diff options
| author | Ade Lee <alee@redhat.com> | 2012-12-12 23:23:18 -0500 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2012-12-18 21:37:45 -0500 |
| commit | 5ad8e0be1232bd30d3149eaa3ba70a5447e4cbb1 (patch) | |
| tree | e84db21a7d7d121b148ea6c4b15255273b6575a5 /base | |
| parent | b108353235bd40bf8f36004e6caee6be42578b15 (diff) | |
| download | pki-5ad8e0be1232bd30d3149eaa3ba70a5447e4cbb1.tar.gz pki-5ad8e0be1232bd30d3149eaa3ba70a5447e4cbb1.tar.xz pki-5ad8e0be1232bd30d3149eaa3ba70a5447e4cbb1.zip | |
interpolation for paths part 1
Diffstat (limited to 'base')
| -rw-r--r-- | base/deploy/etc/default.cfg | 74 | ||||
| -rw-r--r-- | base/deploy/src/scriptlets/pkiparser.py | 138 |
2 files changed, 73 insertions, 139 deletions
diff --git a/base/deploy/etc/default.cfg b/base/deploy/etc/default.cfg index f665bb829..56686c080 100644 --- a/base/deploy/etc/default.cfg +++ b/base/deploy/etc/default.cfg @@ -57,12 +57,12 @@ destroy_scriplets= # case someone wants to override them in their config file. # # Tomcat instances: -# pki_subsystem_name=pki_tomcat +# pki_instance_name=pki_tomcat # pki_https_port=8443 # pki_http_port=8080 # # Apache instances: -# pki_subsystem_name=pki_tomcat +# pki_instance_name=pki_tomcat # pki_https_port=443 # pki_http_port=80 @@ -113,6 +113,16 @@ pki_token_name=internal pki_token_password= pki_user=pkiuser +# Paths: +# These are used in the processing of pkispawn and are not supposed +# to be overwritten by user configuration files. +# +pki_source_conf_path=/usr/share/pki/%{pki_subsystem_type}/conf +pki_source_setup_path=/usr/share/pki/setup +pki_source_server_path=/usr/share/pki/server/conf +pki_source_cs_cfg=/usr/share/pki/%{pki_subsystem_type}/conf/CS.cfg +pki_source_registry=/usr/share/pki/setup/pkidaemon_registry + ############################################################################### ## Apache Configuration: ## ## ## @@ -122,6 +132,19 @@ pki_user=pkiuser ############################################################################### [Apache] +# Paths +# These are used in the processing of pkispawn and are not supposed +# to be overwritten by user configuration files. +# +pki_systemd_service=/lib/systemd/system/pki-apached@.service +pki_systemd_target=/lib/systemd/system/pki-apached.target +pki_systemd_target_wants=/etc/systemd/system/pki-apached.target.wants +pki_systemd_service_link=%(pki_systemd_target_wants)s/pki-apached@%(pki_instance_name)s.service +pki_cgroup_systemd_service_path=/sys/fs/cgroup/systemd/system/%(pki_systemd_service)s +pki_cgroup_systemd_service=%(pki_cgroup_systemd_service_path)s/%(pki_instance_name)s +pki_cgroup_cpu_systemd_service_path=/sys/fs/cgroup/cpu\,cpuacct/system/%(pki_systemd_service)s +pki_cgroup_cpu_systemd_service=%(pki_cgroup_cpu_systemd_service_path)s/%(pki_systemd_service)s + ############################################################################### ## Tomcat Configuration: ## ## ## @@ -154,6 +177,28 @@ pki_proxy_https_port=443 pki_security_manager=true pki_tomcat_server_port=8005 +# Paths +# These are used in the processing of pkispawn and are not supposed +# to be overwritten by user configuration files. +# +pki_systemd_service=/lib/systemd/system/pki-tomcatd@.service +pki_systemd_target=/lib/systemd/system/pki-tomcatd.target +pki_systemd_target_wants=/etc/systemd/system/pki-tomcatd.target.wants +pki_systemd_service_link=%(pki_systemd_target_wants)s/pki-tomcatd@%(pki_instance_name)s.service +pki_cgroup_systemd_service_path=/sys/fs/cgroup/systemd/system/%(pki_systemd_service)s +pki_cgroup_systemd_service=%(pki_cgroup_systemd_service_path)s/%(pki_instance_name)s +pki_cgroup_cpu_systemd_service_path=/sys/fs/cgroup/cpu\,cpuacct/system/%(pki_systemd_service)s +pki_cgroup_cpu_systemd_service=%(pki_cgroup_cpu_systemd_service_path)s/%(pki_systemd_service)s +pki_tomcat_bin_path=/usr/share/tomcat/bin +pki_tomcat_lib_path=/usr/share/tomcat/lib +pki_tomcat_systemd=/usr/sbin/tomcat-sysd +pki_source_catalina_properties=%(pki_source_server_path)s/catalina.properties +pki_source_servercertnick_conf=%(pki_source_server_path)s/serverCertNick.conf +pki_source_server_xml=%(pki_source_server_path)s/server.xml +pki_source_context_xml=%(pki_source_server_path)s/context.xml +pki_source_tomcat_conf=%(pki_source_server_path)s/tomcat.conf + + ############################################################################### ## CA Configuration: ## ## ## @@ -206,6 +251,22 @@ pki_subsystem_name=CA %(pki_hostname)s %(pki_https_port)s pki_subsystem_nickname=subsystemCert cert-%(pki_instance_name)s CA pki_subsystem_subject_dn=cn=CA Subsystem Certificate,o=%(pki_security_domain_name)s +# Paths +# These are used in the processing of pkispawn and are not supposed +# to be overwritten by user configuration files. +# +pki_source_emails=/usr/share/pki/ca/emails +pki_source_flatfile_txt=%(pki_source_conf_path)s/flatfile.txt +pki_source_profiles=/usr/share/pki/ca/profiles +pki_source_proxy_conf=%(pki_source_conf_path)s/proxy.conf +pki_source_registry_cfg=%(pki_source_conf_path)s/registry.cfg +pki_source_admincert_profile=%(pki_source_conf_path)s/adminCert.profile +pki_source_caauditsigningcert_profile=%(pki_source_conf_path)s/caAuditSigningCert.profile +pki_source_cacert_profile=%(pki_source_conf_path)s/caCert.profile +pki_source_caocspcert_profile=%(pki_source_conf_path)s/caOCSPCert.profile +pki_source_servercert_profile=%(pki_source_conf_path)s/serverCert.profile +pki_source_subsystemcert_profile=%(pki_source_conf_path)s/subsystemCert.profile + ############################################################################### ## KRA Configuration: ## @@ -244,6 +305,15 @@ pki_subsystem_name=KRA %(pki_hostname)s %(pki_https_port)s pki_subsystem_nickname=subsystemCert cert-%(pki_instance_name)s KRA pki_subsystem_subject_dn=cn=KRA Subsystem Certificate,o=%(pki_security_domain_name)s +# Paths +# These are used in the processing of pkispawn and are not supposed +# to be overwritten by user configuration files. +# +pki_source_servercert_profile=%(pki_source_conf_path)s/serverCert.profile +pki_source_storagecert_profile=%(pki_source_conf_path)s/storageCert.profile +pki_source_subsystemcert_profile=%(pki_source_conf_path)s/subsystemCert.profile +pki_source_transportcert_profile=%(pki_source_conf_path)s/transportCert.profile + ############################################################################### ## OCSP Configuration: ## ## ## diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py index c0f5a432f..a971fcbf6 100644 --- a/base/deploy/src/scriptlets/pkiparser.py +++ b/base/deploy/src/scriptlets/pkiparser.py @@ -198,6 +198,7 @@ class PKIConfigParser: 'pki_https_port': default_https_port, 'pki_dns_domainname': config.pki_dns_domainname, 'pki_subsystem' : config.pki_subsystem, + 'pki_subsystem_type': config.pki_subsystem.lower(), 'pki_hostname': config.pki_hostname} self.pki_config = ConfigParser.SafeConfigParser(predefined_dict) @@ -327,143 +328,6 @@ class PKIConfigParser: # (e. g. Apache: "pki-apache", "pki-apache.example.com") # - # PKI Source name/value pairs - config.pki_master_dict['pki_source_conf_path'] =\ - os.path.join(config.PKI_DEPLOYMENT_SOURCE_ROOT, - config.pki_master_dict['pki_subsystem'].lower(), - "conf") - config.pki_master_dict['pki_source_setup_path'] =\ - os.path.join(config.PKI_DEPLOYMENT_SOURCE_ROOT, - "setup") - config.pki_master_dict['pki_source_server_path'] =\ - os.path.join(config.PKI_DEPLOYMENT_SOURCE_ROOT, - "server", - "conf") - config.pki_master_dict['pki_source_cs_cfg'] =\ - os.path.join(config.pki_master_dict['pki_source_conf_path'], - "CS.cfg") - config.pki_master_dict['pki_source_registry'] =\ - os.path.join(config.pki_master_dict['pki_source_setup_path'], - "pkidaemon_registry") - if config.pki_master_dict['pki_subsystem'] in\ - config.PKI_APACHE_SUBSYSTEMS: - config.pki_master_dict['pki_systemd_service'] =\ - config.PKI_DEPLOYMENT_SYSTEMD_ROOT + "/" +\ - "pki-apached" + "@" + ".service" - config.pki_master_dict['pki_systemd_target'] =\ - config.PKI_DEPLOYMENT_SYSTEMD_ROOT + "/" +\ - "pki-apached.target" - config.pki_master_dict['pki_systemd_target_wants'] =\ - config.PKI_DEPLOYMENT_SYSTEMD_CONFIGURATION_ROOT + "/" +\ - "pki-apached.target.wants" - config.pki_master_dict['pki_systemd_service_link'] =\ - config.pki_master_dict['pki_systemd_target_wants'] + "/" +\ - "pki-apached" + "@" +\ - config.pki_master_dict['pki_instance_name'] + ".service" - elif config.pki_master_dict['pki_subsystem'] in\ - config.PKI_TOMCAT_SUBSYSTEMS: - config.pki_master_dict['pki_systemd_service'] =\ - config.PKI_DEPLOYMENT_SYSTEMD_ROOT + "/" +\ - "pki-tomcatd" + "@" + ".service" - config.pki_master_dict['pki_systemd_target'] =\ - config.PKI_DEPLOYMENT_SYSTEMD_ROOT + "/" +\ - "pki-tomcatd.target" - config.pki_master_dict['pki_systemd_target_wants'] =\ - config.PKI_DEPLOYMENT_SYSTEMD_CONFIGURATION_ROOT + "/" +\ - "pki-tomcatd.target.wants" - config.pki_master_dict['pki_systemd_service_link'] =\ - config.pki_master_dict['pki_systemd_target_wants'] + "/" +\ - "pki-tomcatd" + "@" +\ - config.pki_master_dict['pki_instance_name'] + ".service" - config.pki_master_dict['pki_tomcat_bin_path'] =\ - os.path.join(config.PKI_DEPLOYMENT_TOMCAT_ROOT, - "bin") - config.pki_master_dict['pki_tomcat_lib_path'] =\ - os.path.join(config.PKI_DEPLOYMENT_TOMCAT_ROOT, - "lib") - config.pki_master_dict['pki_tomcat_systemd'] =\ - config.PKI_DEPLOYMENT_TOMCAT_SYSTEMD - config.pki_master_dict['pki_source_catalina_properties'] =\ - os.path.join(config.pki_master_dict['pki_source_server_path'], - "catalina.properties") - config.pki_master_dict['pki_source_servercertnick_conf'] =\ - os.path.join(config.pki_master_dict['pki_source_server_path'], - "serverCertNick.conf") - config.pki_master_dict['pki_source_server_xml'] =\ - os.path.join(config.pki_master_dict['pki_source_server_path'], - "server.xml") - config.pki_master_dict['pki_source_context_xml'] =\ - os.path.join(config.pki_master_dict['pki_source_server_path'], - "context.xml") - config.pki_master_dict['pki_source_tomcat_conf'] =\ - os.path.join(config.pki_master_dict['pki_source_server_path'], - "tomcat.conf") - if config.pki_master_dict['pki_subsystem'] == "CA": - config.pki_master_dict['pki_source_emails'] =\ - os.path.join(config.PKI_DEPLOYMENT_SOURCE_ROOT, - "ca", - "emails") - config.pki_master_dict['pki_source_flatfile_txt'] =\ - os.path.join(config.pki_master_dict['pki_source_conf_path'], - "flatfile.txt") - config.pki_master_dict['pki_source_profiles'] =\ - os.path.join(config.PKI_DEPLOYMENT_SOURCE_ROOT, - "ca", - "profiles") - config.pki_master_dict['pki_source_proxy_conf'] =\ - os.path.join(config.pki_master_dict['pki_source_conf_path'], - "proxy.conf") - config.pki_master_dict['pki_source_registry_cfg'] =\ - os.path.join(config.pki_master_dict['pki_source_conf_path'], - "registry.cfg") - # '*.profile' - config.pki_master_dict['pki_source_admincert_profile'] =\ - os.path.join(config.pki_master_dict['pki_source_conf_path'], - "adminCert.profile") - config.pki_master_dict['pki_source_caauditsigningcert_profile']\ - = os.path.join( - config.pki_master_dict['pki_source_conf_path'], - "caAuditSigningCert.profile") - config.pki_master_dict['pki_source_cacert_profile'] =\ - os.path.join(config.pki_master_dict['pki_source_conf_path'], - "caCert.profile") - config.pki_master_dict['pki_source_caocspcert_profile'] =\ - os.path.join(config.pki_master_dict['pki_source_conf_path'], - "caOCSPCert.profile") - config.pki_master_dict['pki_source_servercert_profile'] =\ - os.path.join(config.pki_master_dict['pki_source_conf_path'], - "serverCert.profile") - config.pki_master_dict['pki_source_subsystemcert_profile'] =\ - os.path.join(config.pki_master_dict['pki_source_conf_path'], - "subsystemCert.profile") - elif config.pki_master_dict['pki_subsystem'] == "KRA": - # '*.profile' - config.pki_master_dict['pki_source_servercert_profile'] =\ - os.path.join(config.pki_master_dict['pki_source_conf_path'], - "serverCert.profile") - config.pki_master_dict['pki_source_storagecert_profile'] =\ - os.path.join(config.pki_master_dict['pki_source_conf_path'], - "storageCert.profile") - config.pki_master_dict['pki_source_subsystemcert_profile'] =\ - os.path.join(config.pki_master_dict['pki_source_conf_path'], - "subsystemCert.profile") - config.pki_master_dict['pki_source_transportcert_profile'] =\ - os.path.join(config.pki_master_dict['pki_source_conf_path'], - "transportCert.profile") - config.pki_master_dict['pki_cgroup_systemd_service_path'] =\ - os.path.join("/sys/fs/cgroup/systemd/system", - config.pki_master_dict['pki_systemd_service']) - config.pki_master_dict['pki_cgroup_systemd_service'] =\ - os.path.join( - config.pki_master_dict['pki_cgroup_systemd_service_path'], - config.pki_master_dict['pki_instance_name']) - config.pki_master_dict['pki_cgroup_cpu_systemd_service_path'] =\ - os.path.join("/sys/fs/cgroup/cpu\,cpuacct/system", - config.pki_master_dict['pki_systemd_service']) - config.pki_master_dict['pki_cgroup_cpu_systemd_service'] =\ - os.path.join( - config.pki_master_dict['pki_cgroup_cpu_systemd_service_path'], - config.pki_master_dict['pki_instance_name']) # PKI top-level file system layout name/value pairs # NOTE: Never use 'os.path.join()' whenever 'pki_root_prefix' # is being prepended!!! |