summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--base/server/python/pki/server/deployment/pkimessages.py3
-rw-r--r--base/server/python/pki/server/deployment/scriptlets/finalization.py42
-rwxr-xr-xbase/server/sbin/pkispawn149
3 files changed, 125 insertions, 69 deletions
diff --git a/base/server/python/pki/server/deployment/pkimessages.py b/base/server/python/pki/server/deployment/pkimessages.py
index b58915fe2..c8821bbb6 100644
--- a/base/server/python/pki/server/deployment/pkimessages.py
+++ b/base/server/python/pki/server/deployment/pkimessages.py
@@ -98,7 +98,8 @@ PKI_SUBORDINATE_UNSUPPORTED_1 = \
PKI_IOERROR_1 = "IOError: %s!"
PKI_KEYERROR_1 = "KeyError: %s!"
PKI_LARGEZIPFILE_ERROR_1 = "zipfile.LargeZipFile: %s!"
-PKI_MANIFEST_MESSAGE_1 = "generating manifest file called '%s'"
+PKI_ARCHIVE_CONFIG_MESSAGE_1 = "archiving configuration into '%s'"
+PKI_ARCHIVE_MANIFEST_MESSAGE_1 = "archiving manifest into '%s'"
PKI_OSERROR_1 = "OSError: %s!"
PKI_SHUTIL_ERROR_1 = "shutil.Error: %s!"
PKI_SUBPROCESS_ERROR_1 = "subprocess.CalledProcessError: %s!"
diff --git a/base/server/python/pki/server/deployment/scriptlets/finalization.py b/base/server/python/pki/server/deployment/scriptlets/finalization.py
index 8f8cfe0ac..3dc7f66de 100644
--- a/base/server/python/pki/server/deployment/scriptlets/finalization.py
+++ b/base/server/python/pki/server/deployment/scriptlets/finalization.py
@@ -22,7 +22,6 @@ from __future__ import absolute_import
# PKI Deployment Imports
from .. import pkiconfig as config
-from .. import pkimanifest as manifest
from .. import pkimessages as log
from .. import pkiscriptlet
@@ -32,30 +31,19 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
def spawn(self, deployer):
- # ALWAYS finalize execution of scriptlets
+ external = deployer.configuration_file.external
+ standalone = deployer.configuration_file.standalone
+ step_one = deployer.configuration_file.external_step_one
+ skip_configuration = deployer.configuration_file.skip_configuration
+
+ if (external or standalone) and step_one or skip_configuration:
+ config.pki_log.info(log.SKIP_FINALIZATION_SPAWN_1, __name__,
+ extra=config.PKI_INDENTATION_LEVEL_1)
+ return
+
config.pki_log.info(log.FINALIZATION_SPAWN_1, __name__,
extra=config.PKI_INDENTATION_LEVEL_1)
- # For debugging/auditing purposes, save a timestamped copy of
- # this configuration file in the subsystem archive
- deployer.file.copy(
- deployer.mdict['pki_user_deployment_cfg_replica'],
- deployer.mdict['pki_user_deployment_cfg_spawn_archive'])
- # Save a copy of the installation manifest file
- config.pki_log.info(
- log.PKI_MANIFEST_MESSAGE_1, deployer.mdict['pki_manifest'],
- extra=config.PKI_INDENTATION_LEVEL_2)
- # for record in manifest.database:
- # print tuple(record)
- manifest_file = manifest.File(deployer.manifest_db)
- manifest_file.register(deployer.mdict['pki_manifest'])
- manifest_file.write()
- deployer.file.modify(deployer.mdict['pki_manifest'], silent=True)
- # Also, for debugging/auditing purposes, save a timestamped copy of
- # this installation manifest file
- deployer.file.copy(
- deployer.mdict['pki_manifest'],
- deployer.mdict['pki_manifest_spawn_archive'])
# Optionally, programmatically 'enable' the configured PKI instance
# to be started upon system boot (default is True)
if not config.str2bool(deployer.mdict['pki_enable_on_system_boot']):
@@ -66,13 +54,9 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
# Modify contents of 'serverCertNick.conf' (if necessary)
deployer.servercertnick_conf.modify()
- external = config.str2bool(deployer.mdict['pki_external'])
- step_one = not config.str2bool(deployer.mdict['pki_external_step_two'])
-
- if not (external and step_one):
- # Optionally, programmatically 'restart' the configured PKI instance
- if config.str2bool(deployer.mdict['pki_restart_configured_instance']):
- deployer.systemd.restart()
+ # Optionally, programmatically 'restart' the configured PKI instance
+ if config.str2bool(deployer.mdict['pki_restart_configured_instance']):
+ deployer.systemd.restart()
# Optionally, 'purge' the entire temporary client infrastructure
# including the client NSS security databases and password files
diff --git a/base/server/sbin/pkispawn b/base/server/sbin/pkispawn
index b019d8869..f75fa43ae 100755
--- a/base/server/sbin/pkispawn
+++ b/base/server/sbin/pkispawn
@@ -40,6 +40,7 @@ try:
import traceback
from time import strftime as date
from pki.server.deployment import pkiconfig as config
+ from pki.server.deployment import pkimanifest as manifest
from pki.server.deployment.pkiparser import PKIConfigParser
from pki.server.deployment import pkilogging
from pki.server.deployment import pkimessages as log
@@ -534,18 +535,60 @@ def main(argv):
print()
sys.exit(1)
+ # ALWAYS archive configuration file and manifest file
+
+ config.pki_log.info(
+ log.PKI_ARCHIVE_CONFIG_MESSAGE_1,
+ deployer.mdict['pki_user_deployment_cfg_spawn_archive'],
+ extra=config.PKI_INDENTATION_LEVEL_1)
+
+ # For debugging/auditing purposes, save a timestamped copy of
+ # this configuration file in the subsystem archive
+ deployer.file.copy(
+ deployer.mdict['pki_user_deployment_cfg_replica'],
+ deployer.mdict['pki_user_deployment_cfg_spawn_archive'])
+
+ config.pki_log.info(
+ log.PKI_ARCHIVE_MANIFEST_MESSAGE_1,
+ deployer.mdict['pki_manifest_spawn_archive'],
+ extra=config.PKI_INDENTATION_LEVEL_1)
+
+ # for record in manifest.database:
+ # print tuple(record)
+
+ manifest_file = manifest.File(deployer.manifest_db)
+ manifest_file.register(deployer.mdict['pki_manifest'])
+ manifest_file.write()
+
+ deployer.file.modify(deployer.mdict['pki_manifest'], silent=True)
+
+ # Also, for debugging/auditing purposes, save a timestamped copy of
+ # this installation manifest file
+ deployer.file.copy(
+ deployer.mdict['pki_manifest'],
+ deployer.mdict['pki_manifest_spawn_archive'])
+
config.pki_log.debug(log.PKI_DICTIONARY_MASTER,
extra=config.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(pkilogging.log_format(parser.mdict),
extra=config.PKI_INDENTATION_LEVEL_0)
external = deployer.configuration_file.external
+ standalone = deployer.configuration_file.standalone
step_one = deployer.configuration_file.external_step_one
+ skip_configuration = deployer.configuration_file.skip_configuration
if external and step_one:
print_external_ca_step_one_information(parser.mdict)
+
+ elif standalone and step_one:
+ print_standalone_step_one_information(parser.mdict)
+
+ elif skip_configuration:
+ print_skip_configuration_information(parser.mdict)
+
else:
- print_install_information(parser.mdict)
+ print_final_install_information(parser.mdict)
def start_logging():
@@ -672,48 +715,76 @@ def print_external_ca_step_one_information(mdict):
print(log.PKI_SPAWN_INFORMATION_FOOTER)
-def print_install_information(mdict):
+def print_standalone_step_one_information(mdict):
+
+ print(log.PKI_SPAWN_INFORMATION_HEADER)
+ print(" The %s subsystem of the '%s' instance is still incomplete." %
+ (config.pki_subsystem, mdict['pki_instance_name']))
+ print()
+ print(" The CSRs for the %s certificates have been generated in:\n"
+ " %s"
+ % (config.pki_subsystem, mdict['pki_instance_configuration_path']))
+ print(log.PKI_CHECK_STATUS_MESSAGE % mdict['pki_instance_name'])
+ print(log.PKI_INSTANCE_RESTART_MESSAGE % mdict['pki_instance_name'])
+ print(log.PKI_CONFIGURATION_STANDALONE_1 % config.pki_subsystem)
+ print(log.PKI_SPAWN_INFORMATION_FOOTER)
+
+
+def print_skip_configuration_information(mdict):
+
+ print(log.PKI_SPAWN_INFORMATION_HEADER)
+ print(" The %s subsystem of the '%s' instance\n"
+ " must still be configured!" %
+ (config.pki_subsystem, mdict['pki_instance_name']))
+ print(log.PKI_CHECK_STATUS_MESSAGE % mdict['pki_instance_name'])
+ print(log.PKI_INSTANCE_RESTART_MESSAGE % mdict['pki_instance_name'])
+
+ print(log.PKI_ACCESS_URL % (mdict['pki_hostname'],
+ mdict['pki_https_port'],
+ config.pki_subsystem.lower()))
+ if not config.str2bool(mdict['pki_enable_on_system_boot']):
+ print(log.PKI_SYSTEM_BOOT_STATUS_MESSAGE % "disabled")
+ else:
+ print(log.PKI_SYSTEM_BOOT_STATUS_MESSAGE % "enabled")
+ print(log.PKI_SPAWN_INFORMATION_FOOTER)
+
+
+def print_final_install_information(mdict):
- skip_configuration = config.str2bool(mdict['pki_skip_configuration'])
print(log.PKI_SPAWN_INFORMATION_HEADER)
- if skip_configuration:
- print(" The %s subsystem of the '%s' instance\n"
- " must still be configured!" %
+ print(" Administrator's username: %s" %
+ mdict['pki_admin_uid'])
+
+ if os.path.isfile(mdict['pki_client_admin_cert_p12']):
+ print(" Administrator's PKCS #12 file:\n %s" %
+ mdict['pki_client_admin_cert_p12'])
+
+ if not config.str2bool(mdict['pki_client_database_purge']):
+ print()
+ print(" Administrator's certificate nickname:\n %s"
+ % mdict['pki_admin_nickname'])
+
+ if not config.str2bool(mdict['pki_clone']):
+ print(" Administrator's certificate database:\n %s"
+ % mdict['pki_client_database_dir'])
+
+ else:
+ print()
+ print(" This %s subsystem of the '%s' instance\n"
+ " is a clone." %
(config.pki_subsystem, mdict['pki_instance_name']))
+
+ print(log.PKI_CHECK_STATUS_MESSAGE % mdict['pki_instance_name'])
+ print(log.PKI_INSTANCE_RESTART_MESSAGE % mdict['pki_instance_name'])
+
+ print(log.PKI_ACCESS_URL % (mdict['pki_hostname'],
+ mdict['pki_https_port'],
+ config.pki_subsystem.lower()))
+ if not config.str2bool(mdict['pki_enable_on_system_boot']):
+ print(log.PKI_SYSTEM_BOOT_STATUS_MESSAGE % "disabled")
else:
- print(" Administrator's username: %s" %
- mdict['pki_admin_uid'])
- if os.path.isfile(mdict['pki_client_admin_cert_p12']):
- print(" Administrator's PKCS #12 file:\n %s" %
- mdict['pki_client_admin_cert_p12'])
- if not config.str2bool(mdict['pki_client_database_purge']):
- print()
- print(" Administrator's certificate nickname:\n %s"
- % mdict['pki_admin_nickname'])
- if not config.str2bool(mdict['pki_clone']):
- print(" Administrator's certificate database:\n %s"
- % mdict['pki_client_database_dir'])
- else:
- print()
- print(" This %s subsystem of the '%s' instance\n"
- " is a clone." %
- (config.pki_subsystem, mdict['pki_instance_name']))
- print(log.PKI_CHECK_STATUS_MESSAGE % mdict['pki_instance_name'])
- print(log.PKI_INSTANCE_RESTART_MESSAGE % mdict['pki_instance_name'])
- if (((config.pki_subsystem == "KRA" or
- config.pki_subsystem == "OCSP") and
- config.str2bool(mdict['pki_standalone'])) and
- not config.str2bool(mdict['pki_external_step_two'])):
- # Stand-alone PKI KRA/OCSP (External CA Step 1)
- print(log.PKI_CONFIGURATION_STANDALONE_1 % config.pki_subsystem)
- else:
- print(log.PKI_ACCESS_URL % (mdict['pki_hostname'],
- mdict['pki_https_port'],
- config.pki_subsystem.lower()))
- if not config.str2bool(mdict['pki_enable_on_system_boot']):
- print(log.PKI_SYSTEM_BOOT_STATUS_MESSAGE % "disabled")
- else:
- print(log.PKI_SYSTEM_BOOT_STATUS_MESSAGE % "enabled")
+ print(log.PKI_SYSTEM_BOOT_STATUS_MESSAGE % "enabled")
+
print(log.PKI_SPAWN_INFORMATION_FOOTER)