diff options
author | Matthew Harmsen <mharmsen@redhat.com> | 2014-07-24 11:16:56 -0700 |
---|---|---|
committer | Matthew Harmsen <mharmsen@redhat.com> | 2014-08-04 14:15:36 -0700 |
commit | 3cbd3f4fd71bace3e1b5020defba07a3311d082a (patch) | |
tree | ad1896e2122382b20e1940480a061fa44d58d86f /base/server | |
parent | 7227047530a5a809299bf3198f6886776af1742e (diff) | |
download | pki-3cbd3f4fd71bace3e1b5020defba07a3311d082a.tar.gz pki-3cbd3f4fd71bace3e1b5020defba07a3311d082a.tar.xz pki-3cbd3f4fd71bace3e1b5020defba07a3311d082a.zip |
Fix independent pkispawn installation and configuration
* PKI TRAC Ticket #905 - 2 Step Configuration of CA instance using
pkispawn fails
Diffstat (limited to 'base/server')
4 files changed, 22 insertions, 21 deletions
diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index dd10b8d77..584181172 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -3920,7 +3920,10 @@ class ConfigClient: data.cloneUri = self.mdict['pki_clone_uri'] data.p12File = self.mdict['pki_clone_pkcs12_path'] data.p12Password = self.mdict['pki_clone_pkcs12_password'] - data.replicateSchema = self.mdict['pki_clone_replicate_schema'] + if config.str2bool(self.mdict['pki_clone_replicate_schema']): + data.replicateSchema = "true" + else: + data.replicateSchema = "false" data.replicationSecurity = \ self.mdict['pki_clone_replication_security'] if self.mdict['pki_clone_replication_master_port']: @@ -3963,7 +3966,10 @@ class ConfigClient: data.bindDN = self.mdict['pki_ds_bind_dn'] data.database = self.mdict['pki_ds_database'] data.bindpwd = self.mdict['pki_ds_password'] - data.createNewDB = self.mdict['pki_ds_create_new_db'] + if config.str2bool(self.mdict['pki_ds_create_new_db']): + data.createNewDB = "true" + else: + data.createNewDB = "false" if config.str2bool(self.mdict['pki_ds_remove_data']): data.removeData = "true" else: diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py index a0e315d0e..1d201cee9 100644 --- a/base/server/python/pki/server/deployment/pkiparser.py +++ b/base/server/python/pki/server/deployment/pkiparser.py @@ -594,10 +594,16 @@ class PKIConfigParser: self.mdict['pki_target_registry'] = \ os.path.join(self.mdict['pki_instance_registry_path'], self.mdict['pki_instance_name']) - if config.str2bool(self.mdict['pki_external_step_two']): + if config.str2bool(self.mdict['pki_external_step_two']) or\ + config.str2bool(self.mdict['pki_skip_installation']): # For CA (External CA Step 2) and Stand-alone PKI (Step 2), # use the 'pki_one_time_pin' established during the setup # of (Step 1) + # + # Similarly, if the only code being processed is for + # configuration, re-use the 'pki_one_time_pin' generated + # during the installation phase + # if os.path.exists(self.mdict['pki_target_cs_cfg'])\ and\ os.path.isfile(self.mdict['pki_target_cs_cfg']): diff --git a/base/server/python/pki/server/deployment/scriptlets/finalization.py b/base/server/python/pki/server/deployment/scriptlets/finalization.py index 4d4b59c64..d3756b7ae 100644 --- a/base/server/python/pki/server/deployment/scriptlets/finalization.py +++ b/base/server/python/pki/server/deployment/scriptlets/finalization.py @@ -32,18 +32,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def spawn(self, deployer): - if (deployer.mdict['pki_subsystem'] == "CA" or - config.str2bool(deployer.mdict['pki_standalone'])) and\ - config.str2bool(deployer.mdict['pki_external_step_two']): - # For External CAs (Step 2), or Stand-alone PKIs (Step 2), - # must check for (Step 2) installation PRIOR to - # 'pki_skip_installation' since this value has been set to true - # by the initialization scriptlet - pass - elif config.str2bool(deployer.mdict['pki_skip_installation']): - config.pki_log.info(log.SKIP_FINALIZATION_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - return self.rv + # ALWAYS finalize execution of scriptlets config.pki_log.info(log.FINALIZATION_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) # For debugging/auditing purposes, save a timestamped copy of diff --git a/base/server/python/pki/server/deployment/scriptlets/initialization.py b/base/server/python/pki/server/deployment/scriptlets/initialization.py index a0f1e313a..a555a8938 100644 --- a/base/server/python/pki/server/deployment/scriptlets/initialization.py +++ b/base/server/python/pki/server/deployment/scriptlets/initialization.py @@ -36,6 +36,12 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): deployer.mdict['pki_subsystem'], deployer.mdict['pki_instance_name'], extra=config.PKI_INDENTATION_LEVEL_0) + # ALWAYS initialize 'uid' and 'gid' + deployer.identity.add_uid_and_gid(deployer.mdict['pki_user'], + deployer.mdict['pki_group']) + # ALWAYS establish 'uid' and 'gid' + deployer.identity.set_uid(deployer.mdict['pki_user']) + deployer.identity.set_gid(deployer.mdict['pki_group']) if config.str2bool(deployer.mdict['pki_skip_installation']): config.pki_log.info(log.SKIP_INITIALIZATION_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) @@ -56,12 +62,6 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): deployer.instance.verify_subsystem_does_not_exist() # detect and avoid any namespace collisions deployer.namespace.collision_detection() - # initialize 'uid' and 'gid' - deployer.identity.add_uid_and_gid(deployer.mdict['pki_user'], - deployer.mdict['pki_group']) - # establish 'uid' and 'gid' - deployer.identity.set_uid(deployer.mdict['pki_user']) - deployer.identity.set_gid(deployer.mdict['pki_group']) # verify existence of SENSITIVE configuration file data deployer.configuration_file.verify_sensitive_data() # verify existence of MUTUALLY EXCLUSIVE configuration file data |