diff options
-rw-r--r-- | base/deploy/src/scriptlets/configuration.py | 8 | ||||
-rw-r--r-- | base/deploy/src/scriptlets/finalization.py | 42 | ||||
-rw-r--r-- | base/deploy/src/scriptlets/infrastructure_layout.py | 10 | ||||
-rw-r--r-- | base/deploy/src/scriptlets/initialization.py | 3 | ||||
-rw-r--r-- | base/deploy/src/scriptlets/instance_layout.py | 167 | ||||
-rw-r--r-- | base/deploy/src/scriptlets/security_databases.py | 7 | ||||
-rw-r--r-- | base/deploy/src/scriptlets/slot_substitution.py | 53 | ||||
-rw-r--r-- | base/deploy/src/scriptlets/subsystem_layout.py | 75 | ||||
-rw-r--r-- | base/deploy/src/scriptlets/webapp_deployment.py | 35 |
9 files changed, 0 insertions, 400 deletions
diff --git a/base/deploy/src/scriptlets/configuration.py b/base/deploy/src/scriptlets/configuration.py index 6208db46a..f2d3ab1b1 100644 --- a/base/deploy/src/scriptlets/configuration.py +++ b/base/deploy/src/scriptlets/configuration.py @@ -138,14 +138,6 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def respawn(self): config.pki_log.info(log.CONFIGURATION_RESPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - if util.file.exists(master['pki_client_password_conf']): - util.file.modify(master['pki_client_password_conf'], - uid=0, gid=0) - if util.file.exists(master['pki_client_pkcs12_password_conf']): - util.file.modify(master['pki_client_pkcs12_password_conf'], - uid=0, gid=0) - # ALWAYS Restart this Apache/Tomcat PKI Process - util.systemd.restart() return self.rv def destroy(self): diff --git a/base/deploy/src/scriptlets/finalization.py b/base/deploy/src/scriptlets/finalization.py index f327ffb04..a86ffff28 100644 --- a/base/deploy/src/scriptlets/finalization.py +++ b/base/deploy/src/scriptlets/finalization.py @@ -89,48 +89,6 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def respawn(self): config.pki_log.info(log.FINALIZATION_RESPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - # Save a copy of the configuration file used by this process - # (which may be used later by 'pkidestroy') - util.file.copy(master['pki_deployment_cfg'], - master['pki_deployment_cfg_replica'], - overwrite_flag=True) - # Also, for debugging/auditing purposes, save a timestamped copy of - # this configuration file in the subsystem archive - util.file.copy(master['pki_deployment_cfg_replica'], - master['pki_deployment_cfg_respawn_archive']) - # Save a copy of the updated manifest file - config.pki_log.info(log.PKI_MANIFEST_MESSAGE_1, master['pki_manifest'], - extra=config.PKI_INDENTATION_LEVEL_2) - # for record in manifest.database: - # print tuple(record) - if not config.pki_dry_run_flag: - manifest.file.register(master['pki_manifest']) - manifest.file.write() - util.file.modify(master['pki_manifest'], silent=True) - # Also, for debugging/auditing purposes, save a timestamped copy of - # this installation manifest file - util.file.copy(master['pki_manifest'], - master['pki_manifest_respawn_archive']) - # Optionally, programmatically 'restart' the configured PKI instance - if config.str2bool(master['pki_restart_configured_instance']): - util.systemd.restart() - # Optionally, 'purge' the entire temporary client infrastructure - # including the client NSS security databases and password files - # - # WARNING: If the PKCS #12 file containing the Admin Cert was - # placed under this infrastructure, it may accidentally - # be deleted! - # - if config.str2bool(master['pki_client_database_purge']): - if util.directory.exists(master['pki_client_dir']): - util.directory.delete(master['pki_client_dir']) - # Log final process messages - config.pki_log.info(log.PKIRESPAWN_END_MESSAGE_2, - master['pki_subsystem'], - master['pki_instance_id'], - extra=config.PKI_INDENTATION_LEVEL_0) - if not config.pki_dry_run_flag: - util.file.modify(master['pki_respawn_log'], silent=True) return self.rv def destroy(self): diff --git a/base/deploy/src/scriptlets/infrastructure_layout.py b/base/deploy/src/scriptlets/infrastructure_layout.py index 3faa0b9b9..d4dc264fd 100644 --- a/base/deploy/src/scriptlets/infrastructure_layout.py +++ b/base/deploy/src/scriptlets/infrastructure_layout.py @@ -84,16 +84,6 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def respawn(self): config.pki_log.info(log.ADMIN_DOMAIN_RESPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - # update top-level infrastructure base - util.directory.modify(master['pki_path']) - # update top-level infrastructure logs - util.directory.modify(master['pki_log_path']) - # update top-level infrastructure configuration - if master['pki_configuration_path'] !=\ - config.PKI_DEPLOYMENT_CONFIGURATION_ROOT: - util.directory.modify(master['pki_configuration_path']) - # update top-level infrastructure registry - util.directory.modify(master['pki_registry_path']) return self.rv def destroy(self): diff --git a/base/deploy/src/scriptlets/initialization.py b/base/deploy/src/scriptlets/initialization.py index 6c41ef642..a0298f740 100644 --- a/base/deploy/src/scriptlets/initialization.py +++ b/base/deploy/src/scriptlets/initialization.py @@ -75,9 +75,6 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # verify that this type of "subsystem" currently EXISTS # for this "instance" util.instance.verify_subsystem_exists() - # establish 'uid' and 'gid' - util.identity.set_uid(master['pki_user']) - util.identity.set_gid(master['pki_group']) return self.rv def destroy(self): diff --git a/base/deploy/src/scriptlets/instance_layout.py b/base/deploy/src/scriptlets/instance_layout.py index b4d1a5068..0df418165 100644 --- a/base/deploy/src/scriptlets/instance_layout.py +++ b/base/deploy/src/scriptlets/instance_layout.py @@ -241,173 +241,6 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def respawn(self): config.pki_log.info(log.INSTANCE_RESPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - # update instance base - util.directory.modify(master['pki_instance_path']) - # update instance logs - util.directory.modify(master['pki_instance_log_path']) - # update instance configuration - util.directory.modify(master['pki_instance_configuration_path']) - # update instance registry - util.directory.modify(master['pki_instance_type_registry_path']) - util.directory.modify(master['pki_instance_registry_path']) - # update Apache/Tomcat specific instance - if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: - # update Tomcat instance base - util.directory.modify(master['pki_tomcat_common_path']) - util.directory.modify(master['pki_tomcat_common_lib_path']) - util.directory.modify(master['pki_instance_lib']) - util.directory.modify(master['pki_instance_lib_log4j_properties']) - util.directory.modify(master['pki_tomcat_webapps_path']) - - common_images = os.path.join( - master['pki_tomcat_webapps_common_path'], - "images") - - # Copy /usr/share/pki/common-ui/admin/console/img - # to <instance>/webapp/pki/images - util.directory.copy( - os.path.join( - config.PKI_DEPLOYMENT_SOURCE_ROOT, - "common-ui", - "admin", - "console", - "img"), - common_images, - overwrite_flag=True) - - # Copy /usr/share/pki/common-ui/css - # to <instance>/webapp/pki/css - util.directory.copy( - os.path.join( - config.PKI_DEPLOYMENT_SOURCE_ROOT, - "common-ui", - "css"), - os.path.join( - master['pki_tomcat_webapps_common_path'], - "css"), - overwrite_flag=True) - - # Copy /usr/share/pki/common-ui/img - # to <instance>/webapp/pki/images - util.directory.copy( - os.path.join( - config.PKI_DEPLOYMENT_SOURCE_ROOT, - "common-ui", - "img"), - common_images, - overwrite_flag=True) - - # Copy /usr/share/pki/<subsystem>-ui/webapps/<subsystem>/admin/graphics - # to <instance>/webapp/pki/images - dir = os.path.join( - config.PKI_DEPLOYMENT_SOURCE_ROOT, - master['pki_subsystem'].lower() + "-ui", - "webapps", - master['pki_subsystem'].lower(), - "admin", - "graphics") - if (util.directory.exists(dir)): - util.directory.copy( - dir, - common_images, - overwrite_flag=True) - - # Copy /usr/share/pki/<subsystem>-ui/webapps/<subsystem>/agent/graphics - # to <instance>/webapp/pki/images - dir = os.path.join( - config.PKI_DEPLOYMENT_SOURCE_ROOT, - master['pki_subsystem'].lower() + "-ui", - "webapps", - master['pki_subsystem'].lower(), - "agent", - "graphics") - if (util.directory.exists(dir)): - util.directory.copy( - dir, - common_images, - overwrite_flag=True) - - # Copy /usr/share/pki/<subsystem>-ui/webapps/<subsystem>/ee/graphics - # to <instance>/webapp/pki/images - dir = os.path.join( - config.PKI_DEPLOYMENT_SOURCE_ROOT, - master['pki_subsystem'].lower() + "-ui", - "webapps", - master['pki_subsystem'].lower(), - "ee", - "graphics") - if (util.directory.exists(dir)): - util.directory.copy( - dir, - common_images, - overwrite_flag=True) - - util.directory.copy( - os.path.join( - config.PKI_DEPLOYMENT_SOURCE_ROOT, - "server", - "webapps", - "ROOT"), - master['pki_tomcat_webapps_root_path'], - overwrite_flag=True) - util.directory.modify(master['pki_tomcat_webapps_root_path']) - util.directory.modify(master['pki_tomcat_webapps_root_webinf_path']) - util.directory.modify(master['pki_tomcat_work_path']) - util.directory.modify(master['pki_tomcat_work_catalina_path']) - util.directory.modify(master['pki_tomcat_work_catalina_host_path']) - util.directory.modify( - master['pki_tomcat_work_catalina_host_run_path']) - util.directory.modify( - master['pki_tomcat_work_catalina_host_subsystem_path']) - # update Tomcat instance logs - # update Tomcat instance configuration - # update Tomcat instance registry - # update Tomcat instance convenience symbolic links - util.symlink.modify(master['pki_tomcat_bin_link']) - util.symlink.modify(master['pki_instance_systemd_link'], - uid=0, gid=0) - # update Tomcat instance common lib jar symbolic links - - util.symlink.modify( - master['pki_apache_commons_collections_jar_link']) - util.symlink.modify(master['pki_apache_commons_lang_jar_link']) - util.symlink.modify(master['pki_apache_commons_logging_jar_link']) - util.symlink.modify(master['pki_commons_codec_jar_link']) - util.symlink.modify(master['pki_httpclient_jar_link']) - util.symlink.modify(master['pki_httpcore_jar_link']) - util.symlink.modify(master['pki_javassist_jar_link']) - util.symlink.modify(master['pki_resteasy_jaxrs_api_jar_link']) - util.symlink.modify(master['pki_jettison_jar_link']) - util.symlink.modify(master['pki_jss_jar_link']) - util.symlink.modify(master['pki_ldapjdk_jar_link']) - util.symlink.modify(master['pki_certsrv_jar_link']) - util.symlink.modify(master['pki_cmsbundle_jar_link']) - util.symlink.modify(master['pki_cmscore_jar_link']) - util.symlink.modify(master['pki_cms_jar_link']) - util.symlink.modify(master['pki_cmsutil_jar_link']) - util.symlink.modify(master['pki_nsutil_jar_link']) - util.symlink.modify(master['pki_resteasy_atom_provider_jar_link']) - util.symlink.modify(master['pki_resteasy_jaxb_provider_jar_link']) - util.symlink.modify(master['pki_resteasy_jaxrs_jar_link']) - util.symlink.modify( - master['pki_resteasy_jettison_provider_jar_link']) - util.symlink.modify(master['pki_scannotation_jar_link']) - if master['pki_subsystem'] == 'TKS': - util.symlink.modify(master['pki_symkey_jar_link']) - util.symlink.modify(master['pki_tomcatjss_jar_link']) - util.symlink.modify(master['pki_velocity_jar_link']) - util.symlink.modify(master['pki_xerces_j2_jar_link']) - util.symlink.modify(master['pki_xml_commons_apis_jar_link']) - util.symlink.modify(master['pki_xml_commons_resolver_jar_link']) - # update shared NSS security databases for this instance - util.directory.modify(master['pki_database_path']) - # update instance convenience symbolic links - util.symlink.modify(master['pki_instance_database_link']) - util.symlink.modify(master['pki_instance_conf_link']) - util.directory.copy(master['pki_source_server_path'], - master['pki_instance_configuration_path'], - overwrite_flag=True) - util.symlink.modify(master['pki_instance_logs_link']) return self.rv def destroy(self): diff --git a/base/deploy/src/scriptlets/security_databases.py b/base/deploy/src/scriptlets/security_databases.py index f8de0c78c..f46f9180a 100644 --- a/base/deploy/src/scriptlets/security_databases.py +++ b/base/deploy/src/scriptlets/security_databases.py @@ -148,13 +148,6 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def respawn(self): config.pki_log.info(log.SECURITY_DATABASES_RESPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - util.file.modify(master['pki_shared_password_conf']) - util.file.modify(master['pki_cert_database'], - perms=config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) - util.file.modify(master['pki_key_database'], - perms=config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) - util.file.modify(master['pki_secmod_database'], - perms=config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) return self.rv def destroy(self): diff --git a/base/deploy/src/scriptlets/slot_substitution.py b/base/deploy/src/scriptlets/slot_substitution.py index dcd367ac6..055908b5b 100644 --- a/base/deploy/src/scriptlets/slot_substitution.py +++ b/base/deploy/src/scriptlets/slot_substitution.py @@ -95,59 +95,6 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def respawn(self): config.pki_log.info(log.SLOT_ASSIGNMENT_RESPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - util.file.copy_with_slot_substitution(master['pki_source_cs_cfg'], - master['pki_target_cs_cfg'], - overwrite_flag=True) - util.file.copy_with_slot_substitution(master['pki_source_registry'], - master['pki_target_registry'], - uid=0, gid=0, overwrite_flag=True) - if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: - util.file.copy_with_slot_substitution( - master['pki_source_catalina_properties'], - master['pki_target_catalina_properties'], - overwrite_flag=True) - util.file.copy_with_slot_substitution( - master['pki_source_servercertnick_conf'], - master['pki_target_servercertnick_conf'], - overwrite_flag=True) - util.file.copy_with_slot_substitution( - master['pki_source_server_xml'], - master['pki_target_server_xml'], - overwrite_flag=True) - util.file.copy_with_slot_substitution( - master['pki_source_context_xml'], - master['pki_target_context_xml'], - overwrite_flag=True) - util.file.copy_with_slot_substitution( - master['pki_source_tomcat_conf'], - master['pki_target_tomcat_conf_instance_id'], - uid=0, gid=0, overwrite_flag=True) - util.file.copy_with_slot_substitution( - master['pki_source_tomcat_conf'], - master['pki_target_tomcat_conf'], - overwrite_flag=True) - util.file.apply_slot_substitution( - master['pki_target_auth_properties']) - util.file.apply_slot_substitution( - master['pki_target_velocity_properties']) - util.file.apply_slot_substitution( - master['pki_target_subsystem_web_xml']) - # Strip "<filter>" section from subsystem "web.xml" - # This is ONLY necessary because XML comments cannot be "nested"! - #util.file.copy(master['pki_target_subsystem_web_xml'], - # master['pki_target_subsystem_web_xml_orig']) - #util.file.delete(master['pki_target_subsystem_web_xml']) - #util.xml_file.remove_filter_section_from_web_xml( - # master['pki_target_subsystem_web_xml_orig'], - # master['pki_target_subsystem_web_xml']) - #util.file.delete(master['pki_target_subsystem_web_xml_orig']) - if master['pki_subsystem'] == "CA": - util.file.copy_with_slot_substitution( - master['pki_source_proxy_conf'], - master['pki_target_proxy_conf'], - overwrite_flag=True) - util.file.apply_slot_substitution( - master['pki_target_profileselect_template']) return self.rv def destroy(self): diff --git a/base/deploy/src/scriptlets/subsystem_layout.py b/base/deploy/src/scriptlets/subsystem_layout.py index fde69b093..c4c4c2283 100644 --- a/base/deploy/src/scriptlets/subsystem_layout.py +++ b/base/deploy/src/scriptlets/subsystem_layout.py @@ -104,81 +104,6 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def respawn(self): config.pki_log.info(log.SUBSYSTEM_RESPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - # update instance-based subsystem base - util.directory.modify(master['pki_subsystem_path']) - # update instance-based subsystem logs - util.directory.modify(master['pki_subsystem_log_path']) - util.directory.modify(master['pki_subsystem_archive_log_path']) - if master['pki_subsystem'] in config.PKI_SIGNED_AUDIT_SUBSYSTEMS: - util.directory.modify(master['pki_subsystem_signed_audit_log_path']) - # update instance-based subsystem configuration - util.directory.modify(master['pki_subsystem_configuration_path']) - # util.directory.copy(master['pki_source_conf_path'], - # master['pki_subsystem_configuration_path']) - # overwrite_flag=True) - # update instance-based subsystem registry - util.directory.modify(master['pki_subsystem_registry_path']) - # establish instance-based Apache/Tomcat specific subsystems - if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: - # update instance-based Tomcat PKI subsystem base - if master['pki_subsystem'] == "CA": - util.directory.copy(master['pki_source_emails'], - master['pki_subsystem_emails_path'], - overwrite_flag=True) - util.directory.copy(master['pki_source_profiles'], - master['pki_subsystem_profiles_path'], - overwrite_flag=True) - # update instance-based Tomcat PKI subsystem logs - # update instance-based Tomcat PKI subsystem configuration - if master['pki_subsystem'] == "CA": - # util.file.copy(master['pki_source_flatfile_txt'], - # master['pki_target_flatfile_txt'], - # overwrite_flag=True) - util.file.copy(master['pki_source_registry_cfg'], - master['pki_target_registry_cfg'], - overwrite_flag=True) - # '*.profile' - util.file.copy(master['pki_source_admincert_profile'], - master['pki_target_admincert_profile'], - overwrite_flag=True) - util.file.copy(master['pki_source_caauditsigningcert_profile'], - master['pki_target_caauditsigningcert_profile'], - overwrite_flag=True) - util.file.copy(master['pki_source_cacert_profile'], - master['pki_target_cacert_profile'], - overwrite_flag=True) - util.file.copy(master['pki_source_caocspcert_profile'], - master['pki_target_caocspcert_profile'], - overwrite_flag=True) - util.file.copy(master['pki_source_servercert_profile'], - master['pki_target_servercert_profile'], - overwrite_flag=True) - util.file.copy(master['pki_source_subsystemcert_profile'], - master['pki_target_subsystemcert_profile'], - overwrite_flag=True) - elif master['pki_subsystem'] == "KRA": - # '*.profile' - util.file.copy(master['pki_source_servercert_profile'], - master['pki_target_servercert_profile'], - overwrite_flag=True) - util.file.copy(master['pki_source_storagecert_profile'], - master['pki_target_storagecert_profile'], - overwrite_flag=True) - util.file.copy(master['pki_source_subsystemcert_profile'], - master['pki_target_subsystemcert_profile'], - overwrite_flag=True) - util.file.copy(master['pki_source_transportcert_profile'], - master['pki_target_transportcert_profile'], - overwrite_flag=True) - # update instance-based Tomcat PKI subsystem registry - # update instance-based Tomcat PKI subsystem convenience - # symbolic links - util.symlink.modify(master['pki_subsystem_tomcat_webapps_link']) - # update instance-based subsystem convenience symbolic links - util.symlink.modify(master['pki_subsystem_database_link']) - util.symlink.modify(master['pki_subsystem_conf_link']) - util.symlink.modify(master['pki_subsystem_logs_link']) - util.symlink.modify(master['pki_subsystem_registry_link']) return self.rv def destroy(self): diff --git a/base/deploy/src/scriptlets/webapp_deployment.py b/base/deploy/src/scriptlets/webapp_deployment.py index 507d23c32..ad7235c18 100644 --- a/base/deploy/src/scriptlets/webapp_deployment.py +++ b/base/deploy/src/scriptlets/webapp_deployment.py @@ -105,41 +105,6 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: config.pki_log.info(log.WEBAPP_DEPLOYMENT_RESPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - # redeploy war file - util.directory.modify(master['pki_tomcat_webapps_subsystem_path']) - util.directory.copy( - os.path.join( - config.PKI_DEPLOYMENT_SOURCE_ROOT, - "common-ui"), - master['pki_tomcat_webapps_subsystem_path'], - overwrite_flag=True) - util.directory.copy( - os.path.join( - config.PKI_DEPLOYMENT_SOURCE_ROOT, - master['pki_subsystem'].lower() + "-ui", - "webapps", - master['pki_subsystem'].lower()), - master['pki_tomcat_webapps_subsystem_path'], - overwrite_flag=True) - util.directory.copy( - os.path.join( - config.PKI_DEPLOYMENT_SOURCE_ROOT, - master['pki_subsystem'].lower(), - "webapps", - master['pki_subsystem'].lower()), - master['pki_tomcat_webapps_subsystem_path'], - overwrite_flag=True) - # update Tomcat webapps subsystem WEB-INF lib symbolic links - if master['pki_subsystem'] == "CA": - util.symlink.modify(master['pki_ca_jar_link']) - elif master['pki_subsystem'] == "KRA": - util.symlink.modify(master['pki_kra_jar_link']) - elif master['pki_subsystem'] == "OCSP": - util.symlink.modify(master['pki_ocsp_jar_link']) - elif master['pki_subsystem'] == "TKS": - util.symlink.modify(master['pki_tks_jar_link']) - # update ownerships, permissions, and acls - util.directory.set_mode(master['pki_tomcat_webapps_subsystem_path']) return self.rv def destroy(self): |