summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--base/deploy/CMakeLists.txt7
-rw-r--r--base/deploy/etc/default.cfg (renamed from base/deploy/config/deployment.cfg)0
-rwxr-xr-xbase/deploy/src/pkidestroy52
-rwxr-xr-xbase/deploy/src/pkispawn29
-rw-r--r--base/deploy/src/scriptlets/finalization.py6
-rw-r--r--base/deploy/src/scriptlets/infrastructure_layout.py6
-rw-r--r--base/deploy/src/scriptlets/pkiconfig.py13
-rw-r--r--base/deploy/src/scriptlets/pkihelper.py52
-rw-r--r--base/deploy/src/scriptlets/pkiparser.py173
-rw-r--r--specs/pki-core.spec6
10 files changed, 206 insertions, 138 deletions
diff --git a/base/deploy/CMakeLists.txt b/base/deploy/CMakeLists.txt
index 3848bd499..d63176f1a 100644
--- a/base/deploy/CMakeLists.txt
+++ b/base/deploy/CMakeLists.txt
@@ -62,6 +62,13 @@ install(
${DATA_INSTALL_DIR}/deployment
)
+install(
+ DIRECTORY
+ etc/
+ DESTINATION
+ ${SYSCONF_INSTALL_DIR}/pki
+)
+
find_package(PythonInterp REQUIRED)
execute_process(
COMMAND
diff --git a/base/deploy/config/deployment.cfg b/base/deploy/etc/default.cfg
index abd0fb441..abd0fb441 100644
--- a/base/deploy/config/deployment.cfg
+++ b/base/deploy/etc/default.cfg
diff --git a/base/deploy/src/pkidestroy b/base/deploy/src/pkidestroy
index 9e0a37396..7d30d743a 100755
--- a/base/deploy/src/pkidestroy
+++ b/base/deploy/src/pkidestroy
@@ -52,6 +52,8 @@ error was:
def main(argv):
"main entry point"
+ config.pki_deployment_executable = os.path.basename(argv[0])
+
# Only run this program as "root".
if not os.geteuid() == 0:
sys.exit("'%s' must be run as root!" % argv[0])
@@ -88,8 +90,54 @@ def main(argv):
sys.exit(1)
# Read and process command-line arguments.
- parser = PKIConfigParser()
- parser.process_command_line_arguments(argv)
+ parser = PKIConfigParser(
+ 'PKI Instance Removal',
+ log.PKIDESTROY_EPILOG)
+
+ parser.mandatory.add_argument('-i',
+ dest='pki_deployed_instance_name',
+ action='store',
+ nargs=1, required=True, metavar='<instance>',
+ help='FORMAT: ${pki_instance_name}')
+
+ args = parser.process_command_line_arguments(argv)
+
+ # -i <instance name>
+ config.pki_deployed_instance_name =\
+ str(args.pki_deployed_instance_name).strip('[\']')
+
+ # verify that previously deployed instance exists
+ deployed_pki_instance_path = config.pki_root_prefix +\
+ config.PKI_DEPLOYMENT_BASE_ROOT + "/" +\
+ config.pki_deployed_instance_name
+ if not os.path.exists(deployed_pki_instance_path):
+ print "ERROR: " + log.PKI_INSTANCE_DOES_NOT_EXIST_1 %\
+ deployed_pki_instance_path
+ print
+ parser.arg_parser.exit(-1);
+
+ # verify that previously deployed subsystem for this instance exists
+ deployed_pki_subsystem_path = deployed_pki_instance_path + "/" +\
+ config.pki_subsystem.lower()
+ if not os.path.exists(deployed_pki_subsystem_path):
+ print "ERROR: " + log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2 %\
+ (config.pki_subsystem, deployed_pki_instance_path)
+ print
+ parser.arg_parser.exit(-1);
+
+ # establish complete path to previously deployed configuration file
+ config.default_deployment_cfg =\
+ deployed_pki_subsystem_path + "/" +\
+ "registry" + "/" +\
+ config.pki_subsystem.lower() + "/" +\
+ config.DEFAULT_DEPLOYMENT_CONFIGURATION
+ config.user_deployment_cfg =\
+ deployed_pki_subsystem_path + "/" +\
+ "registry" + "/" +\
+ config.pki_subsystem.lower() + "/" +\
+ config.USER_DEPLOYMENT_CONFIGURATION
+
+ parser.validate()
# Enable 'pkidestroy' logging.
config.pki_log_dir = config.pki_root_prefix +\
diff --git a/base/deploy/src/pkispawn b/base/deploy/src/pkispawn
index 21da9aef7..f64d79575 100755
--- a/base/deploy/src/pkispawn
+++ b/base/deploy/src/pkispawn
@@ -52,6 +52,8 @@ error was:
def main(argv):
"main entry point"
+ config.pki_deployment_executable = os.path.basename(argv[0])
+
# Only run this program as "root".
if not os.geteuid() == 0:
sys.exit("'%s' must be run as root!" % argv[0])
@@ -88,8 +90,31 @@ def main(argv):
sys.exit(1)
# Read and process command-line arguments.
- parser = PKIConfigParser()
- parser.process_command_line_arguments(argv)
+ parser = PKIConfigParser(
+ 'PKI Instance Installation and Configuration',
+ log.PKISPAWN_EPILOG)
+
+ parser.mandatory.add_argument('-f',
+ dest='user_deployment_cfg', action='store',
+ nargs=1, required=True, metavar='<file>',
+ help='configuration filename '
+ '(MUST specify complete path)')
+
+ parser.optional.add_argument('-u',
+ dest='pki_update_flag', action='store_true',
+ help='update instance of specified subsystem')
+
+ args = parser.process_command_line_arguments(argv)
+
+ config.default_deployment_cfg = config.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE
+
+ # -f <user deployment config>
+ config.user_deployment_cfg = str(args.user_deployment_cfg).strip('[\']')
+
+ # -u
+ config.pki_update_flag = args.pki_update_flag
+
+ parser.validate()
if not os.path.exists(config.PKI_DEPLOYMENT_SOURCE_ROOT +\
"/" + config.pki_subsystem.lower()):
diff --git a/base/deploy/src/scriptlets/finalization.py b/base/deploy/src/scriptlets/finalization.py
index 55a007bca..ec8fa6eff 100644
--- a/base/deploy/src/scriptlets/finalization.py
+++ b/base/deploy/src/scriptlets/finalization.py
@@ -41,8 +41,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
extra=config.PKI_INDENTATION_LEVEL_1)
# For debugging/auditing purposes, save a timestamped copy of
# this configuration file in the subsystem archive
- util.file.copy(master['pki_deployment_cfg_replica'],
- master['pki_deployment_cfg_spawn_archive'])
+ util.file.copy(master['pki_default_deployment_cfg_replica'],
+ master['pki_default_deployment_cfg_spawn_archive'])
+ util.file.copy(master['pki_user_deployment_cfg_replica'],
+ master['pki_user_deployment_cfg_spawn_archive'])
# Save a copy of the installation manifest file
config.pki_log.info(log.PKI_MANIFEST_MESSAGE_1, master['pki_manifest'],
extra=config.PKI_INDENTATION_LEVEL_2)
diff --git a/base/deploy/src/scriptlets/infrastructure_layout.py b/base/deploy/src/scriptlets/infrastructure_layout.py
index 8eed598cd..947fbcdfe 100644
--- a/base/deploy/src/scriptlets/infrastructure_layout.py
+++ b/base/deploy/src/scriptlets/infrastructure_layout.py
@@ -56,8 +56,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
util.directory.create(master['pki_instance_type_registry_path'])
util.directory.create(master['pki_instance_registry_path'])
util.directory.create(master['pki_subsystem_registry_path'])
- util.file.copy(master['pki_deployment_cfg'],
- master['pki_deployment_cfg_replica'])
+ util.file.copy(master['pki_default_deployment_cfg'],
+ master['pki_default_deployment_cfg_replica'])
+ util.file.copy(master['pki_user_deployment_cfg'],
+ master['pki_user_deployment_cfg_replica'])
# establish top-level infrastructure, instance, and subsystem
# base directories and create the "registry" symbolic link that
# the "pkidestroy" executable relies upon
diff --git a/base/deploy/src/scriptlets/pkiconfig.py b/base/deploy/src/scriptlets/pkiconfig.py
index ec6c5ea38..4bbf92e91 100644
--- a/base/deploy/src/scriptlets/pkiconfig.py
+++ b/base/deploy/src/scriptlets/pkiconfig.py
@@ -100,13 +100,13 @@ PKI_DEPLOYMENT_DEFAULT_TOMCAT_SERVICE_NAME = "tomcat"
PKI_DEPLOYMENT_DEFAULT_APACHE_INSTANCE_NAME = "pki-apache"
PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME = "pki-tomcat"
-PKI_DEPLOYMENT_CONFIGURATION_DIR =\
- "/usr/share/pki/deployment/config"
-PKI_DEPLOYMENT_CONFIGURATION_FILE = "deployment.cfg"
+DEFAULT_DEPLOYMENT_CONFIGURATION = "default.cfg"
+USER_DEPLOYMENT_CONFIGURATION = "deployment.cfg"
+
PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE =\
- PKI_DEPLOYMENT_CONFIGURATION_DIR + "/" + PKI_DEPLOYMENT_CONFIGURATION_FILE
+ PKI_DEPLOYMENT_CONFIGURATION_ROOT + "/" + DEFAULT_DEPLOYMENT_CONFIGURATION
PKI_DEPLOYMENT_SLOTS_CONFIGURATION_FILE =\
- PKI_DEPLOYMENT_CONFIGURATION_DIR + "/pkislots.cfg"
+ PKI_DEPLOYMENT_SOURCE_ROOT + "/deployment/config/pkislots.cfg"
# subtypes of PKI subsystems
PKI_DEPLOYMENT_CLONED_PKI_SUBSYSTEM = "Cloned"
@@ -140,7 +140,8 @@ pki_deployment_executable = None
# PKI Deployment "Mandatory" Command-Line Variables
pki_subsystem = None
# 'pkispawn' ONLY
-pkideployment_cfg = None
+default_deployment_cfg = None
+user_deployment_cfg = None
# 'pkidestroy' ONLY
pki_deployed_instance_name = None
diff --git a/base/deploy/src/scriptlets/pkihelper.py b/base/deploy/src/scriptlets/pkihelper.py
index 8be6c5c5d..2d7b75938 100644
--- a/base/deploy/src/scriptlets/pkihelper.py
+++ b/base/deploy/src/scriptlets/pkihelper.py
@@ -442,7 +442,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_ds_password",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# Verify existence of Admin Password (except for Clones)
@@ -452,7 +452,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_admin_password",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# If required, verify existence of Backup Password
@@ -462,7 +462,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_backup_password",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# Verify existence of Client Pin for NSS client security databases
@@ -471,7 +471,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CLIENT_DATABASE_PASSWORD_2,
"pki_client_database_password",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# Verify existence of Client PKCS #12 Password for Admin Cert
@@ -480,7 +480,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_client_pkcs12_password",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# Verify existence of PKCS #12 Password (ONLY for Clones)
@@ -490,7 +490,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_clone_pkcs12_password",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# Verify existence of Security Domain Password File
@@ -503,7 +503,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_security_domain_password",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# If required, verify existence of Token Password
@@ -513,7 +513,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_token_password",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
return
@@ -527,28 +527,28 @@ class configuration_file:
config.str2bool(master['pki_subordinate']):
config.pki_log.error(
log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_SUB_CA,
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
elif config.str2bool(master['pki_clone']) and\
config.str2bool(master['pki_external']):
config.pki_log.error(
log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_CA,
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
elif config.str2bool(master['pki_clone']) and\
config.str2bool(master['pki_subordinate']):
config.pki_log.error(
log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_SUB_CA,
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
elif config.str2bool(master['pki_external']) and\
config.str2bool(master['pki_subordinate']):
config.pki_log.error(
log.PKIHELPER_MUTUALLY_EXCLUSIVE_EXTERNAL_SUB_CA,
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
@@ -571,7 +571,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_ds_base_dn",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if not master.has_key('pki_ds_ldap_port') or\
@@ -582,7 +582,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_ds_ldap_port",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if not master.has_key('pki_ds_ldaps_port') or\
@@ -593,7 +593,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_ds_ldaps_port",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# NOTE: Although this will be checked prior to getting to
@@ -609,7 +609,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_ajp_port",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if not master.has_key('pki_http_port') or\
@@ -620,7 +620,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_http_port",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if not master.has_key('pki_https_port') or\
@@ -631,7 +631,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_https_port",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if not master.has_key('pki_tomcat_server_port') or\
@@ -642,7 +642,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_tomcat_server_port",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if not master.has_key('pki_clone_pkcs12_path') or\
@@ -650,7 +650,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_clone_pkcs12_path",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
elif not os.path.isfile(master['pki_clone_pkcs12_path']):
@@ -664,7 +664,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_clone_replication_security",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if not master.has_key('pki_clone_uri') or\
@@ -672,7 +672,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_clone_uri",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
elif master['pki_subsystem'] == "CA" and\
@@ -682,7 +682,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_external_step_two",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if not config.str2bool(master['pki_step_two']):
@@ -691,7 +691,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_external_csr_path",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
elif not os.path.isfile(master['pki_external_csr_path']):
@@ -706,7 +706,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_external_ca_cert_chain_path",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
elif not os.path.isfile(
@@ -721,7 +721,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_external_ca_cert_path",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
elif not os.path.isfile(
diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py
index 6109e7486..80bdcb216 100644
--- a/base/deploy/src/scriptlets/pkiparser.py
+++ b/base/deploy/src/scriptlets/pkiparser.py
@@ -41,80 +41,52 @@ class PKIConfigParser:
COMMENT_CHAR = '#'
OPTION_CHAR = '='
- def __init__(self):
+ def __init__(self, description, epilog):
self.pki_config = None
- # PKI Deployment Helper Functions
- def process_command_line_arguments(self, argv):
"Read and process command-line options"
- config.pki_deployment_executable = os.path.basename(argv[0])
- description = None
- if config.pki_deployment_executable == 'pkispawn':
- description = 'PKI Instance Installation and Configuration'
- epilog = log.PKISPAWN_EPILOG
- elif config.pki_deployment_executable == 'pkidestroy':
- description = 'PKI Instance Removal'
- epilog = log.PKIDESTROY_EPILOG
- parser = argparse.ArgumentParser(
+ self.arg_parser = argparse.ArgumentParser(
description=description,
add_help=False,
formatter_class=argparse.RawDescriptionHelpFormatter,
epilog=epilog)
+
# Establish 'Mandatory' command-line options
- mandatory = parser.add_argument_group('mandatory arguments')
- mandatory.add_argument('-s',
+ self.mandatory = self.arg_parser.add_argument_group('mandatory arguments')
+ self.mandatory.add_argument('-s',
dest='pki_subsystem', action='store',
nargs=1, choices=config.PKI_SUBSYSTEMS,
required=True, metavar='<subsystem>',
help='where <subsystem> is '
'CA, KRA, OCSP, RA, TKS, or TPS')
- if config.pki_deployment_executable == 'pkispawn':
- mandatory.add_argument('-f',
- dest='pkideployment_cfg', action='store',
- nargs=1, required=True, metavar='<file>',
- help='configuration filename '
- '(MUST specify complete path)')
- elif config.pki_deployment_executable == 'pkidestroy':
- mandatory.add_argument('-i',
- dest='pki_deployed_instance_name',
- action='store',
- nargs=1, required=True, metavar='<instance>',
- help='FORMAT: ${pki_instance_name}')
# Establish 'Optional' command-line options
- optional = parser.add_argument_group('optional arguments')
- optional.add_argument('-h', '--help',
+ self.optional = self.arg_parser.add_argument_group('optional arguments')
+ self.optional.add_argument('-h', '--help',
dest='help', action='help',
help='show this help message and exit')
- if config.pki_deployment_executable == 'pkispawn':
- optional.add_argument('-u',
- dest='pki_update_flag', action='store_true',
- help='update instance of specified subsystem')
- optional.add_argument('-v',
+ self.optional.add_argument('-v',
dest='pki_verbosity', action='count',
help='display verbose information (details below)')
+
# Establish 'Test' command-line options
- test = parser.add_argument_group('test arguments')
+ test = self.arg_parser.add_argument_group('test arguments')
test.add_argument('-p',
dest='pki_root_prefix', action='store',
nargs=1, metavar='<prefix>',
help='directory prefix to specify local directory '
'[TEST ONLY]')
+
+ # PKI Deployment Helper Functions
+ def process_command_line_arguments(self, argv):
+
# Parse command-line options
- args = parser.parse_args()
+ args = self.arg_parser.parse_args()
+
# Process 'Mandatory' command-line options
# '-s'
config.pki_subsystem = str(args.pki_subsystem).strip('[\']')
- if config.pki_deployment_executable == 'pkispawn':
- # '-f'
- config.pkideployment_cfg = str(args.pkideployment_cfg).strip('[\']')
- elif config.pki_deployment_executable == 'pkidestroy':
- # '-i'
- config.pki_deployed_instance_name =\
- str(args.pki_deployed_instance_name).strip('[\']')
+
# Process 'Optional' command-line options
- if config.pki_deployment_executable == 'pkispawn':
- # '-u'
- config.pki_update_flag = args.pki_update_flag
# '-v'
if args.pki_verbosity == 1:
config.pki_jython_log_level = config.PKI_JYTHON_INFO_LOG_LEVEL
@@ -131,63 +103,56 @@ class PKIConfigParser:
elif args.pki_verbosity > 3:
print "ERROR: " + log.PKI_VERBOSITY_LEVELS_MESSAGE
print
- parser.print_help()
- parser.exit(-1);
+ self.arg_parser.print_help()
+ self.arg_parser.exit(-1);
else:
# Set default log levels
config.pki_jython_log_level = config.PKI_JYTHON_WARNING_LOG_LEVEL
config.pki_console_log_level = logging.WARNING
config.pki_log_level = logging.INFO
+
# Process 'Test' command-line options
# '-p'
- if not args.pki_root_prefix is None:
+ if args.pki_root_prefix is None:
+ config.pki_root_prefix = ""
+ else:
config.pki_root_prefix = str(args.pki_root_prefix).strip('[\']')
+
+ return args
+
+
+ def validate(self):
+
# Validate command-line options
- if config.pki_root_prefix is None or\
- len(config.pki_root_prefix) == 0:
- config.pki_root_prefix = ""
- elif not os.path.exists(config.pki_root_prefix) or\
- not os.path.isdir(config.pki_root_prefix):
+ if len(config.pki_root_prefix) > 0:
+ if not os.path.exists(config.pki_root_prefix) or\
+ not os.path.isdir(config.pki_root_prefix):
+ print "ERROR: " +\
+ log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 %\
+ config.pki_root_prefix
+ print
+ self.arg_parser.print_help()
+ self.arg_parser.exit(-1);
+
+ # always default that configuration file exists
+ if not os.path.exists(config.default_deployment_cfg) or\
+ not os.path.isfile(config.default_deployment_cfg):
print "ERROR: " +\
- log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 %\
- config.pki_root_prefix
+ log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 %\
+ config.default_deployment_cfg
print
- parser.print_help()
- parser.exit(-1);
- if config.pki_deployment_executable == 'pkidestroy':
- # verify that previously deployed instance exists
- deployed_pki_instance_path = config.pki_root_prefix +\
- config.PKI_DEPLOYMENT_BASE_ROOT + "/" +\
- config.pki_deployed_instance_name
- if not os.path.exists(deployed_pki_instance_path):
- print "ERROR: " + log.PKI_INSTANCE_DOES_NOT_EXIST_1 %\
- deployed_pki_instance_path
- print
- parser.exit(-1);
- # verify that previously deployed subsystem for this instance exists
- deployed_pki_subsystem_path = deployed_pki_instance_path + "/" +\
- config.pki_subsystem.lower()
- if not os.path.exists(deployed_pki_subsystem_path):
- print "ERROR: " + log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2 %\
- (config.pki_subsystem, deployed_pki_instance_path)
- print
- parser.exit(-1);
- # establish complete path to previously deployed configuration file
- config.pkideployment_cfg =\
- deployed_pki_subsystem_path + "/" +\
- "registry" + "/" +\
- config.pki_subsystem.lower() + "/" +\
- config.PKI_DEPLOYMENT_CONFIGURATION_FILE
- # always verify that configuration file exists
- if not os.path.exists(config.pkideployment_cfg) or\
- not os.path.isfile(config.pkideployment_cfg):
+ self.arg_parser.print_help()
+ self.arg_parser.exit(-1);
+
+ # verify user configuration file exists
+ if not os.path.exists(config.user_deployment_cfg) or\
+ not os.path.isfile(config.user_deployment_cfg):
print "ERROR: " +\
log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 %\
- config.pkideployment_cfg
+ config.user_deployment_cfg
print
- parser.print_help()
- parser.exit(-1);
- return
+ self.arg_parser.print_help()
+ self.arg_parser.exit(-1);
# The following code is based heavily upon
@@ -238,8 +203,8 @@ class PKIConfigParser:
# Make keys case-sensitive!
self.pki_config.optionxform = str
self.pki_config.read([
- config.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE,
- config.pkideployment_cfg])
+ config.default_deployment_cfg,
+ config.user_deployment_cfg])
config.pki_default_dict = dict(self.pki_config.items('DEFAULT'))
pkilogging.sensitive_parameters = config.pki_default_dict['sensitive_parameters'].split()
if config.pki_subsystem == "CA":
@@ -285,7 +250,8 @@ class PKIConfigParser:
config.pki_master_dict['pki_architecture'] = config.pki_architecture
config.pki_master_dict['pki_jython_log_level'] =\
config.pki_jython_log_level
- config.pki_master_dict['pki_deployment_cfg'] = config.pkideployment_cfg
+ config.pki_master_dict['pki_default_deployment_cfg'] = config.default_deployment_cfg
+ config.pki_master_dict['pki_user_deployment_cfg'] = config.user_deployment_cfg
config.pki_master_dict['pki_deployed_instance_name'] =\
config.pki_deployed_instance_name
# Generate random 'pin's for use as security database passwords
@@ -1568,18 +1534,31 @@ class PKIConfigParser:
config.pki_master_dict['pki_storage_tag'] = "storage"
# Finalization name/value pairs
- config.pki_master_dict['pki_deployment_cfg_replica'] =\
+ config.pki_master_dict['pki_default_deployment_cfg_replica'] =\
+ os.path.join(config.pki_master_dict['pki_subsystem_registry_path'],
+ config.DEFAULT_DEPLOYMENT_CONFIGURATION)
+ config.pki_master_dict['pki_user_deployment_cfg_replica'] =\
os.path.join(config.pki_master_dict['pki_subsystem_registry_path'],
- config.PKI_DEPLOYMENT_CONFIGURATION_FILE)
- config.pki_master_dict['pki_deployment_cfg_spawn_archive'] =\
+ config.USER_DEPLOYMENT_CONFIGURATION)
+ config.pki_master_dict['pki_default_deployment_cfg_spawn_archive'] =\
+ config.pki_master_dict['pki_subsystem_archive_log_path'] + "/" +\
+ "spawn" + "_" +\
+ config.DEFAULT_DEPLOYMENT_CONFIGURATION + "." +\
+ config.pki_master_dict['pki_timestamp']
+ config.pki_master_dict['pki_user_deployment_cfg_spawn_archive'] =\
config.pki_master_dict['pki_subsystem_archive_log_path'] + "/" +\
"spawn" + "_" +\
- config.PKI_DEPLOYMENT_CONFIGURATION_FILE + "." +\
+ config.USER_DEPLOYMENT_CONFIGURATION + "." +\
+ config.pki_master_dict['pki_timestamp']
+ config.pki_master_dict['pki_default_deployment_cfg_respawn_archive'] =\
+ config.pki_master_dict['pki_subsystem_archive_log_path'] + "/" +\
+ "respawn" + "_" +\
+ config.DEFAULT_DEPLOYMENT_CONFIGURATION + "." +\
config.pki_master_dict['pki_timestamp']
- config.pki_master_dict['pki_deployment_cfg_respawn_archive'] =\
+ config.pki_master_dict['pki_user_deployment_cfg_respawn_archive'] =\
config.pki_master_dict['pki_subsystem_archive_log_path'] + "/" +\
"respawn" + "_" +\
- config.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE + "." +\
+ config.USER_DEPLOYMENT_CONFIGURATION + "." +\
config.pki_master_dict['pki_timestamp']
config.pki_master_dict['pki_manifest'] =\
config.pki_master_dict['pki_subsystem_registry_path'] + "/" +\
diff --git a/specs/pki-core.spec b/specs/pki-core.spec
index d0cdfcb2f..8c3c7913e 100644
--- a/specs/pki-core.spec
+++ b/specs/pki-core.spec
@@ -14,7 +14,7 @@ distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
Name: pki-core
Version: 10.0.0
-Release: %{?relprefix}53%{?prerel}%{?dist}
+Release: %{?relprefix}54%{?prerel}%{?dist}
Summary: Certificate System - PKI Core Components
URL: http://pki.fedoraproject.org/
License: GPLv2
@@ -809,6 +809,7 @@ fi
%files -n pki-server
%defattr(-,root,root,-)
%doc base/deploy/LICENSE
+%{_sysconfdir}/pki/default.cfg
%{_sbindir}/pkispawn
%{_sbindir}/pkidestroy
#%{_bindir}/pki-setup-proxy
@@ -958,6 +959,9 @@ fi
%changelog
+* Tue Dec 4 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.54.b3
+- Moved default deployment configuration to /etc/pki.
+
* Mon Nov 19 2012 Ade Lee <alee@redhat.com> 10.0.0-0.53.b3
- Cleaned up spec file to provide only support rhel 7+, f17+
- Added resteasy-base dependency for rhel 7