diff options
| author | Abhishek Koneru <akoneru@redhat.com> | 2013-06-20 16:25:40 -0400 |
|---|---|---|
| committer | Abhishek Koneru <akoneru@redhat.com> | 2013-06-27 08:08:06 -0400 |
| commit | 66c34cfbe1ca67c7ad7b5fddae26cd1b2d53e8c4 (patch) | |
| tree | b83d9d4d357e7c028f87e5224f1bbbfeea87f503 /base/server/src | |
| parent | 3e1d74f6ddf90e2499420add9bb9bfafa968722a (diff) | |
Code refactored for global variables and utility classes.
Added a new class PKIDeployer, whose object holds references to
global dictionaries for master and slots and also objects of
utility classes in pkihelper.py. This object once created in
pkispawn/pkidestroy will be passed on to the PKIScriptlets and
used. This also fixes few pylint related errors (E1120)
Ticket #316
Diffstat (limited to 'base/server/src')
| -rw-r--r-- | base/server/src/engine/pkiconfig.py | 5 | ||||
| -rw-r--r-- | base/server/src/engine/pkihelper.py | 1090 | ||||
| -rw-r--r-- | base/server/src/engine/pkiparser.py | 676 | ||||
| -rwxr-xr-x | base/server/src/pkidestroy | 12 | ||||
| -rwxr-xr-x | base/server/src/pkispawn | 53 | ||||
| -rw-r--r-- | base/server/src/scriptlets/configuration.py | 101 | ||||
| -rw-r--r-- | base/server/src/scriptlets/finalization.py | 66 | ||||
| -rw-r--r-- | base/server/src/scriptlets/infrastructure_layout.py | 60 | ||||
| -rw-r--r-- | base/server/src/scriptlets/initialization.py | 64 | ||||
| -rw-r--r-- | base/server/src/scriptlets/instance_layout.py | 217 | ||||
| -rw-r--r-- | base/server/src/scriptlets/security_databases.py | 122 | ||||
| -rw-r--r-- | base/server/src/scriptlets/selinux_setup.py | 78 | ||||
| -rw-r--r-- | base/server/src/scriptlets/slot_substitution.py | 90 | ||||
| -rw-r--r-- | base/server/src/scriptlets/subsystem_layout.py | 128 | ||||
| -rw-r--r-- | base/server/src/scriptlets/webapp_deployment.py | 117 |
15 files changed, 1471 insertions, 1408 deletions
diff --git a/base/server/src/engine/pkiconfig.py b/base/server/src/engine/pkiconfig.py index 6a86de087..10fcdc676 100644 --- a/base/server/src/engine/pkiconfig.py +++ b/base/server/src/engine/pkiconfig.py @@ -167,11 +167,6 @@ pki_log_name = None pki_log_level = None pki_console_log_level = None - -# PKI Deployment Global Dictionaries -pki_master_dict = {} -pki_slots_dict = None - # PKI Selinux Constants and parameters PKI_INSTANCE_SELINUX_CONTEXT = "pki_tomcat_var_lib_t" PKI_LOG_SELINUX_CONTEXT = "pki_tomcat_log_t" diff --git a/base/server/src/engine/pkihelper.py b/base/server/src/engine/pkihelper.py index bede35816..d90f76c16 100644 --- a/base/server/src/engine/pkihelper.py +++ b/base/server/src/engine/pkihelper.py @@ -48,8 +48,6 @@ if selinux.is_selinux_enabled(): # PKI Deployment Imports import pkiconfig as config -from pkiconfig import pki_master_dict as master -from pkiconfig import pki_slots_dict as slots from pkiconfig import pki_selinux_config_ports as ports import pkimanifest as manifest import pkimessages as log @@ -129,8 +127,12 @@ def pki_copytree(src, dst, symlinks = False, ignore = None): if errors: raise Error, errors -# PKI Deployment Identity Class -class identity: +class Identity: + """PKI Deployment Identity Class""" + + def __init__(self, deployer): + self.master_dict = deployer.master_dict + def __add_gid(self, pki_group): pki_gid = None try: @@ -263,7 +265,7 @@ class identity: def get_uid(self, critical_failure = True): try: - pki_uid = master['pki_uid'] + pki_uid = self.master_dict['pki_uid'] except KeyError as exc: config.pki_log.error(log.PKI_KEYERROR_1, exc, extra = config.PKI_INDENTATION_LEVEL_2) @@ -273,7 +275,7 @@ class identity: def get_gid(self, critical_failure = True): try: - pki_gid = master['pki_gid'] + pki_gid = self.master_dict['pki_gid'] except KeyError as exc: config.pki_log.error(log.PKI_KEYERROR_1, exc, extra = config.PKI_INDENTATION_LEVEL_2) @@ -287,7 +289,7 @@ class identity: extra = config.PKI_INDENTATION_LEVEL_2) # id -u <name> pki_uid = getpwnam(name)[2] - master['pki_uid'] = pki_uid + self.master_dict['pki_uid'] = pki_uid config.pki_log.debug(log.PKIHELPER_UID_2, name, pki_uid, extra = config.PKI_INDENTATION_LEVEL_3) except KeyError as exc: @@ -303,7 +305,7 @@ class identity: extra = config.PKI_INDENTATION_LEVEL_2) # id -g <name> pki_gid = getgrnam(name)[2] - master['pki_gid'] = pki_gid + self.master_dict['pki_gid'] = pki_gid config.pki_log.debug(log.PKIHELPER_GID_2, name, pki_gid, extra = config.PKI_INDENTATION_LEVEL_3) except KeyError as exc: @@ -313,272 +315,279 @@ class identity: raise return pki_gid +class Namespace: + """PKI Deployment Namespace Class""" -# PKI Deployment Namespace Class -class namespace: # Silently verify that the selected 'pki_instance_name' will # NOT produce any namespace collisions + def __init__(self, deployer): + self.master_dict = deployer.master_dict + def collision_detection(self): # Run simple checks for pre-existing namespace collisions - if os.path.exists(master['pki_instance_path']): - if os.path.exists(master['pki_subsystem_path']): + if os.path.exists(self.master_dict['pki_instance_path']): + if os.path.exists(self.master_dict['pki_subsystem_path']): # Top-Level PKI base path collision config.pki_log.error( log.PKIHELPER_NAMESPACE_COLLISION_2, - master['pki_instance_name'], - master['pki_instance_path'], + self.master_dict['pki_instance_name'], + self.master_dict['pki_instance_path'], extra = config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (master['pki_instance_name'], - master['pki_instance_path'])) + raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.master_dict['pki_instance_name'], + self.master_dict['pki_instance_path'])) else: - if os.path.exists(master['pki_target_tomcat_conf_instance_id']): + if os.path.exists(self.master_dict['pki_target_tomcat_conf_instance_id']): # Top-Level "/etc/sysconfig" path collision config.pki_log.error( log.PKIHELPER_NAMESPACE_COLLISION_2, - master['pki_instance_name'], - master['pki_target_tomcat_conf_instance_id'], + self.master_dict['pki_instance_name'], + self.master_dict['pki_target_tomcat_conf_instance_id'], extra = config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (master['pki_instance_name'], - master['pki_target_tomcat_conf_instance_id'])) - if os.path.exists(master['pki_cgroup_systemd_service']): + raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.master_dict['pki_instance_name'], + self.master_dict['pki_target_tomcat_conf_instance_id'])) + if os.path.exists(self.master_dict['pki_cgroup_systemd_service']): # Systemd cgroup path collision config.pki_log.error( log.PKIHELPER_NAMESPACE_COLLISION_2, - master['pki_instance_name'], - master['pki_cgroup_systemd_service_path'], + self.master_dict['pki_instance_name'], + self.master_dict['pki_cgroup_systemd_service_path'], extra = config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (master['pki_instance_name'], - master['pki_cgroup_systemd_service_path'])) - if os.path.exists(master['pki_cgroup_cpu_systemd_service']): + raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.master_dict['pki_instance_name'], + self.master_dict['pki_cgroup_systemd_service_path'])) + if os.path.exists(self.master_dict['pki_cgroup_cpu_systemd_service']): # Systemd cgroup CPU path collision config.pki_log.error( log.PKIHELPER_NAMESPACE_COLLISION_2, - master['pki_instance_name'], - master['pki_cgroup_cpu_systemd_service_path'], + self.master_dict['pki_instance_name'], + self.master_dict['pki_cgroup_cpu_systemd_service_path'], extra = config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (master['pki_instance_name'], - master['pki_cgroup_cpu_systemd_service_path'])) - if os.path.exists(master['pki_instance_log_path']) and\ - os.path.exists(master['pki_subsystem_log_path']): + raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.master_dict['pki_instance_name'], + self.master_dict['pki_cgroup_cpu_systemd_service_path'])) + if os.path.exists(self.master_dict['pki_instance_log_path']) and\ + os.path.exists(self.master_dict['pki_subsystem_log_path']): # Top-Level PKI log path collision config.pki_log.error( log.PKIHELPER_NAMESPACE_COLLISION_2, - master['pki_instance_name'], - master['pki_instance_log_path'], + self.master_dict['pki_instance_name'], + self.master_dict['pki_instance_log_path'], extra = config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (master['pki_instance_name'], - master['pki_instance_log_path'])) - if os.path.exists(master['pki_instance_configuration_path']) and\ - os.path.exists(master['pki_subsystem_configuration_path']): + raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.master_dict['pki_instance_name'], + self.master_dict['pki_instance_log_path'])) + if os.path.exists(self.master_dict['pki_instance_configuration_path']) and\ + os.path.exists(self.master_dict['pki_subsystem_configuration_path']): # Top-Level PKI configuration path collision config.pki_log.error( log.PKIHELPER_NAMESPACE_COLLISION_2, - master['pki_instance_name'], - master['pki_instance_configuration_path'], + self.master_dict['pki_instance_name'], + self.master_dict['pki_instance_configuration_path'], extra = config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (master['pki_instance_name'], - master['pki_instance_configuration_path'])) - if os.path.exists(master['pki_instance_registry_path']) and\ - os.path.exists(master['pki_subsystem_registry_path']): + raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.master_dict['pki_instance_name'], + self.master_dict['pki_instance_configuration_path'])) + if os.path.exists(self.master_dict['pki_instance_registry_path']) and\ + os.path.exists(self.master_dict['pki_subsystem_registry_path']): # Top-Level PKI registry path collision config.pki_log.error( log.PKIHELPER_NAMESPACE_COLLISION_2, - master['pki_instance_name'], - master['pki_instance_registry_path'], + self.master_dict['pki_instance_name'], + self.master_dict['pki_instance_registry_path'], extra = config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (master['pki_instance_name'], - master['pki_instance_registry_path'])) + raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.master_dict['pki_instance_name'], + self.master_dict['pki_instance_registry_path'])) # Run simple checks for reserved name namespace collisions - if master['pki_instance_name'] in config.PKI_BASE_RESERVED_NAMES: + if self.master_dict['pki_instance_name'] in config.PKI_BASE_RESERVED_NAMES: # Top-Level PKI base path reserved name collision config.pki_log.error( log.PKIHELPER_NAMESPACE_RESERVED_NAME_2, - master['pki_instance_name'], - master['pki_instance_path'], + self.master_dict['pki_instance_name'], + self.master_dict['pki_instance_path'], extra = config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (master['pki_instance_name'], - master['pki_instance_path'])) + raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (self.master_dict['pki_instance_name'], + self.master_dict['pki_instance_path'])) # No need to check for reserved name under Top-Level PKI log path - if master['pki_instance_name'] in config.PKI_CONFIGURATION_RESERVED_NAMES: + if self.master_dict['pki_instance_name'] in config.PKI_CONFIGURATION_RESERVED_NAMES: # Top-Level PKI configuration path reserved name collision config.pki_log.error( log.PKIHELPER_NAMESPACE_RESERVED_NAME_2, - master['pki_instance_name'], - master['pki_instance_configuration_path'], + self.master_dict['pki_instance_name'], + self.master_dict['pki_instance_configuration_path'], extra = config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (master['pki_instance_name'], - master['pki_instance_configuration_path'])) - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: + raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (self.master_dict['pki_instance_name'], + self.master_dict['pki_instance_configuration_path'])) + if self.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: # Top-Level Apache PKI registry path reserved name collision - if master['pki_instance_name'] in\ + if self.master_dict['pki_instance_name'] in\ config.PKI_APACHE_REGISTRY_RESERVED_NAMES: config.pki_log.error( log.PKIHELPER_NAMESPACE_RESERVED_NAME_2, - master['pki_instance_name'], - master['pki_instance_registry_path'], + self.master_dict['pki_instance_name'], + self.master_dict['pki_instance_registry_path'], extra = config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (master['pki_instance_name'], - master['pki_instance_registry_path'])) - elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (self.master_dict['pki_instance_name'], + self.master_dict['pki_instance_registry_path'])) + elif self.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: # Top-Level Tomcat PKI registry path reserved name collision - if master['pki_instance_name'] in\ + if self.master_dict['pki_instance_name'] in\ config.PKI_TOMCAT_REGISTRY_RESERVED_NAMES: config.pki_log.error( log.PKIHELPER_NAMESPACE_RESERVED_NAME_2, - master['pki_instance_name'], - master['pki_instance_registry_path'], + self.master_dict['pki_instance_name'], + self.master_dict['pki_instance_registry_path'], extra = config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (master['pki_instance_name'], - master['pki_instance_registry_path'])) + raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (self.master_dict['pki_instance_name'], + self.master_dict['pki_instance_registry_path'])) + +class ConfigurationFile: + """PKI Deployment Configuration File Class""" + + def __init__(self, deployer): + self.master_dict = deployer.master_dict -# PKI Deployment Configuration File Class -class configuration_file: def log_configuration_url(self): # NOTE: This is the one and only parameter containing a sensitive # parameter that may be stored in a log file. config.pki_log.info(log.PKI_CONFIGURATION_WIZARD_URL_1, - master['pki_configuration_url'], + self.master_dict['pki_configuration_url'], extra = config.PKI_INDENTATION_LEVEL_2) config.pki_log.info(log.PKI_CONFIGURATION_WIZARD_RESTART_1, - master['pki_registry_initscript_command'], + self.master_dict['pki_registry_initscript_command'], extra = config.PKI_INDENTATION_LEVEL_2) def display_configuration_url(self): # NOTE: This is the one and only parameter containing a sensitive # parameter that may be displayed to the screen. - print log.PKI_CONFIGURATION_URL_1 % master['pki_configuration_url'] + print log.PKI_CONFIGURATION_URL_1 % self.master_dict['pki_configuration_url'] print print log.PKI_CONFIGURATION_RESTART_1 % \ - master['pki_registry_initscript_command'] + self.master_dict['pki_registry_initscript_command'] print def verify_sensitive_data(self): # Silently verify the existence of 'sensitive' data - if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + if self.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: # Verify existence of Directory Server Password (ALWAYS) - if not master.has_key('pki_ds_password') or\ - not len(master['pki_ds_password']): + if not self.master_dict.has_key('pki_ds_password') or\ + not len(self.master_dict['pki_ds_password']): config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_ds_password", - master['pki_user_deployment_cfg'], + self.master_dict['pki_user_deployment_cfg'], extra = config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_ds_password", - master['pki_user_deployment_cfg'])) + self.master_dict['pki_user_deployment_cfg'])) # Verify existence of Admin Password (except for Clones) - if not config.str2bool(master['pki_clone']): - if not master.has_key('pki_admin_password') or\ - not len(master['pki_admin_password']): + if not config.str2bool(self.master_dict['pki_clone']): + if not self.master_dict.has_key('pki_admin_password') or\ + not len(self.master_dict['pki_admin_password']): config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_admin_password", - master['pki_user_deployment_cfg'], + self.master_dict['pki_user_deployment_cfg'], extra = config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_admin_password", - master['pki_user_deployment_cfg'])) + self.master_dict['pki_user_deployment_cfg'])) # If required, verify existence of Backup Password - if config.str2bool(master['pki_backup_keys']): - if not master.has_key('pki_backup_password') or\ - not len(master['pki_backup_password']): + if config.str2bool(self.master_dict['pki_backup_keys']): + if not self.master_dict.has_key('pki_backup_password') or\ + not len(self.master_dict['pki_backup_password']): config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_backup_password", - master['pki_user_deployment_cfg'], + self.master_dict['pki_user_deployment_cfg'], extra = config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_backup_password", - master['pki_user_deployment_cfg'])) + self.master_dict['pki_user_deployment_cfg'])) # Verify existence of Client Pin for NSS client security databases - if not master.has_key('pki_client_database_password') or\ - not len(master['pki_client_database_password']): + if not self.master_dict.has_key('pki_client_database_password') or\ + not len(self.master_dict['pki_client_database_password']): config.pki_log.error( log.PKIHELPER_UNDEFINED_CLIENT_DATABASE_PASSWORD_2, "pki_client_database_password", - master['pki_user_deployment_cfg'], + self.master_dict['pki_user_deployment_cfg'], extra = config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CLIENT_DATABASE_PASSWORD_2 % ("pki_client_database_password", - master['pki_user_deployment_cfg'])) + self.master_dict['pki_user_deployment_cfg'])) # Verify existence of Client PKCS #12 Password for Admin Cert - if not master.has_key('pki_client_pkcs12_password') or\ - not len(master['pki_client_pkcs12_password']): + if not self.master_dict.has_key('pki_client_pkcs12_password') or\ + not len(self.master_dict['pki_client_pkcs12_password']): config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_client_pkcs12_password", - master['pki_user_deployment_cfg'], + self.master_dict['pki_user_deployment_cfg'], extra = config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_client_pkcs12_password", - master['pki_user_deployment_cfg'])) + self.master_dict['pki_user_deployment_cfg'])) # Verify existence of PKCS #12 Password (ONLY for Clones) - if config.str2bool(master['pki_clone']): - if not master.has_key('pki_clone_pkcs12_password') or\ - not len(master['pki_clone_pkcs12_password']): + if config.str2bool(self.master_dict['pki_clone']): + if not self.master_dict.has_key('pki_clone_pkcs12_password') or\ + not len(self.master_dict['pki_clone_pkcs12_password']): config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_clone_pkcs12_password", - master['pki_user_deployment_cfg'], + self.master_dict['pki_user_deployment_cfg'], extra = config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_clone_pkcs12_password", - master['pki_user_deployment_cfg'])) + self.master_dict['pki_user_deployment_cfg'])) # Verify existence of Security Domain Password File # (ONLY for Clones, KRA, OCSP, TKS, TPS, or Subordinate CA) - if config.str2bool(master['pki_clone']) or\ - not master['pki_subsystem'] == "CA" or\ - config.str2bool(master['pki_subordinate']): - if not master.has_key('pki_security_domain_password') or\ - not len(master['pki_security_domain_password']): + if config.str2bool(self.master_dict['pki_clone']) or\ + not self.master_dict['pki_subsystem'] == "CA" or\ + config.str2bool(self.master_dict['pki_subordinate']): + if not self.master_dict.has_key('pki_security_domain_password') or\ + not len(self.master_dict['pki_security_domain_password']): config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_security_domain_password", - master['pki_user_deployment_cfg'], + self.master_dict['pki_user_deployment_cfg'], extra = config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_security_domain_password", - master['pki_user_deployment_cfg'])) + self.master_dict['pki_user_deployment_cfg'])) # If required, verify existence of Token Password - if not master['pki_token_name'] == "internal": - if not master.has_key('pki_token_password') or\ - not len(master['pki_token_password']): + if not self.master_dict['pki_token_name'] == "internal": + if not self.master_dict.has_key('pki_token_password') or\ + not len(self.master_dict['pki_token_password']): config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_token_password", - master['pki_user_deployment_cfg'], + self.master_dict['pki_user_deployment_cfg'], extra = config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_token_password", - master['pki_user_deployment_cfg'])) + self.master_dict['pki_user_deployment_cfg'])) return def verify_mutually_exclusive_data(self): # Silently verify the existence of 'mutually exclusive' data - if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: - if master['pki_subsystem'] == "CA": - if config.str2bool(master['pki_clone']) and\ - config.str2bool(master['pki_external']) and\ - config.str2bool(master['pki_subordinate']): + if self.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + if self.master_dict['pki_subsystem'] == "CA": + if config.str2bool(self.master_dict['pki_clone']) and\ + config.str2bool(self.master_dict['pki_external']) and\ + config.str2bool(self.master_dict['pki_subordinate']): config.pki_log.error( log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_SUB_CA, - master['pki_user_deployment_cfg'], + self.master_dict['pki_user_deployment_cfg'], extra = config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_SUB_CA % master['pki_user_deployment_cfg']) - elif config.str2bool(master['pki_clone']) and\ - config.str2bool(master['pki_external']): + raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_SUB_CA % self.master_dict['pki_user_deployment_cfg']) + elif config.str2bool(self.master_dict['pki_clone']) and\ + config.str2bool(self.master_dict['pki_external']): config.pki_log.error( log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_CA, - master['pki_user_deployment_cfg'], + self.master_dict['pki_user_deployment_cfg'], extra = config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_CA % master['pki_user_deployment_cfg']) - elif config.str2bool(master['pki_clone']) and\ - config.str2bool(master['pki_subordinate']): + raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_CA % self.master_dict['pki_user_deployment_cfg']) + elif config.str2bool(self.master_dict['pki_clone']) and\ + config.str2bool(self.master_dict['pki_subordinate']): config.pki_log.error( log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_SUB_CA, - master['pki_user_deployment_cfg'], + self.master_dict['pki_user_deployment_cfg'], extra = config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_SUB_CA % master['pki_user_deployment_cfg']) - elif config.str2bool(master['pki_external']) and\ - config.str2bool(master['pki_subordinate']): + raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_SUB_CA % self.master_dict['pki_user_deployment_cfg']) + elif config.str2bool(self.master_dict['pki_external']) and\ + config.str2bool(self.master_dict['pki_subordinate']): config.pki_log.error( log.PKIHELPER_MUTUALLY_EXCLUSIVE_EXTERNAL_SUB_CA, - master['pki_user_deployment_cfg'], + self.master_dict['pki_user_deployment_cfg'], extra = config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_EXTERNAL_SUB_CA % master['pki_user_deployment_cfg']) + raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_EXTERNAL_SUB_CA % self.master_dict['pki_user_deployment_cfg']) def verify_predefined_configuration_file_data(self): # Silently verify the existence of any required 'predefined' data @@ -591,209 +600,209 @@ class configuration_file: # etc.), and "correctness" (e. g. - file, directory, boolean # 'True' or 'False', etc.) of ALL required "value" parameters. # - if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: - if config.str2bool(master['pki_clone']): + if self.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + if config.str2bool(self.master_dict['pki_clone']): # Verify existence of clone parameters - if not master.has_key('pki_ds_base_dn') or\ - not len(master['pki_ds_base_dn']): + if not self.master_dict.has_key('pki_ds_base_dn') or\ + not len(self.master_dict['pki_ds_base_dn']): config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_ds_base_dn", - master['pki_user_deployment_cfg'], + self.master_dict['pki_user_deployment_cfg'], extra = config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_ds_base_dn", - master['pki_user_deployment_cfg'])) - if not master.has_key('pki_ds_ldap_port') or\ - not len(master['pki_ds_ldap_port']): + self.master_dict['pki_user_deployment_cfg'])) + if not self.master_dict.has_key('pki_ds_ldap_port') or\ + not len(self.master_dict['pki_ds_ldap_port']): # FUTURE: Check for unused port value # (e. g. - must be different from master if the # master is located on the same host) config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_ds_ldap_port", - master['pki_user_deployment_cfg'], + self.master_dict['pki_user_deployment_cfg'], extra = config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_ds_ldap_port", - master['pki_user_deployment_cfg'])) - if not master.has_key('pki_ds_ldaps_port') or\ - not len(master['pki_ds_ldaps_port']): + self.master_dict['pki_user_deployment_cfg'])) + if not self.master_dict.has_key('pki_ds_ldaps_port') or\ + not len(self.master_dict['pki_ds_ldaps_port']): # FUTURE: Check for unused port value # (e. g. - must be different from master if the # master is located on the same host) config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_ds_ldaps_port", - master['pki_user_deployment_cfg'], + self.master_dict['pki_user_deployment_cfg'], extra = config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_ds_ldaps_port", - master['pki_user_deployment_cfg'])) + self.master_dict['pki_user_deployment_cfg'])) # NOTE: Although this will be checked prior to getting to # this method, this clone's 'pki_instance_name' MUST # be different from the master's 'pki_instance_name' # IF AND ONLY IF the master and clone are located on # the same host! - if not master.has_key('pki_ajp_port') or\ - not len(master['pki_ajp_port']): + if not self.master_dict.has_key('pki_ajp_port') or\ + not len(self.master_dict['pki_ajp_port']): # FUTURE: Check for unused port value # (e. g. - must be different from master if the # master is located on the same host) config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_ajp_port", - master['pki_user_deployment_cfg'], + self.master_dict['pki_user_deployment_cfg'], extra = config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_ajp_port", - master['pki_user_deployment_cfg'])) - if not master.has_key('pki_http_port') or\ - not len(master['pki_http_port']): + self.master_dict['pki_user_deployment_cfg'])) + if not self.master_dict.has_key('pki_http_port') or\ + not len(self.master_dict['pki_http_port']): # FUTURE: Check for unused port value # (e. g. - must be different from master if the # master is located on the same host) config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_http_port", - master['pki_user_deployment_cfg'], + self.master_dict['pki_user_deployment_cfg'], extra = config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_http_port", - master['pki_user_deployment_cfg'])) - if not master.has_key('pki_https_port') or\ - not len(master['pki_https_port']): + self.master_dict['pki_user_deployment_cfg'])) + if not self.master_dict.has_key('pki_https_port') or\ + not len(self.master_dict['pki_https_port']): # FUTURE: Check for unused port value # (e. g. - must be different from master if the # master is located on the same host) config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_https_port", - master['pki_user_deployment_cfg'], + self.master_dict['pki_user_deployment_cfg'], extra = config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_https_port", - master['pki_user_deployment_cfg'])) - if not master.has_key('pki_tomcat_server_port') or\ - not len(master['pki_tomcat_server_port']): + self.master_dict['pki_user_deployment_cfg'])) + if not self.master_dict.has_key('pki_tomcat_server_port') or\ + not len(self.master_dict['pki_tomcat_server_port']): # FUTURE: Check for unused port value # (e. g. - must be different from master if the # master is located on the same host) config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_tomcat_server_port", - master['pki_user_deployment_cfg'], + self.master_dict['pki_user_deployment_cfg'], extra = config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_tomcat_server_port", - master['pki_user_deployment_cfg'])) - if not master.has_key('pki_clone_pkcs12_path') or\ - not len(master['pki_clone_pkcs12_path']): + self.master_dict['pki_user_deployment_cfg'])) + if not self.master_dict.has_key('pki_clone_pkcs12_path') or\ + not len(self.master_dict['pki_clone_pkcs12_path']): config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_clone_pkcs12_path", - master['pki_user_deployment_cfg'], + self.master_dict['pki_user_deployment_cfg'], extra = config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_clone_pkcs12_path", - master['pki_user_deployment_cfg'])) - elif not os.path.isfile(master['pki_clone_pkcs12_path']): + self.master_dict['pki_user_deployment_cfg'])) + elif not os.path.isfile(self.master_dict['pki_clone_pkcs12_path']): config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, - master['pki_clone_pkcs12_path'], + self.master_dict['pki_clone_pkcs12_path'], extra = config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1 % "pki_clone_pkcs12_path") - if not master.has_key('pki_clone_replication_security') or\ - not len(master['pki_clone_replication_security']): + if not self.master_dict.has_key('pki_clone_replication_security') or\ + not len(self.master_dict['pki_clone_replication_security']): config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_clone_replication_security", - master['pki_user_deployment_cfg'], + self.master_dict['pki_user_deployment_cfg'], extra = config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_clone_replication_security", - master['pki_user_deployment_cfg'])) - if not master.has_key('pki_clone_uri') or\ - not len(master['pki_clone_uri']): + self.master_dict['pki_user_deployment_cfg'])) + if not self.master_dict.has_key('pki_clone_uri') or\ + not len(self.master_dict['pki_clone_uri']): config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_clone_uri", - master['pki_user_deployment_cfg'], + self.master_dict['pki_user_deployment_cfg'], extra = config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_clone_uri", - master['pki_user_deployment_cfg'])) - elif master['pki_subsystem'] == "CA" and\ - config.str2bool(master['pki_external']): - if not master.has_key('pki_external_step_two') or\ - not len(master['pki_external_step_two']): + self.master_dict['pki_user_deployment_cfg'])) + elif self.master_dict['pki_subsystem'] == "CA" and\ + config.str2bool(self.master_dict['pki_external']): + if not self.master_dict.has_key('pki_external_step_two') or\ + not len(self.master_dict['pki_external_step_two']): config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_external_step_two", - master['pki_user_deployment_cfg'], + self.master_dict['pki_user_deployment_cfg'], extra = config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_extrenal_step_two", - master['pki_user_deployment_cfg'])) - if not config.str2bool(master['pki_external_step_two']): + self.master_dict['pki_user_deployment_cfg'])) + if not config.str2bool(self.master_dict['pki_external_step_two']): # External CA (Step 1) - if not master.has_key('pki_external_csr_path') or\ - not len(master['pki_external_csr_path']): + if not self.master_dict.has_key('pki_external_csr_path') or\ + not len(self.master_dict['pki_external_csr_path']): config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_external_csr_path", - master['pki_user_deployment_cfg'], + self.master_dict['pki_user_deployment_cfg'], extra = config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_extrenal_csr_path", - master['pki_user_deployment_cfg'])) - elif os.path.exists(master['pki_external_csr_path']) and\ - not os.path.isfile(master['pki_external_csr_path']): + self.master_dict['pki_user_deployment_cfg'])) + elif os.path.exists(self.master_dict['pki_external_csr_path']) and\ + not os.path.isfile(self.master_dict['pki_external_csr_path']): config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, - master['pki_external_csr_path'], + self.master_dict['pki_external_csr_path'], extra = config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % "pki_extrenal_csr_path") else: # External CA (Step 2) - if not master.has_key('pki_external_ca_cert_chain_path') or\ - not len(master['pki_external_ca_cert_chain_path']): + if not self.master_dict.has_key('pki_external_ca_cert_chain_path') or\ + not len(self.master_dict['pki_external_ca_cert_chain_path']): config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_external_ca_cert_chain_path", - master['pki_user_deployment_cfg'], + self.master_dict['pki_user_deployment_cfg'], extra = config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_extrenal_ca_cert_chain_path", - master['pki_user_deployment_cfg'])) + self.master_dict['pki_user_deployment_cfg'])) elif os.path.exists( - master['pki_external_ca_cert_chain_path']) and\ + self.master_dict['pki_external_ca_cert_chain_path']) and\ not os.path.isfile( - master['pki_external_ca_cert_chain_path']): + self.master_dict['pki_external_ca_cert_chain_path']): config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, - master['pki_external_ca_cert_chain_path'], + self.master_dict['pki_external_ca_cert_chain_path'], extra = config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % "pki_extrenal_ca_cert_chain_path") - if not master.has_key('pki_external_ca_cert_path') or\ - not len(master['pki_external_ca_cert_path']): + if not self.master_dict.has_key('pki_external_ca_cert_path') or\ + not len(self.master_dict['pki_external_ca_cert_path']): config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_external_ca_cert_path", - master['pki_user_deployment_cfg'], + self.master_dict['pki_user_deployment_cfg'], extra = config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_extrenal_ca_cert_path", - master['pki_user_deployment_cfg'])) - elif os.path.exists(master['pki_external_ca_cert_path']) and\ + self.master_dict['pki_user_deployment_cfg'])) + elif os.path.exists(self.master_dict['pki_external_ca_cert_path']) and\ not os.path.isfile( - master['pki_external_ca_cert_path']): + self.master_dict['pki_external_ca_cert_path']): config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, - master['pki_external_ca_cert_path'], + self.master_dict['pki_external_ca_cert_path'], extra = config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % "pki_extrenal_ca_cert_path") return def populate_non_default_ports(self): - if master['pki_http_port'] != \ + if self.master_dict['pki_http_port'] != \ str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTP_PORT): - ports.append(master['pki_http_port']) - if master['pki_https_port'] != \ + ports.append(self.master_dict['pki_http_port']) + if self.master_dict['pki_https_port'] != \ str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTPS_PORT): - ports.append(master['pki_https_port']) - if master['pki_tomcat_server_port'] != \ + ports.append(self.master_dict['pki_https_port']) + if self.master_dict['pki_tomcat_server_port'] != \ str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_SERVER_PORT): - ports.append(master['pki_tomcat_server_port']) - if master['pki_ajp_port'] != \ + ports.append(self.master_dict['pki_tomcat_server_port']) + if self.master_dict['pki_ajp_port'] != \ str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_AJP_PORT): - ports.append(master['pki_ajp_port']) + ports.append(self.master_dict['pki_ajp_port']) return def verify_selinux_ports(self): @@ -839,27 +848,25 @@ class configuration_file: def verify_command_matches_configuration_file(self): # Silently verify that the command-line parameters match the values # that are present in the corresponding configuration file - if master['pki_deployment_executable'] == 'pkidestroy': - if master['pki_deployed_instance_name'] != \ - master['pki_instance_name']: + if self.master_dict['pki_deployment_executable'] == 'pkidestroy': + if self.master_dict['pki_deployed_instance_name'] != \ + self.master_dict['pki_instance_name']: config.pki_log.error( log.PKIHELPER_COMMAND_LINE_PARAMETER_MISMATCH_2, - master['pki_deployed_instance_name'], - master['pki_instance_name'], + self.master_dict['pki_deployed_instance_name'], + self.master_dict['pki_instance_name'], extra = config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % (master['pki_deployed_instance_name'], - master['pki_instance_name'])) + raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % (self.master_dict['pki_deployed_instance_name'], + self.master_dict['pki_instance_name'])) return - - # PKI Deployment XML File Class # class xml_file: # def remove_filter_section_from_web_xml(self, # web_xml_source, # web_xml_target): # config.pki_log.info(log.PKIHELPER_REMOVE_FILTER_SECTION_1, -# master['pki_target_subsystem_web_xml'], +# self.master_dict['pki_target_subsystem_web_xml'], # extra=config.PKI_INDENTATION_LEVEL_2) # begin_filters_section = False # begin_servlet_section = False @@ -885,20 +892,23 @@ class configuration_file: # FILE.write(line) # FILE.close() +class Instance: + """PKI Deployment Instance Class""" + + def __init__(self, deployer): + self.master_dict = deployer.master_dict -# PKI Deployment Instance Class -class instance: def apache_instance_subsystems(self): rv = 0 try: # count number of PKI subsystems present # within the specified Apache instance for subsystem in config.PKI_APACHE_SUBSYSTEMS: - path = master['pki_instance_path'] + "/" + subsystem.lower() + path = self.master_dict['pki_instance_path'] + "/" + subsystem.lower() if os.path.exists(path) and os.path.isdir(path): rv = rv + 1 config.pki_log.debug(log.PKIHELPER_APACHE_INSTANCE_SUBSYSTEMS_2, - master['pki_instance_path'], + self.master_dict['pki_instance_path'], rv, extra = config.PKI_INDENTATION_LEVEL_2) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, @@ -915,16 +925,16 @@ class instance: # simply count the number of PKI 'apache' instances (directories) # present within the PKI 'apache' registry directory for instance in\ - os.listdir(master['pki_instance_type_registry_path']): + os.listdir(self.master_dict['pki_instance_type_registry_path']): if os.path.isdir( - os.path.join(master['pki_instance_type_registry_path'], + os.path.join(self.master_dict['pki_instance_type_registry_path'], instance)) and not\ os.path.islink( - os.path.join(master['pki_instance_type_registry_path'], + os.path.join(self.master_dict['pki_instance_type_registry_path'], instance)): rv = rv + 1 config.pki_log.debug(log.PKIHELPER_APACHE_INSTANCES_2, - master['pki_instance_type_registry_path'], + self.master_dict['pki_instance_type_registry_path'], rv, extra = config.PKI_INDENTATION_LEVEL_2) except OSError as exc: @@ -939,11 +949,11 @@ class instance: # Since ALL directories within the top-level PKI infrastructure # SHOULD represent PKI instances, look for all possible # PKI instances within the top-level PKI infrastructure - for instance in os.listdir(master['pki_path']): - if os.path.isdir(os.path.join(master['pki_path'], instance))\ + for instance in os.listdir(self.master_dict['pki_path']): + if os.path.isdir(os.path.join(self.master_dict['pki_path'], instance))\ and not\ - os.path.islink(os.path.join(master['pki_path'], instance)): - dir = os.path.join(master['pki_path'], instance) + os.path.islink(os.path.join(self.master_dict['pki_path'], instance)): + dir = os.path.join(self.master_dict['pki_path'], instance) # Since ANY directory within this PKI instance COULD # be a PKI subsystem, look for all possible # PKI subsystems within this PKI instance @@ -953,7 +963,7 @@ class instance: if name.upper() in config.PKI_SUBSYSTEMS: rv = rv + 1 config.pki_log.debug(log.PKIHELPER_PKI_INSTANCE_SUBSYSTEMS_2, - master['pki_instance_path'], rv, + self.master_dict['pki_instance_path'], rv, extra = config.PKI_INDENTATION_LEVEL_2) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, @@ -966,7 +976,7 @@ class instance: rv = [] try: for subsystem in config.PKI_TOMCAT_SUBSYSTEMS: - path = master['pki_instance_path'] + "/" + subsystem.lower() + path = self.master_dict['pki_instance_path'] + "/" + subsystem.lower() if os.path.exists(path) and os.path.isdir(path): rv.append(subsystem) except OSErr as e: @@ -984,16 +994,16 @@ class instance: # simply count the number of PKI 'tomcat' instances (directories) # present within the PKI 'tomcat' registry directory for instance in\ - os.listdir(master['pki_instance_type_registry_path']): + os.listdir(self.master_dict['pki_instance_type_registry_path']): if os.path.isdir( - os.path.join(master['pki_instance_type_registry_path'], + os.path.join(self.master_dict['pki_instance_type_registry_path'], instance)) and not\ os.path.islink( - os.path.join(master['pki_instance_type_registry_path'], + os.path.join(self.master_dict['pki_instance_type_registry_path'], instance)): rv = rv + 1 config.pki_log.debug(log.PKIHELPER_TOMCAT_INSTANCES_2, - master['pki_instance_type_registry_path'], + self.master_dict['pki_instance_type_registry_path'], rv, extra = config.PKI_INDENTATION_LEVEL_2) except OSError as exc: @@ -1004,13 +1014,13 @@ class instance: def verify_subsystem_exists(self): try: - if not os.path.exists(master['pki_subsystem_path']): + if not os.path.exists(self.master_dict['pki_subsystem_path']): config.pki_log.error(log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2, - master['pki_subsystem'], - master['pki_instance_name'], + self.master_dict['pki_subsystem'], + self.master_dict['pki_instance_name'], extra = config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2 % (master['pki_subsystem'], - master['pki_instance_name'])) + raise Exception(log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2 % (self.master_dict['pki_subsystem'], + self.master_dict['pki_instance_name'])) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra = config.PKI_INDENTATION_LEVEL_2) @@ -1018,13 +1028,13 @@ class instance: def verify_subsystem_does_not_exist(self): try: - if os.path.exists(master['pki_subsystem_path']): + if os.path.exists(self.master_dict['pki_subsystem_path']): config.pki_log.error(log.PKI_SUBSYSTEM_ALREADY_EXISTS_2, - master['pki_subsystem'], - master['pki_instance_name'], + self.master_dict['pki_subsystem'], + self.master_dict['pki_instance_name'], extra = config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2 % (master['pki_subsystem'], - master['pki_instance_name'])) + raise Exception(log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2 % (self.master_dict['pki_subsystem'], + self.master_dict['pki_instance_name'])) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra = config.PKI_INDENTATION_LEVEL_2) @@ -1033,9 +1043,9 @@ class instance: def get_instance_status(self): self.connection = pki.client.PKIConnection( protocol = 'https', - hostname = master['pki_hostname'], - port = master['pki_https_port'], - subsystem = master['pki_subsystem_type'], + hostname = self.master_dict['pki_hostname'], + port = self.master_dict['pki_https_port'], + subsystem = self.master_dict['pki_subsystem_type'], accept = 'application/xml') try: @@ -1063,8 +1073,13 @@ class instance: break return status -# PKI Deployment Directory Class -class directory: +class Directory: + """PKI Deployment Directory Class""" + + def __init__(self, deployer): + self.master_dict = deployer.master_dict + self.identity = deployer.identity + def create(self, name, uid = None, gid = None, perms = config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS, acls = None, critical_failure = True): @@ -1080,9 +1095,9 @@ class directory: os.chmod(name, perms) # chown <uid>:<gid> <name> if uid == None: - uid = identity.get_uid() + uid = self.identity.get_uid() if gid == None: - gid = identity.get_gid() + gid = self.identity.get_gid() config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, name, extra = config.PKI_INDENTATION_LEVEL_3) @@ -1091,8 +1106,8 @@ class directory: record = manifest.record() record.name = name record.type = manifest.RECORD_TYPE_DIRECTORY - record.user = master['pki_user'] - record.group = master['pki_group'] + record.user = self.master_dict['pki_user'] + record.group = self.master_dict['pki_group'] record.uid = uid record.gid = gid record.permissions = perms @@ -1136,9 +1151,9 @@ class directory: os.chmod(name, perms) # chown <uid>:<gid> <name> if uid == None: - uid = identity.get_uid() + uid = self.identity.get_uid() if gid == None: - gid = identity.get_gid() + gid = self.identity.get_gid() if not silent: config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, name, @@ -1149,8 +1164,8 @@ class directory: record = manifest.record() record.name = name record.type = manifest.RECORD_TYPE_DIRECTORY - record.user = master['pki_user'] - record.group = master['pki_group'] + record.user = self.master_dict['pki_user'] + record.group = self.master_dict['pki_group'] record.uid = uid record.gid = gid record.permissions = perms @@ -1238,9 +1253,9 @@ class directory: log.PKIHELPER_SET_MODE_1, name, extra = config.PKI_INDENTATION_LEVEL_2) if uid == None: - uid = identity.get_uid() + uid = self.identity.get_uid() if gid == None: - gid = identity.get_gid() + gid = self.identity.get_gid() if recursive_flag == True: for root, dirs, files in os.walk(name): for name in files: @@ -1264,8 +1279,8 @@ class directory: record = manifest.record() record.name = name record.type = manifest.RECORD_TYPE_FILE - record.user = master['pki_user'] - record.group = master['pki_group'] + record.user = self.master_dict['pki_user'] + record.group = self.master_dict['pki_group'] record.uid = uid record.gid = gid record.permissions = file_perms @@ -1290,8 +1305,8 @@ class directory: record = manifest.record() record.name = name record.type = manifest.RECORD_TYPE_SYMLINK - record.user = master['pki_user'] - record.group = master['pki_group'] + record.user = self.master_dict['pki_user'] + record.group = self.master_dict['pki_group'] record.uid = uid record.gid = gid record.permissions = symlink_perms @@ -1316,8 +1331,8 @@ class directory: record = manifest.record() record.name = name record.type = manifest.RECORD_TYPE_DIRECTORY - record.user = master['pki_user'] - record.group = master['pki_group'] + record.user = self.master_dict['pki_user'] + record.group = self.master_dict['pki_group'] record.uid = uid record.gid = gid record.permissions = dir_perms @@ -1342,8 +1357,8 @@ class directory: record = manifest.record() record.name = name record.type = manifest.RECORD_TYPE_DIRECTORY - record.user = master['pki_user'] - record.group = master['pki_group'] + record.user = self.master_dict['pki_user'] + record.group = self.master_dict['pki_group'] record.uid = uid record.gid = gid record.permissions = dir_perms @@ -1415,9 +1430,14 @@ class directory: raise return +class File: + """PKI Deployment File Class (also used for executables)""" + + def __init__(self, deployer): + self.master_dict = deployer.master_dict + self.slots = deployer.slots + self.identity = deployer.identity -# PKI Deployment File Class (also used for executables) -class file: def create(self, name, uid = None, gid = None, perms = config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, acls = None, critical_failure = True): @@ -1433,9 +1453,9 @@ class file: os.chmod(name, perms) # chown <uid>:<gid> <name> if uid == None: - uid = identity.get_uid() + uid = self.identity.get_uid() if gid == None: - gid = identity.get_gid() + gid = self.identity.get_gid() config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, name, extra = config.PKI_INDENTATION_LEVEL_3) @@ -1444,8 +1464,8 @@ class file: record = manifest.record() record.name = name record.type = manifest.RECORD_TYPE_FILE - record.user = master['pki_user'] - record.group = master['pki_group'] + record.user = self.master_dict['pki_user'] + record.group = self.master_dict['pki_group'] record.uid = uid record.gid = gid record.permissions = perms @@ -1489,9 +1509,9 @@ class file: os.chmod(name, perms) # chown <uid>:<gid> <name> if uid == None: - uid = identity.get_uid() + uid = self.identity.get_uid() if gid == None: - gid = identity.get_gid() + gid = self.identity.get_gid() if not silent: config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, name, @@ -1502,8 +1522,8 @@ class file: record = manifest.record() record.name = name record.type = manifest.RECORD_TYPE_FILE - record.user = master['pki_user'] - record.group = master['pki_group'] + record.user = self.master_dict['pki_user'] + record.group = self.master_dict['pki_group'] record.uid = uid record.gid = gid record.permissions = perms @@ -1574,9 +1594,9 @@ class file: extra = config.PKI_INDENTATION_LEVEL_2) shutil.copy2(old_name, new_name) if uid == None: - uid = identity.get_uid() + uid = self.identity.get_uid() if gid == None: - gid = identity.get_gid() + gid = self.identity.get_gid() # chmod <perms> <new_name> config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, new_name, @@ -1591,8 +1611,8 @@ class file: record = manifest.record() record.name = new_name record.type = manifest.RECORD_TYPE_FILE - record.user = master['pki_user'] - record.group = master['pki_group'] + record.user = self.master_dict['pki_user'] + record.group = self.master_dict['pki_group'] record.uid = uid record.gid = gid record.permissions = perms @@ -1625,18 +1645,18 @@ class file: name, extra = config.PKI_INDENTATION_LEVEL_2) for line in fileinput.FileInput(name, inplace = 1): - for slot in slots: - if slot != '__name__' and slots[slot] in line: + for slot in self.slots: + if slot != '__name__' and self.slots[slot] in line: config.pki_log.debug( log.PKIHELPER_SLOT_SUBSTITUTION_2, - slots[slot], master[slot], + self.slots[slot], self.master_dict[slot], extra = config.PKI_INDENTATION_LEVEL_3) - line = line.replace(slots[slot], master[slot]) + line = line.replace(self.slots[slot], self.master_dict[slot]) sys.stdout.write(line) if uid == None: - uid = identity.get_uid() + uid = self.identity.get_uid() if gid == None: - gid = identity.get_gid() + gid = self.identity.get_gid() # chmod <perms> <name> config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, name, @@ -1651,8 +1671,8 @@ class file: record = manifest.record() record.name = name record.type = manifest.RECORD_TYPE_FILE - record.user = master['pki_user'] - record.group = master['pki_group'] + record.user = self.master_dict['pki_user'] + record.group = self.master_dict['pki_group'] record.uid = uid record.gid = gid record.permissions = perms @@ -1694,18 +1714,18 @@ class file: extra = config.PKI_INDENTATION_LEVEL_2) with open(new_name, "w") as FILE: for line in fileinput.FileInput(old_name): - for slot in slots: - if slot != '__name__' and slots[slot] in line: + for slot in self.slots: + if slot != '__name__' and self.slots[slot] in line: config.pki_log.debug( log.PKIHELPER_SLOT_SUBSTITUTION_2, - slots[slot], master[slot], + self.slots[slot], self.master_dict[slot], extra = config.PKI_INDENTATION_LEVEL_3) - line = line.replace(slots[slot], master[slot]) + line = line.replace(self.slots[slot], self.master_dict[slot]) FILE.write(line) if uid == None: - uid = identity.get_uid() + uid = self.identity.get_uid() if gid == None: - gid = identity.get_gid() + gid = self.identity.get_gid() # chmod <perms> <new_name> config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, new_name, @@ -1720,8 +1740,8 @@ class file: record = manifest.record() record.name = new_name record.type = manifest.RECORD_TYPE_FILE - record.user = master['pki_user'] - record.group = master['pki_group'] + record.user = self.master_dict['pki_user'] + record.group = self.master_dict['pki_group'] record.uid = uid record.gid = gid record.permissions = perms @@ -1759,9 +1779,9 @@ class file: os.chmod(name, perms) # chown <uid>:<gid> <name> if uid == None: - uid = identity.get_uid() + uid = self.identity.get_uid() if gid == None: - gid = identity.get_gid() + gid = self.identity.get_gid() config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, name, extra = config.PKI_INDENTATION_LEVEL_3) @@ -1770,8 +1790,8 @@ class file: record = manifest.record() record.name = name record.type = manifest.RECORD_TYPE_FILE - record.user = master['pki_user'] - record.group = master['pki_group'] + record.user = self.master_dict['pki_user'] + record.group = self.master_dict['pki_group'] record.uid = uid record.gid = gid record.permissions = perms @@ -1782,7 +1802,7 @@ class file: log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, name, extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: - raise Exception(log.PKI_FILE_ALREADY_EXISTS_MOT_A_FILE_1 % name) + raise Exception(log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1 % name) except OSError as exc: if exc.errno == errno.EEXIST: pass @@ -1793,9 +1813,13 @@ class file: raise return +class Symlink: + """PKI Deployment Symbolic Link Class""" + + def __init__(self, deployer): + self.master_dict = deployer.master_dict + self.identity = deployer.identity -# PKI Deployment Symbolic Link Class -class symlink: def create(self, name, link, uid = None, gid = None, acls = None, allow_dangling_symlink = False, critical_failure = True): try: @@ -1815,9 +1839,9 @@ class symlink: # CANNOT be run directly against symbolic links! # chown -h <uid>:<gid> <link> if uid == None: - uid = identity.get_uid() + uid = self.identity.get_uid() if gid == None: - gid = identity.get_gid() + gid = self.identity.get_gid() config.pki_log.debug(log.PKIHELPER_CHOWN_H_3, uid, gid, link, extra = config.PKI_INDENTATION_LEVEL_3) @@ -1826,8 +1850,8 @@ class symlink: record = manifest.record() record.name = link record.type = manifest.RECORD_TYPE_SYMLINK - record.user = master['pki_user'] - record.group = master['pki_group'] + record.user = self.master_dict['pki_user'] + record.group = self.master_dict['pki_group'] record.uid = uid record.gid = gid record.permissions = \ @@ -1869,9 +1893,9 @@ class symlink: # CANNOT be run directly against symbolic links! # chown -h <uid>:<gid> <link> if uid == None: - uid = identity.get_uid() + uid = self.identity.get_uid() if gid == None: - gid = identity.get_gid() + gid = self.identity.get_gid() if not silent: config.pki_log.debug(log.PKIHELPER_CHOWN_H_3, uid, gid, link, @@ -1882,8 +1906,8 @@ class symlink: record = manifest.record() record.name = link record.type = manifest.RECORD_TYPE_SYMLINK - record.user = master['pki_user'] - record.group = master['pki_group'] + record.user = self.master_dict['pki_user'] + record.group = self.master_dict['pki_group'] record.uid = uid record.gid = gid record.permissions = \ @@ -1933,8 +1957,12 @@ class symlink: extra = config.PKI_INDENTATION_LEVEL_2) raise -# PKI Deployment War File Class -class war: +class War: + """PKI Deployment War File Class""" + + def __init__(self, deployer): + self.master_dict = deployer.master_dict + def explode(self, name, path, critical_failure = True): try: if os.path.exists(name) and os.path.isfile(name): @@ -1980,9 +2008,12 @@ class war: raise return +class Password: + """PKI Deployment Password Class""" + + def __init__(self, deployer): + self.master_dict = deployer.master_dict -# PKI Deployment Password Class -class password: def create_password_conf(self, path, pin, pin_sans_token = False, overwrite_flag = False, critical_failure = True): try: @@ -1995,12 +2026,12 @@ class password: with open(path, "wt") as fd: if pin_sans_token == True: fd.write(str(pin)) - elif master['pki_subsystem'] in\ + elif self.master_dict['pki_subsystem'] in\ config.PKI_APACHE_SUBSYSTEMS: - fd.write(master['pki_self_signed_token'] + \ + fd.write(self.master_dict['pki_self_signed_token'] + \ ":" + str(pin)) else: - fd.write(master['pki_self_signed_token'] + \ + fd.write(self.master_dict['pki_self_signed_token'] + \ "=" + str(pin)) fd.closed else: @@ -2010,12 +2041,12 @@ class password: with open(path, "wt") as fd: if pin_sans_token == True: fd.write(str(pin)) - elif master['pki_subsystem'] in\ + elif self.master_dict['pki_subsystem'] in\ config.PKI_APACHE_SUBSYSTEMS: - fd.write(master['pki_self_signed_token'] + \ + fd.write(self.master_dict['pki_self_signed_token'] + \ ":" + str(pin)) else: - fd.write(master['pki_self_signed_token'] + \ + fd.write(self.master_dict['pki_self_signed_token'] + \ "=" + str(pin)) fd.closed except OSError as exc: @@ -2035,14 +2066,14 @@ class password: extra = config.PKI_INDENTATION_LEVEL_2) # overwrite the existing 'pkcs12_password.conf' file with open(path, "wt") as fd: - fd.write(master['pki_client_pkcs12_password']) + fd.write(self.master_dict['pki_client_pkcs12_password']) fd.closed else: config.pki_log.info(log.PKIHELPER_PASSWORD_CONF_1, path, extra = config.PKI_INDENTATION_LEVEL_2) # create a new 'pkcs12_password.conf' file with open(path, "wt") as fd: - fd.write(master['pki_client_pkcs12_password']) + fd.write(self.master_dict['pki_client_pkcs12_password']) fd.closed except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, @@ -2073,9 +2104,12 @@ class password: return return token_pwd +class Certutil: + """PKI Deployment NSS 'certutil' Class""" + + def __init__(self, deployer): + self.master_dict = deployer.master_dict -# PKI Deployment NSS 'certutil' Class -class certutil: def create_security_databases(self, path, pki_cert_database, pki_key_database, pki_secmod_database, password_file = None, prefix = None, @@ -2490,8 +2524,12 @@ class certutil: raise return -# pk12util class -class pk12util: +class PK12util: + """PKI Deployment pk12util class""" + + def __init__(self, deployer): + self.master_dict = deployer.master_dict + def create_file(self, out_file, nickname, out_pwfile, db_pwfile, path = None): try: @@ -2543,13 +2581,17 @@ class pk12util: raise return +class KRAConnector: + """PKI Deployment KRA Connector Class""" + + def __init__(self, deployer): + self.master_dict = deployer.master_dict + self.password = deployer.password -# KRA Connector Class -class kra_connector: def deregister(self, critical_failure = False): try: # this is applicable to KRAs only - if master['pki_subsystem_type'] != "kra": + if self.master_dict['pki_subsystem_type'] != "kra": return config.pki_log.info( @@ -2557,7 +2599,7 @@ class kra_connector: extra = config.PKI_INDENTATION_LEVEL_2) cs_cfg = PKIConfigParser.read_simple_configuration_file( - master['pki_target_cs_cfg']) + self.master_dict['pki_target_cs_cfg']) krahost = cs_cfg.get('service.machineName') kraport = cs_cfg.get('pkicreate.secure_port') cahost = cs_cfg.get('cloning.ca.hostname') @@ -2595,8 +2637,8 @@ class kra_connector: else: token_name = "internal" - token_pwd = password.get_password( - master['pki_shared_password_conf'], + token_pwd = self.password.get_password( + self.master_dict['pki_shared_password_conf'], token_name, critical_failure) @@ -2633,7 +2675,7 @@ class kra_connector: command = "/bin/pki -p '{}' -h '{}' -n '{}' -P https -d '{}' -c '{}' "\ "kraconnector-del {} {}".format( caport, cahost, subsystemnick, - master['pki_database_path'], + self.master_dict['pki_database_path'], token_pwd, krahost, kraport) output = subprocess.check_output(command, @@ -2663,7 +2705,7 @@ class kra_connector: command = "/usr/bin/sslget -n '{}' -p '{}' -d '{}' -e '{}' "\ "-v -r '{}' {}:{} 2>&1".format( subsystemnick, token_pwd, - master['pki_database_path'], + self.master_dict['pki_database_path'], params, updateURL, cahost, caport) @@ -2675,12 +2717,17 @@ class kra_connector: stderr = subprocess.STDOUT, shell = True) -# PKI Deployment Security Domain Class -class security_domain: +class SecurityDomain: + """PKI Deployment Security Domain Class""" + + def __init__(self, deployer): + self.master_dict = deployer.master_dict + self.password = deployer.password + def deregister(self, install_token, critical_failure = False): # process this PKI subsystem instance's 'CS.cfg' cs_cfg = PKIConfigParser.read_simple_configuration_file( - master['pki_target_cs_cfg']) + self.master_dict['pki_target_cs_cfg']) # assign key name/value pairs machinename = cs_cfg.get('service.machineName') @@ -2725,7 +2772,7 @@ class security_domain: urladminheader = "https://{}:{}".format(sechost, secadminport) updateURL = "/ca/agent/ca/updateDomainXML" - params = "name=" + "\"" + master['pki_instance_path'] + "\"" + \ + params = "name=" + "\"" + self.master_dict['pki_instance_path'] + "\"" + \ "&type=" + str(typeval) + \ "&list=" + str(listval) + \ "&host=" + str(machinename) + \ @@ -2742,7 +2789,7 @@ class security_domain: adminUpdateURL = "/ca/admin/ca/updateDomainXML" command = "/usr/bin/sslget -p 123456 -d '{}' -e '{}' "\ "-v -r '{}' {}:{} 2>&1".format( - master['pki_database_path'], + self.master_dict['pki_database_path'], params, adminUpdateURL, sechost, secadminport) output = subprocess.check_output(command, @@ -2809,7 +2856,7 @@ class security_domain: updateURL, sechost, secagentport, critical_failure = False): token_pwd = None cs_cfg = PKIConfigParser.read_simple_configuration_file( - master['pki_target_cs_cfg']) + self.master_dict['pki_target_cs_cfg']) # retrieve subsystem nickname subsystemnick_param = typeval.lower() + ".cert.subsystem.nickname" subsystemnick = cs_cfg.get(subsystemnick_param) @@ -2833,8 +2880,8 @@ class security_domain: else: token_name = "internal" - token_pwd = password.get_password( - master['pki_shared_password_conf'], + token_pwd = self.password.get_password( + self.master_dict['pki_shared_password_conf'], token_name, critical_failure) @@ -2854,7 +2901,7 @@ class security_domain: command = "/usr/bin/sslget -n '{}' -p '{}' -d '{}' -e '{}' "\ "-v -r '{}' {}:{} 2>&1".format( subsystemnick, token_pwd, - master['pki_database_path'], + self.master_dict['pki_database_path'], params, updateURL, sechost, secagentport) try: @@ -2888,7 +2935,7 @@ class security_domain: # process this PKI subsystem instance's 'CS.cfg' cs_cfg = PKIConfigParser.read_simple_configuration_file( - master['pki_target_cs_cfg']) + self.master_dict['pki_target_cs_cfg']) # assign key name/value pairs machinename = cs_cfg.get('service.machineName') @@ -2901,7 +2948,7 @@ class security_domain: "securitydomain-get-install-token --hostname {} "\ "--subsystem {}".format( secadminport, sechost, secuser, secpass, - master['pki_database_path'], + self.master_dict['pki_database_path'], machinename, cstype) try: output = subprocess.check_output(command, @@ -2936,21 +2983,25 @@ class security_domain: raise return None -# PKI Deployment 'systemd' Execution Management Class -class systemd: +class Systemd: + """PKI Deployment 'systemd' Execution Management Class""" + + def __init__(self, deployer): + self.master_dict = deployer.master_dict + def start(self, critical_failure = True): try: # Compose this "systemd" execution management command - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: + if self.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: command = "systemctl" + " " + \ "start" + " " + \ "pki-apached" + "@" + \ - master['pki_instance_name'] + "." + "service" - elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + self.master_dict['pki_instance_name'] + "." + "service" + elif self.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: command = "systemctl" + " " + \ "start" + " " + \ "pki-tomcatd" + "@" + \ - master['pki_instance_name'] + "." + "service" + self.master_dict['pki_instance_name'] + "." + "service" # Display this "systemd" execution managment command config.pki_log.info( log.PKIHELPER_SYSTEMD_COMMAND_1, command, @@ -2967,16 +3018,16 @@ class systemd: def stop(self, critical_failure = True): try: # Compose this "systemd" execution management command - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: + if self.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: command = "systemctl" + " " + \ "stop" + " " + \ "pki-apached" + "@" + \ - master['pki_instance_name'] + "." + "service" - elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + self.master_dict['pki_instance_name'] + "." + "service" + elif self.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: command = "systemctl" + " " + \ "stop" + " " + \ "pki-tomcatd" + "@" + \ - master['pki_instance_name'] + "." + "service" + self.master_dict['pki_instance_name'] + "." + "service" # Display this "systemd" execution managment command config.pki_log.info( log.PKIHELPER_SYSTEMD_COMMAND_1, command, @@ -2993,16 +3044,16 @@ class systemd: def restart(self, critical_failure = True): try: # Compose this "systemd" execution management command - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: + if self.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: command = "systemctl" + " " + \ "restart" + " " + \ "pki-apached" + "@" + \ - master['pki_instance_name'] + "." + "service" - elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + self.master_dict['pki_instance_name'] + "." + "service" + elif self.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: command = "systemctl" + " " + \ "restart" + " " + \ "pki-tomcatd" + "@" + \ - master['pki_instance_name'] + "." + "service" + self.master_dict['pki_instance_name'] + "." + "service" # Display this "systemd" execution managment command config.pki_log.info( log.PKIHELPER_SYSTEMD_COMMAND_1, command, @@ -3017,7 +3068,12 @@ class systemd: return -class config_client: +class ConfigClient: + """PKI Deployment Configuration Client""" + + def __init__(self, deployer): + self.deployer = deployer + self.master_dict = deployer.master_dict def configure_pki_data(self, data): config.pki_log.info(log.PKI_CONFIG_CONFIGURING_PKI_DATA, @@ -3025,9 +3081,9 @@ class config_client: self.connection = pki.client.PKIConnection( protocol = 'https', - hostname = master['pki_hostname'], - port = master['pki_https_port'], - subsystem = master['pki_subsystem_type']) + hostname = self.master_dict['pki_hostname'], + port = self.master_dict['pki_https_port'], + subsystem = self.master_dict['pki_subsystem_type']) try: client = pki.system.SystemConfigClient(self.connection) @@ -3047,9 +3103,9 @@ class config_client: if not isinstance(certs, types.ListType): certs = [certs] for cdata in certs: - if master['pki_subsystem'] == "CA" and\ - config.str2bool(master['pki_external']) and\ - not config.str2bool(master['pki_external_step_two']): + if self.master_dict['pki_subsystem'] == "CA" and\ + config.str2bool(self.master_dict['pki_external']) and\ + not config.str2bool(self.master_dict['pki_external_step_two']): # External CA Step 1 if cdata['tag'].lower() == "signing": config.pki_log.info(log.PKI_CONFIG_CDATA_REQUEST + \ @@ -3058,11 +3114,11 @@ class config_client: # Save 'External CA Signing Certificate' CSR (Step 1) config.pki_log.info(log.PKI_CONFIG_EXTERNAL_CSR_SAVE + \ - " '" + master['pki_external_csr_path'] + "'", + " '" + self.master_dict['pki_external_csr_path'] + "'", extra = config.PKI_INDENTATION_LEVEL_2) - directory.create( - os.path.dirname(master['pki_external_csr_path'])) - with open(master['pki_external_csr_path'], "w") as f: + self.deployer.directory.create( + os.path.dirname(self.master_dict['pki_external_csr_path'])) + with open(self.master_dict['pki_external_csr_path'], "w") as f: f.write(cdata['request']) return else: @@ -3077,8 +3133,8 @@ class config_client: extra = config.PKI_INDENTATION_LEVEL_2) # Cloned PKI subsystems do not return an Admin Certificate - if not config.str2bool(master['pki_clone']) and \ - not config.str2bool(master['pki_import_admin_cert']): + if not config.str2bool(self.master_dict['pki_clone']) and \ + not config.str2bool(self.master_dict['pki_import_admin_cert']): admin_cert = response['adminCert']['cert'] self.process_admin_cert(admin_cert) @@ -3103,7 +3159,7 @@ class config_client: extra = config.PKI_INDENTATION_LEVEL_2) # Store the Administration Certificate in a file - admin_cert_file = master['pki_client_admin_cert'] + admin_cert_file = self.master_dict['pki_client_admin_cert'] admin_cert_bin_file = admin_cert_file + ".der" config.pki_log.debug(log.PKI_CONFIG_ADMIN_CERT_SAVE + \ " '" + admin_cert_file + "'", @@ -3125,29 +3181,29 @@ class config_client: # Import the Administration Certificate # into the client NSS security database - certutil.import_cert( - re.sub("'", "'", master['pki_admin_nickname']), + self.deployer.certutil.import_cert( + re.sub("'", "'", self.master_dict['pki_admin_nickname']), "u,u,u", admin_cert_bin_file, - master['pki_client_password_conf'], - master['pki_client_database_dir'], + self.master_dict['pki_client_password_conf'], + self.master_dict['pki_client_database_dir'], None, True) # create directory for p12 file if it does not exist - directory.create(os.path.dirname( - master['pki_client_admin_cert_p12'])) + self.deployer.directory.create(os.path.dirname( + self.master_dict['pki_client_admin_cert_p12'])) # Export the Administration Certificate from the # client NSS security database into a PKCS #12 file - pk12util.create_file( - master['pki_client_admin_cert_p12'], - re.sub("'", "'", master['pki_admin_nickname']), - master['pki_client_pkcs12_password_conf'], - master['pki_client_password_conf'], - master['pki_client_database_dir']) - - os.chmod(master['pki_client_admin_cert_p12'], + self.deployer.pk12util.create_file( + self.master_dict['pki_client_admin_cert_p12'], + re.sub("'", "'", self.master_dict['pki_admin_nickname']), + self.master_dict['pki_client_pkcs12_password_conf'], + self.master_dict['pki_client_password_conf'], + self.master_dict['pki_client_database_dir']) + + os.chmod(self.master_dict['pki_client_admin_cert_p12'], config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) @@ -3158,12 +3214,12 @@ class config_client: data = pki.system.ConfigurationRequest() # Miscellaneous Configuration Information - data.pin = master['pki_one_time_pin'] - data.subsystemName = master['pki_subsystem_name'] + data.pin = self.master_dict['pki_one_time_pin'] + data.subsystemName = self.master_dict['pki_subsystem_name'] # Cloning parameters - if master['pki_instance_type'] == "Tomcat": - if config.str2bool(master['pki_clone']): + if self.master_dict['pki_instance_type'] == "Tomcat": + if config.str2bool(self.master_dict['pki_clone']): self.set_cloning_parameters(data) else: data.isClone = "false" @@ -3172,9 +3228,9 @@ class config_client: self.set_hierarchy_parameters(data) # Security Domain - if master['pki_subsystem'] != "CA" or\ - config.str2bool(master['pki_clone']) or\ - config.str2bool(master['pki_subordinate']): + if self.master_dict['pki_subsystem'] != "CA" or\ + config.str2bool(self.master_dict['pki_clone']) or\ + config.str2bool(self.master_dict['pki_subordinate']): # PKI KRA, PKI OCSP, PKI RA, PKI TKS, PKI TPS, # CA Clone, KRA Clone, OCSP Clone, TKS Clone, TPS Clone, or # Subordinate CA @@ -3184,15 +3240,15 @@ class config_client: self.set_new_security_domain(data) # database - if master['pki_subsystem'] != "RA": + if self.master_dict['pki_subsystem'] != "RA": self.set_database_parameters(data) # backup - if master['pki_instance_type'] == "Tomcat": + if self.master_dict['pki_instance_type'] == "Tomcat": self.set_backup_parameters(data) # admin user - if not config.str2bool(master['pki_clone']): + if not config.str2bool(self.master_dict['pki_clone']): self.set_admin_parameters(data) # Issuing CA Information @@ -3207,39 +3263,39 @@ class config_client: systemCerts = [] # Create 'CA Signing Certificate' - if master['pki_subsystem'] == "CA": - if not config.str2bool(master['pki_clone']): + if self.master_dict['pki_subsystem'] == "CA": + if not config.str2bool(self.master_dict['pki_clone']): cert1 = self.create_system_cert("ca_signing") cert1.signingAlgorithm = \ - master['pki_ca_signing_signing_algorithm'] - if config.str2bool(master['pki_external_step_two']): + self.master_dict['pki_ca_signing_signing_algorithm'] + if config.str2bool(self.master_dict['pki_external_step_two']): # Load the 'External CA Signing Certificate' (Step 2) print( log.PKI_CONFIG_EXTERNAL_CA_LOAD + " " + \ - "'" + master['pki_external_ca_cert_path'] + "'") - with open(master['pki_external_ca_cert_path']) as f: + "'" + self.master_dict['pki_external_ca_cert_path'] + "'") + with open(self.master_dict['pki_external_ca_cert_path']) as f: external_cert = f.read() cert1.cert = external_cert # Load the 'External CA Signing Certificate Chain' (Step 2) print( log.PKI_CONFIG_EXTERNAL_CA_CHAIN_LOAD + " " + \ - "'" + master['pki_external_ca_cert_chain_path'] + \ + "'" + self.master_dict['pki_external_ca_cert_chain_path'] + \ "'") - with open(master['pki_external_ca_cert_chain_path']) as f: + with open(self.master_dict['pki_external_ca_cert_chain_path']) as f: external_cert_chain = f.read() cert1.certChain = external_cert_chain systemCerts.append(cert1) # Create 'OCSP Signing Certificate' - if not config.str2bool(master['pki_clone']): - if master['pki_subsystem'] == "CA" or\ - master['pki_subsystem'] == "OCSP": + if not config.str2bool(self.master_dict['pki_clone']): + if self.master_dict['pki_subsystem'] == "CA" or\ + self.master_dict['pki_subsystem'] == "OCSP": # External CA, Subordinate CA, PKI CA, or PKI OCSP cert2 = self.create_system_cert("ocsp_signing") cert2.signingAlgorithm = \ - master['pki_ocsp_signing_signing_algorithm'] + self.master_dict['pki_ocsp_signing_signing_algorithm'] systemCerts.append(cert2) # Create 'SSL Server Certificate' @@ -3247,13 +3303,13 @@ class config_client: # create new sslserver cert only if this is a new instance cert3 = None - system_list = instance.tomcat_instance_subsystems() + system_list = self.deployer.instance.tomcat_instance_subsystems() if len(system_list) >= 2: data.generateServerCert = "false" for subsystem in system_list: - dst = master['pki_instance_path'] + '/conf/' + \ + dst = self.master_dict['pki_instance_path'] + '/conf/' + \ subsystem.lower() + '/CS.cfg' - if subsystem != master['pki_subsystem'] and \ + if subsystem != self.master_dict['pki_subsystem'] and \ os.path.exists(dst): cert3 = self.retrieve_existing_server_cert(dst) break @@ -3262,21 +3318,21 @@ class config_client: systemCerts.append(cert3) # Create 'Subsystem Certificate' - if not config.str2bool(master['pki_clone']): + if not config.str2bool(self.master_dict['pki_clone']): cert4 = self.create_system_cert("subsystem") systemCerts.append(cert4) # Create 'Audit Signing Certificate' - if not config.str2bool(master['pki_clone']): - if master['pki_subsystem'] != "RA": + if not config.str2bool(self.master_dict['pki_clone']): + if self.master_dict['pki_subsystem'] != "RA": cert5 = self.create_system_cert("audit_signing") cert5.signingAlgorithm = \ - master['pki_audit_signing_signing_algorithm'] + self.master_dict['pki_audit_signing_signing_algorithm'] systemCerts.append(cert5) # Create DRM Transport and storage Certificates - if not config.str2bool(master['pki_clone']): - if master['pki_subsystem'] == "KRA": + if not config.str2bool(self.master_dict['pki_clone']): + if self.master_dict['pki_subsystem'] == "KRA": cert6 = self.create_system_cert("transport") systemCerts.append(cert6) @@ -3287,28 +3343,28 @@ class config_client: def set_cloning_parameters(self, data): data.isClone = "true" - data.cloneUri = master['pki_clone_uri'] - data.p12File = master['pki_clone_pkcs12_path'] - data.p12Password = master['pki_clone_pkcs12_password'] - data.replicateSchema = master['pki_clone_replicate_schema'] + data.cloneUri = self.master_dict['pki_clone_uri'] + data.p12File = self.master_dict['pki_clone_pkcs12_path'] + data.p12Password = self.master_dict['pki_clone_pkcs12_password'] + data.replicateSchema = self.master_dict['pki_clone_replicate_schema'] data.replicationSecurity = \ - master['pki_clone_replication_security'] - if master['pki_clone_replication_master_port']: + self.master_dict['pki_clone_replication_security'] + if self.master_dict['pki_clone_replication_master_port']: data.masterReplicationPort = \ - master['pki_clone_replication_master_port'] - if master['pki_clone_replication_clone_port']: + self.master_dict['pki_clone_replication_master_port'] + if self.master_dict['pki_clone_replication_clone_port']: data.cloneReplicationPort = \ - master['pki_clone_replication_clone_port'] + self.master_dict['pki_clone_replication_clone_port'] def set_hierarchy_parameters(self, data): - if master['pki_subsystem'] == "CA": - if config.str2bool(master['pki_clone']): + if self.master_dict['pki_subsystem'] == "CA": + if config.str2bool(self.master_dict['pki_clone']): # Cloned CA data.hierarchy = "root" - elif config.str2bool(master['pki_external']): + elif config.str2bool(self.master_dict['pki_external']): # External CA data.hierarchy = "join" - elif config.str2bool(master['pki_subordinate']): + elif config.str2bool(self.master_dict['pki_subordinate']): # Subordinate CA data.hierarchy = "join" else: @@ -3317,73 +3373,73 @@ class config_client: def set_existing_security_domain(self, data): data.securityDomainType = "existingdomain" - data.securityDomainUri = master['pki_security_domain_uri'] - data.securityDomainUser = master['pki_security_domain_user'] - data.securityDomainPassword = master['pki_security_domain_password'] + data.securityDomainUri = self.master_dict['pki_security_domain_uri'] + data.securityDomainUser = self.master_dict['pki_security_domain_user'] + data.securityDomainPassword = self.master_dict['pki_security_domain_password'] def set_new_security_domain(self, data): data.securityDomainType = "newdomain" - data.securityDomainName = master['pki_security_domain_name'] + data.securityDomainName = self.master_dict['pki_security_domain_name'] def set_database_parameters(self, data): - data.dsHost = master['pki_ds_hostname'] - data.dsPort = master['pki_ds_ldap_port'] - data.baseDN = master['pki_ds_base_dn'] - data.bindDN = master['pki_ds_bind_dn'] - data.database = master['pki_ds_database'] - data.bindpwd = master['pki_ds_password'] - if config.str2bool(master['pki_ds_remove_data']): + data.dsHost = self.master_dict['pki_ds_hostname'] + data.dsPort = self.master_dict['pki_ds_ldap_port'] + data.baseDN = self.master_dict['pki_ds_base_dn'] + data.bindDN = self.master_dict['pki_ds_bind_dn'] + data.database = self.master_dict['pki_ds_database'] + data.bindpwd = self.master_dict['pki_ds_password'] + if config.str2bool(self.master_dict['pki_ds_remove_data']): data.removeData = "true" else: data.removeData = "false" - if config.str2bool(master['pki_ds_secure_connection']): + if config.str2bool(self.master_dict['pki_ds_secure_connection']): data.secureConn = "true" else: data.secureConn = "false" def set_backup_parameters(self, data): - if config.str2bool(master['pki_backup_keys']): + if config.str2bool(self.master_dict['pki_backup_keys']): data.backupKeys = "true" - data.backupFile = master['pki_backup_keys_p12'] - data.backupPassword = master['pki_backup_password'] + data.backupFile = self.master_dict['pki_backup_keys_p12'] + data.backupPassword = self.master_dict['pki_backup_password'] else: data.backupKeys = "false" def set_admin_parameters(self, data): - data.adminEmail = master['pki_admin_email'] - data.adminName = master['pki_admin_name'] - data.adminPassword = master['pki_admin_password'] - data.adminProfileID = master['pki_admin_profile_id'] - data.adminUID = master['pki_admin_uid'] - data.adminSubjectDN = master['pki_admin_subject_dn'] - if config.str2bool(master['pki_import_admin_cert']): + data.adminEmail = self.master_dict['pki_admin_email'] + data.adminName = self.master_dict['pki_admin_name'] + data.adminPassword = self.master_dict['pki_admin_password'] + data.adminProfileID = self.master_dict['pki_admin_profile_id'] + data.adminUID = self.master_dict['pki_admin_uid'] + data.adminSubjectDN = self.master_dict['pki_admin_subject_dn'] + if config.str2bool(self.master_dict['pki_import_admin_cert']): data.importAdminCert = "true" # read config from file - with open(master['pki_admin_cert_file']) as f: + with open(self.master_dict['pki_admin_cert_file']) as f: b64 = f.read().replace('\n', '') data.adminCert = b64 else: data.importAdminCert = "false" - data.adminSubjectDN = master['pki_admin_subject_dn'] - if master['pki_admin_cert_request_type'] == "pkcs10": + data.adminSubjectDN = self.master_dict['pki_admin_subject_dn'] + if self.master_dict['pki_admin_cert_request_type'] == "pkcs10": data.adminCertRequestType = "pkcs10" noise_file = os.path.join( - master['pki_client_database_dir'], "noise") + self.master_dict['pki_client_database_dir'], "noise") output_file = os.path.join( - master['pki_client_database_dir'], "admin_pkcs10.bin") + self.master_dict['pki_client_database_dir'], "admin_pkcs10.bin") - file.generate_noise_file( - noise_file, int(master['pki_admin_keysize'])) + self.deployer.file.generate_noise_file( + noise_file, int(self.master_dict['pki_admin_keysize'])) - certutil.generate_certificate_request( - master['pki_admin_subject_dn'], - master['pki_admin_keysize'], - master['pki_client_password_conf'], + self.deployer.certutil.generate_certificate_request( + self.master_dict['pki_admin_subject_dn'], + self.master_dict['pki_admin_keysize'], + self.master_dict['pki_client_password_conf'], noise_file, output_file, - master['pki_client_database_dir'], + self.master_dict['pki_client_database_dir'], None, None, True) # convert output to ascii @@ -3401,58 +3457,68 @@ class config_client: raise Exception(log.PKI_CONFIG_PKCS10_SUPPORT_ONLY) def set_issuing_ca_parameters(self, data): - if master['pki_subsystem'] != "CA" or\ - config.str2bool(master['pki_clone']) or\ - config.str2bool(master['pki_subordinate']) or\ - config.str2bool(master['pki_external']): + if self.master_dict['pki_subsystem'] != "CA" or\ + config.str2bool(self.master_dict['pki_clone']) or\ + config.str2bool(self.master_dict['pki_subordinate']) or\ + config.str2bool(self.master_dict['pki_external']): # PKI KRA, PKI OCSP, PKI RA, PKI TKS, PKI TPS, # CA Clone, KRA Clone, OCSP Clone, TKS Clone, TPS Clone, # Subordinate CA, or External CA - data.issuingCA = master['pki_issuing_ca'] - if master['pki_subsystem'] == "CA" and\ - config.str2bool(master['pki_external_step_two']): + data.issuingCA = self.master_dict['pki_issuing_ca'] + if self.master_dict['pki_subsystem'] == "CA" and\ + config.str2bool(self.master_dict['pki_external_step_two']): # External CA Step 2 data.stepTwo = "true"; def create_system_cert(self, tag): cert = pki.system.SystemCertData() - cert.tag = master["pki_%s_tag" % tag] - cert.keyAlgorithm = master["pki_%s_key_algorithm" % tag] - cert.keySize = master["pki_%s_key_size" % tag] - cert.keyType = master["pki_%s_key_type" % tag] - cert.nickname = master["pki_%s_nickname" % tag] - cert.subjectDN = master["pki_%s_subject_dn" % tag] - cert.token = master["pki_%s_token" % tag] + cert.tag = self.master_dict["pki_%s_tag" % tag] + cert.keyAlgorithm = self.master_dict["pki_%s_key_algorithm" % tag] + cert.keySize = self.master_dict["pki_%s_key_size" % tag] + cert.keyType = self.master_dict["pki_%s_key_type" % tag] + cert.nickname = self.master_dict["pki_%s_nickname" % tag] + cert.subjectDN = self.master_dict["pki_%s_subject_dn" % tag] + cert.token = self.master_dict["pki_%s_token" % tag] return cert def retrieve_existing_server_cert(self, cfg_file): cs_cfg = PKIConfigParser.read_simple_configuration_file(cfg_file) cstype = cs_cfg.get('cs.type').lower() cert = pki.system.SystemCertData() - cert.tag = master["pki_ssl_server_tag"] - cert.keyAlgorithm = master["pki_ssl_server_key_algorithm"] - cert.keySize = master["pki_ssl_server_key_size"] - cert.keyType = master["pki_ssl_server_key_type"] + cert.tag = self.master_dict["pki_ssl_server_tag"] + cert.keyAlgorithm = self.master_dict["pki_ssl_server_key_algorithm"] + cert.keySize = self.master_dict["pki_ssl_server_key_size"] + cert.keyType = self.master_dict["pki_ssl_server_key_type"] cert.nickname = cs_cfg.get(cstype + ".sslserver.nickname") cert.cert = cs_cfg.get(cstype + ".sslserver.cert") cert.request = cs_cfg.get(cstype + ".sslserver.certreq") - cert.subjectDN = master["pki_ssl_server_subject_dn"] + cert.subjectDN = self.master_dict["pki_ssl_server_subject_dn"] cert.token = cs_cfg.get(cstype + ".sslserver.tokenname") return cert -# PKI Deployment Helper Class Instances -identity = identity() -namespace = namespace() -configuration_file = configuration_file() -# xml_file = xml_file() -instance = instance() -directory = directory() -file = file() -symlink = symlink() -war = war() -password = password() -certutil = certutil() -pk12util = pk12util() -security_domain = security_domain() -kra_connector = kra_connector() -systemd = systemd() +class PKIDeployer: + """Holds the global dictionaries and the utility objects""" + + def __init__(self, pki_master_dict, pki_slots_dict = None): + # Global dictionary variables + self.master_dict = pki_master_dict + self.slots = pki_slots_dict + + # Utility objects + self.identity = Identity(self) + self.namespace = Namespace(self) + self.configuration_file = ConfigurationFile(self) + self.instance = Instance(self) + self.directory = Directory(self) + self.file = File(self) + self.symlink = Symlink(self) + self.war = War(self) + self.password = Password(self) + self.certutil = Certutil(self) + self.pk12util = PK12util(self) + self.kra_connector = KRAConnector(self) + self.security_domain = SecurityDomain(self) + self.systemd = Systemd(self) + self.config_client = ConfigClient(self) + + diff --git a/base/server/src/engine/pkiparser.py b/base/server/src/engine/pkiparser.py index 340780204..a180db507 100644 --- a/base/server/src/engine/pkiparser.py +++ b/base/server/src/engine/pkiparser.py @@ -85,9 +85,12 @@ class PKIConfigParser: nargs=1, metavar='<prefix>', help='directory prefix to specify local directory ' '[TEST ONLY]') - self.indent = 0 + # Master and Slot dictionaries + self.pki_master_dict = dict() + self.pki_slots_dict = dict() + # PKI Deployment Helper Functions def process_command_line_arguments(self, argv): @@ -245,7 +248,7 @@ class PKIConfigParser: options=None, sign=':', allowEmpty=True, caseSensitive=True): if default is None and property is not None: - default = config.pki_master_dict[property] + default = self.pki_master_dict[property] if default: message = message + ' [' + default + ']' message = ' ' * self.indent + message + sign + ' ' @@ -327,11 +330,11 @@ class PKIConfigParser: def flatten_master_dict(self): - config.pki_master_dict.update(__name__="PKI Master Dictionary") + self.pki_master_dict.update(__name__="PKI Master Dictionary") default_dict = dict(self.pki_config.items('DEFAULT')) default_dict[0] = None - config.pki_master_dict.update(default_dict) + self.pki_master_dict.update(default_dict) web_server_dict = None if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: @@ -343,37 +346,37 @@ class PKIConfigParser: if web_server_dict: web_server_dict[0] = None - config.pki_master_dict.update(web_server_dict) + self.pki_master_dict.update(web_server_dict) if self.pki_config.has_section(config.pki_subsystem): subsystem_dict = dict(self.pki_config.items(config.pki_subsystem)) subsystem_dict[0] = None - config.pki_master_dict.update(subsystem_dict) + self.pki_master_dict.update(subsystem_dict) def ds_connect(self): - hostname = config.pki_master_dict['pki_ds_hostname'] + hostname = self.pki_master_dict['pki_ds_hostname'] - if config.str2bool(config.pki_master_dict['pki_ds_secure_connection']): + if config.str2bool(self.pki_master_dict['pki_ds_secure_connection']): protocol = 'ldaps' - port = config.pki_master_dict['pki_ds_ldaps_port'] + port = self.pki_master_dict['pki_ds_ldaps_port'] else: protocol = 'ldap' - port = config.pki_master_dict['pki_ds_ldap_port'] + port = self.pki_master_dict['pki_ds_ldap_port'] self.ds_connection = ldap.initialize(protocol + '://' + hostname + ':' + port) self.ds_connection.search_s('', ldap.SCOPE_BASE) def ds_bind(self): self.ds_connection.simple_bind_s( - config.pki_master_dict['pki_ds_bind_dn'], - config.pki_master_dict['pki_ds_password']) + self.pki_master_dict['pki_ds_bind_dn'], + self.pki_master_dict['pki_ds_password']) def ds_base_dn_exists(self): try: results = self.ds_connection.search_s( - config.pki_master_dict['pki_ds_base_dn'], + self.pki_master_dict['pki_ds_base_dn'], ldap.SCOPE_BASE) if results is None or len(results) == 0: @@ -390,8 +393,8 @@ class PKIConfigParser: def sd_connect(self): self.sd_connection = pki.client.PKIConnection( protocol='https', - hostname=config.pki_master_dict['pki_security_domain_hostname'], - port=config.pki_master_dict['pki_security_domain_https_port'], + hostname=self.pki_master_dict['pki_security_domain_hostname'], + port=self.pki_master_dict['pki_security_domain_https_port'], subsystem='ca') def sd_get_info(self): @@ -408,8 +411,8 @@ class PKIConfigParser: def sd_authenticate(self): self.sd_connection.authenticate( - config.pki_master_dict['pki_security_domain_user'], - config.pki_master_dict['pki_security_domain_password']) + self.pki_master_dict['pki_security_domain_user'], + self.pki_master_dict['pki_security_domain_password']) account = pki.account.AccountClient(self.sd_connection) try: @@ -429,361 +432,361 @@ class PKIConfigParser: "Create a single master PKI dictionary from the sectional dictionaries" try: # 'pkispawn'/'pkidestroy' name/value pairs - config.pki_master_dict['pki_deployment_executable'] =\ + self.pki_master_dict['pki_deployment_executable'] =\ config.pki_deployment_executable - config.pki_master_dict['pki_install_time'] = config.pki_install_time - config.pki_master_dict['pki_timestamp'] = config.pki_timestamp - config.pki_master_dict['pki_certificate_timestamp'] =\ + self.pki_master_dict['pki_install_time'] = config.pki_install_time + self.pki_master_dict['pki_timestamp'] = config.pki_timestamp + self.pki_master_dict['pki_certificate_timestamp'] =\ config.pki_certificate_timestamp - config.pki_master_dict['pki_architecture'] = config.pki_architecture - config.pki_master_dict['pki_default_deployment_cfg'] = config.default_deployment_cfg - config.pki_master_dict['pki_user_deployment_cfg'] = config.user_deployment_cfg - config.pki_master_dict['pki_deployed_instance_name'] =\ + self.pki_master_dict['pki_architecture'] = config.pki_architecture + self.pki_master_dict['pki_default_deployment_cfg'] = config.default_deployment_cfg + self.pki_master_dict['pki_user_deployment_cfg'] = config.user_deployment_cfg + self.pki_master_dict['pki_deployed_instance_name'] =\ config.pki_deployed_instance_name # Generate random 'pin's for use as security database passwords # and add these to the "sensitive" key value pairs read in from # the configuration file pin_low = 100000000000 pin_high = 999999999999 - config.pki_master_dict['pki_pin'] =\ + self.pki_master_dict['pki_pin'] =\ random.randint(pin_low, pin_high) - config.pki_master_dict['pki_client_pin'] =\ + self.pki_master_dict['pki_client_pin'] =\ random.randint(pin_low, pin_high) self.flatten_master_dict() - pkilogging.sensitive_parameters = config.pki_master_dict['sensitive_parameters'].split() + pkilogging.sensitive_parameters = self.pki_master_dict['sensitive_parameters'].split() # PKI Target (slot substitution) name/value pairs - config.pki_master_dict['pki_target_cs_cfg'] =\ + self.pki_master_dict['pki_target_cs_cfg'] =\ os.path.join( - config.pki_master_dict['pki_subsystem_configuration_path'], + self.pki_master_dict['pki_subsystem_configuration_path'], "CS.cfg") - config.pki_master_dict['pki_target_registry'] =\ - os.path.join(config.pki_master_dict['pki_instance_registry_path'], - config.pki_master_dict['pki_instance_name']) - if config.pki_master_dict['pki_subsystem'] == "CA" and\ - config.str2bool(config.pki_master_dict['pki_external_step_two']): + self.pki_master_dict['pki_target_registry'] =\ + os.path.join(self.pki_master_dict['pki_instance_registry_path'], + self.pki_master_dict['pki_instance_name']) + if self.pki_master_dict['pki_subsystem'] == "CA" and\ + config.str2bool(self.pki_master_dict['pki_external_step_two']): # Use the 'pki_one_time_pin' established during the setup of # External CA Step 1 - if os.path.exists(config.pki_master_dict['pki_target_cs_cfg'])\ + if os.path.exists(self.pki_master_dict['pki_target_cs_cfg'])\ and\ - os.path.isfile(config.pki_master_dict['pki_target_cs_cfg']): + os.path.isfile(self.pki_master_dict['pki_target_cs_cfg']): cs_cfg = self.read_simple_configuration_file( - config.pki_master_dict['pki_target_cs_cfg']) - config.pki_master_dict['pki_one_time_pin'] =\ + self.pki_master_dict['pki_target_cs_cfg']) + self.pki_master_dict['pki_one_time_pin'] =\ cs_cfg.get('preop.pin') else: config.pki_log.error(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, - config.pki_master_dict['pki_target_cs_cfg'], + self.pki_master_dict['pki_target_cs_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1) else: # Generate a one-time pin to be used prior to configuration # and add this to the "sensitive" key value pairs read in from # the configuration file - config.pki_master_dict['pki_one_time_pin'] =\ + self.pki_master_dict['pki_one_time_pin'] =\ ''.join(random.choice(string.ascii_letters + string.digits)\ for x in range(20)) - if config.pki_master_dict['pki_subsystem'] in\ + if self.pki_master_dict['pki_subsystem'] in\ config.PKI_TOMCAT_SUBSYSTEMS: - config.pki_master_dict['pki_target_catalina_properties'] =\ + self.pki_master_dict['pki_target_catalina_properties'] =\ os.path.join( - config.pki_master_dict['pki_instance_configuration_path'], + self.pki_master_dict['pki_instance_configuration_path'], "catalina.properties") - config.pki_master_dict['pki_target_servercertnick_conf'] =\ + self.pki_master_dict['pki_target_servercertnick_conf'] =\ os.path.join( - config.pki_master_dict['pki_instance_configuration_path'], + self.pki_master_dict['pki_instance_configuration_path'], "serverCertNick.conf") - config.pki_master_dict['pki_target_server_xml'] =\ + self.pki_master_dict['pki_target_server_xml'] =\ os.path.join( - config.pki_master_dict['pki_instance_configuration_path'], + self.pki_master_dict['pki_instance_configuration_path'], "server.xml") - config.pki_master_dict['pki_target_context_xml'] =\ + self.pki_master_dict['pki_target_context_xml'] =\ os.path.join( - config.pki_master_dict['pki_instance_configuration_path'], + self.pki_master_dict['pki_instance_configuration_path'], "context.xml") - config.pki_master_dict['pki_target_tomcat_conf_instance_id'] =\ - config.pki_master_dict['pki_root_prefix'] +\ + self.pki_master_dict['pki_target_tomcat_conf_instance_id'] =\ + self.pki_master_dict['pki_root_prefix'] +\ "/etc/sysconfig/" +\ - config.pki_master_dict['pki_instance_name'] - config.pki_master_dict['pki_target_tomcat_conf'] =\ + self.pki_master_dict['pki_instance_name'] + self.pki_master_dict['pki_target_tomcat_conf'] =\ os.path.join( - config.pki_master_dict['pki_instance_configuration_path'], + self.pki_master_dict['pki_instance_configuration_path'], "tomcat.conf") # in-place slot substitution name/value pairs - config.pki_master_dict['pki_target_velocity_properties'] =\ + self.pki_master_dict['pki_target_velocity_properties'] =\ os.path.join( - config.pki_master_dict['pki_tomcat_webapps_subsystem_path'], + self.pki_master_dict['pki_tomcat_webapps_subsystem_path'], "WEB-INF", "velocity.properties") - config.pki_master_dict['pki_target_subsystem_web_xml'] =\ + self.pki_master_dict['pki_target_subsystem_web_xml'] =\ os.path.join( - config.pki_master_dict['pki_tomcat_webapps_subsystem_path'], + self.pki_master_dict['pki_tomcat_webapps_subsystem_path'], "WEB-INF", "web.xml") - config.pki_master_dict['pki_target_subsystem_web_xml_orig'] =\ + self.pki_master_dict['pki_target_subsystem_web_xml_orig'] =\ os.path.join( - config.pki_master_dict['pki_tomcat_webapps_subsystem_path'], + self.pki_master_dict['pki_tomcat_webapps_subsystem_path'], "WEB-INF", "web.xml.orig") # subystem-specific slot substitution name/value pairs - if config.pki_master_dict['pki_subsystem'] == "CA": - config.pki_master_dict['pki_target_flatfile_txt'] =\ - os.path.join(config.pki_master_dict\ + if self.pki_master_dict['pki_subsystem'] == "CA": + self.pki_master_dict['pki_target_flatfile_txt'] =\ + os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "flatfile.txt") - config.pki_master_dict['pki_target_proxy_conf'] =\ - os.path.join(config.pki_master_dict\ + self.pki_master_dict['pki_target_proxy_conf'] =\ + os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "proxy.conf") - config.pki_master_dict['pki_target_registry_cfg'] =\ - os.path.join(config.pki_master_dict\ + self.pki_master_dict['pki_target_registry_cfg'] =\ + os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "registry.cfg") # '*.profile' - config.pki_master_dict['pki_target_admincert_profile'] =\ - os.path.join(config.pki_master_dict\ + self.pki_master_dict['pki_target_admincert_profile'] =\ + os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "adminCert.profile") - config.pki_master_dict['pki_target_caauditsigningcert_profile']\ - = os.path.join(config.pki_master_dict\ + self.pki_master_dict['pki_target_caauditsigningcert_profile']\ + = os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "caAuditSigningCert.profile") - config.pki_master_dict['pki_target_cacert_profile'] =\ - os.path.join(config.pki_master_dict\ + self.pki_master_dict['pki_target_cacert_profile'] =\ + os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "caCert.profile") - config.pki_master_dict['pki_target_caocspcert_profile'] =\ - os.path.join(config.pki_master_dict\ + self.pki_master_dict['pki_target_caocspcert_profile'] =\ + os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "caOCSPCert.profile") - config.pki_master_dict['pki_target_servercert_profile'] =\ - os.path.join(config.pki_master_dict\ + self.pki_master_dict['pki_target_servercert_profile'] =\ + os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "serverCert.profile") - config.pki_master_dict['pki_target_subsystemcert_profile'] =\ - os.path.join(config.pki_master_dict\ + self.pki_master_dict['pki_target_subsystemcert_profile'] =\ + os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "subsystemCert.profile") # in-place slot substitution name/value pairs - config.pki_master_dict['pki_target_profileselect_template'] =\ + self.pki_master_dict['pki_target_profileselect_template'] =\ os.path.join( - config.pki_master_dict\ + self.pki_master_dict\ ['pki_tomcat_webapps_subsystem_path'], "ee", - config.pki_master_dict['pki_subsystem'].lower(), + self.pki_master_dict['pki_subsystem'].lower(), "ProfileSelect.template") - elif config.pki_master_dict['pki_subsystem'] == "KRA": + elif self.pki_master_dict['pki_subsystem'] == "KRA": # '*.profile' - config.pki_master_dict['pki_target_servercert_profile'] =\ - os.path.join(config.pki_master_dict\ + self.pki_master_dict['pki_target_servercert_profile'] =\ + os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "serverCert.profile") - config.pki_master_dict['pki_target_storagecert_profile'] =\ - os.path.join(config.pki_master_dict\ + self.pki_master_dict['pki_target_storagecert_profile'] =\ + os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "storageCert.profile") - config.pki_master_dict['pki_target_subsystemcert_profile'] =\ - os.path.join(config.pki_master_dict\ + self.pki_master_dict['pki_target_subsystemcert_profile'] =\ + os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "subsystemCert.profile") - config.pki_master_dict['pki_target_transportcert_profile'] =\ - os.path.join(config.pki_master_dict\ + self.pki_master_dict['pki_target_transportcert_profile'] =\ + os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "transportCert.profile") # Slot assignment name/value pairs # NOTE: Master key == Slots key; Master value ==> Slots value - config.pki_master_dict['PKI_INSTANCE_NAME_SLOT'] =\ - config.pki_master_dict['pki_instance_name'] - config.pki_master_dict['PKI_INSTANCE_INITSCRIPT_SLOT'] =\ - os.path.join(config.pki_master_dict['pki_instance_path'], - config.pki_master_dict['pki_instance_name']) - config.pki_master_dict['PKI_REGISTRY_FILE_SLOT'] =\ - os.path.join(config.pki_master_dict['pki_subsystem_registry_path'], - config.pki_master_dict['pki_instance_name']) - if config.pki_master_dict['pki_subsystem'] in\ + self.pki_master_dict['PKI_INSTANCE_NAME_SLOT'] =\ + self.pki_master_dict['pki_instance_name'] + self.pki_master_dict['PKI_INSTANCE_INITSCRIPT_SLOT'] =\ + os.path.join(self.pki_master_dict['pki_instance_path'], + self.pki_master_dict['pki_instance_name']) + self.pki_master_dict['PKI_REGISTRY_FILE_SLOT'] =\ + os.path.join(self.pki_master_dict['pki_subsystem_registry_path'], + self.pki_master_dict['pki_instance_name']) + if self.pki_master_dict['pki_subsystem'] in\ config.PKI_APACHE_SUBSYSTEMS: - config.pki_master_dict['FORTITUDE_APACHE_SLOT'] = None - config.pki_master_dict['FORTITUDE_AUTH_MODULES_SLOT'] = None - config.pki_master_dict['FORTITUDE_DIR_SLOT'] = None - config.pki_master_dict['FORTITUDE_LIB_DIR_SLOT'] = None - config.pki_master_dict['FORTITUDE_MODULE_SLOT'] = None - config.pki_master_dict['FORTITUDE_NSS_MODULES_SLOT'] = None - config.pki_master_dict['HTTPD_CONF_SLOT'] = None - config.pki_master_dict['LIB_PREFIX_SLOT'] = None - config.pki_master_dict['NON_CLIENTAUTH_SECURE_PORT_SLOT'] = None - config.pki_master_dict['NSS_CONF_SLOT'] = None - config.pki_master_dict['OBJ_EXT_SLOT'] = None - config.pki_master_dict['PKI_LOCKDIR_SLOT'] =\ + self.pki_master_dict['FORTITUDE_APACHE_SLOT'] = None + self.pki_master_dict['FORTITUDE_AUTH_MODULES_SLOT'] = None + self.pki_master_dict['FORTITUDE_DIR_SLOT'] = None + self.pki_master_dict['FORTITUDE_LIB_DIR_SLOT'] = None + self.pki_master_dict['FORTITUDE_MODULE_SLOT'] = None + self.pki_master_dict['FORTITUDE_NSS_MODULES_SLOT'] = None + self.pki_master_dict['HTTPD_CONF_SLOT'] = None + self.pki_master_dict['LIB_PREFIX_SLOT'] = None + self.pki_master_dict['NON_CLIENTAUTH_SECURE_PORT_SLOT'] = None + self.pki_master_dict['NSS_CONF_SLOT'] = None + self.pki_master_dict['OBJ_EXT_SLOT'] = None + self.pki_master_dict['PKI_LOCKDIR_SLOT'] =\ os.path.join("/var/lock/pki", "apache") - config.pki_master_dict['PKI_PIDDIR_SLOT'] =\ + self.pki_master_dict['PKI_PIDDIR_SLOT'] =\ os.path.join("/var/run/pki", "apache") - config.pki_master_dict['PKI_WEB_SERVER_TYPE_SLOT'] = "apache" - config.pki_master_dict['PORT_SLOT'] = None - config.pki_master_dict['PROCESS_ID_SLOT'] = None - config.pki_master_dict['REQUIRE_CFG_PL_SLOT'] = None - config.pki_master_dict['SECURE_PORT_SLOT'] = None - config.pki_master_dict['SECURITY_LIBRARIES_SLOT'] = None - config.pki_master_dict['PKI_HOSTNAME_SLOT'] = None - config.pki_master_dict['SERVER_ROOT_SLOT'] = None - config.pki_master_dict['SYSTEM_LIBRARIES_SLOT'] = None - config.pki_master_dict['SYSTEM_USER_LIBRARIES_SLOT'] = None - config.pki_master_dict['TMP_DIR_SLOT'] = None - config.pki_master_dict['TPS_DIR_SLOT'] = None - elif config.pki_master_dict['pki_subsystem'] in\ + self.pki_master_dict['PKI_WEB_SERVER_TYPE_SLOT'] = "apache" + self.pki_master_dict['PORT_SLOT'] = None + self.pki_master_dict['PROCESS_ID_SLOT'] = None + self.pki_master_dict['REQUIRE_CFG_PL_SLOT'] = None + self.pki_master_dict['SECURE_PORT_SLOT'] = None + self.pki_master_dict['SECURITY_LIBRARIES_SLOT'] = None + self.pki_master_dict['PKI_HOSTNAME_SLOT'] = None + self.pki_master_dict['SERVER_ROOT_SLOT'] = None + self.pki_master_dict['SYSTEM_LIBRARIES_SLOT'] = None + self.pki_master_dict['SYSTEM_USER_LIBRARIES_SLOT'] = None + self.pki_master_dict['TMP_DIR_SLOT'] = None + self.pki_master_dict['TPS_DIR_SLOT'] = None + elif self.pki_master_dict['pki_subsystem'] in\ config.PKI_TOMCAT_SUBSYSTEMS: - config.pki_master_dict['INSTALL_TIME_SLOT'] =\ - config.pki_master_dict['pki_install_time'] - config.pki_master_dict['PKI_ADMIN_SECURE_PORT_SLOT'] =\ - config.pki_master_dict['pki_https_port'] - config.pki_master_dict\ + self.pki_master_dict['INSTALL_TIME_SLOT'] =\ + self.pki_master_dict['pki_install_time'] + self.pki_master_dict['PKI_ADMIN_SECURE_PORT_SLOT'] =\ + self.pki_master_dict['pki_https_port'] + self.pki_master_dict\ ['PKI_ADMIN_SECURE_PORT_CONNECTOR_NAME_SLOT'] =\ "Unused" - config.pki_master_dict\ + self.pki_master_dict\ ['PKI_ADMIN_SECURE_PORT_SERVER_COMMENT_SLOT'] =\ "" - config.pki_master_dict['PKI_AGENT_CLIENTAUTH_SLOT'] =\ + self.pki_master_dict['PKI_AGENT_CLIENTAUTH_SLOT'] =\ "want" - config.pki_master_dict['PKI_AGENT_SECURE_PORT_SLOT'] =\ - config.pki_master_dict['pki_https_port'] - config.pki_master_dict['PKI_AJP_PORT_SLOT'] =\ - config.pki_master_dict['pki_ajp_port'] - config.pki_master_dict['PKI_AJP_REDIRECT_PORT_SLOT'] =\ - config.pki_master_dict['pki_https_port'] - config.pki_master_dict['PKI_CA_HOSTNAME_SLOT'] =\ - config.pki_master_dict['pki_ca_hostname'] - config.pki_master_dict['PKI_CA_PORT_SLOT'] =\ - config.pki_master_dict['pki_ca_port'] - config.pki_master_dict['PKI_CERT_DB_PASSWORD_SLOT'] =\ - config.pki_master_dict['pki_pin'] - config.pki_master_dict['PKI_CFG_PATH_NAME_SLOT'] =\ - config.pki_master_dict['pki_target_cs_cfg'] - config.pki_master_dict\ + self.pki_master_dict['PKI_AGENT_SECURE_PORT_SLOT'] =\ + self.pki_master_dict['pki_https_port'] + self.pki_master_dict['PKI_AJP_PORT_SLOT'] =\ + self.pki_master_dict['pki_ajp_port'] + self.pki_master_dict['PKI_AJP_REDIRECT_PORT_SLOT'] =\ + self.pki_master_dict['pki_https_port'] + self.pki_master_dict['PKI_CA_HOSTNAME_SLOT'] =\ + self.pki_master_dict['pki_ca_hostname'] + self.pki_master_dict['PKI_CA_PORT_SLOT'] =\ + self.pki_master_dict['pki_ca_port'] + self.pki_master_dict['PKI_CERT_DB_PASSWORD_SLOT'] =\ + self.pki_master_dict['pki_pin'] + self.pki_master_dict['PKI_CFG_PATH_NAME_SLOT'] =\ + self.pki_master_dict['pki_target_cs_cfg'] + self.pki_master_dict\ ['PKI_CLOSE_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] =\ "-->" - config.pki_master_dict\ + self.pki_master_dict\ ['PKI_CLOSE_SEPARATE_PORTS_WEB_COMMENT_SLOT'] =\ "-->" - config.pki_master_dict['PKI_EE_SECURE_CLIENT_AUTH_PORT_SLOT'] =\ - config.pki_master_dict['pki_https_port'] - config.pki_master_dict\ + self.pki_master_dict['PKI_EE_SECURE_CLIENT_AUTH_PORT_SLOT'] =\ + self.pki_master_dict['pki_https_port'] + self.pki_master_dict\ ['PKI_EE_SECURE_CLIENT_AUTH_PORT_CONNECTOR_NAME_SLOT'] =\ "Unused" - config.pki_master_dict\ + self.pki_master_dict\ ['PKI_EE_SECURE_CLIENT_AUTH_PORT_SERVER_COMMENT_SLOT'] =\ "" - config.pki_master_dict['PKI_EE_SECURE_CLIENT_AUTH_PORT_UI_SLOT'] =\ - config.pki_master_dict['pki_https_port'] - config.pki_master_dict['PKI_EE_SECURE_PORT_SLOT'] =\ - config.pki_master_dict['pki_https_port'] - config.pki_master_dict['PKI_EE_SECURE_PORT_CONNECTOR_NAME_SLOT'] =\ + self.pki_master_dict['PKI_EE_SECURE_CLIENT_AUTH_PORT_UI_SLOT'] =\ + self.pki_master_dict['pki_https_port'] + self.pki_master_dict['PKI_EE_SECURE_PORT_SLOT'] =\ + self.pki_master_dict['pki_https_port'] + self.pki_master_dict['PKI_EE_SECURE_PORT_CONNECTOR_NAME_SLOT'] =\ "Unused" - config.pki_master_dict['PKI_EE_SECURE_PORT_SERVER_COMMENT_SLOT'] =\ + self.pki_master_dict['PKI_EE_SECURE_PORT_SERVER_COMMENT_SLOT'] =\ "" - config.pki_master_dict['PKI_GROUP_SLOT'] =\ - config.pki_master_dict['pki_group'] - config.pki_master_dict['PKI_INSTANCE_PATH_SLOT'] =\ - config.pki_master_dict['pki_instance_path'] - config.pki_master_dict['PKI_INSTANCE_ROOT_SLOT'] =\ - config.pki_master_dict['pki_path'] - config.pki_master_dict['PKI_LOCKDIR_SLOT'] =\ + self.pki_master_dict['PKI_GROUP_SLOT'] =\ + self.pki_master_dict['pki_group'] + self.pki_master_dict['PKI_INSTANCE_PATH_SLOT'] =\ + self.pki_master_dict['pki_instance_path'] + self.pki_master_dict['PKI_INSTANCE_ROOT_SLOT'] =\ + self.pki_master_dict['pki_path'] + self.pki_master_dict['PKI_LOCKDIR_SLOT'] =\ os.path.join("/var/lock/pki", "tomcat") - config.pki_master_dict['PKI_HOSTNAME_SLOT'] =\ - config.pki_master_dict['pki_hostname'] - config.pki_master_dict\ + self.pki_master_dict['PKI_HOSTNAME_SLOT'] =\ + self.pki_master_dict['pki_hostname'] + self.pki_master_dict\ ['PKI_OPEN_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] =\ "<!--" - config.pki_master_dict\ + self.pki_master_dict\ ['PKI_OPEN_SEPARATE_PORTS_WEB_COMMENT_SLOT'] =\ "<!--" - config.pki_master_dict['PKI_PIDDIR_SLOT'] =\ + self.pki_master_dict['PKI_PIDDIR_SLOT'] =\ os.path.join("/var/run/pki", "tomcat") - if config.str2bool(config.pki_master_dict['pki_enable_proxy']): - config.pki_master_dict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] =\ + if config.str2bool(self.pki_master_dict['pki_enable_proxy']): + self.pki_master_dict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] =\ "" - config.pki_master_dict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] =\ + self.pki_master_dict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] =\ "" - config.pki_master_dict['PKI_PROXY_SECURE_PORT_SLOT'] =\ - config.pki_master_dict['pki_proxy_https_port'] - config.pki_master_dict['PKI_PROXY_UNSECURE_PORT_SLOT'] =\ - config.pki_master_dict['pki_proxy_http_port'] - config.pki_master_dict['PKI_OPEN_AJP_PORT_COMMENT_SLOT'] =\ + self.pki_master_dict['PKI_PROXY_SECURE_PORT_SLOT'] =\ + self.pki_master_dict['pki_proxy_https_port'] + self.pki_master_dict['PKI_PROXY_UNSECURE_PORT_SLOT'] =\ + self.pki_master_dict['pki_proxy_http_port'] + self.pki_master_dict['PKI_OPEN_AJP_PORT_COMMENT_SLOT'] =\ "" - config.pki_master_dict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] =\ + self.pki_master_dict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] =\ "" else: - config.pki_master_dict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] =\ + self.pki_master_dict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] =\ "-->" - config.pki_master_dict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] =\ + self.pki_master_dict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] =\ "-->" - config.pki_master_dict['PKI_PROXY_SECURE_PORT_SLOT'] = "" - config.pki_master_dict['PKI_PROXY_UNSECURE_PORT_SLOT'] = "" - config.pki_master_dict['PKI_OPEN_AJP_PORT_COMMENT_SLOT'] =\ + self.pki_master_dict['PKI_PROXY_SECURE_PORT_SLOT'] = "" + self.pki_master_dict['PKI_PROXY_UNSECURE_PORT_SLOT'] = "" + self.pki_master_dict['PKI_OPEN_AJP_PORT_COMMENT_SLOT'] =\ "<!--" - config.pki_master_dict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] =\ + self.pki_master_dict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] =\ "<!--" - config.pki_master_dict['PKI_TMPDIR_SLOT'] =\ - config.pki_master_dict['pki_tomcat_tmpdir_path'] - config.pki_master_dict['PKI_RESTEASY_LIB_SLOT'] =\ - config.pki_master_dict['resteasy_lib'] - config.pki_master_dict['PKI_RANDOM_NUMBER_SLOT'] =\ - config.pki_master_dict['pki_one_time_pin'] - config.pki_master_dict['PKI_SECURE_PORT_SLOT'] =\ - config.pki_master_dict['pki_https_port'] - config.pki_master_dict['PKI_SECURE_PORT_CONNECTOR_NAME_SLOT'] =\ + self.pki_master_dict['PKI_TMPDIR_SLOT'] =\ + self.pki_master_dict['pki_tomcat_tmpdir_path'] + self.pki_master_dict['PKI_RESTEASY_LIB_SLOT'] =\ + self.pki_master_dict['resteasy_lib'] + self.pki_master_dict['PKI_RANDOM_NUMBER_SLOT'] =\ + self.pki_master_dict['pki_one_time_pin'] + self.pki_master_dict['PKI_SECURE_PORT_SLOT'] =\ + self.pki_master_dict['pki_https_port'] + self.pki_master_dict['PKI_SECURE_PORT_CONNECTOR_NAME_SLOT'] =\ "Secure" - config.pki_master_dict['PKI_SECURE_PORT_SERVER_COMMENT_SLOT'] =\ + self.pki_master_dict['PKI_SECURE_PORT_SERVER_COMMENT_SLOT'] =\ "<!-- " +\ "Shared Ports: Agent, EE, and Admin Secure Port Connector " +\ "-->" - config.pki_master_dict['PKI_SECURITY_MANAGER_SLOT'] =\ - config.pki_master_dict['pki_security_manager'] - config.pki_master_dict['PKI_SERVER_XML_CONF_SLOT'] =\ - config.pki_master_dict['pki_target_server_xml'] - config.pki_master_dict['PKI_SSL_SERVER_NICKNAME_SLOT'] =\ - config.pki_master_dict['pki_ssl_server_nickname'] - config.pki_master_dict['PKI_SUBSYSTEM_TYPE_SLOT'] =\ - config.pki_master_dict['pki_subsystem'].lower() - config.pki_master_dict['PKI_SYSTEMD_SERVICENAME_SLOT'] =\ + self.pki_master_dict['PKI_SECURITY_MANAGER_SLOT'] =\ + self.pki_master_dict['pki_security_manager'] + self.pki_master_dict['PKI_SERVER_XML_CONF_SLOT'] =\ + self.pki_master_dict['pki_target_server_xml'] + self.pki_master_dict['PKI_SSL_SERVER_NICKNAME_SLOT'] =\ + self.pki_master_dict['pki_ssl_server_nickname'] + self.pki_master_dict['PKI_SUBSYSTEM_TYPE_SLOT'] =\ + self.pki_master_dict['pki_subsystem'].lower() + self.pki_master_dict['PKI_SYSTEMD_SERVICENAME_SLOT'] =\ "pki-tomcatd" + "@" +\ - config.pki_master_dict['pki_instance_name'] + ".service" - config.pki_master_dict['PKI_UNSECURE_PORT_SLOT'] =\ - config.pki_master_dict['pki_http_port'] - config.pki_master_dict['PKI_UNSECURE_PORT_CONNECTOR_NAME_SLOT'] =\ + self.pki_master_dict['pki_instance_name'] + ".service" + self.pki_master_dict['PKI_UNSECURE_PORT_SLOT'] =\ + self.pki_master_dict['pki_http_port'] + self.pki_master_dict['PKI_UNSECURE_PORT_CONNECTOR_NAME_SLOT'] =\ "Unsecure" - config.pki_master_dict['PKI_UNSECURE_PORT_SERVER_COMMENT_SLOT'] =\ + self.pki_master_dict['PKI_UNSECURE_PORT_SERVER_COMMENT_SLOT'] =\ "<!-- Shared Ports: Unsecure Port Connector -->" - config.pki_master_dict['PKI_USER_SLOT'] =\ - config.pki_master_dict['pki_user'] - config.pki_master_dict['PKI_WEB_SERVER_TYPE_SLOT'] =\ + self.pki_master_dict['PKI_USER_SLOT'] =\ + self.pki_master_dict['pki_user'] + self.pki_master_dict['PKI_WEB_SERVER_TYPE_SLOT'] =\ "tomcat" - config.pki_master_dict['PKI_WEBAPPS_NAME_SLOT'] =\ + self.pki_master_dict['PKI_WEBAPPS_NAME_SLOT'] =\ "webapps" - config.pki_master_dict['TOMCAT_CFG_SLOT'] =\ - config.pki_master_dict['pki_target_tomcat_conf'] - config.pki_master_dict['TOMCAT_INSTANCE_COMMON_LIB_SLOT'] =\ + self.pki_master_dict['TOMCAT_CFG_SLOT'] =\ + self.pki_master_dict['pki_target_tomcat_conf'] + self.pki_master_dict['TOMCAT_INSTANCE_COMMON_LIB_SLOT'] =\ os.path.join( - config.pki_master_dict['pki_tomcat_common_lib_path'], + self.pki_master_dict['pki_tomcat_common_lib_path'], "*.jar") - config.pki_master_dict['TOMCAT_LOG_DIR_SLOT'] =\ - config.pki_master_dict['pki_instance_log_path'] - config.pki_master_dict['TOMCAT_PIDFILE_SLOT'] =\ - "/var/run/pki/tomcat/" + config.pki_master_dict['pki_instance_name'] + ".pid" - config.pki_master_dict['TOMCAT_SERVER_PORT_SLOT'] =\ - config.pki_master_dict['pki_tomcat_server_port'] - config.pki_master_dict['TOMCAT_SSL2_CIPHERS_SLOT'] =\ + self.pki_master_dict['TOMCAT_LOG_DIR_SLOT'] =\ + self.pki_master_dict['pki_instance_log_path'] + self.pki_master_dict['TOMCAT_PIDFILE_SLOT'] =\ + "/var/run/pki/tomcat/" + self.pki_master_dict['pki_instance_name'] + ".pid" + self.pki_master_dict['TOMCAT_SERVER_PORT_SLOT'] =\ + self.pki_master_dict['pki_tomcat_server_port'] + self.pki_master_dict['TOMCAT_SSL2_CIPHERS_SLOT'] =\ "-SSL2_RC4_128_WITH_MD5," +\ "-SSL2_RC4_128_EXPORT40_WITH_MD5," +\ "-SSL2_RC2_128_CBC_WITH_MD5," +\ "-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5," +\ "-SSL2_DES_64_CBC_WITH_MD5," +\ "-SSL2_DES_192_EDE3_CBC_WITH_MD5" - config.pki_master_dict['TOMCAT_SSL3_CIPHERS_SLOT'] =\ + self.pki_master_dict['TOMCAT_SSL3_CIPHERS_SLOT'] =\ "-SSL3_FORTEZZA_DMS_WITH_NULL_SHA," +\ "-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA," +\ "+SSL3_RSA_WITH_RC4_128_SHA," +\ @@ -798,11 +801,11 @@ class PKIConfigParser: "-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA," +\ "-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," +\ "+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" - config.pki_master_dict['TOMCAT_SSL_OPTIONS_SLOT'] =\ + self.pki_master_dict['TOMCAT_SSL_OPTIONS_SLOT'] =\ "ssl2=true," +\ "ssl3=true," +\ "tls=true" - config.pki_master_dict['TOMCAT_TLS_CIPHERS_SLOT'] =\ + self.pki_master_dict['TOMCAT_TLS_CIPHERS_SLOT'] =\ "-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA," +\ "-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA," +\ "+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA," +\ @@ -824,56 +827,56 @@ class PKIConfigParser: "+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA," +\ "+TLS_DHE_RSA_WITH_AES_128_CBC_SHA," +\ "+TLS_DHE_RSA_WITH_AES_256_CBC_SHA" - if config.pki_master_dict['pki_subsystem'] == "CA": - config.pki_master_dict['PKI_ENABLE_RANDOM_SERIAL_NUMBERS']=\ - config.pki_master_dict\ + if self.pki_master_dict['pki_subsystem'] == "CA": + self.pki_master_dict['PKI_ENABLE_RANDOM_SERIAL_NUMBERS']=\ + self.pki_master_dict\ ['pki_random_serial_numbers_enable'].lower() # Shared Apache/Tomcat NSS security database name/value pairs - config.pki_master_dict['pki_shared_pfile'] =\ + self.pki_master_dict['pki_shared_pfile'] =\ os.path.join( - config.pki_master_dict['pki_instance_configuration_path'], + self.pki_master_dict['pki_instance_configuration_path'], "pfile") - config.pki_master_dict['pki_shared_password_conf'] =\ + self.pki_master_dict['pki_shared_password_conf'] =\ os.path.join( - config.pki_master_dict['pki_instance_configuration_path'], + self.pki_master_dict['pki_instance_configuration_path'], "password.conf") - config.pki_master_dict['pki_cert_database'] =\ - os.path.join(config.pki_master_dict['pki_database_path'], + self.pki_master_dict['pki_cert_database'] =\ + os.path.join(self.pki_master_dict['pki_database_path'], "cert8.db") - config.pki_master_dict['pki_key_database'] =\ - os.path.join(config.pki_master_dict['pki_database_path'], + self.pki_master_dict['pki_key_database'] =\ + os.path.join(self.pki_master_dict['pki_database_path'], "key3.db") - config.pki_master_dict['pki_secmod_database'] =\ - os.path.join(config.pki_master_dict['pki_database_path'], + self.pki_master_dict['pki_secmod_database'] =\ + os.path.join(self.pki_master_dict['pki_database_path'], "secmod.db") - config.pki_master_dict['pki_self_signed_token'] = "internal" - config.pki_master_dict['pki_self_signed_nickname'] =\ - config.pki_master_dict['pki_ssl_server_nickname'] - config.pki_master_dict['pki_self_signed_subject'] =\ - "cn=" + config.pki_master_dict['pki_hostname'] + "," +\ - "o=" + config.pki_master_dict['pki_certificate_timestamp'] - config.pki_master_dict['pki_self_signed_serial_number'] = 0 - config.pki_master_dict['pki_self_signed_validity_period'] = 12 - config.pki_master_dict['pki_self_signed_issuer_name'] =\ - "cn=" + config.pki_master_dict['pki_hostname'] + "," +\ - "o=" + config.pki_master_dict['pki_certificate_timestamp'] - config.pki_master_dict['pki_self_signed_trustargs'] = "CTu,CTu,CTu" - config.pki_master_dict['pki_self_signed_noise_file'] =\ + self.pki_master_dict['pki_self_signed_token'] = "internal" + self.pki_master_dict['pki_self_signed_nickname'] =\ + self.pki_master_dict['pki_ssl_server_nickname'] + self.pki_master_dict['pki_self_signed_subject'] =\ + "cn=" + self.pki_master_dict['pki_hostname'] + "," +\ + "o=" + self.pki_master_dict['pki_certificate_timestamp'] + self.pki_master_dict['pki_self_signed_serial_number'] = 0 + self.pki_master_dict['pki_self_signed_validity_period'] = 12 + self.pki_master_dict['pki_self_signed_issuer_name'] =\ + "cn=" + self.pki_master_dict['pki_hostname'] + "," +\ + "o=" + self.pki_master_dict['pki_certificate_timestamp'] + self.pki_master_dict['pki_self_signed_trustargs'] = "CTu,CTu,CTu" + self.pki_master_dict['pki_self_signed_noise_file'] =\ os.path.join( - config.pki_master_dict['pki_subsystem_configuration_path'], + self.pki_master_dict['pki_subsystem_configuration_path'], "noise") - config.pki_master_dict['pki_self_signed_noise_bytes'] = 1024 + self.pki_master_dict['pki_self_signed_noise_bytes'] = 1024 # Shared Apache/Tomcat NSS security database convenience symbolic links - config.pki_master_dict\ + self.pki_master_dict\ ['pki_subsystem_configuration_password_conf_link'] =\ os.path.join( - config.pki_master_dict['pki_subsystem_configuration_path'], + self.pki_master_dict['pki_subsystem_configuration_path'], "password.conf") - if not len(config.pki_master_dict['pki_client_database_password']): + if not len(self.pki_master_dict['pki_client_database_password']): # use randomly generated client 'pin' - config.pki_master_dict['pki_client_database_password'] =\ - str(config.pki_master_dict['pki_client_pin']) + self.pki_master_dict['pki_client_database_password'] =\ + str(self.pki_master_dict['pki_client_pin']) # Configuration scriptlet # 'Security Domain' Configuration name/value pairs @@ -888,66 +891,66 @@ class PKIConfigParser: # # The following variables are defined below: # - # config.pki_master_dict['pki_security_domain_type'] - # config.pki_master_dict['pki_security_domain_uri'] + # self.pki_master_dict['pki_security_domain_type'] + # self.pki_master_dict['pki_security_domain_uri'] # # The following variables are established via the specified PKI # deployment configuration file and are NOT redefined below: # - # config.pki_master_dict['pki_clone_pkcs12_password'] - # config.pki_master_dict['pki_security_domain_password'] - # config.pki_master_dict['pki_token_password'] - # config.pki_master_dict['pki_clone_pkcs12_path'] - # config.pki_master_dict['pki_clone_uri'] - # config.pki_master_dict['pki_security_domain_https_port'] - # config.pki_master_dict['pki_token_name'] + # self.pki_master_dict['pki_clone_pkcs12_password'] + # self.pki_master_dict['pki_security_domain_password'] + # self.pki_master_dict['pki_token_password'] + # self.pki_master_dict['pki_clone_pkcs12_path'] + # self.pki_master_dict['pki_clone_uri'] + # self.pki_master_dict['pki_security_domain_https_port'] + # self.pki_master_dict['pki_token_name'] # # The following variables are established via the specified PKI # deployment configuration file and potentially overridden below: # - # config.pki_master_dict['pki_security_domain_user'] - # config.pki_master_dict['pki_issuing_ca'] + # self.pki_master_dict['pki_security_domain_user'] + # self.pki_master_dict['pki_issuing_ca'] # # if security domain user is not defined - if not len(config.pki_master_dict['pki_security_domain_user']): + if not len(self.pki_master_dict['pki_security_domain_user']): # use the CA admin uid if it's defined if self.pki_config.has_option('CA', 'pki_admin_uid') and\ len(self.pki_config.get('CA', 'pki_admin_uid')) > 0: - config.pki_master_dict['pki_security_domain_user'] =\ + self.pki_master_dict['pki_security_domain_user'] =\ self.pki_config.get('CA', 'pki_admin_uid') # or use the Default admin uid if it's defined elif self.pki_config.has_option('DEFAULT', 'pki_admin_uid') and\ len(self.pki_config.get('DEFAULT', 'pki_admin_uid')) > 0: - config.pki_master_dict['pki_security_domain_user'] =\ + self.pki_master_dict['pki_security_domain_user'] =\ self.pki_config.get('DEFAULT', 'pki_admin_uid') # otherwise use the default CA admin uid else: - config.pki_master_dict['pki_security_domain_user'] = "caadmin" + self.pki_master_dict['pki_security_domain_user'] = "caadmin" if config.pki_subsystem != "CA" or\ - config.str2bool(config.pki_master_dict['pki_clone']) or\ - config.str2bool(config.pki_master_dict['pki_subordinate']): + config.str2bool(self.pki_master_dict['pki_clone']) or\ + config.str2bool(self.pki_master_dict['pki_subordinate']): # PKI KRA, PKI OCSP, PKI RA, PKI TKS, PKI TPS, # CA Clone, KRA Clone, OCSP Clone, TKS Clone, TPS Clone, or # Subordinate CA - config.pki_master_dict['pki_security_domain_type'] = "existing" - config.pki_master_dict['pki_security_domain_uri'] =\ + self.pki_master_dict['pki_security_domain_type'] = "existing" + self.pki_master_dict['pki_security_domain_uri'] =\ "https" + "://" +\ - config.pki_master_dict['pki_security_domain_hostname'] + ":" +\ - config.pki_master_dict['pki_security_domain_https_port'] + self.pki_master_dict['pki_security_domain_hostname'] + ":" +\ + self.pki_master_dict['pki_security_domain_https_port'] - elif config.str2bool(config.pki_master_dict['pki_external']): + elif config.str2bool(self.pki_master_dict['pki_external']): # External CA - config.pki_master_dict['pki_security_domain_type'] = "new" - if not len(config.pki_master_dict['pki_issuing_ca']): - config.pki_master_dict['pki_issuing_ca'] = "External CA" + self.pki_master_dict['pki_security_domain_type'] = "new" + if not len(self.pki_master_dict['pki_issuing_ca']): + self.pki_master_dict['pki_issuing_ca'] = "External CA" else: # PKI CA - config.pki_master_dict['pki_security_domain_type'] = "new" + self.pki_master_dict['pki_security_domain_type'] = "new" # 'External CA' Configuration name/value pairs # @@ -956,10 +959,10 @@ class PKIConfigParser: # The following variables are established via the specified PKI # deployment configuration file and are NOT redefined below: # - # config.pki_master_dict['pki_external_ca_cert_chain_path'] - # config.pki_master_dict['pki_external_ca_cert_path'] - # config.pki_master_dict['pki_external_csr_path'] - # config.pki_master_dict['pki_external_step_two'] + # self.pki_master_dict['pki_external_ca_cert_chain_path'] + # self.pki_master_dict['pki_external_ca_cert_path'] + # self.pki_master_dict['pki_external_csr_path'] + # self.pki_master_dict['pki_external_step_two'] # # 'Backup' Configuration name/value pairs @@ -972,52 +975,52 @@ class PKIConfigParser: # The following variables are established via the specified PKI # deployment configuration file and are NOT redefined below: # - # config.pki_master_dict['pki_backup_password'] - # config.pki_master_dict['pki_backup_keys'] + # self.pki_master_dict['pki_backup_password'] + # self.pki_master_dict['pki_backup_keys'] # - if config.str2bool(config.pki_master_dict['pki_backup_keys']): + if config.str2bool(self.pki_master_dict['pki_backup_keys']): # NOTE: ALWAYS store the PKCS #12 backup keys file # in with the NSS "server" security databases - config.pki_master_dict['pki_backup_keys_p12'] =\ - config.pki_master_dict['pki_database_path'] + "/" +\ - config.pki_master_dict['pki_subsystem'].lower() + "_" +\ + self.pki_master_dict['pki_backup_keys_p12'] =\ + self.pki_master_dict['pki_database_path'] + "/" +\ + self.pki_master_dict['pki_subsystem'].lower() + "_" +\ "backup" + "_" + "keys" + "." + "p12" - config.pki_master_dict['pki_admin_profile_id'] = "caAdminCert" + self.pki_master_dict['pki_admin_profile_id'] = "caAdminCert" - if not 'pki_import_admin_cert' in config.pki_master_dict: - config.pki_master_dict['pki_import_admin_cert'] = 'false' + if not 'pki_import_admin_cert' in self.pki_master_dict: + self.pki_master_dict['pki_import_admin_cert'] = 'false' - config.pki_master_dict['pki_ca_signing_tag'] = "signing" - if config.pki_master_dict['pki_subsystem'] == "CA": - config.pki_master_dict['pki_ocsp_signing_tag'] = "ocsp_signing" - elif config.pki_master_dict['pki_subsystem'] == "OCSP": - config.pki_master_dict['pki_ocsp_signing_tag'] = "signing" - config.pki_master_dict['pki_ssl_server_tag'] = "sslserver" - config.pki_master_dict['pki_subsystem_tag'] = "subsystem" - config.pki_master_dict['pki_audit_signing_tag'] = "audit_signing" - config.pki_master_dict['pki_transport_tag'] = "transport" - config.pki_master_dict['pki_storage_tag'] = "storage" + self.pki_master_dict['pki_ca_signing_tag'] = "signing" + if self.pki_master_dict['pki_subsystem'] == "CA": + self.pki_master_dict['pki_ocsp_signing_tag'] = "ocsp_signing" + elif self.pki_master_dict['pki_subsystem'] == "OCSP": + self.pki_master_dict['pki_ocsp_signing_tag'] = "signing" + self.pki_master_dict['pki_ssl_server_tag'] = "sslserver" + self.pki_master_dict['pki_subsystem_tag'] = "subsystem" + self.pki_master_dict['pki_audit_signing_tag'] = "audit_signing" + self.pki_master_dict['pki_transport_tag'] = "transport" + self.pki_master_dict['pki_storage_tag'] = "storage" # Finalization name/value pairs - config.pki_master_dict['pki_default_deployment_cfg_replica'] =\ - os.path.join(config.pki_master_dict['pki_subsystem_registry_path'], + self.pki_master_dict['pki_default_deployment_cfg_replica'] =\ + os.path.join(self.pki_master_dict['pki_subsystem_registry_path'], config.DEFAULT_DEPLOYMENT_CONFIGURATION) - config.pki_master_dict['pki_user_deployment_cfg_replica'] =\ - os.path.join(config.pki_master_dict['pki_subsystem_registry_path'], + self.pki_master_dict['pki_user_deployment_cfg_replica'] =\ + os.path.join(self.pki_master_dict['pki_subsystem_registry_path'], config.USER_DEPLOYMENT_CONFIGURATION) - config.pki_master_dict['pki_user_deployment_cfg_spawn_archive'] =\ - config.pki_master_dict['pki_subsystem_archive_log_path'] + "/" +\ + self.pki_master_dict['pki_user_deployment_cfg_spawn_archive'] =\ + self.pki_master_dict['pki_subsystem_archive_log_path'] + "/" +\ "spawn" + "_" +\ config.USER_DEPLOYMENT_CONFIGURATION + "." +\ - config.pki_master_dict['pki_timestamp'] - config.pki_master_dict['pki_manifest'] =\ - config.pki_master_dict['pki_subsystem_registry_path'] + "/" +\ + self.pki_master_dict['pki_timestamp'] + self.pki_master_dict['pki_manifest'] =\ + self.pki_master_dict['pki_subsystem_registry_path'] + "/" +\ "manifest" - config.pki_master_dict['pki_manifest_spawn_archive'] =\ - config.pki_master_dict['pki_subsystem_archive_log_path'] + "/" +\ + self.pki_master_dict['pki_manifest_spawn_archive'] =\ + self.pki_master_dict['pki_subsystem_archive_log_path'] + "/" +\ "spawn" + "_" + "manifest" + "." +\ - config.pki_master_dict['pki_timestamp'] + self.pki_master_dict['pki_timestamp'] # Construct the configuration URL containing the one-time pin # and add this to the "sensitive" key value pairs read in from # the configuration file @@ -1026,28 +1029,28 @@ class PKIConfigParser: # parameter that may be stored in a log file and displayed # to the screen. # - config.pki_master_dict['pki_configuration_url'] =\ + self.pki_master_dict['pki_configuration_url'] =\ "https://{}:{}/{}/{}?pin={}".format( - config.pki_master_dict['pki_hostname'], - config.pki_master_dict['pki_https_port'], - config.pki_master_dict['pki_subsystem'].lower(), + self.pki_master_dict['pki_hostname'], + self.pki_master_dict['pki_https_port'], + self.pki_master_dict['pki_subsystem'].lower(), "admin/console/config/login", - config.pki_master_dict['pki_one_time_pin']) + self.pki_master_dict['pki_one_time_pin']) # Compose this "systemd" execution management command - if config.pki_master_dict['pki_subsystem'] in\ + if self.pki_master_dict['pki_subsystem'] in\ config.PKI_APACHE_SUBSYSTEMS: - config.pki_master_dict['pki_registry_initscript_command'] =\ + self.pki_master_dict['pki_registry_initscript_command'] =\ "systemctl" + " " +\ "restart" + " " +\ "pki-apached" + "@" +\ - config.pki_master_dict['pki_instance_name'] + "." + "service" - elif config.pki_master_dict['pki_subsystem'] in\ + self.pki_master_dict['pki_instance_name'] + "." + "service" + elif self.pki_master_dict['pki_subsystem'] in\ config.PKI_TOMCAT_SUBSYSTEMS: - config.pki_master_dict['pki_registry_initscript_command'] =\ + self.pki_master_dict['pki_registry_initscript_command'] =\ "systemctl" + " " +\ "restart" + " " +\ "pki-tomcatd" + "@" +\ - config.pki_master_dict['pki_instance_name'] + "." + "service" + self.pki_master_dict['pki_instance_name'] + "." + "service" except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) @@ -1064,16 +1067,15 @@ class PKIConfigParser: the appropriate PKI slots dictionary""" rv = 0 try: - config.pki_slots_dict = dict() parser = ConfigParser.ConfigParser() # Make keys case-sensitive! parser.optionxform = str parser.read(config.PKI_DEPLOYMENT_SLOTS_CONFIGURATION_FILE) # Slots configuration file name/value pairs if config.pki_subsystem in config.PKI_APACHE_SUBSYSTEMS: - config.pki_slots_dict = dict(parser._sections['Apache']) + self.pki_slots_dict = dict(parser._sections['Apache']) elif config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: - config.pki_slots_dict = dict(parser._sections['Tomcat']) + self.pki_slots_dict = dict(parser._sections['Tomcat']) except ConfigParser.ParsingError, err: rv = err return rv diff --git a/base/server/src/pkidestroy b/base/server/src/pkidestroy index 1e3f7f578..16e2b6654 100755 --- a/base/server/src/pkidestroy +++ b/base/server/src/pkidestroy @@ -40,6 +40,7 @@ try: from pki.deployment.pkiparser import PKIConfigParser from pki.deployment import pkilogging from pki.deployment import pkimessages as log + import pki.deployment.pkihelper as util except ImportError: print >> sys.stderr, """\ There was a problem importing one of the required Python modules. The @@ -229,29 +230,30 @@ def main(argv): # Combine the various sectional dictionaries into a PKI master dictionary parser.compose_pki_master_dictionary() - config.pki_master_dict['pki_destroy_log'] = config.pki_log_dir + "/" +\ + parser.pki_master_dict['pki_destroy_log'] = config.pki_log_dir + "/" +\ config.pki_log_name config.pki_log.debug(log.PKI_DICTIONARY_MASTER, extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pkilogging.format(config.pki_master_dict), + config.pki_log.debug(pkilogging.format(parser.pki_master_dict), extra=config.PKI_INDENTATION_LEVEL_0) print "Uninstalling " + config.pki_subsystem + " from " + deployed_pki_instance_path + "." # Process the various "scriptlets" to remove the specified PKI subsystem. - pki_subsystem_scriptlets = config.pki_master_dict['destroy_scriplets'].split() + pki_subsystem_scriptlets = parser.pki_master_dict['destroy_scriplets'].split() + deployer = util.PKIDeployer(parser.pki_master_dict) rv = 0 for pki_scriptlet in pki_subsystem_scriptlets: scriptlet = __import__("pki.deployment." + pki_scriptlet, fromlist = [pki_scriptlet]) instance = scriptlet.PkiScriptlet() - rv = instance.destroy() + rv = instance.destroy(deployer) if rv != 0: sys.exit(1) config.pki_log.debug(log.PKI_DICTIONARY_MASTER, extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pkilogging.format(config.pki_master_dict), + config.pki_log.debug(pkilogging.format(parser.pki_master_dict), extra=config.PKI_INDENTATION_LEVEL_0) print diff --git a/base/server/src/pkispawn b/base/server/src/pkispawn index b05db4760..78726ea70 100755 --- a/base/server/src/pkispawn +++ b/base/server/src/pkispawn @@ -44,6 +44,7 @@ try: from pki.deployment.pkiparser import PKIConfigParser from pki.deployment import pkilogging from pki.deployment import pkimessages as log + import pki.deployment.pkihelper as util except ImportError: print >> sys.stderr, """\ There was a problem importing one of the required Python modules. The @@ -161,7 +162,7 @@ def main(argv): parser.set_property(config.pki_subsystem, 'pki_client_database_password', admin_password) parser.set_property(config.pki_subsystem, 'pki_client_pkcs12_password', admin_password) - if config.pki_master_dict['pki_import_admin_cert'] == 'True': + if parser.pki_master_dict['pki_import_admin_cert'] == 'True': import_cert = 'Y' else: import_cert = 'N' @@ -312,27 +313,27 @@ def main(argv): parser.compose_pki_slots_dictionary() config.pki_log.debug(log.PKI_DICTIONARY_SLOTS, extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pkilogging.format(config.pki_slots_dict), + config.pki_log.debug(pkilogging.format(parser.pki_slots_dict), extra=config.PKI_INDENTATION_LEVEL_0) # Combine the various sectional dictionaries into a PKI master dictionary parser.compose_pki_master_dictionary() - config.pki_master_dict['pki_spawn_log'] = config.pki_log_dir + "/" + \ + parser.pki_master_dict['pki_spawn_log'] = config.pki_log_dir + "/" + \ config.pki_log_name config.pki_log.debug(log.PKI_DICTIONARY_MASTER, extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pkilogging.format(config.pki_master_dict), + config.pki_log.debug(pkilogging.format(parser.pki_master_dict), extra=config.PKI_INDENTATION_LEVEL_0) if not interactive and\ - not config.str2bool(config.pki_master_dict['pki_skip_configuration']): + not config.str2bool(parser.pki_master_dict['pki_skip_configuration']): try: parser.ds_connect() parser.ds_bind() if parser.ds_base_dn_exists() and\ - not config.str2bool(config.pki_master_dict['pki_ds_remove_data']): + not config.str2bool(parser.pki_master_dict['pki_ds_remove_data']): print 'ERROR: Base DN already exists.' sys.exit(1) @@ -343,8 +344,8 @@ def main(argv): sys.exit(1) if config.pki_subsystem != "CA" or\ - config.str2bool(config.pki_master_dict['pki_clone']) or\ - config.str2bool(config.pki_master_dict['pki_subordinate']): + config.str2bool(parser.pki_master_dict['pki_clone']) or\ + config.str2bool(parser.pki_master_dict['pki_subordinate']): try: parser.sd_connect() info = parser.sd_get_info() @@ -359,10 +360,11 @@ def main(argv): print('ERROR: Unable to access security domain: ' + str(e)) sys.exit(1) - print "Installing " + config.pki_subsystem + " into " + config.pki_master_dict['pki_instance_path'] + "." + print "Installing " + config.pki_subsystem + " into " + parser.pki_master_dict['pki_instance_path'] + "." # Process the various "scriptlets" to create the specified PKI subsystem. - pki_subsystem_scriptlets = config.pki_master_dict['spawn_scriplets'].split() + pki_subsystem_scriptlets = parser.pki_master_dict['spawn_scriplets'].split() + deployer = util.PKIDeployer(parser.pki_master_dict, parser.pki_slots_dict) rv = 0 for pki_scriptlet in pki_subsystem_scriptlets: scriptlet = __import__("pki.deployment." + @@ -370,7 +372,7 @@ def main(argv): fromlist=[pki_scriptlet]) instance = scriptlet.PkiScriptlet() try: - rv = instance.spawn() + rv = instance.spawn(deployer) except: log_error_details() print @@ -378,33 +380,34 @@ def main(argv): print sys.exit(1) if rv != 0: + print "Nothing here!!!" print "Installation failed." sys.exit(1) config.pki_log.debug(log.PKI_DICTIONARY_MASTER, extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pkilogging.format(config.pki_master_dict), + config.pki_log.debug(pkilogging.format(parser.pki_master_dict), extra=config.PKI_INDENTATION_LEVEL_0) - print_install_information() + print_install_information(parser.pki_master_dict) -def print_install_information(): +def print_install_information(pki_master_dict): - skip_configuration = config.str2bool(config.pki_master_dict['pki_skip_configuration']) + skip_configuration = config.str2bool(pki_master_dict['pki_skip_configuration']) print log.PKI_SPAWN_INFORMATION_HEADER if skip_configuration: - print log.PKI_CONFIGURATION_URL_1 % config.pki_master_dict['pki_configuration_url'] + print log.PKI_CONFIGURATION_URL_1 % pki_master_dict['pki_configuration_url'] print print log.PKI_CONFIGURATION_RESTART_1 % \ - config.pki_master_dict['pki_registry_initscript_command'] + pki_master_dict['pki_registry_initscript_command'] else: - print " Admin username: %s" % config.pki_master_dict['pki_admin_uid'] - if not config.str2bool(config.pki_master_dict['pki_client_database_purge']): - print " Location of client database: %s" % config.pki_master_dict['pki_client_database_dir'] - print " Client certificate nickname: %s" % config.pki_master_dict['pki_admin_nickname'] - print log.PKI_CHECK_STATUS_MESSAGE % config.pki_master_dict['pki_instance_name'] - print log.PKI_INSTANCE_RESTART_MESSAGE % config.pki_master_dict['pki_instance_name'] - print log.PKI_ACCESS_URL % (config.pki_master_dict['pki_hostname'], - config.pki_master_dict['pki_https_port'], + print " Admin username: %s" % pki_master_dict['pki_admin_uid'] + if not config.str2bool(pki_master_dict['pki_client_database_purge']): + print " Location of client database: %s" % pki_master_dict['pki_client_database_dir'] + print " Client certificate nickname: %s" % pki_master_dict['pki_admin_nickname'] + print log.PKI_CHECK_STATUS_MESSAGE % pki_master_dict['pki_instance_name'] + print log.PKI_INSTANCE_RESTART_MESSAGE % pki_master_dict['pki_instance_name'] + print log.PKI_ACCESS_URL % (pki_master_dict['pki_hostname'], + pki_master_dict['pki_https_port'], config.pki_subsystem.lower()) print log.PKI_SPAWN_INFORMATION_FOOTER diff --git a/base/server/src/scriptlets/configuration.py b/base/server/src/scriptlets/configuration.py index c13e7eba2..970d1aefd 100644 --- a/base/server/src/scriptlets/configuration.py +++ b/base/server/src/scriptlets/configuration.py @@ -21,8 +21,6 @@ # PKI Deployment Imports import pkiconfig as config -from pkiconfig import pki_master_dict as master -import pkihelper as util import pkimessages as log import pkiscriptlet import json @@ -34,8 +32,9 @@ import pki.encoder class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 - def spawn(self): - if config.str2bool(master['pki_skip_configuration']): + def spawn(self, deployer): + + if config.str2bool(deployer.master_dict['pki_skip_configuration']): config.pki_log.info(log.SKIP_CONFIGURATION_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) return self.rv @@ -44,97 +43,97 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # Place "slightly" less restrictive permissions on # the top-level client directory ONLY - util.directory.create(master['pki_client_subsystem_dir'], + deployer.directory.create(deployer.master_dict['pki_client_subsystem_dir'], uid=0, gid=0, perms=config.PKI_DEPLOYMENT_DEFAULT_CLIENT_DIR_PERMISSIONS) # Since 'certutil' does NOT strip the 'token=' portion of # the 'token=password' entries, create a client password file # which ONLY contains the 'password' for the purposes of # allowing 'certutil' to generate the security databases - util.password.create_password_conf( - master['pki_client_password_conf'], - master['pki_client_database_password'], pin_sans_token=True) - util.file.modify(master['pki_client_password_conf'], + deployer.password.create_password_conf( + deployer.master_dict['pki_client_password_conf'], + deployer.master_dict['pki_client_database_password'], pin_sans_token=True) + deployer.file.modify(deployer.master_dict['pki_client_password_conf'], uid=0, gid=0) # Similarly, create a simple password file containing the # PKCS #12 password used when exporting the "Admin Certificate" # into a PKCS #12 file - util.password.create_client_pkcs12_password_conf( - master['pki_client_pkcs12_password_conf']) - util.file.modify(master['pki_client_pkcs12_password_conf']) - util.directory.create(master['pki_client_database_dir'], + deployer.password.create_client_pkcs12_password_conf( + deployer.master_dict['pki_client_pkcs12_password_conf']) + deployer.file.modify(deployer.master_dict['pki_client_pkcs12_password_conf']) + deployer.directory.create(deployer.master_dict['pki_client_database_dir'], uid=0, gid=0) - util.certutil.create_security_databases( - master['pki_client_database_dir'], - master['pki_client_cert_database'], - master['pki_client_key_database'], - master['pki_client_secmod_database'], - password_file=master['pki_client_password_conf']) - util.symlink.create(master['pki_systemd_service'], - master['pki_systemd_service_link']) + deployer.certutil.create_security_databases( + deployer.master_dict['pki_client_database_dir'], + deployer.master_dict['pki_client_cert_database'], + deployer.master_dict['pki_client_key_database'], + deployer.master_dict['pki_client_secmod_database'], + password_file=deployer.master_dict['pki_client_password_conf']) + deployer.symlink.create(deployer.master_dict['pki_systemd_service'], + deployer.master_dict['pki_systemd_service_link']) # Start/Restart this Apache/Tomcat PKI Process - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: + if deployer.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: apache_instance_subsystems =\ - util.instance.apache_instance_subsystems() + deployer.instance.apache_instance_subsystems() if apache_instance_subsystems == 1: - util.systemd.start() + deployer.systemd.start() elif apache_instance_subsystems > 1: - util.systemd.restart() - elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + deployer.systemd.restart() + elif deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: # Optionally prepare to enable a java debugger # (e. g. - 'eclipse'): - if config.str2bool(master['pki_enable_java_debugger']): + if config.str2bool(deployer.master_dict['pki_enable_java_debugger']): config.prepare_for_an_external_java_debugger( - master['pki_target_tomcat_conf_instance_id']) + deployer.master_dict['pki_target_tomcat_conf_instance_id']) tomcat_instance_subsystems =\ - len(util.instance.tomcat_instance_subsystems()) + len(deployer.instance.tomcat_instance_subsystems()) if tomcat_instance_subsystems == 1: - util.systemd.start() + deployer.systemd.start() elif tomcat_instance_subsystems > 1: - util.systemd.restart() + deployer.systemd.restart() # wait for startup - status = util.instance.wait_for_startup(60) + status = deployer.instance.wait_for_startup(60) if status == None: config.pki_log.error("server failed to restart", extra=config.PKI_INDENTATION_LEVEL_2) raise Exception("server failed to restart") # Optionally wait for debugger to attach (e. g. - 'eclipse'): - if config.str2bool(master['pki_enable_java_debugger']): + if config.str2bool(deployer.master_dict['pki_enable_java_debugger']): config.wait_to_attach_an_external_java_debugger() - config_client = util.config_client() # Construct PKI Subsystem Configuration Data data = None - if master['pki_instance_type'] == "Apache": - if master['pki_subsystem'] == "RA": + if deployer.master_dict['pki_instance_type'] == "Apache": + if deployer.master_dict['pki_subsystem'] == "RA": config.pki_log.info(log.PKI_CONFIG_NOT_YET_IMPLEMENTED_1, - master['pki_subsystem'], + deployer.master_dict['pki_subsystem'], extra=config.PKI_INDENTATION_LEVEL_2) return self.rv - elif master['pki_instance_type'] == "Tomcat": + elif deployer.master_dict['pki_instance_type'] == "Tomcat": # CA, KRA, OCSP, TKS, or TPS - data = config_client.construct_pki_configuration_data() + data = deployer.config_client.construct_pki_configuration_data() # Configure the substem - config_client.configure_pki_data( + deployer.config_client.configure_pki_data( json.dumps(data, cls=pki.encoder.CustomTypeEncoder)) return self.rv - def destroy(self): + def destroy(self, deployer): + config.pki_log.info(log.CONFIGURATION_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ - util.instance.apache_instance_subsystems() == 1: - if util.directory.exists(master['pki_client_dir']): - util.directory.delete(master['pki_client_dir']) - util.symlink.delete(master['pki_systemd_service_link']) - elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ - len(util.instance.tomcat_instance_subsystems()) == 1: - if util.directory.exists(master['pki_client_dir']): - util.directory.delete(master['pki_client_dir']) - util.symlink.delete(master['pki_systemd_service_link']) + if deployer.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ + deployer.instance.apache_instance_subsystems() == 1: + if deployer.directory.exists(deployer.master_dict['pki_client_dir']): + deployer.directory.delete(deployer.master_dict['pki_client_dir']) + deployer.symlink.delete(deployer.master_dict['pki_systemd_service_link']) + elif deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ + len(deployer.instance.tomcat_instance_subsystems()) == 1: + if deployer.directory.exists(deployer.master_dict['pki_client_dir']): + deployer.directory.delete(deployer.master_dict['pki_client_dir']) + deployer.symlink.delete(deployer.master_dict['pki_systemd_service_link']) return self.rv diff --git a/base/server/src/scriptlets/finalization.py b/base/server/src/scriptlets/finalization.py index 6387146c7..45b4a3ceb 100644 --- a/base/server/src/scriptlets/finalization.py +++ b/base/server/src/scriptlets/finalization.py @@ -21,8 +21,6 @@ # PKI Deployment Imports import pkiconfig as config -from pkiconfig import pki_master_dict as master -import pkihelper as util import pkimanifest as manifest import pkimessages as log import pkiscriptlet @@ -32,14 +30,15 @@ import pkiscriptlet class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 - def spawn(self): - if master['pki_subsystem'] == "CA" and\ - config.str2bool(master['pki_external_step_two']): + def spawn(self, deployer): + + if deployer.master_dict['pki_subsystem'] == "CA" and\ + config.str2bool(deployer.master_dict['pki_external_step_two']): # must check for 'External CA Step 2' installation PRIOR to # 'pki_skip_installation' since this value has been set to true # by the initialization scriptlet pass - elif config.str2bool(master['pki_skip_installation']): + elif config.str2bool(deployer.master_dict['pki_skip_installation']): config.pki_log.info(log.SKIP_FINALIZATION_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) return self.rv @@ -47,24 +46,24 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): extra=config.PKI_INDENTATION_LEVEL_1) # For debugging/auditing purposes, save a timestamped copy of # this configuration file in the subsystem archive - util.file.copy(master['pki_user_deployment_cfg_replica'], - master['pki_user_deployment_cfg_spawn_archive']) + deployer.file.copy(deployer.master_dict['pki_user_deployment_cfg_replica'], + deployer.master_dict['pki_user_deployment_cfg_spawn_archive']) # Save a copy of the installation manifest file - config.pki_log.info(log.PKI_MANIFEST_MESSAGE_1, master['pki_manifest'], + config.pki_log.info(log.PKI_MANIFEST_MESSAGE_1, deployer.master_dict['pki_manifest'], extra=config.PKI_INDENTATION_LEVEL_2) # for record in manifest.database: # print tuple(record) - manifest.file.register(master['pki_manifest']) + manifest.file.register(deployer.master_dict['pki_manifest']) manifest.file.write() - util.file.modify(master['pki_manifest'], silent=True) + deployer.file.modify(deployer.master_dict['pki_manifest'], silent=True) # Also, for debugging/auditing purposes, save a timestamped copy of # this installation manifest file - util.file.copy(master['pki_manifest'], - master['pki_manifest_spawn_archive']) + deployer.file.copy(deployer.master_dict['pki_manifest'], + deployer.master_dict['pki_manifest_spawn_archive']) # Optionally, programmatically 'restart' the configured PKI instance - if config.str2bool(master['pki_restart_configured_instance']): - util.systemd.restart() + if config.str2bool(deployer.master_dict['pki_restart_configured_instance']): + deployer.systemd.restart() # Optionally, 'purge' the entire temporary client infrastructure # including the client NSS security databases and password files # @@ -72,34 +71,35 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # placed under this infrastructure, it may accidentally # be deleted! # - if config.str2bool(master['pki_client_database_purge']): - if util.directory.exists(master['pki_client_subsystem_dir']): - util.directory.delete(master['pki_client_subsystem_dir']) + if config.str2bool(deployer.master_dict['pki_client_database_purge']): + if deployer.directory.exists(deployer.master_dict['pki_client_subsystem_dir']): + deployer.directory.delete(deployer.master_dict['pki_client_subsystem_dir']) # If instance has not been configured, print the # configuration URL to the log - if config.str2bool(master['pki_skip_configuration']): - util.configuration_file.log_configuration_url() + if config.str2bool(deployer.master_dict['pki_skip_configuration']): + deployer.configuration_file.log_configuration_url() # Log final process messages config.pki_log.info(log.PKISPAWN_END_MESSAGE_2, - master['pki_subsystem'], - master['pki_instance_name'], + deployer.master_dict['pki_subsystem'], + deployer.master_dict['pki_instance_name'], extra=config.PKI_INDENTATION_LEVEL_0) - util.file.modify(master['pki_spawn_log'], silent=True) + deployer.file.modify(deployer.master_dict['pki_spawn_log'], silent=True) return self.rv - def destroy(self): + def destroy(self, deployer): + config.pki_log.info(log.FINALIZATION_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - util.file.modify(master['pki_destroy_log'], silent=True) + deployer.file.modify(deployer.master_dict['pki_destroy_log'], silent=True) # Start this Apache/Tomcat PKI Process - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ - util.instance.apache_instance_subsystems() >= 1: - util.systemd.start() - elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ - len(util.instance.tomcat_instance_subsystems()) >= 1: - util.systemd.start() + if deployer.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ + deployer.instance.apache_instance_subsystems() >= 1: + deployer.systemd.start() + elif deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ + len(deployer.instance.tomcat_instance_subsystems()) >= 1: + deployer.systemd.start() config.pki_log.info(log.PKIDESTROY_END_MESSAGE_2, - master['pki_subsystem'], - master['pki_instance_name'], + deployer.master_dict['pki_subsystem'], + deployer.master_dict['pki_instance_name'], extra=config.PKI_INDENTATION_LEVEL_0) return self.rv diff --git a/base/server/src/scriptlets/infrastructure_layout.py b/base/server/src/scriptlets/infrastructure_layout.py index f3535d767..4fe31ef3d 100644 --- a/base/server/src/scriptlets/infrastructure_layout.py +++ b/base/server/src/scriptlets/infrastructure_layout.py @@ -21,8 +21,6 @@ # PKI Deployment Imports import pkiconfig as config -from pkiconfig import pki_master_dict as master -import pkihelper as util import pkimessages as log import pkiscriptlet @@ -31,8 +29,9 @@ import pkiscriptlet class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 - def spawn(self): - if config.str2bool(master['pki_skip_installation']): + def spawn(self, deployer): + + if config.str2bool(deployer.master_dict['pki_skip_installation']): config.pki_log.info(log.SKIP_ADMIN_DOMAIN_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) return self.rv @@ -52,32 +51,32 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # registry directories for storage of a copy of the original # deployment configuration file used to spawn this instance, # and save a copy of this file - util.directory.create(master['pki_registry_path']) - util.directory.create(master['pki_instance_type_registry_path']) - util.directory.create(master['pki_instance_registry_path']) - util.directory.create(master['pki_subsystem_registry_path']) - util.file.copy(master['pki_default_deployment_cfg'], - master['pki_default_deployment_cfg_replica']) + deployer.directory.create(deployer.master_dict['pki_registry_path']) + deployer.directory.create(deployer.master_dict['pki_instance_type_registry_path']) + deployer.directory.create(deployer.master_dict['pki_instance_registry_path']) + deployer.directory.create(deployer.master_dict['pki_subsystem_registry_path']) + deployer.file.copy(deployer.master_dict['pki_default_deployment_cfg'], + deployer.master_dict['pki_default_deployment_cfg_replica']) - print "Storing deployment configuration into " + config.pki_master_dict['pki_user_deployment_cfg_replica'] + "." + print "Storing deployment configuration into " + deployer.master_dict['pki_user_deployment_cfg_replica'] + "." #Archive the user deployment configuration excluding the sensitive parameters - sensitive_parameters = config.pki_master_dict['sensitive_parameters'].split() + sensitive_parameters = deployer.master_dict['sensitive_parameters'].split() sections = config.user_config.sections() for s in sections: for k in sensitive_parameters: config.user_config.set(s, k, 'XXXXXXXX') - with open(master['pki_user_deployment_cfg_replica'], 'w') as f: + with open(deployer.master_dict['pki_user_deployment_cfg_replica'], 'w') as f: config.user_config.write(f) # establish top-level infrastructure, instance, and subsystem # base directories and create the "registry" symbolic link that # the "pkidestroy" executable relies upon - util.directory.create(master['pki_path']) - util.directory.create(master['pki_instance_path']) - util.directory.create(master['pki_subsystem_path']) - util.symlink.create(master['pki_instance_registry_path'], - master['pki_subsystem_registry_link']) + deployer.directory.create(deployer.master_dict['pki_path']) + deployer.directory.create(deployer.master_dict['pki_instance_path']) + deployer.directory.create(deployer.master_dict['pki_subsystem_path']) + deployer.symlink.create(deployer.master_dict['pki_instance_registry_path'], + deployer.master_dict['pki_subsystem_registry_link']) # # NOTE: If "infrastructure_layout" scriptlet execution has been # successfully executed to this point, the "pkidestroy" command @@ -86,29 +85,30 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # no need to establish top-level infrastructure logs # since it now stores 'pkispawn'/'pkidestroy' logs # and will already exist - # util.directory.create(master['pki_log_path']) + # deployer.directory.create(deployer.master_dict['pki_log_path']) # establish top-level infrastructure configuration - if master['pki_configuration_path'] !=\ + if deployer.master_dict['pki_configuration_path'] !=\ config.PKI_DEPLOYMENT_CONFIGURATION_ROOT: - util.directory.create(master['pki_configuration_path']) + deployer.directory.create(deployer.master_dict['pki_configuration_path']) return self.rv - def destroy(self): + def destroy(self, deployer): + config.pki_log.info(log.ADMIN_DOMAIN_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) # remove top-level infrastructure base - if master['pki_subsystem'] in config.PKI_SUBSYSTEMS and\ - util.instance.pki_instance_subsystems() == 0: + if deployer.master_dict['pki_subsystem'] in config.PKI_SUBSYSTEMS and\ + deployer.instance.pki_instance_subsystems() == 0: # remove top-level infrastructure base - util.directory.delete(master['pki_path']) + deployer.directory.delete(deployer.master_dict['pki_path']) # do NOT remove top-level infrastructure logs # since it now stores 'pkispawn'/'pkidestroy' logs - # util.directory.delete(master['pki_log_path']) + # deployer.directory.delete(deployer.master_dict['pki_log_path']) # remove top-level infrastructure configuration - if util.directory.is_empty(master['pki_configuration_path'])\ - and master['pki_configuration_path'] !=\ + if deployer.directory.is_empty(deployer.master_dict['pki_configuration_path'])\ + and deployer.master_dict['pki_configuration_path'] !=\ config.PKI_DEPLOYMENT_CONFIGURATION_ROOT: - util.directory.delete(master['pki_configuration_path']) + deployer.directory.delete(deployer.master_dict['pki_configuration_path']) # remove top-level infrastructure registry - util.directory.delete(master['pki_registry_path']) + deployer.directory.delete(deployer.master_dict['pki_registry_path']) return self.rv diff --git a/base/server/src/scriptlets/initialization.py b/base/server/src/scriptlets/initialization.py index f3839fb05..80b28a663 100644 --- a/base/server/src/scriptlets/initialization.py +++ b/base/server/src/scriptlets/initialization.py @@ -21,8 +21,6 @@ # PKI Deployment Imports import pkiconfig as config -from pkiconfig import pki_master_dict as master -import pkihelper as util import pkimessages as log import pkiscriptlet @@ -31,73 +29,75 @@ import pkiscriptlet class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 - def spawn(self): + def spawn(self, deployer): + # begin official logging config.pki_log.info(log.PKISPAWN_BEGIN_MESSAGE_2, - master['pki_subsystem'], - master['pki_instance_name'], + deployer.master_dict['pki_subsystem'], + deployer.master_dict['pki_instance_name'], extra=config.PKI_INDENTATION_LEVEL_0) - if config.str2bool(master['pki_skip_installation']): + if config.str2bool(deployer.master_dict['pki_skip_installation']): config.pki_log.info(log.SKIP_INITIALIZATION_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) return self.rv else: config.pki_log.info(log.INITIALIZATION_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - if master['pki_subsystem'] == "CA" and\ - config.str2bool(master['pki_external_step_two']): + if deployer.master_dict['pki_subsystem'] == "CA" and\ + config.str2bool(deployer.master_dict['pki_external_step_two']): # verify that this type of "subsystem" currently EXISTS # for this "instance" (External CA Step 2) - util.instance.verify_subsystem_exists() - master['pki_skip_installation'] = "True"; + deployer.instance.verify_subsystem_exists() + deployer.master_dict['pki_skip_installation'] = "True"; else: # verify that this type of "subsystem" does NOT yet # exist for this "instance" - util.instance.verify_subsystem_does_not_exist() + deployer.instance.verify_subsystem_does_not_exist() # detect and avoid any namespace collisions - util.namespace.collision_detection() + deployer.namespace.collision_detection() # initialize 'uid' and 'gid' - util.identity.add_uid_and_gid(master['pki_user'], master['pki_group']) + deployer.identity.add_uid_and_gid(deployer.master_dict['pki_user'], deployer.master_dict['pki_group']) # establish 'uid' and 'gid' - util.identity.set_uid(master['pki_user']) - util.identity.set_gid(master['pki_group']) + deployer.identity.set_uid(deployer.master_dict['pki_user']) + deployer.identity.set_gid(deployer.master_dict['pki_group']) # verify existence of SENSITIVE configuration file data - util.configuration_file.verify_sensitive_data() + deployer.configuration_file.verify_sensitive_data() # verify existence of MUTUALLY EXCLUSIVE configuration file data - util.configuration_file.verify_mutually_exclusive_data() + deployer.configuration_file.verify_mutually_exclusive_data() # verify existence of PREDEFINED configuration file data - util.configuration_file.verify_predefined_configuration_file_data() + deployer.configuration_file.verify_predefined_configuration_file_data() # verify selinux context of selected ports - util.configuration_file.populate_non_default_ports() - util.configuration_file.verify_selinux_ports() + deployer.configuration_file.populate_non_default_ports() + deployer.configuration_file.verify_selinux_ports() return self.rv - def destroy(self): + def destroy(self, deployer): + # begin official logging config.pki_log.info(log.PKIDESTROY_BEGIN_MESSAGE_2, - master['pki_subsystem'], - master['pki_instance_name'], + deployer.master_dict['pki_subsystem'], + deployer.master_dict['pki_instance_name'], extra=config.PKI_INDENTATION_LEVEL_0) config.pki_log.info(log.INITIALIZATION_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) # verify that this type of "subsystem" currently EXISTS # for this "instance" - util.instance.verify_subsystem_exists() + deployer.instance.verify_subsystem_exists() # verify that the command-line parameters match the values # that are present in the corresponding configuration file - util.configuration_file.verify_command_matches_configuration_file() + deployer.configuration_file.verify_command_matches_configuration_file() # establish 'uid' and 'gid' - util.identity.set_uid(master['pki_user']) - util.identity.set_gid(master['pki_group']) + deployer.identity.set_uid(deployer.master_dict['pki_user']) + deployer.identity.set_gid(deployer.master_dict['pki_group']) # get ports to remove selinux context - util.configuration_file.populate_non_default_ports() + deployer.configuration_file.populate_non_default_ports() # get deinstallation token - token = util.security_domain.get_installation_token( + token = deployer.security_domain.get_installation_token( config.pki_secdomain_user, config.pki_secdomain_pass) # remove kra connector from CA if this is a KRA - util.kra_connector.deregister() + deployer.kra_connector.deregister() # de-register instance from its Security Domain # @@ -107,7 +107,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # instance's security domain may be a part of a # tightly-coupled shared instance. # - util.security_domain.deregister(token) + deployer.security_domain.deregister(token) # ALWAYS Stop this Apache/Tomcat PKI Process - util.systemd.stop() + deployer.systemd.stop() return self.rv diff --git a/base/server/src/scriptlets/instance_layout.py b/base/server/src/scriptlets/instance_layout.py index 07ae03e9a..99a97532b 100644 --- a/base/server/src/scriptlets/instance_layout.py +++ b/base/server/src/scriptlets/instance_layout.py @@ -25,161 +25,160 @@ import os # PKI Deployment Imports import pkiconfig as config -from pkiconfig import pki_master_dict as master -import pkihelper as util import pkimessages as log import pkiscriptlet -import os # PKI Deployment Instance Layout Scriptlet class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 - def spawn(self): - if config.str2bool(master['pki_skip_installation']): + def spawn(self, deployer): + + if config.str2bool(deployer.master_dict['pki_skip_installation']): config.pki_log.info(log.SKIP_INSTANCE_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) return self.rv config.pki_log.info(log.INSTANCE_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) # establish instance logs - util.directory.create(master['pki_instance_log_path']) + deployer.directory.create(deployer.master_dict['pki_instance_log_path']) # establish instance configuration - util.directory.create(master['pki_instance_configuration_path']) + deployer.directory.create(deployer.master_dict['pki_instance_configuration_path']) # establish Apache/Tomcat specific instance - if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + if deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: # establish Tomcat instance configuration - util.directory.copy(master['pki_source_server_path'], - master['pki_instance_configuration_path'], + deployer.directory.copy(deployer.master_dict['pki_source_server_path'], + deployer.master_dict['pki_instance_configuration_path'], overwrite_flag=True) # establish Tomcat instance base - util.directory.create(master['pki_tomcat_common_path']) - util.directory.create(master['pki_tomcat_common_lib_path']) + deployer.directory.create(deployer.master_dict['pki_tomcat_common_path']) + deployer.directory.create(deployer.master_dict['pki_tomcat_common_lib_path']) # establish Tomcat instance library - util.directory.create(master['pki_instance_lib']) - for name in os.listdir(master['pki_tomcat_lib_path']): - util.symlink.create( + deployer.directory.create(deployer.master_dict['pki_instance_lib']) + for name in os.listdir(deployer.master_dict['pki_tomcat_lib_path']): + deployer.symlink.create( os.path.join( - master['pki_tomcat_lib_path'], + deployer.master_dict['pki_tomcat_lib_path'], name), os.path.join( - master['pki_instance_lib'], + deployer.master_dict['pki_instance_lib'], name)) - util.symlink.create(master['pki_instance_conf_log4j_properties'], - master['pki_instance_lib_log4j_properties']) - util.directory.create(master['pki_tomcat_tmpdir_path']) - util.directory.create(master['pki_tomcat_webapps_path']) - util.directory.create(master['pki_tomcat_work_path']) - util.directory.create(master['pki_tomcat_work_catalina_path']) - util.directory.create(master['pki_tomcat_work_catalina_host_path']) - util.directory.create( - master['pki_tomcat_work_catalina_host_run_path']) - util.directory.create( - master['pki_tomcat_work_catalina_host_subsystem_path']) + deployer.symlink.create(deployer.master_dict['pki_instance_conf_log4j_properties'], + deployer.master_dict['pki_instance_lib_log4j_properties']) + deployer.directory.create(deployer.master_dict['pki_tomcat_tmpdir_path']) + deployer.directory.create(deployer.master_dict['pki_tomcat_webapps_path']) + deployer.directory.create(deployer.master_dict['pki_tomcat_work_path']) + deployer.directory.create(deployer.master_dict['pki_tomcat_work_catalina_path']) + deployer.directory.create(deployer.master_dict['pki_tomcat_work_catalina_host_path']) + deployer.directory.create( + deployer.master_dict['pki_tomcat_work_catalina_host_run_path']) + deployer.directory.create( + deployer.master_dict['pki_tomcat_work_catalina_host_subsystem_path']) # establish Tomcat instance logs # establish Tomcat instance registry # establish Tomcat instance convenience symbolic links - util.symlink.create(master['pki_tomcat_bin_path'], - master['pki_tomcat_bin_link']) - util.symlink.create(master['pki_tomcat_systemd'], - master['pki_instance_systemd_link'], + deployer.symlink.create(deployer.master_dict['pki_tomcat_bin_path'], + deployer.master_dict['pki_tomcat_bin_link']) + deployer.symlink.create(deployer.master_dict['pki_tomcat_systemd'], + deployer.master_dict['pki_instance_systemd_link'], uid=0, gid=0) # establish Tomcat instance common lib jar symbolic links - util.symlink.create(master['pki_apache_commons_collections_jar'], - master['pki_apache_commons_collections_jar_link']) - util.symlink.create(master['pki_apache_commons_lang_jar'], - master['pki_apache_commons_lang_jar_link']) - util.symlink.create(master['pki_apache_commons_logging_jar'], - master['pki_apache_commons_logging_jar_link']) - util.symlink.create(master['pki_commons_codec_jar'], - master['pki_commons_codec_jar_link']) - util.symlink.create(master['pki_httpclient_jar'], - master['pki_httpclient_jar_link']) - util.symlink.create(master['pki_httpcore_jar'], - master['pki_httpcore_jar_link']) - util.symlink.create(master['pki_javassist_jar'], - master['pki_javassist_jar_link']) - util.symlink.create(master['pki_resteasy_jaxrs_api_jar'], - master['pki_resteasy_jaxrs_api_jar_link']) - util.symlink.create(master['pki_jettison_jar'], - master['pki_jettison_jar_link']) - util.symlink.create(master['pki_jss_jar'], - master['pki_jss_jar_link']) - util.symlink.create(master['pki_ldapjdk_jar'], - master['pki_ldapjdk_jar_link']) - util.symlink.create(master['pki_tomcat_jar'], - master['pki_tomcat_jar_link']) - util.symlink.create(master['pki_resteasy_atom_provider_jar'], - master['pki_resteasy_atom_provider_jar_link']) - util.symlink.create(master['pki_resteasy_jaxb_provider_jar'], - master['pki_resteasy_jaxb_provider_jar_link']) - util.symlink.create(master['pki_resteasy_jaxrs_jar'], - master['pki_resteasy_jaxrs_jar_link']) - util.symlink.create(master['pki_resteasy_jettison_provider_jar'], - master['pki_resteasy_jettison_provider_jar_link']) - util.symlink.create(master['pki_scannotation_jar'], - master['pki_scannotation_jar_link']) - if master['pki_subsystem'] == 'TKS': - util.symlink.create(master['pki_symkey_jar'], - master['pki_symkey_jar_link']) - util.symlink.create(master['pki_tomcatjss_jar'], - master['pki_tomcatjss_jar_link']) - util.symlink.create(master['pki_velocity_jar'], - master['pki_velocity_jar_link']) - util.symlink.create(master['pki_xerces_j2_jar'], - master['pki_xerces_j2_jar_link']) - util.symlink.create(master['pki_xml_commons_apis_jar'], - master['pki_xml_commons_apis_jar_link']) - util.symlink.create(master['pki_xml_commons_resolver_jar'], - master['pki_xml_commons_resolver_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_apache_commons_collections_jar'], + deployer.master_dict['pki_apache_commons_collections_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_apache_commons_lang_jar'], + deployer.master_dict['pki_apache_commons_lang_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_apache_commons_logging_jar'], + deployer.master_dict['pki_apache_commons_logging_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_commons_codec_jar'], + deployer.master_dict['pki_commons_codec_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_httpclient_jar'], + deployer.master_dict['pki_httpclient_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_httpcore_jar'], + deployer.master_dict['pki_httpcore_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_javassist_jar'], + deployer.master_dict['pki_javassist_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_resteasy_jaxrs_api_jar'], + deployer.master_dict['pki_resteasy_jaxrs_api_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_jettison_jar'], + deployer.master_dict['pki_jettison_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_jss_jar'], + deployer.master_dict['pki_jss_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_ldapjdk_jar'], + deployer.master_dict['pki_ldapjdk_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_tomcat_jar'], + deployer.master_dict['pki_tomcat_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_resteasy_atom_provider_jar'], + deployer.master_dict['pki_resteasy_atom_provider_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_resteasy_jaxb_provider_jar'], + deployer.master_dict['pki_resteasy_jaxb_provider_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_resteasy_jaxrs_jar'], + deployer.master_dict['pki_resteasy_jaxrs_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_resteasy_jettison_provider_jar'], + deployer.master_dict['pki_resteasy_jettison_provider_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_scannotation_jar'], + deployer.master_dict['pki_scannotation_jar_link']) + if deployer.master_dict['pki_subsystem'] == 'TKS': + deployer.symlink.create(deployer.master_dict['pki_symkey_jar'], + deployer.master_dict['pki_symkey_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_tomcatjss_jar'], + deployer.master_dict['pki_tomcatjss_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_velocity_jar'], + deployer.master_dict['pki_velocity_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_xerces_j2_jar'], + deployer.master_dict['pki_xerces_j2_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_xml_commons_apis_jar'], + deployer.master_dict['pki_xml_commons_apis_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_xml_commons_resolver_jar'], + deployer.master_dict['pki_xml_commons_resolver_jar_link']) # establish shared NSS security databases for this instance - util.directory.create(master['pki_database_path']) + deployer.directory.create(deployer.master_dict['pki_database_path']) # establish instance convenience symbolic links - util.symlink.create(master['pki_database_path'], - master['pki_instance_database_link']) - util.symlink.create(master['pki_instance_configuration_path'], - master['pki_instance_conf_link']) - util.symlink.create(master['pki_instance_log_path'], - master['pki_instance_logs_link']) + deployer.symlink.create(deployer.master_dict['pki_database_path'], + deployer.master_dict['pki_instance_database_link']) + deployer.symlink.create(deployer.master_dict['pki_instance_configuration_path'], + deployer.master_dict['pki_instance_conf_link']) + deployer.symlink.create(deployer.master_dict['pki_instance_log_path'], + deployer.master_dict['pki_instance_logs_link']) return self.rv - def destroy(self): + def destroy(self, deployer): + config.pki_log.info(log.INSTANCE_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - if master['pki_subsystem'] == 'TKS': - util.symlink.delete(master['pki_symkey_jar_link']) - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ - util.instance.apache_instance_subsystems() == 0: + if deployer.master_dict['pki_subsystem'] == 'TKS': + deployer.symlink.delete(deployer.master_dict['pki_symkey_jar_link']) + if deployer.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ + deployer.instance.apache_instance_subsystems() == 0: # remove Apache instance base - util.directory.delete(master['pki_instance_path']) + deployer.directory.delete(deployer.master_dict['pki_instance_path']) # remove Apache instance logs # remove shared NSS security database path for this instance - util.directory.delete(master['pki_database_path']) + deployer.directory.delete(deployer.master_dict['pki_database_path']) # remove Apache instance configuration - util.directory.delete(master['pki_instance_configuration_path']) + deployer.directory.delete(deployer.master_dict['pki_instance_configuration_path']) # remove Apache instance registry - util.directory.delete(master['pki_instance_registry_path']) + deployer.directory.delete(deployer.master_dict['pki_instance_registry_path']) # remove Apache PKI registry (if empty) - if util.instance.apache_instances() == 0: - util.directory.delete( - master['pki_instance_type_registry_path']) - elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ - len(util.instance.tomcat_instance_subsystems()) == 0: + if deployer.instance.apache_instances() == 0: + deployer.directory.delete( + deployer.master_dict['pki_instance_type_registry_path']) + elif deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ + len(deployer.instance.tomcat_instance_subsystems()) == 0: # remove Tomcat instance base - util.directory.delete(master['pki_instance_path']) + deployer.directory.delete(deployer.master_dict['pki_instance_path']) # remove Tomcat instance logs - util.directory.delete(master['pki_instance_log_path']) + deployer.directory.delete(deployer.master_dict['pki_instance_log_path']) # remove shared NSS security database path for this instance - util.directory.delete(master['pki_database_path']) + deployer.directory.delete(deployer.master_dict['pki_database_path']) # remove Tomcat instance configuration - util.directory.delete(master['pki_instance_configuration_path']) + deployer.directory.delete(deployer.master_dict['pki_instance_configuration_path']) # remove PKI 'tomcat.conf' instance file - util.file.delete(master['pki_target_tomcat_conf_instance_id']) + deployer.file.delete(deployer.master_dict['pki_target_tomcat_conf_instance_id']) # remove Tomcat instance registry - util.directory.delete(master['pki_instance_registry_path']) + deployer.directory.delete(deployer.master_dict['pki_instance_registry_path']) # remove Tomcat PKI registry (if empty) - if util.instance.tomcat_instances() == 0: - util.directory.delete( - master['pki_instance_type_registry_path']) + if deployer.instance.tomcat_instances() == 0: + deployer.directory.delete( + deployer.master_dict['pki_instance_type_registry_path']) return self.rv diff --git a/base/server/src/scriptlets/security_databases.py b/base/server/src/scriptlets/security_databases.py index 029b8ebef..d18e2151b 100644 --- a/base/server/src/scriptlets/security_databases.py +++ b/base/server/src/scriptlets/security_databases.py @@ -21,8 +21,6 @@ # PKI Deployment Imports import pkiconfig as config -from pkiconfig import pki_master_dict as master -import pkihelper as util import pkimessages as log import pkiscriptlet @@ -31,84 +29,86 @@ import pkiscriptlet class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 - def spawn(self): - if config.str2bool(master['pki_skip_installation']): + def spawn(self, deployer): + + if config.str2bool(deployer.master_dict['pki_skip_installation']): config.pki_log.info(log.SKIP_SECURITY_DATABASES_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) return self.rv config.pki_log.info(log.SECURITY_DATABASES_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - util.password.create_password_conf( - master['pki_shared_password_conf'], - master['pki_pin']) + deployer.password.create_password_conf( + deployer.master_dict['pki_shared_password_conf'], + deployer.master_dict['pki_pin']) # Since 'certutil' does NOT strip the 'token=' portion of # the 'token=password' entries, create a temporary server 'pfile' # which ONLY contains the 'password' for the purposes of # allowing 'certutil' to generate the security databases - util.password.create_password_conf( - master['pki_shared_pfile'], - master['pki_pin'], pin_sans_token=True) - util.file.modify(master['pki_shared_password_conf']) - util.certutil.create_security_databases( - master['pki_database_path'], - master['pki_cert_database'], - master['pki_key_database'], - master['pki_secmod_database'], - password_file=master['pki_shared_pfile']) - util.file.modify(master['pki_cert_database'], perms=\ + deployer.password.create_password_conf( + deployer.master_dict['pki_shared_pfile'], + deployer.master_dict['pki_pin'], pin_sans_token=True) + deployer.file.modify(deployer.master_dict['pki_shared_password_conf']) + deployer.certutil.create_security_databases( + deployer.master_dict['pki_database_path'], + deployer.master_dict['pki_cert_database'], + deployer.master_dict['pki_key_database'], + deployer.master_dict['pki_secmod_database'], + password_file=deployer.master_dict['pki_shared_pfile']) + deployer.file.modify(deployer.master_dict['pki_cert_database'], perms=\ config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) - util.file.modify(master['pki_key_database'], perms=\ + deployer.file.modify(deployer.master_dict['pki_key_database'], perms=\ config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) - util.file.modify(master['pki_secmod_database'], perms=\ + deployer.file.modify(deployer.master_dict['pki_secmod_database'], perms=\ config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) - if len(util.instance.tomcat_instance_subsystems()) < 2: + if len(deployer.instance.tomcat_instance_subsystems()) < 2: # only create a self signed cert for a new instance - rv = util.certutil.verify_certificate_exists( - master['pki_database_path'], - master['pki_cert_database'], - master['pki_key_database'], - master['pki_secmod_database'], - master['pki_self_signed_token'], - master['pki_self_signed_nickname'], - password_file=master['pki_shared_pfile']) + rv = deployer.certutil.verify_certificate_exists( + deployer.master_dict['pki_database_path'], + deployer.master_dict['pki_cert_database'], + deployer.master_dict['pki_key_database'], + deployer.master_dict['pki_secmod_database'], + deployer.master_dict['pki_self_signed_token'], + deployer.master_dict['pki_self_signed_nickname'], + password_file=deployer.master_dict['pki_shared_pfile']) if not rv: - util.file.generate_noise_file( - master['pki_self_signed_noise_file'], - master['pki_self_signed_noise_bytes']) - util.certutil.generate_self_signed_certificate( - master['pki_database_path'], - master['pki_cert_database'], - master['pki_key_database'], - master['pki_secmod_database'], - master['pki_self_signed_token'], - master['pki_self_signed_nickname'], - master['pki_self_signed_subject'], - master['pki_self_signed_serial_number'], - master['pki_self_signed_validity_period'], - master['pki_self_signed_issuer_name'], - master['pki_self_signed_trustargs'], - master['pki_self_signed_noise_file'], - password_file=master['pki_shared_pfile']) + deployer.file.generate_noise_file( + deployer.master_dict['pki_self_signed_noise_file'], + deployer.master_dict['pki_self_signed_noise_bytes']) + deployer.certutil.generate_self_signed_certificate( + deployer.master_dict['pki_database_path'], + deployer.master_dict['pki_cert_database'], + deployer.master_dict['pki_key_database'], + deployer.master_dict['pki_secmod_database'], + deployer.master_dict['pki_self_signed_token'], + deployer.master_dict['pki_self_signed_nickname'], + deployer.master_dict['pki_self_signed_subject'], + deployer.master_dict['pki_self_signed_serial_number'], + deployer.master_dict['pki_self_signed_validity_period'], + deployer.master_dict['pki_self_signed_issuer_name'], + deployer.master_dict['pki_self_signed_trustargs'], + deployer.master_dict['pki_self_signed_noise_file'], + password_file=deployer.master_dict['pki_shared_pfile']) # Delete the temporary 'noise' file - util.file.delete(master['pki_self_signed_noise_file']) + deployer.file.delete(deployer.master_dict['pki_self_signed_noise_file']) # Delete the temporary 'pfile' - util.file.delete(master['pki_shared_pfile']) + deployer.file.delete(deployer.master_dict['pki_shared_pfile']) return self.rv - def destroy(self): + def destroy(self, deployer): + config.pki_log.info(log.SECURITY_DATABASES_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ - util.instance.apache_instance_subsystems() == 0: - util.file.delete(master['pki_cert_database']) - util.file.delete(master['pki_key_database']) - util.file.delete(master['pki_secmod_database']) - util.file.delete(master['pki_shared_password_conf']) - elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ - len(util.instance.tomcat_instance_subsystems()) == 0: - util.file.delete(master['pki_cert_database']) - util.file.delete(master['pki_key_database']) - util.file.delete(master['pki_secmod_database']) - util.file.delete(master['pki_shared_password_conf']) + if deployer.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ + deployer.instance.apache_instance_subsystems() == 0: + deployer.file.delete(deployer.master_dict['pki_cert_database']) + deployer.file.delete(deployer.master_dict['pki_key_database']) + deployer.file.delete(deployer.master_dict['pki_secmod_database']) + deployer.file.delete(deployer.master_dict['pki_shared_password_conf']) + elif deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ + len(deployer.instance.tomcat_instance_subsystems()) == 0: + deployer.file.delete(deployer.master_dict['pki_cert_database']) + deployer.file.delete(deployer.master_dict['pki_key_database']) + deployer.file.delete(deployer.master_dict['pki_secmod_database']) + deployer.file.delete(deployer.master_dict['pki_shared_password_conf']) return self.rv diff --git a/base/server/src/scriptlets/selinux_setup.py b/base/server/src/scriptlets/selinux_setup.py index 684a4ce2a..528a6c55a 100644 --- a/base/server/src/scriptlets/selinux_setup.py +++ b/base/server/src/scriptlets/selinux_setup.py @@ -21,9 +21,7 @@ # PKI Deployment Imports import pkiconfig as config -from pkiconfig import pki_master_dict as master from pkiconfig import pki_selinux_config_ports as ports -import pkihelper as util import pkimessages as log import pkiscriptlet import selinux @@ -37,14 +35,15 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 suffix = "(/.*)?" - def restore_context(self): - selinux.restorecon(master['pki_instance_path'], True) + def restore_context(self, master_dict): + selinux.restorecon(master_dict['pki_instance_path'], True) selinux.restorecon(config.PKI_DEPLOYMENT_LOG_ROOT, True) - selinux.restorecon(master['pki_instance_log_path'], True) - selinux.restorecon(master['pki_instance_configuration_path'], True) + selinux.restorecon(master_dict['pki_instance_log_path'], True) + selinux.restorecon(master_dict['pki_instance_configuration_path'], True) - def spawn(self): - if config.str2bool(master['pki_skip_installation']): + def spawn(self, deployer): + + if config.str2bool(deployer.master_dict['pki_skip_installation']): config.pki_log.info(log.SKIP_SELINUX_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) return self.rv @@ -62,46 +61,46 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): while True: try: # check first if any transactions are required - if len(ports) == 0 and master['pki_instance_name'] == \ + if len(ports) == 0 and deployer.master_dict['pki_instance_name'] == \ config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: - self.restore_context() + self.restore_context(master) return self.rv # add SELinux contexts when adding the first subsystem - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ - util.instance.apache_instance_subsystems() == 1 or\ - master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ - len(util.instance.tomcat_instance_subsystems()) == 1: + if deployer.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ + deployer.instance.apache_instance_subsystems() == 1 or\ + deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ + len(deployer.instance.tomcat_instance_subsystems()) == 1: trans = seobject.semanageRecords("targeted") trans.start() - if master['pki_instance_name'] != \ + if deployer.master_dict['pki_instance_name'] != \ config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: fcon = seobject.fcontextRecords() config.pki_log.info("adding selinux fcontext \"%s\"", - master['pki_instance_path'] + self.suffix, + deployer.master_dict['pki_instance_path'] + self.suffix, extra=config.PKI_INDENTATION_LEVEL_2) - fcon.add(master['pki_instance_path'] + self.suffix, + fcon.add(deployer.master_dict['pki_instance_path'] + self.suffix, config.PKI_INSTANCE_SELINUX_CONTEXT, "", "s0", "") config.pki_log.info("adding selinux fcontext \"%s\"", - master['pki_instance_log_path'] + self.suffix, + deployer.master_dict['pki_instance_log_path'] + self.suffix, extra=config.PKI_INDENTATION_LEVEL_2) - fcon.add(master['pki_instance_log_path'] + self.suffix, + fcon.add(deployer.master_dict['pki_instance_log_path'] + self.suffix, config.PKI_LOG_SELINUX_CONTEXT, "", "s0", "") config.pki_log.info("adding selinux fcontext \"%s\"", - master['pki_instance_configuration_path'] + self.suffix, + deployer.master_dict['pki_instance_configuration_path'] + self.suffix, extra=config.PKI_INDENTATION_LEVEL_2) - fcon.add(master['pki_instance_configuration_path'] + self.suffix, + fcon.add(deployer.master_dict['pki_instance_configuration_path'] + self.suffix, config.PKI_CFG_SELINUX_CONTEXT, "", "s0", "") config.pki_log.info("adding selinux fcontext \"%s\"", - master['pki_database_path'] + self.suffix, + deployer.master_dict['pki_database_path'] + self.suffix, extra=config.PKI_INDENTATION_LEVEL_2) - fcon.add(master['pki_database_path'] + self.suffix, + fcon.add(deployer.master_dict['pki_database_path'] + self.suffix, config.PKI_CERTDB_SELINUX_CONTEXT, "", "s0", "") portRecords = seobject.portRecords() @@ -112,7 +111,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): trans.finish() - self.restore_context() + self.restore_context(deployer.master_dict) break except ValueError as e: error_message = str(e) @@ -128,7 +127,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): return self.rv - def destroy(self): + def destroy(self, deployer): + if not bool(selinux.is_selinux_enabled()): config.pki_log.info(log.SELINUX_DISABLED_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) @@ -137,7 +137,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): extra=config.PKI_INDENTATION_LEVEL_1) # check first if any transactions are required - if len(ports) == 0 and master['pki_instance_name'] == \ + if len(ports) == 0 and deployer.master_dict['pki_instance_name'] == \ config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: return self.rv # A maximum of 10 tries to delete the SELinux contexts @@ -146,39 +146,39 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): while True: try: # remove SELinux contexts when removing the last subsystem - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ - util.instance.apache_instance_subsystems() == 0 or\ - master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ - len(util.instance.tomcat_instance_subsystems()) == 0: + if deployer.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ + deployer.instance.apache_instance_subsystems() == 0 or\ + deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ + len(deployer.instance.tomcat_instance_subsystems()) == 0: trans = seobject.semanageRecords("targeted") trans.start() - if master['pki_instance_name'] != \ + if deployer.master_dict['pki_instance_name'] != \ config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: fcon = seobject.fcontextRecords() config.pki_log.info("deleting selinux fcontext \"%s\"", - master['pki_instance_path'] + self.suffix, + deployer.master_dict['pki_instance_path'] + self.suffix, extra=config.PKI_INDENTATION_LEVEL_2) - fcon.delete(master['pki_instance_path'] + self.suffix , "") + fcon.delete(deployer.master_dict['pki_instance_path'] + self.suffix , "") config.pki_log.info("deleting selinux fcontext \"%s\"", - master['pki_instance_log_path'] + self.suffix, + deployer.master_dict['pki_instance_log_path'] + self.suffix, extra=config.PKI_INDENTATION_LEVEL_2) - fcon.delete(master['pki_instance_log_path'] + self.suffix, "") + fcon.delete(deployer.master_dict['pki_instance_log_path'] + self.suffix, "") config.pki_log.info("deleting selinux fcontext \"%s\"", - master['pki_instance_configuration_path'] + self.suffix, + deployer.master_dict['pki_instance_configuration_path'] + self.suffix, extra=config.PKI_INDENTATION_LEVEL_2) - fcon.delete(master['pki_instance_configuration_path'] + \ + fcon.delete(deployer.master_dict['pki_instance_configuration_path'] + \ self.suffix, "") config.pki_log.info("deleting selinux fcontext \"%s\"", - master['pki_database_path'] + self.suffix, + deployer.master_dict['pki_database_path'] + self.suffix, extra=config.PKI_INDENTATION_LEVEL_2) - fcon.delete(master['pki_database_path'] + self.suffix , "") + fcon.delete(deployer.master_dict['pki_database_path'] + self.suffix , "") portRecords = seobject.portRecords() for port in ports: diff --git a/base/server/src/scriptlets/slot_substitution.py b/base/server/src/scriptlets/slot_substitution.py index 7904762cc..a4c90908c 100644 --- a/base/server/src/scriptlets/slot_substitution.py +++ b/base/server/src/scriptlets/slot_substitution.py @@ -21,9 +21,6 @@ # PKI Deployment Imports import pkiconfig as config -from pkiconfig import pki_master_dict as master -from pkiconfig import pki_slots_dict as slots -import pkihelper as util import pkimessages as log import pkiscriptlet @@ -32,65 +29,66 @@ import pkiscriptlet class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 - def spawn(self): - if config.str2bool(master['pki_skip_installation']): + def spawn(self, deployer): + + if config.str2bool(deployer.master_dict['pki_skip_installation']): config.pki_log.info(log.SKIP_SLOT_ASSIGNMENT_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) return self.rv config.pki_log.info(log.SLOT_ASSIGNMENT_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - util.file.copy_with_slot_substitution(master['pki_source_cs_cfg'], - master['pki_target_cs_cfg']) - util.file.copy_with_slot_substitution(master['pki_source_registry'], - master['pki_target_registry'], - uid=0, gid=0, overwrite_flag=True) - if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: - util.file.copy_with_slot_substitution( - master['pki_source_catalina_properties'], - master['pki_target_catalina_properties'], + deployer.file.copy_with_slot_substitution(deployer.master_dict['pki_source_cs_cfg'], + deployer.master_dict['pki_target_cs_cfg']) + deployer.file.copy_with_slot_substitution(deployer.master_dict['pki_source_registry'], + deployer.master_dict['pki_target_registry'], + uid=0, gid=0, overwrite_flag=True) + if deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + deployer.file.copy_with_slot_substitution( + deployer.master_dict['pki_source_catalina_properties'], + deployer.master_dict['pki_target_catalina_properties'], overwrite_flag=True) - util.file.copy_with_slot_substitution( - master['pki_source_servercertnick_conf'], - master['pki_target_servercertnick_conf'], + deployer.file.copy_with_slot_substitution( + deployer.master_dict['pki_source_servercertnick_conf'], + deployer.master_dict['pki_target_servercertnick_conf'], overwrite_flag=True) - util.file.copy_with_slot_substitution( - master['pki_source_server_xml'], - master['pki_target_server_xml'], + deployer.file.copy_with_slot_substitution( + deployer.master_dict['pki_source_server_xml'], + deployer.master_dict['pki_target_server_xml'], overwrite_flag=True) - util.file.copy_with_slot_substitution( - master['pki_source_context_xml'], - master['pki_target_context_xml'], + deployer.file.copy_with_slot_substitution( + deployer.master_dict['pki_source_context_xml'], + deployer.master_dict['pki_target_context_xml'], overwrite_flag=True) - util.file.copy_with_slot_substitution( - master['pki_source_tomcat_conf'], - master['pki_target_tomcat_conf_instance_id'], + deployer.file.copy_with_slot_substitution( + deployer.master_dict['pki_source_tomcat_conf'], + deployer.master_dict['pki_target_tomcat_conf_instance_id'], uid=0, gid=0, overwrite_flag=True) - util.file.copy_with_slot_substitution( - master['pki_source_tomcat_conf'], - master['pki_target_tomcat_conf'], + deployer.file.copy_with_slot_substitution( + deployer.master_dict['pki_source_tomcat_conf'], + deployer.master_dict['pki_target_tomcat_conf'], overwrite_flag=True) - util.file.apply_slot_substitution( - master['pki_target_velocity_properties']) - util.file.apply_slot_substitution( - master['pki_target_subsystem_web_xml']) + deployer.file.apply_slot_substitution( + deployer.master_dict['pki_target_velocity_properties']) + deployer.file.apply_slot_substitution( + deployer.master_dict['pki_target_subsystem_web_xml']) # Strip "<filter>" section from subsystem "web.xml" # This is ONLY necessary because XML comments cannot be "nested"! - #util.file.copy(master['pki_target_subsystem_web_xml'], - # master['pki_target_subsystem_web_xml_orig']) - #util.file.delete(master['pki_target_subsystem_web_xml']) + #deployer.file.copy(deployer.master_dict['pki_target_subsystem_web_xml'], + # deployer.master_dict['pki_target_subsystem_web_xml_orig']) + #deployer.file.delete(deployer.master_dict['pki_target_subsystem_web_xml']) #util.xml_file.remove_filter_section_from_web_xml( - # master['pki_target_subsystem_web_xml_orig'], - # master['pki_target_subsystem_web_xml']) - #util.file.delete(master['pki_target_subsystem_web_xml_orig']) - if master['pki_subsystem'] == "CA": - util.file.copy_with_slot_substitution( - master['pki_source_proxy_conf'], - master['pki_target_proxy_conf']) - util.file.apply_slot_substitution( - master['pki_target_profileselect_template']) + # deployer.master_dict['pki_target_subsystem_web_xml_orig'], + # deployer.master_dict['pki_target_subsystem_web_xml']) + #deployer.file.delete(deployer.master_dict['pki_target_subsystem_web_xml_orig']) + if deployer.master_dict['pki_subsystem'] == "CA": + deployer.file.copy_with_slot_substitution( + deployer.master_dict['pki_source_proxy_conf'], + deployer.master_dict['pki_target_proxy_conf']) + deployer.file.apply_slot_substitution( + deployer.master_dict['pki_target_profileselect_template']) return self.rv - def destroy(self): + def destroy(self, deployer): config.pki_log.info(log.SLOT_ASSIGNMENT_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) config.pki_log.info("NOTHING NEEDS TO BE IMPLEMENTED", diff --git a/base/server/src/scriptlets/subsystem_layout.py b/base/server/src/scriptlets/subsystem_layout.py index f340ead49..8e4841776 100644 --- a/base/server/src/scriptlets/subsystem_layout.py +++ b/base/server/src/scriptlets/subsystem_layout.py @@ -21,8 +21,6 @@ # PKI Deployment Imports import pkiconfig as config -from pkiconfig import pki_master_dict as master -import pkihelper as util import pkimessages as log import pkiscriptlet @@ -31,91 +29,93 @@ import pkiscriptlet class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 - def spawn(self): - if config.str2bool(master['pki_skip_installation']): + def spawn(self, deployer): + + if config.str2bool(deployer.master_dict['pki_skip_installation']): config.pki_log.info(log.SKIP_SUBSYSTEM_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) return self.rv config.pki_log.info(log.SUBSYSTEM_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) # establish instance-based subsystem logs - util.directory.create(master['pki_subsystem_log_path']) - util.directory.create(master['pki_subsystem_archive_log_path']) - if master['pki_subsystem'] in config.PKI_SIGNED_AUDIT_SUBSYSTEMS: - util.directory.create(master['pki_subsystem_signed_audit_log_path']) + deployer.directory.create(deployer.master_dict['pki_subsystem_log_path']) + deployer.directory.create(deployer.master_dict['pki_subsystem_archive_log_path']) + if deployer.master_dict['pki_subsystem'] in config.PKI_SIGNED_AUDIT_SUBSYSTEMS: + deployer.directory.create(deployer.master_dict['pki_subsystem_signed_audit_log_path']) # establish instance-based subsystem configuration - util.directory.create(master['pki_subsystem_configuration_path']) - # util.directory.copy(master['pki_source_conf_path'], - # master['pki_subsystem_configuration_path']) + deployer.directory.create(deployer.master_dict['pki_subsystem_configuration_path']) + # deployer.directory.copy(deployer.master_dict['pki_source_conf_path'], + # deployer.master_dict['pki_subsystem_configuration_path']) # establish instance-based Apache/Tomcat specific subsystems - if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + if deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: # establish instance-based Tomcat PKI subsystem base - if master['pki_subsystem'] == "CA": - util.directory.copy(master['pki_source_emails'], - master['pki_subsystem_emails_path']) - util.directory.copy(master['pki_source_profiles'], - master['pki_subsystem_profiles_path']) + if deployer.master_dict['pki_subsystem'] == "CA": + deployer.directory.copy(deployer.master_dict['pki_source_emails'], + deployer.master_dict['pki_subsystem_emails_path']) + deployer.directory.copy(deployer.master_dict['pki_source_profiles'], + deployer.master_dict['pki_subsystem_profiles_path']) # establish instance-based Tomcat PKI subsystem logs # establish instance-based Tomcat PKI subsystem configuration - if master['pki_subsystem'] == "CA": - util.file.copy(master['pki_source_flatfile_txt'], - master['pki_target_flatfile_txt']) - util.file.copy(master['pki_source_registry_cfg'], - master['pki_target_registry_cfg']) + if deployer.master_dict['pki_subsystem'] == "CA": + deployer.file.copy(deployer.master_dict['pki_source_flatfile_txt'], + deployer.master_dict['pki_target_flatfile_txt']) + deployer.file.copy(deployer.master_dict['pki_source_registry_cfg'], + deployer.master_dict['pki_target_registry_cfg']) # '*.profile' - util.file.copy(master['pki_source_admincert_profile'], - master['pki_target_admincert_profile']) - util.file.copy(master['pki_source_caauditsigningcert_profile'], - master['pki_target_caauditsigningcert_profile']) - util.file.copy(master['pki_source_cacert_profile'], - master['pki_target_cacert_profile']) - util.file.copy(master['pki_source_caocspcert_profile'], - master['pki_target_caocspcert_profile']) - util.file.copy(master['pki_source_servercert_profile'], - master['pki_target_servercert_profile']) - util.file.copy(master['pki_source_subsystemcert_profile'], - master['pki_target_subsystemcert_profile']) - elif master['pki_subsystem'] == "KRA": + deployer.file.copy(deployer.master_dict['pki_source_admincert_profile'], + deployer.master_dict['pki_target_admincert_profile']) + deployer.file.copy(deployer.master_dict['pki_source_caauditsigningcert_profile'], + deployer.master_dict['pki_target_caauditsigningcert_profile']) + deployer.file.copy(deployer.master_dict['pki_source_cacert_profile'], + deployer.master_dict['pki_target_cacert_profile']) + deployer.file.copy(deployer.master_dict['pki_source_caocspcert_profile'], + deployer.master_dict['pki_target_caocspcert_profile']) + deployer.file.copy(deployer.master_dict['pki_source_servercert_profile'], + deployer.master_dict['pki_target_servercert_profile']) + deployer.file.copy(deployer.master_dict['pki_source_subsystemcert_profile'], + deployer.master_dict['pki_target_subsystemcert_profile']) + elif deployer.master_dict['pki_subsystem'] == "KRA": # '*.profile' - util.file.copy(master['pki_source_servercert_profile'], - master['pki_target_servercert_profile']) - util.file.copy(master['pki_source_storagecert_profile'], - master['pki_target_storagecert_profile']) - util.file.copy(master['pki_source_subsystemcert_profile'], - master['pki_target_subsystemcert_profile']) - util.file.copy(master['pki_source_transportcert_profile'], - master['pki_target_transportcert_profile']) + deployer.file.copy(deployer.master_dict['pki_source_servercert_profile'], + deployer.master_dict['pki_target_servercert_profile']) + deployer.file.copy(deployer.master_dict['pki_source_storagecert_profile'], + deployer.master_dict['pki_target_storagecert_profile']) + deployer.file.copy(deployer.master_dict['pki_source_subsystemcert_profile'], + deployer.master_dict['pki_target_subsystemcert_profile']) + deployer.file.copy(deployer.master_dict['pki_source_transportcert_profile'], + deployer.master_dict['pki_target_transportcert_profile']) # establish instance-based Tomcat PKI subsystem registry # establish instance-based Tomcat PKI subsystem convenience # symbolic links - util.symlink.create(master['pki_tomcat_webapps_path'], - master['pki_subsystem_tomcat_webapps_link']) + deployer.symlink.create(deployer.master_dict['pki_tomcat_webapps_path'], + deployer.master_dict['pki_subsystem_tomcat_webapps_link']) # establish instance-based subsystem convenience symbolic links - util.symlink.create(master['pki_instance_database_link'], - master['pki_subsystem_database_link']) - util.symlink.create(master['pki_subsystem_configuration_path'], - master['pki_subsystem_conf_link']) - util.symlink.create(master['pki_subsystem_log_path'], - master['pki_subsystem_logs_link']) - util.symlink.create(master['pki_instance_registry_path'], - master['pki_subsystem_registry_link']) + deployer.symlink.create(deployer.master_dict['pki_instance_database_link'], + deployer.master_dict['pki_subsystem_database_link']) + deployer.symlink.create(deployer.master_dict['pki_subsystem_configuration_path'], + deployer.master_dict['pki_subsystem_conf_link']) + deployer.symlink.create(deployer.master_dict['pki_subsystem_log_path'], + deployer.master_dict['pki_subsystem_logs_link']) + deployer.symlink.create(deployer.master_dict['pki_instance_registry_path'], + deployer.master_dict['pki_subsystem_registry_link']) return self.rv - def destroy(self): + def destroy(self, deployer): + config.pki_log.info(log.SUBSYSTEM_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) # remove instance-based subsystem base - if master['pki_subsystem'] == "CA": - util.directory.delete(master['pki_subsystem_emails_path']) - util.directory.delete(master['pki_subsystem_profiles_path']) - util.directory.delete(master['pki_subsystem_path']) + if deployer.master_dict['pki_subsystem'] == "CA": + deployer.directory.delete(deployer.master_dict['pki_subsystem_emails_path']) + deployer.directory.delete(deployer.master_dict['pki_subsystem_profiles_path']) + deployer.directory.delete(deployer.master_dict['pki_subsystem_path']) # remove instance-based subsystem logs - if master['pki_subsystem'] in config.PKI_SIGNED_AUDIT_SUBSYSTEMS: - util.directory.delete(master['pki_subsystem_signed_audit_log_path']) - util.directory.delete(master['pki_subsystem_archive_log_path']) - util.directory.delete(master['pki_subsystem_log_path']) + if deployer.master_dict['pki_subsystem'] in config.PKI_SIGNED_AUDIT_SUBSYSTEMS: + deployer.directory.delete(deployer.master_dict['pki_subsystem_signed_audit_log_path']) + deployer.directory.delete(deployer.master_dict['pki_subsystem_archive_log_path']) + deployer.directory.delete(deployer.master_dict['pki_subsystem_log_path']) # remove instance-based subsystem configuration - util.directory.delete(master['pki_subsystem_configuration_path']) + deployer.directory.delete(deployer.master_dict['pki_subsystem_configuration_path']) # remove instance-based subsystem registry - util.directory.delete(master['pki_subsystem_registry_path']) + deployer.directory.delete(deployer.master_dict['pki_subsystem_registry_path']) return self.rv diff --git a/base/server/src/scriptlets/webapp_deployment.py b/base/server/src/scriptlets/webapp_deployment.py index aa52009fb..bd8de9a15 100644 --- a/base/server/src/scriptlets/webapp_deployment.py +++ b/base/server/src/scriptlets/webapp_deployment.py @@ -25,8 +25,6 @@ import os # PKI Deployment Imports import pkiconfig as config -from pkiconfig import pki_master_dict as master -import pkihelper as util import pkimessages as log import pkiscriptlet @@ -35,9 +33,10 @@ import pkiscriptlet class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 - def spawn(self): - if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: - if config.str2bool(master['pki_skip_installation']): + def spawn(self, deployer): + + if deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + if config.str2bool(deployer.master_dict['pki_skip_installation']): config.pki_log.info(log.SKIP_WEBAPP_DEPLOYMENT_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) @@ -47,30 +46,30 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # Copy /usr/share/pki/server/webapps/ROOT # to <instance>/webapps/ROOT - util.directory.create(master['pki_tomcat_webapps_root_path']) - util.directory.copy( + deployer.directory.create(deployer.master_dict['pki_tomcat_webapps_root_path']) + deployer.directory.copy( os.path.join( config.PKI_DEPLOYMENT_SOURCE_ROOT, "server", "webapps", "ROOT"), - master['pki_tomcat_webapps_root_path'], + deployer.master_dict['pki_tomcat_webapps_root_path'], overwrite_flag=True) - util.directory.create(master['pki_tomcat_webapps_common_path']) + deployer.directory.create(deployer.master_dict['pki_tomcat_webapps_common_path']) # If desired and available, # copy selected server theme # to <instance>/webapps/pki - if config.str2bool(master['pki_theme_enable']) and\ - os.path.exists(master['pki_theme_server_dir']): - util.directory.copy(master['pki_theme_server_dir'], - master['pki_tomcat_webapps_common_path'], + if config.str2bool(deployer.master_dict['pki_theme_enable']) and\ + os.path.exists(deployer.master_dict['pki_theme_server_dir']): + deployer.directory.copy(deployer.master_dict['pki_theme_server_dir'], + deployer.master_dict['pki_tomcat_webapps_common_path'], overwrite_flag=True) # Copy /usr/share/pki/server/webapps/pki/js # to <instance>/webapps/pki/js - util.directory.copy( + deployer.directory.copy( os.path.join( config.PKI_DEPLOYMENT_SOURCE_ROOT, "server", @@ -78,13 +77,13 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): "pki", "js"), os.path.join( - master['pki_tomcat_webapps_common_path'], + deployer.master_dict['pki_tomcat_webapps_common_path'], "js"), overwrite_flag=True) # Copy /usr/share/pki/server/webapps/pki/META-INF # to <instance>/webapps/pki/META-INF - util.directory.copy( + deployer.directory.copy( os.path.join( config.PKI_DEPLOYMENT_SOURCE_ROOT, "server", @@ -92,15 +91,15 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): "pki", "META-INF"), os.path.join( - master['pki_tomcat_webapps_common_path'], + deployer.master_dict['pki_tomcat_webapps_common_path'], "META-INF"), overwrite_flag=True) # Copy /usr/share/pki/server/webapps/pki/admin # to <instance>/webapps/<subsystem>/admin # TODO: common templates should be deployed in common webapp - util.directory.create(master['pki_tomcat_webapps_subsystem_path']) - util.directory.copy( + deployer.directory.create(deployer.master_dict['pki_tomcat_webapps_subsystem_path']) + deployer.directory.copy( os.path.join( config.PKI_DEPLOYMENT_SOURCE_ROOT, "server", @@ -108,60 +107,60 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): "pki", "admin"), os.path.join( - master['pki_tomcat_webapps_subsystem_path'], + deployer.master_dict['pki_tomcat_webapps_subsystem_path'], "admin"), overwrite_flag=True) # Copy /usr/share/pki/<subsystem>/webapps/<subsystem> # to <instance>/webapps/<subsystem> - util.directory.copy( + deployer.directory.copy( os.path.join( config.PKI_DEPLOYMENT_SOURCE_ROOT, - master['pki_subsystem'].lower(), + deployer.master_dict['pki_subsystem'].lower(), "webapps", - master['pki_subsystem'].lower()), - master['pki_tomcat_webapps_subsystem_path'], + deployer.master_dict['pki_subsystem'].lower()), + deployer.master_dict['pki_tomcat_webapps_subsystem_path'], overwrite_flag=True) - util.directory.create( - master['pki_tomcat_webapps_subsystem_webinf_classes_path']) - util.directory.create( - master['pki_tomcat_webapps_subsystem_webinf_lib_path']) + deployer.directory.create( + deployer.master_dict['pki_tomcat_webapps_subsystem_webinf_classes_path']) + deployer.directory.create( + deployer.master_dict['pki_tomcat_webapps_subsystem_webinf_lib_path']) # establish Tomcat webapps subsystem WEB-INF lib symbolic links - util.symlink.create(master['pki_certsrv_jar'], - master['pki_certsrv_jar_link']) - util.symlink.create(master['pki_cmsbundle'], - master['pki_cmsbundle_jar_link']) - util.symlink.create(master['pki_cmscore'], - master['pki_cmscore_jar_link']) - util.symlink.create(master['pki_cms'], - master['pki_cms_jar_link']) - util.symlink.create(master['pki_cmsutil'], - master['pki_cmsutil_jar_link']) - util.symlink.create(master['pki_nsutil'], - master['pki_nsutil_jar_link']) - if master['pki_subsystem'] == "CA": - util.symlink.create(master['pki_ca_jar'], - master['pki_ca_jar_link']) - elif master['pki_subsystem'] == "KRA": - util.symlink.create(master['pki_kra_jar'], - master['pki_kra_jar_link']) - elif master['pki_subsystem'] == "OCSP": - util.symlink.create(master['pki_ocsp_jar'], - master['pki_ocsp_jar_link']) - elif master['pki_subsystem'] == "TKS": - util.symlink.create(master['pki_tks_jar'], - master['pki_tks_jar_link']) - elif master['pki_subsystem'] == "TPS": - util.symlink.create(master['pki_tps_jar'], - master['pki_tps_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_certsrv_jar'], + deployer.master_dict['pki_certsrv_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_cmsbundle'], + deployer.master_dict['pki_cmsbundle_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_cmscore'], + deployer.master_dict['pki_cmscore_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_cms'], + deployer.master_dict['pki_cms_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_cmsutil'], + deployer.master_dict['pki_cmsutil_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_nsutil'], + deployer.master_dict['pki_nsutil_jar_link']) + if deployer.master_dict['pki_subsystem'] == "CA": + deployer.symlink.create(deployer.master_dict['pki_ca_jar'], + deployer.master_dict['pki_ca_jar_link']) + elif deployer.master_dict['pki_subsystem'] == "KRA": + deployer.symlink.create(deployer.master_dict['pki_kra_jar'], + deployer.master_dict['pki_kra_jar_link']) + elif deployer.master_dict['pki_subsystem'] == "OCSP": + deployer.symlink.create(deployer.master_dict['pki_ocsp_jar'], + deployer.master_dict['pki_ocsp_jar_link']) + elif deployer.master_dict['pki_subsystem'] == "TKS": + deployer.symlink.create(deployer.master_dict['pki_tks_jar'], + deployer.master_dict['pki_tks_jar_link']) + elif deployer.master_dict['pki_subsystem'] == "TPS": + deployer.symlink.create(deployer.master_dict['pki_tps_jar'], + deployer.master_dict['pki_tps_jar_link']) # set ownerships, permissions, and acls - util.directory.set_mode(master['pki_tomcat_webapps_subsystem_path']) + deployer.directory.set_mode(deployer.master_dict['pki_tomcat_webapps_subsystem_path']) return self.rv - def destroy(self): - if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + def destroy(self, deployer): + if deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: config.pki_log.info(log.WEBAPP_DEPLOYMENT_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - util.directory.delete(master['pki_tomcat_webapps_subsystem_path']) + deployer.directory.delete(deployer.master_dict['pki_tomcat_webapps_subsystem_path']) return self.rv |