployer.master_dict['pki_tomcat_work_catalina_host_subsystem_path']) # establish Tomcat instance logs # establish Tomcat instance registry # establish Tomcat instance convenience symbolic links - util.symlink.create(master['pki_tomcat_bin_path'], - master['pki_tomcat_bin_link']) - util.symlink.create(master['pki_tomcat_systemd'], - master['pki_instance_systemd_link'], + deployer.symlink.create(deployer.master_dict['pki_tomcat_bin_path'], + deployer.master_dict['pki_tomcat_bin_link']) + deployer.symlink.create(deployer.master_dict['pki_tomcat_systemd'], + deployer.master_dict['pki_instance_systemd_link'], uid=0, gid=0) # establish Tomcat instance common lib jar symbolic links - util.symlink.create(master['pki_apache_commons_collections_jar'], - master['pki_apache_commons_collections_jar_link']) - util.symlink.create(master['pki_apache_commons_lang_jar'], - master['pki_apache_commons_lang_jar_link']) - util.symlink.create(master['pki_apache_commons_logging_jar'], - master['pki_apache_commons_logging_jar_link']) - util.symlink.create(master['pki_commons_codec_jar'], - master['pki_commons_codec_jar_link']) - util.symlink.create(master['pki_httpclient_jar'], - master['pki_httpclient_jar_link']) - util.symlink.create(master['pki_httpcore_jar'], - master['pki_httpcore_jar_link']) - util.symlink.create(master['pki_javassist_jar'], - master['pki_javassist_jar_link']) - util.symlink.create(master['pki_resteasy_jaxrs_api_jar'], - master['pki_resteasy_jaxrs_api_jar_link']) - util.symlink.create(master['pki_jettison_jar'], - master['pki_jettison_jar_link']) - util.symlink.create(master['pki_jss_jar'], - master['pki_jss_jar_link']) - util.symlink.create(master['pki_ldapjdk_jar'], - master['pki_ldapjdk_jar_link']) - util.symlink.create(master['pki_tomcat_jar'], - master['pki_tomcat_jar_link']) - util.symlink.create(master['pki_resteasy_atom_provider_jar'], - master['pki_resteasy_atom_provider_jar_link']) - util.symlink.create(master['pki_resteasy_jaxb_provider_jar'], - master['pki_resteasy_jaxb_provider_jar_link']) - util.symlink.create(master['pki_resteasy_jaxrs_jar'], - master['pki_resteasy_jaxrs_jar_link']) - util.symlink.create(master['pki_resteasy_jettison_provider_jar'], - master['pki_resteasy_jettison_provider_jar_link']) - util.symlink.create(master['pki_scannotation_jar'], - master['pki_scannotation_jar_link']) - if master['pki_subsystem'] == 'TKS': - util.symlink.create(master['pki_symkey_jar'], - master['pki_symkey_jar_link']) - util.symlink.create(master['pki_tomcatjss_jar'], - master['pki_tomcatjss_jar_link']) - util.symlink.create(master['pki_velocity_jar'], - master['pki_velocity_jar_link']) - util.symlink.create(master['pki_xerces_j2_jar'], - master['pki_xerces_j2_jar_link']) - util.symlink.create(master['pki_xml_commons_apis_jar'], - master['pki_xml_commons_apis_jar_link']) - util.symlink.create(master['pki_xml_commons_resolver_jar'], - master['pki_xml_commons_resolver_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_apache_commons_collections_jar'], + deployer.master_dict['pki_apache_commons_collections_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_apache_commons_lang_jar'], + deployer.master_dict['pki_apache_commons_lang_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_apache_commons_logging_jar'], + deployer.master_dict['pki_apache_commons_logging_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_commons_codec_jar'], + deployer.master_dict['pki_commons_codec_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_httpclient_jar'], + deployer.master_dict['pki_httpclient_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_httpcore_jar'], + deployer.master_dict['pki_httpcore_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_javassist_jar'], + deployer.master_dict['pki_javassist_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_resteasy_jaxrs_api_jar'], + deployer.master_dict['pki_resteasy_jaxrs_api_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_jettison_jar'], + deployer.master_dict['pki_jettison_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_jss_jar'], + deployer.master_dict['pki_jss_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_ldapjdk_jar'], + deployer.master_dict['pki_ldapjdk_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_tomcat_jar'], + deployer.master_dict['pki_tomcat_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_resteasy_atom_provider_jar'], + deployer.master_dict['pki_resteasy_atom_provider_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_resteasy_jaxb_provider_jar'], + deployer.master_dict['pki_resteasy_jaxb_provider_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_resteasy_jaxrs_jar'], + deployer.master_dict['pki_resteasy_jaxrs_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_resteasy_jettison_provider_jar'], + deployer.master_dict['pki_resteasy_jettison_provider_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_scannotation_jar'], + deployer.master_dict['pki_scannotation_jar_link']) + if deployer.master_dict['pki_subsystem'] == 'TKS': + deployer.symlink.create(deployer.master_dict['pki_symkey_jar'], + deployer.master_dict['pki_symkey_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_tomcatjss_jar'], + deployer.master_dict['pki_tomcatjss_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_velocity_jar'], + deployer.master_dict['pki_velocity_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_xerces_j2_jar'], + deployer.master_dict['pki_xerces_j2_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_xml_commons_apis_jar'], + deployer.master_dict['pki_xml_commons_apis_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_xml_commons_resolver_jar'], + deployer.master_dict['pki_xml_commons_resolver_jar_link']) # establish shared NSS security databases for this instance - util.directory.create(master['pki_database_path']) + deployer.directory.create(deployer.master_dict['pki_database_path']) # establish instance convenience symbolic links - util.symlink.create(master['pki_database_path'], - master['pki_instance_database_link']) - util.symlink.create(master['pki_instance_configuration_path'], - master['pki_instance_conf_link']) - util.symlink.create(master['pki_instance_log_path'], - master['pki_instance_logs_link']) + deployer.symlink.create(deployer.master_dict['pki_database_path'], + deployer.master_dict['pki_instance_database_link']) + deployer.symlink.create(deployer.master_dict['pki_instance_configuration_path'], + deployer.master_dict['pki_instance_conf_link']) + deployer.symlink.create(deployer.master_dict['pki_instance_log_path'], + deployer.master_dict['pki_instance_logs_link']) return self.rv - def destroy(self): + def destroy(self, deployer): + config.pki_log.info(log.INSTANCE_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - if master['pki_subsystem'] == 'TKS': - util.symlink.delete(master['pki_symkey_jar_link']) - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ - util.instance.apache_instance_subsystems() == 0: + if deployer.master_dict['pki_subsystem'] == 'TKS': + deployer.symlink.delete(deployer.master_dict['pki_symkey_jar_link']) + if deployer.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ + deployer.instance.apache_instance_subsystems() == 0: # remove Apache instance base - util.directory.delete(master['pki_instance_path']) + deployer.directory.delete(deployer.master_dict['pki_instance_path']) # remove Apache instance logs # remove shared NSS security database path for this instance - util.directory.delete(master['pki_database_path']) + deployer.directory.delete(deployer.master_dict['pki_database_path']) # remove Apache instance configuration - util.directory.delete(master['pki_instance_configuration_path']) + deployer.directory.delete(deployer.master_dict['pki_instance_configuration_path']) # remove Apache instance registry - util.directory.delete(master['pki_instance_registry_path']) + deployer.directory.delete(deployer.master_dict['pki_instance_registry_path']) # remove Apache PKI registry (if empty) - if util.instance.apache_instances() == 0: - util.directory.delete( - master['pki_instance_type_registry_path']) - elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ - len(util.instance.tomcat_instance_subsystems()) == 0: + if deployer.instance.apache_instances() == 0: + deployer.directory.delete( + deployer.master_dict['pki_instance_type_registry_path']) + elif deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ + len(deployer.instance.tomcat_instance_subsystems()) == 0: # remove Tomcat instance base - util.directory.delete(master['pki_instance_path']) + deployer.directory.delete(deployer.master_dict['pki_instance_path']) # remove Tomcat instance logs - util.directory.delete(master['pki_instance_log_path']) + deployer.directory.delete(deployer.master_dict['pki_instance_log_path']) # remove shared NSS security database path for this instance - util.directory.delete(master['pki_database_path']) + deployer.directory.delete(deployer.master_dict['pki_database_path']) # remove Tomcat instance configuration - util.directory.delete(master['pki_instance_configuration_path']) + deployer.directory.delete(deployer.master_dict['pki_instance_configuration_path']) # remove PKI 'tomcat.conf' instance file - util.file.delete(master['pki_target_tomcat_conf_instance_id']) + deployer.file.delete(deployer.master_dict['pki_target_tomcat_conf_instance_id']) # remove Tomcat instance registry - util.directory.delete(master['pki_instance_registry_path']) + deployer.directory.delete(deployer.master_dict['pki_instance_registry_path']) # remove Tomcat PKI registry (if empty) - if util.instance.tomcat_instances() == 0: - util.directory.delete( - master['pki_instance_type_registry_path']) + if deployer.instance.tomcat_instances() == 0: + deployer.directory.delete( + deployer.master_dict['pki_instance_type_registry_path']) return self.rv diff --git a/base/server/src/scriptlets/security_databases.py b/base/server/src/scriptlets/security_databases.py index 029b8ebef..d18e2151b 100644 --- a/base/server/src/scriptlets/security_databases.py +++ b/base/server/src/scriptlets/security_databases.py @@ -21,8 +21,6 @@ # PKI Deployment Imports import pkiconfig as config -from pkiconfig import pki_master_dict as master -import pkihelper as util import pkimessages as log import pkiscriptlet @@ -31,84 +29,86 @@ import pkiscriptlet class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 - def spawn(self): - if config.str2bool(master['pki_skip_installation']): + def spawn(self, deployer): + + if config.str2bool(deployer.master_dict['pki_skip_installation']): config.pki_log.info(log.SKIP_SECURITY_DATABASES_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) return self.rv config.pki_log.info(log.SECURITY_DATABASES_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - util.password.create_password_conf( - master['pki_shared_password_conf'], - master['pki_pin']) + deployer.password.create_password_conf( + deployer.master_dict['pki_shared_password_conf'], + deployer.master_dict['pki_pin']) # Since 'certutil' does NOT strip the 'token=' portion of # the 'token=password' entries, create a temporary server 'pfile' # which ONLY contains the 'password' for the purposes of # allowing 'certutil' to generate the security databases - util.password.create_password_conf( - master['pki_shared_pfile'], - master['pki_pin'], pin_sans_token=True) - util.file.modify(master['pki_shared_password_conf']) - util.certutil.create_security_databases( - master['pki_database_path'], - master['pki_cert_database'], - master['pki_key_database'], - master['pki_secmod_database'], - password_file=master['pki_shared_pfile']) - util.file.modify(master['pki_cert_database'], perms=\ + deployer.password.create_password_conf( + deployer.master_dict['pki_shared_pfile'], + deployer.master_dict['pki_pin'], pin_sans_token=True) + deployer.file.modify(deployer.master_dict['pki_shared_password_conf']) + deployer.certutil.create_security_databases( + deployer.master_dict['pki_database_path'], + deployer.master_dict['pki_cert_database'], + deployer.master_dict['pki_key_database'], + deployer.master_dict['pki_secmod_database'], + password_file=deployer.master_dict['pki_shared_pfile']) + deployer.file.modify(deployer.master_dict['pki_cert_database'], perms=\ config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) - util.file.modify(master['pki_key_database'], perms=\ + deployer.file.modify(deployer.master_dict['pki_key_database'], perms=\ config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) - util.file.modify(master['pki_secmod_database'], perms=\ + deployer.file.modify(deployer.master_dict['pki_secmod_database'], perms=\ config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) - if len(util.instance.tomcat_instance_subsystems()) < 2: + if len(deployer.instance.tomcat_instance_subsystems()) < 2: # only create a self signed cert for a new instance - rv = util.certutil.verify_certificate_exists( - master['pki_database_path'], - master['pki_cert_database'], - master['pki_key_database'], - master['pki_secmod_database'], - master['pki_self_signed_token'], - master['pki_self_signed_nickname'], - password_file=master['pki_shared_pfile']) + rv = deployer.certutil.verify_certificate_exists( + deployer.master_dict['pki_database_path'], + deployer.master_dict['pki_cert_database'], + deployer.master_dict['pki_key_database'], + deployer.master_dict['pki_secmod_database'], + deployer.master_dict['pki_self_signed_token'], + deployer.master_dict['pki_self_signed_nickname'], + password_file=deployer.master_dict['pki_shared_pfile']) if not rv: - util.file.generate_noise_file( - master['pki_self_signed_noise_file'], - master['pki_self_signed_noise_bytes']) - util.certutil.generate_self_signed_certificate( - master['pki_database_path'], - master['pki_cert_database'], - master['pki_key_database'], - master['pki_secmod_database'], - master['pki_self_signed_token'], - master['pki_self_signed_nickname'], - master['pki_self_signed_subject'], - master['pki_self_signed_serial_number'], - master['pki_self_signed_validity_period'], - master['pki_self_signed_issuer_name'], - master['pki_self_signed_trustargs'], - master['pki_self_signed_noise_file'], - password_file=master['pki_shared_pfile']) + deployer.file.generate_noise_file( + deployer.master_dict['pki_self_signed_noise_file'], + deployer.master_dict['pki_self_signed_noise_bytes']) + deployer.certutil.generate_self_signed_certificate( + deployer.master_dict['pki_database_path'], + deployer.master_dict['pki_cert_database'], + deployer.master_dict['pki_key_database'], + deployer.master_dict['pki_secmod_database'], + deployer.master_dict['pki_self_signed_token'], + deployer.master_dict['pki_self_signed_nickname'], + deployer.master_dict['pki_self_signed_subject'], + deployer.master_dict['pki_self_signed_serial_number'], + deployer.master_dict['pki_self_signed_validity_period'], + deployer.master_dict['pki_self_signed_issuer_name'], + deployer.master_dict['pki_self_signed_trustargs'], + deployer.master_dict['pki_self_signed_noise_file'], + password_file=deployer.master_dict['pki_shared_pfile']) # Delete the temporary 'noise' file - util.file.delete(master['pki_self_signed_noise_file']) + deployer.file.delete(deployer.master_dict['pki_self_signed_noise_file']) # Delete the temporary 'pfile' - util.file.delete(master['pki_shared_pfile']) + deployer.file.delete(deployer.master_dict['pki_shared_pfile']) return self.rv - def destroy(self): + def destroy(self, deployer): + config.pki_log.info(log.SECURITY_DATABASES_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ - util.instance.apache_instance_subsystems() == 0: - util.file.delete(master['pki_cert_database']) - util.file.delete(master['pki_key_database']) - util.file.delete(master['pki_secmod_database']) - util.file.delete(master['pki_shared_password_conf']) - elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ - len(util.instance.tomcat_instance_subsystems()) == 0: - util.file.delete(master['pki_cert_database']) - util.file.delete(master['pki_key_database']) - util.file.delete(master['pki_secmod_database']) - util.file.delete(master['pki_shared_password_conf']) + if deployer.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ + deployer.instance.apache_instance_subsystems() == 0: + deployer.file.delete(deployer.master_dict['pki_cert_database']) + deployer.file.delete(deployer.master_dict['pki_key_database']) + deployer.file.delete(deployer.master_dict['pki_secmod_database']) + deployer.file.delete(deployer.master_dict['pki_shared_password_conf']) + elif deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ + len(deployer.instance.tomcat_instance_subsystems()) == 0: + deployer.file.delete(deployer.master_dict['pki_cert_database']) + deployer.file.delete(deployer.master_dict['pki_key_database']) + deployer.file.delete(deployer.master_dict['pki_secmod_database']) + deployer.file.delete(deployer.master_dict['pki_shared_password_conf']) return self.rv diff --git a/base/server/src/scriptlets/selinux_setup.py b/base/server/src/scriptlets/selinux_setup.py index 684a4ce2a..528a6c55a 100644 --- a/base/server/src/scriptlets/selinux_setup.py +++ b/base/server/src/scriptlets/selinux_setup.py @@ -21,9 +21,7 @@ # PKI Deployment Imports import pkiconfig as config -from pkiconfig import pki_master_dict as master from pkiconfig import pki_selinux_config_ports as ports -import pkihelper as util import pkimessages as log import pkiscriptlet import selinux @@ -37,14 +35,15 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 suffix = "(/.*)?" - def restore_context(self): - selinux.restorecon(master['pki_instance_path'], True) + def restore_context(self, master_dict): + selinux.restorecon(master_dict['pki_instance_path'], True) selinux.restorecon(config.PKI_DEPLOYMENT_LOG_ROOT, True) - selinux.restorecon(master['pki_instance_log_path'], True) - selinux.restorecon(master['pki_instance_configuration_path'], True) + selinux.restorecon(master_dict['pki_instance_log_path'], True) + selinux.restorecon(master_dict['pki_instance_configuration_path'], True) - def spawn(self): - if config.str2bool(master['pki_skip_installation']): + def spawn(self, deployer): + + if config.str2bool(deployer.master_dict['pki_skip_installation']): config.pki_log.info(log.SKIP_SELINUX_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) return self.rv @@ -62,46 +61,46 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): while True: try: # check first if any transactions are required - if len(ports) == 0 and master['pki_instance_name'] == \ + if len(ports) == 0 and deployer.master_dict['pki_instance_name'] == \ config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: - self.restore_context() + self.restore_context(master) return self.rv # add SELinux contexts when adding the first subsystem - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ - util.instance.apache_instance_subsystems() == 1 or\ - master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ - len(util.instance.tomcat_instance_subsystems()) == 1: + if deployer.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ + deployer.instance.apache_instance_subsystems() == 1 or\ + deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ + len(deployer.instance.tomcat_instance_subsystems()) == 1: trans = seobject.semanageRecords("targeted") trans.start() - if master['pki_instance_name'] != \ + if deployer.master_dict['pki_instance_name'] != \ config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: fcon = seobject.fcontextRecords() config.pki_log.info("adding selinux fcontext \"%s\"", - master['pki_instance_path'] + self.suffix, + deployer.master_dict['pki_instance_path'] + self.suffix, extra=config.PKI_INDENTATION_LEVEL_2) - fcon.add(master['pki_instance_path'] + self.suffix, + fcon.add(deployer.master_dict['pki_instance_path'] + self.suffix, config.PKI_INSTANCE_SELINUX_CONTEXT, "", "s0", "") config.pki_log.info("adding selinux fcontext \"%s\"", - master['pki_instance_log_path'] + self.suffix, + deployer.master_dict['pki_instance_log_path'] + self.suffix, extra=config.PKI_INDENTATION_LEVEL_2) - fcon.add(master['pki_instance_log_path'] + self.suffix, + fcon.add(deployer.master_dict['pki_instance_log_path'] + self.suffix, config.PKI_LOG_SELINUX_CONTEXT, "", "s0", "") config.pki_log.info("adding selinux fcontext \"%s\"", - master['pki_instance_configuration_path'] + self.suffix, + deployer.master_dict['pki_instance_configuration_path'] + self.suffix, extra=config.PKI_INDENTATION_LEVEL_2) - fcon.add(master['pki_instance_configuration_path'] + self.suffix, + fcon.add(deployer.master_dict['pki_instance_configuration_path'] + self.suffix, config.PKI_CFG_SELINUX_CONTEXT, "", "s0", "") config.pki_log.info("adding selinux fcontext \"%s\"", - master['pki_database_path'] + self.suffix, + deployer.master_dict['pki_database_path'] + self.suffix, extra=config.PKI_INDENTATION_LEVEL_2) - fcon.add(master['pki_database_path'] + self.suffix, + fcon.add(deployer.master_dict['pki_database_path'] + self.suffix, config.PKI_CERTDB_SELINUX_CONTEXT, "", "s0", "") portRecords = seobject.portRecords() @@ -112,7 +111,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): trans.finish() - self.restore_context() + self.restore_context(deployer.master_dict) break except ValueError as e: error_message = str(e) @@ -128,7 +127,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): return self.rv - def destroy(self): + def destroy(self, deployer): + if not bool(selinux.is_selinux_enabled()): config.pki_log.info(log.SELINUX_DISABLED_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) @@ -137,7 +137,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): extra=config.PKI_INDENTATION_LEVEL_1) # check first if any transactions are required - if len(ports) == 0 and master['pki_instance_name'] == \ + if len(ports) == 0 and deployer.master_dict['pki_instance_name'] == \ config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: return self.rv # A maximum of 10 tries to delete the SELinux contexts @@ -146,39 +146,39 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): while True: try: # remove SELinux contexts when removing the last subsystem - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ - util.instance.apache_instance_subsystems() == 0 or\ - master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ - len(util.instance.tomcat_instance_subsystems()) == 0: + if deployer.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ + deployer.instance.apache_instance_subsystems() == 0 or\ + deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ + len(deployer.instance.tomcat_instance_subsystems()) == 0: trans = seobject.semanageRecords("targeted") trans.start() - if master['pki_instance_name'] != \ + if deployer.master_dict['pki_instance_name'] != \ config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: fcon = seobject.fcontextRecords() config.pki_log.info("deleting selinux fcontext \"%s\"", - master['pki_instance_path'] + self.suffix, + deployer.master_dict['pki_instance_path'] + self.suffix, extra=config.PKI_INDENTATION_LEVEL_2) - fcon.delete(master['pki_instance_path'] + self.suffix , "") + fcon.delete(deployer.master_dict['pki_instance_path'] + self.suffix , "") config.pki_log.info("deleting selinux fcontext \"%s\"", - master['pki_instance_log_path'] + self.suffix, + deployer.master_dict['pki_instance_log_path'] + self.suffix, extra=config.PKI_INDENTATION_LEVEL_2) - fcon.delete(master['pki_instance_log_path'] + self.suffix, "") + fcon.delete(deployer.master_dict['pki_instance_log_path'] + self.suffix, "") config.pki_log.info("deleting selinux fcontext \"%s\"", - master['pki_instance_configuration_path'] + self.suffix, + deployer.master_dict['pki_instance_configuration_path'] + self.suffix, extra=config.PKI_INDENTATION_LEVEL_2) - fcon.delete(master['pki_instance_configuration_path'] + \ + fcon.delete(deployer.master_dict['pki_instance_configuration_path'] + \ self.suffix, "") config.pki_log.info("deleting selinux fcontext \"%s\"", - master['pki_database_path'] + self.suffix, + deployer.master_dict['pki_database_path'] + self.suffix, extra=config.PKI_INDENTATION_LEVEL_2) - fcon.delete(master['pki_database_path'] + self.suffix , "") + fcon.delete(deployer.master_dict['pki_database_path'] + self.suffix , "") portRecords = seobject.portRecords() for port in ports: diff --git a/base/server/src/scriptlets/slot_substitution.py b/base/server/src/scriptlets/slot_substitution.py index 7904762cc..a4c90908c 100644 --- a/base/server/src/scriptlets/slot_substitution.py +++ b/base/server/src/scriptlets/slot_substitution.py @@ -21,9 +21,6 @@ # PKI Deployment Imports import pkiconfig as config -from pkiconfig import pki_master_dict as master -from pkiconfig import pki_slots_dict as slots -import pkihelper as util import pkimessages as log import pkiscriptlet @@ -32,65 +29,66 @@ import pkiscriptlet class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 - def spawn(self): - if config.str2bool(master['pki_skip_installation']): + def spawn(self, deployer): + + if config.str2bool(deployer.master_dict['pki_skip_installation']): config.pki_log.info(log.SKIP_SLOT_ASSIGNMENT_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) return self.rv config.pki_log.info(log.SLOT_ASSIGNMENT_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - util.file.copy_with_slot_substitution(master['pki_source_cs_cfg'], - master['pki_target_cs_cfg']) - util.file.copy_with_slot_substitution(master['pki_source_registry'], - master['pki_target_registry'], - uid=0, gid=0, overwrite_flag=True) - if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: - util.file.copy_with_slot_substitution( - master['pki_source_catalina_properties'], - master['pki_target_catalina_properties'], + deployer.file.copy_with_slot_substitution(deployer.master_dict['pki_source_cs_cfg'], + deployer.master_dict['pki_target_cs_cfg']) + deployer.file.copy_with_slot_substitution(deployer.master_dict['pki_source_registry'], + deployer.master_dict['pki_target_registry'], + uid=0, gid=0, overwrite_flag=True) + if deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + deployer.file.copy_with_slot_substitution( + deployer.master_dict['pki_source_catalina_properties'], + deployer.master_dict['pki_target_catalina_properties'], overwrite_flag=True) - util.file.copy_with_slot_substitution( - master['pki_source_servercertnick_conf'], - master['pki_target_servercertnick_conf'], + deployer.file.copy_with_slot_substitution( + deployer.master_dict['pki_source_servercertnick_conf'], + deployer.master_dict['pki_target_servercertnick_conf'], overwrite_flag=True) - util.file.copy_with_slot_substitution( - master['pki_source_server_xml'], - master['pki_target_server_xml'], + deployer.file.copy_with_slot_substitution( + deployer.master_dict['pki_source_server_xml'], + deployer.master_dict['pki_target_server_xml'], overwrite_flag=True) - util.file.copy_with_slot_substitution( - master['pki_source_context_xml'], - master['pki_target_context_xml'], + deployer.file.copy_with_slot_substitution( + deployer.master_dict['pki_source_context_xml'], + deployer.master_dict['pki_target_context_xml'], overwrite_flag=True) - util.file.copy_with_slot_substitution( - master['pki_source_tomcat_conf'], - master['pki_target_tomcat_conf_instance_id'], + deployer.file.copy_with_slot_substitution( + deployer.master_dict['pki_source_tomcat_conf'], + deployer.master_dict['pki_target_tomcat_conf_instance_id'], uid=0, gid=0, overwrite_flag=True) - util.file.copy_with_slot_substitution( - master['pki_source_tomcat_conf'], - master['pki_target_tomcat_conf'], + deployer.file.copy_with_slot_substitution( + deployer.master_dict['pki_source_tomcat_conf'], + deployer.master_dict['pki_target_tomcat_conf'], overwrite_flag=True) - util.file.apply_slot_substitution( - master['pki_target_velocity_properties']) - util.file.apply_slot_substitution( - master['pki_target_subsystem_web_xml']) + deployer.file.apply_slot_substitution( + deployer.master_dict['pki_target_velocity_properties']) + deployer.file.apply_slot_substitution( + deployer.master_dict['pki_target_subsystem_web_xml']) # Strip "<filter>" section from subsystem "web.xml" # This is ONLY necessary because XML comments cannot be "nested"! - #util.file.copy(master['pki_target_subsystem_web_xml'], - # master['pki_target_subsystem_web_xml_orig']) - #util.file.delete(master['pki_target_subsystem_web_xml']) + #deployer.file.copy(deployer.master_dict['pki_target_subsystem_web_xml'], + # deployer.master_dict['pki_target_subsystem_web_xml_orig']) + #deployer.file.delete(deployer.master_dict['pki_target_subsystem_web_xml']) #util.xml_file.remove_filter_section_from_web_xml( - # master['pki_target_subsystem_web_xml_orig'], - # master['pki_target_subsystem_web_xml']) - #util.file.delete(master['pki_target_subsystem_web_xml_orig']) - if master['pki_subsystem'] == "CA": - util.file.copy_with_slot_substitution( - master['pki_source_proxy_conf'], - master['pki_target_proxy_conf']) - util.file.apply_slot_substitution( - master['pki_target_profileselect_template']) + # deployer.master_dict['pki_target_subsystem_web_xml_orig'], + # deployer.master_dict['pki_target_subsystem_web_xml']) + #deployer.file.delete(deployer.master_dict['pki_target_subsystem_web_xml_orig']) + if deployer.master_dict['pki_subsystem'] == "CA": + deployer.file.copy_with_slot_substitution( + deployer.master_dict['pki_source_proxy_conf'], + deployer.master_dict['pki_target_proxy_conf']) + deployer.file.apply_slot_substitution( + deployer.master_dict['pki_target_profileselect_template']) return self.rv - def destroy(self): + def destroy(self, deployer): config.pki_log.info(log.SLOT_ASSIGNMENT_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) config.pki_log.info("NOTHING NEEDS TO BE IMPLEMENTED", diff --git a/base/server/src/scriptlets/subsystem_layout.py b/base/server/src/scriptlets/subsystem_layout.py index f340ead49..8e4841776 100644 --- a/base/server/src/scriptlets/subsystem_layout.py +++ b/base/server/src/scriptlets/subsystem_layout.py @@ -21,8 +21,6 @@ # PKI Deployment Imports import pkiconfig as config -from pkiconfig import pki_master_dict as master -import pkihelper as util import pkimessages as log import pkiscriptlet @@ -31,91 +29,93 @@ import pkiscriptlet class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 - def spawn(self): - if config.str2bool(master['pki_skip_installation']): + def spawn(self, deployer): + + if config.str2bool(deployer.master_dict['pki_skip_installation']): config.pki_log.info(log.SKIP_SUBSYSTEM_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) return self.rv config.pki_log.info(log.SUBSYSTEM_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) # establish instance-based subsystem logs - util.directory.create(master['pki_subsystem_log_path']) - util.directory.create(master['pki_subsystem_archive_log_path']) - if master['pki_subsystem'] in config.PKI_SIGNED_AUDIT_SUBSYSTEMS: - util.directory.create(master['pki_subsystem_signed_audit_log_path']) + deployer.directory.create(deployer.master_dict['pki_subsystem_log_path']) + deployer.directory.create(deployer.master_dict['pki_subsystem_archive_log_path']) + if deployer.master_dict['pki_subsystem'] in config.PKI_SIGNED_AUDIT_SUBSYSTEMS: + deployer.directory.create(deployer.master_dict['pki_subsystem_signed_audit_log_path']) # establish instance-based subsystem configuration - util.directory.create(master['pki_subsystem_configuration_path']) - # util.directory.copy(master['pki_source_conf_path'], - # master['pki_subsystem_configuration_path']) + deployer.directory.create(deployer.master_dict['pki_subsystem_configuration_path']) + # deployer.directory.copy(deployer.master_dict['pki_source_conf_path'], + # deployer.master_dict['pki_subsystem_configuration_path']) # establish instance-based Apache/Tomcat specific subsystems - if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + if deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: # establish instance-based Tomcat PKI subsystem base - if master['pki_subsystem'] == "CA": - util.directory.copy(master['pki_source_emails'], - master['pki_subsystem_emails_path']) - util.directory.copy(master['pki_source_profiles'], - master['pki_subsystem_profiles_path']) + if deployer.master_dict['pki_subsystem'] == "CA": + deployer.directory.copy(deployer.master_dict['pki_source_emails'], + deployer.master_dict['pki_subsystem_emails_path']) + deployer.directory.copy(deployer.master_dict['pki_source_profiles'], + deployer.master_dict['pki_subsystem_profiles_path']) # establish instance-based Tomcat PKI subsystem logs # establish instance-based Tomcat PKI subsystem configuration - if master['pki_subsystem'] == "CA": - util.file.copy(master['pki_source_flatfile_txt'], - master['pki_target_flatfile_txt']) - util.file.copy(master['pki_source_registry_cfg'], - master['pki_target_registry_cfg']) + if deployer.master_dict['pki_subsystem'] == "CA": + deployer.file.copy(deployer.master_dict['pki_source_flatfile_txt'], + deployer.master_dict['pki_target_flatfile_txt']) + deployer.file.copy(deployer.master_dict['pki_source_registry_cfg'], + deployer.master_dict['pki_target_registry_cfg']) # '*.profile' - util.file.copy(master['pki_source_admincert_profile'], - master['pki_target_admincert_profile']) - util.file.copy(master['pki_source_caauditsigningcert_profile'], - master['pki_target_caauditsigningcert_profile']) - util.file.copy(master['pki_source_cacert_profile'], - master['pki_target_cacert_profile']) - util.file.copy(master['pki_source_caocspcert_profile'], - master['pki_target_caocspcert_profile']) - util.file.copy(master['pki_source_servercert_profile'], - master['pki_target_servercert_profile']) - util.file.copy(master['pki_source_subsystemcert_profile'], - master['pki_target_subsystemcert_profile']) - elif master['pki_subsystem'] == "KRA": + deployer.file.copy(deployer.master_dict['pki_source_admincert_profile'], + deployer.master_dict['pki_target_admincert_profile']) + deployer.file.copy(deployer.master_dict['pki_source_caauditsigningcert_profile'], + deployer.master_dict['pki_target_caauditsigningcert_profile']) + deployer.file.copy(deployer.master_dict['pki_source_cacert_profile'], + deployer.master_dict['pki_target_cacert_profile']) + deployer.file.copy(deployer.master_dict['pki_source_caocspcert_profile'], + deployer.master_dict['pki_target_caocspcert_profile']) + deployer.file.copy(deployer.master_dict['pki_source_servercert_profile'], + deployer.master_dict['pki_target_servercert_profile']) + deployer.file.copy(deployer.master_dict['pki_source_subsystemcert_profile'], + deployer.master_dict['pki_target_subsystemcert_profile']) + elif deployer.master_dict['pki_subsystem'] == "KRA": # '*.profile' - util.file.copy(master['pki_source_servercert_profile'], - master['pki_target_servercert_profile']) - util.file.copy(master['pki_source_storagecert_profile'], - master['pki_target_storagecert_profile']) - util.file.copy(master['pki_source_subsystemcert_profile'], - master['pki_target_subsystemcert_profile']) - util.file.copy(master['pki_source_transportcert_profile'], - master['pki_target_transportcert_profile']) + deployer.file.copy(deployer.master_dict['pki_source_servercert_profile'], + deployer.master_dict['pki_target_servercert_profile']) + deployer.file.copy(deployer.master_dict['pki_source_storagecert_profile'], + deployer.master_dict['pki_target_storagecert_profile']) + deployer.file.copy(deployer.master_dict['pki_source_subsystemcert_profile'], + deployer.master_dict['pki_target_subsystemcert_profile']) + deployer.file.copy(deployer.master_dict['pki_source_transportcert_profile'], + deployer.master_dict['pki_target_transportcert_profile']) # establish instance-based Tomcat PKI subsystem registry # establish instance-based Tomcat PKI subsystem convenience # symbolic links - util.symlink.create(master['pki_tomcat_webapps_path'], - master['pki_subsystem_tomcat_webapps_link']) + deployer.symlink.create(deployer.master_dict['pki_tomcat_webapps_path'], + deployer.master_dict['pki_subsystem_tomcat_webapps_link']) # establish instance-based subsystem convenience symbolic links - util.symlink.create(master['pki_instance_database_link'], - master['pki_subsystem_database_link']) - util.symlink.create(master['pki_subsystem_configuration_path'], - master['pki_subsystem_conf_link']) - util.symlink.create(master['pki_subsystem_log_path'], - master['pki_subsystem_logs_link']) - util.symlink.create(master['pki_instance_registry_path'], - master['pki_subsystem_registry_link']) + deployer.symlink.create(deployer.master_dict['pki_instance_database_link'], + deployer.master_dict['pki_subsystem_database_link']) + deployer.symlink.create(deployer.master_dict['pki_subsystem_configuration_path'], + deployer.master_dict['pki_subsystem_conf_link']) + deployer.symlink.create(deployer.master_dict['pki_subsystem_log_path'], + deployer.master_dict['pki_subsystem_logs_link']) + deployer.symlink.create(deployer.master_dict['pki_instance_registry_path'], + deployer.master_dict['pki_subsystem_registry_link']) return self.rv - def destroy(self): + def destroy(self, deployer): + config.pki_log.info(log.SUBSYSTEM_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) # remove instance-based subsystem base - if master['pki_subsystem'] == "CA": - util.directory.delete(master['pki_subsystem_emails_path']) - util.directory.delete(master['pki_subsystem_profiles_path']) - util.directory.delete(master['pki_subsystem_path']) + if deployer.master_dict['pki_subsystem'] == "CA": + deployer.directory.delete(deployer.master_dict['pki_subsystem_emails_path']) + deployer.directory.delete(deployer.master_dict['pki_subsystem_profiles_path']) + deployer.directory.delete(deployer.master_dict['pki_subsystem_path']) # remove instance-based subsystem logs - if master['pki_subsystem'] in config.PKI_SIGNED_AUDIT_SUBSYSTEMS: - util.directory.delete(master['pki_subsystem_signed_audit_log_path']) - util.directory.delete(master['pki_subsystem_archive_log_path']) - util.directory.delete(master['pki_subsystem_log_path']) + if deployer.master_dict['pki_subsystem'] in config.PKI_SIGNED_AUDIT_SUBSYSTEMS: + deployer.directory.delete(deployer.master_dict['pki_subsystem_signed_audit_log_path']) + deployer.directory.delete(deployer.master_dict['pki_subsystem_archive_log_path']) + deployer.directory.delete(deployer.master_dict['pki_subsystem_log_path']) # remove instance-based subsystem configuration - util.directory.delete(master['pki_subsystem_configuration_path']) + deployer.directory.delete(deployer.master_dict['pki_subsystem_configuration_path']) # remove instance-based subsystem registry - util.directory.delete(master['pki_subsystem_registry_path']) + deployer.directory.delete(deployer.master_dict['pki_subsystem_registry_path']) return self.rv diff --git a/base/server/src/scriptlets/webapp_deployment.py b/base/server/src/scriptlets/webapp_deployment.py index aa52009fb..bd8de9a15 100644 --- a/base/server/src/scriptlets/webapp_deployment.py +++ b/base/server/src/scriptlets/webapp_deployment.py @@ -25,8 +25,6 @@ import os # PKI Deployment Imports import pkiconfig as config -from pkiconfig import pki_master_dict as master -import pkihelper as util import pkimessages as log import pkiscriptlet @@ -35,9 +33,10 @@ import pkiscriptlet class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 - def spawn(self): - if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: - if config.str2bool(master['pki_skip_installation']): + def spawn(self, deployer): + + if deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + if config.str2bool(deployer.master_dict['pki_skip_installation']): config.pki_log.info(log.SKIP_WEBAPP_DEPLOYMENT_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) @@ -47,30 +46,30 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # Copy /usr/share/pki/server/webapps/ROOT # to <instance>/webapps/ROOT - util.directory.create(master['pki_tomcat_webapps_root_path']) - util.directory.copy( + deployer.directory.create(deployer.master_dict['pki_tomcat_webapps_root_path']) + deployer.directory.copy( os.path.join( config.PKI_DEPLOYMENT_SOURCE_ROOT, "server", "webapps", "ROOT"), - master['pki_tomcat_webapps_root_path'], + deployer.master_dict['pki_tomcat_webapps_root_path'], overwrite_flag=True) - util.directory.create(master['pki_tomcat_webapps_common_path']) + deployer.directory.create(deployer.master_dict['pki_tomcat_webapps_common_path']) # If desired and available, # copy selected server theme # to <instance>/webapps/pki - if config.str2bool(master['pki_theme_enable']) and\ - os.path.exists(master['pki_theme_server_dir']): - util.directory.copy(master['pki_theme_server_dir'], - master['pki_tomcat_webapps_common_path'], + if config.str2bool(deployer.master_dict['pki_theme_enable']) and\ + os.path.exists(deployer.master_dict['pki_theme_server_dir']): + deployer.directory.copy(deployer.master_dict['pki_theme_server_dir'], + deployer.master_dict['pki_tomcat_webapps_common_path'], overwrite_flag=True) # Copy /usr/share/pki/server/webapps/pki/js # to <instance>/webapps/pki/js - util.directory.copy( + deployer.directory.copy( os.path.join( config.PKI_DEPLOYMENT_SOURCE_ROOT, "server", @@ -78,13 +77,13 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): "pki", "js"), os.path.join( - master['pki_tomcat_webapps_common_path'], + deployer.master_dict['pki_tomcat_webapps_common_path'], "js"), overwrite_flag=True) # Copy /usr/share/pki/server/webapps/pki/META-INF # to <instance>/webapps/pki/META-INF - util.directory.copy( + deployer.directory.copy( os.path.join( config.PKI_DEPLOYMENT_SOURCE_ROOT, "server", @@ -92,15 +91,15 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): "pki", "META-INF"), os.path.join( - master['pki_tomcat_webapps_common_path'], + deployer.master_dict['pki_tomcat_webapps_common_path'], "META-INF"), overwrite_flag=True) # Copy /usr/share/pki/server/webapps/pki/admin # to <instance>/webapps/<subsystem>/admin # TODO: common templates should be deployed in common webapp - util.directory.create(master['pki_tomcat_webapps_subsystem_path']) - util.directory.copy( + deployer.directory.create(deployer.master_dict['pki_tomcat_webapps_subsystem_path']) + deployer.directory.copy( os.path.join( config.PKI_DEPLOYMENT_SOURCE_ROOT, "server", @@ -108,60 +107,60 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): "pki", "admin"), os.path.join( - master['pki_tomcat_webapps_subsystem_path'], + deployer.master_dict['pki_tomcat_webapps_subsystem_path'], "admin"), overwrite_flag=True) # Copy /usr/share/pki/<subsystem>/webapps/<subsystem> # to <instance>/webapps/<subsystem> - util.directory.copy( + deployer.directory.copy( os.path.join( config.PKI_DEPLOYMENT_SOURCE_ROOT, - master['pki_subsystem'].lower(), + deployer.master_dict['pki_subsystem'].lower(), "webapps", - master['pki_subsystem'].lower()), - master['pki_tomcat_webapps_subsystem_path'], + deployer.master_dict['pki_subsystem'].lower()), + deployer.master_dict['pki_tomcat_webapps_subsystem_path'], overwrite_flag=True) - util.directory.create( - master['pki_tomcat_webapps_subsystem_webinf_classes_path']) - util.directory.create( - master['pki_tomcat_webapps_subsystem_webinf_lib_path']) + deployer.directory.create( + deployer.master_dict['pki_tomcat_webapps_subsystem_webinf_classes_path']) + deployer.directory.create( + deployer.master_dict['pki_tomcat_webapps_subsystem_webinf_lib_path']) # establish Tomcat webapps subsystem WEB-INF lib symbolic links - util.symlink.create(master['pki_certsrv_jar'], - master['pki_certsrv_jar_link']) - util.symlink.create(master['pki_cmsbundle'], - master['pki_cmsbundle_jar_link']) - util.symlink.create(master['pki_cmscore'], - master['pki_cmscore_jar_link']) - util.symlink.create(master['pki_cms'], - master['pki_cms_jar_link']) - util.symlink.create(master['pki_cmsutil'], - master['pki_cmsutil_jar_link']) - util.symlink.create(master['pki_nsutil'], - master['pki_nsutil_jar_link']) - if master['pki_subsystem'] == "CA": - util.symlink.create(master['pki_ca_jar'], - master['pki_ca_jar_link']) - elif master['pki_subsystem'] == "KRA": - util.symlink.create(master['pki_kra_jar'], - master['pki_kra_jar_link']) - elif master['pki_subsystem'] == "OCSP": - util.symlink.create(master['pki_ocsp_jar'], - master['pki_ocsp_jar_link']) - elif master['pki_subsystem'] == "TKS": - util.symlink.create(master['pki_tks_jar'], - master['pki_tks_jar_link']) - elif master['pki_subsystem'] == "TPS": - util.symlink.create(master['pki_tps_jar'], - master['pki_tps_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_certsrv_jar'], + deployer.master_dict['pki_certsrv_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_cmsbundle'], + deployer.master_dict['pki_cmsbundle_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_cmscore'], + deployer.master_dict['pki_cmscore_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_cms'], + deployer.master_dict['pki_cms_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_cmsutil'], + deployer.master_dict['pki_cmsutil_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_nsutil'], + deployer.master_dict['pki_nsutil_jar_link']) + if deployer.master_dict['pki_subsystem'] == "CA": + deployer.symlink.create(deployer.master_dict['pki_ca_jar'], + deployer.master_dict['pki_ca_jar_link']) + elif deployer.master_dict['pki_subsystem'] == "KRA": + deployer.symlink.create(deployer.master_dict['pki_kra_jar'], + deployer.master_dict['pki_kra_jar_link']) + elif deployer.master_dict['pki_subsystem'] == "OCSP": + deployer.symlink.create(deployer.master_dict['pki_ocsp_jar'], + deployer.master_dict['pki_ocsp_jar_link']) + elif deployer.master_dict['pki_subsystem'] == "TKS": + deployer.symlink.create(deployer.master_dict['pki_tks_jar'], + deployer.master_dict['pki_tks_jar_link']) + elif deployer.master_dict['pki_subsystem'] == "TPS": + deployer.symlink.create(deployer.master_dict['pki_tps_jar'], + deployer.master_dict['pki_tps_jar_link']) # set ownerships, permissions, and acls - util.directory.set_mode(master['pki_tomcat_webapps_subsystem_path']) + deployer.directory.set_mode(deployer.master_dict['pki_tomcat_webapps_subsystem_path']) return self.rv - def destroy(self): - if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + def destroy(self, deployer): + if deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: config.pki_log.info(log.WEBAPP_DEPLOYMENT_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - util.directory.delete(master['pki_tomcat_webapps_subsystem_path']) + deployer.directory.delete(deployer.master_dict['pki_tomcat_webapps_subsystem_path']) return self.rv |