diff options
-rw-r--r-- | base/deploy/CMakeLists.txt | 11 | ||||
-rw-r--r-- | base/deploy/etc/default.cfg (renamed from base/deploy/config/deployment.cfg) | 0 | ||||
-rwxr-xr-x | base/deploy/src/pkidestroy | 53 | ||||
-rwxr-xr-x | base/deploy/src/pkispawn | 29 | ||||
-rw-r--r-- | base/deploy/src/scriptlets/finalization.py | 6 | ||||
-rw-r--r-- | base/deploy/src/scriptlets/infrastructure_layout.py | 6 | ||||
-rw-r--r-- | base/deploy/src/scriptlets/pkiconfig.py | 8 | ||||
-rw-r--r-- | base/deploy/src/scriptlets/pkihelper.py | 52 | ||||
-rw-r--r-- | base/deploy/src/scriptlets/pkiparser.py | 157 | ||||
-rw-r--r-- | specs/pki-core.spec | 6 |
10 files changed, 199 insertions, 129 deletions
diff --git a/base/deploy/CMakeLists.txt b/base/deploy/CMakeLists.txt index 3848bd499..a602d44a6 100644 --- a/base/deploy/CMakeLists.txt +++ b/base/deploy/CMakeLists.txt @@ -57,9 +57,16 @@ install( install( DIRECTORY - config + config/ DESTINATION - ${DATA_INSTALL_DIR}/deployment + ${DATA_INSTALL_DIR}/deployment/config +) + +install( + DIRECTORY + etc/ + DESTINATION + ${SYSCONF_INSTALL_DIR}/pki ) find_package(PythonInterp REQUIRED) diff --git a/base/deploy/config/deployment.cfg b/base/deploy/etc/default.cfg index 6ff7a35bb..6ff7a35bb 100644 --- a/base/deploy/config/deployment.cfg +++ b/base/deploy/etc/default.cfg diff --git a/base/deploy/src/pkidestroy b/base/deploy/src/pkidestroy index 4e8bca9d1..36aee4142 100755 --- a/base/deploy/src/pkidestroy +++ b/base/deploy/src/pkidestroy @@ -52,6 +52,8 @@ error was: def main(argv): "main entry point" + config.pki_deployment_executable = os.path.basename(argv[0]) + # Only run this program as "root". if not os.geteuid() == 0: sys.exit("'%s' must be run as root!" % argv[0]) @@ -88,8 +90,55 @@ def main(argv): sys.exit(1) # Read and process command-line arguments. - parser = PKIConfigParser() - parser.process_command_line_arguments(argv) + parser = PKIConfigParser( + 'PKI Instance Removal', + log.PKIDESTROY_EPILOG) + + parser.mandatory.add_argument('-i', + dest='pki_deployed_instance_name', + action='store', + nargs=1, required=True, metavar='<instance>', + help='FORMAT: ${pki_instance_name}' + '[.${pki_admin_domain_name}]') + + args = parser.process_command_line_arguments(argv) + + # -i <instance name> + config.pki_deployed_instance_name =\ + str(args.pki_deployed_instance_name).strip('[\']') + + # verify that previously deployed instance exists + deployed_pki_instance_path = config.pki_root_prefix +\ + config.PKI_DEPLOYMENT_BASE_ROOT + "/" +\ + config.pki_deployed_instance_name + if not os.path.exists(deployed_pki_instance_path): + print "ERROR: " + log.PKI_INSTANCE_DOES_NOT_EXIST_1 %\ + deployed_pki_instance_path + print + parser.arg_parser.exit(-1); + + # verify that previously deployed subsystem for this instance exists + deployed_pki_subsystem_path = deployed_pki_instance_path + "/" +\ + config.pki_subsystem.lower() + if not os.path.exists(deployed_pki_subsystem_path): + print "ERROR: " + log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2 %\ + (config.pki_subsystem, deployed_pki_instance_path) + print + parser.arg_parser.exit(-1); + + # establish complete path to previously deployed configuration file + config.default_deployment_cfg =\ + deployed_pki_subsystem_path + "/" +\ + "registry" + "/" +\ + config.pki_subsystem.lower() + "/" +\ + config.DEFAULT_DEPLOYMENT_CONFIGURATION + config.user_deployment_cfg =\ + deployed_pki_subsystem_path + "/" +\ + "registry" + "/" +\ + config.pki_subsystem.lower() + "/" +\ + config.USER_DEPLOYMENT_CONFIGURATION + + parser.validate() # Enable 'pkidestroy' logging. config.pki_log_dir = config.pki_root_prefix +\ diff --git a/base/deploy/src/pkispawn b/base/deploy/src/pkispawn index 73d236247..94b1f5b39 100755 --- a/base/deploy/src/pkispawn +++ b/base/deploy/src/pkispawn @@ -52,6 +52,8 @@ error was: def main(argv): "main entry point" + config.pki_deployment_executable = os.path.basename(argv[0]) + # Only run this program as "root". if not os.geteuid() == 0: sys.exit("'%s' must be run as root!" % argv[0]) @@ -88,8 +90,31 @@ def main(argv): sys.exit(1) # Read and process command-line arguments. - parser = PKIConfigParser() - parser.process_command_line_arguments(argv) + parser = PKIConfigParser( + 'PKI Instance Installation and Configuration', + log.PKISPAWN_EPILOG) + + parser.mandatory.add_argument('-f', + dest='user_deployment_cfg', action='store', + nargs=1, required=True, metavar='<file>', + help='configuration filename ' + '(MUST specify complete path)') + + parser.optional.add_argument('-u', + dest='pki_update_flag', action='store_true', + help='update instance of specified subsystem') + + args = parser.process_command_line_arguments(argv) + + config.default_deployment_cfg = config.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE + + # -f <user deployment config> + config.user_deployment_cfg = str(args.user_deployment_cfg).strip('[\']') + + # -u + config.pki_update_flag = args.pki_update_flag + + parser.validate() if not os.path.exists(config.PKI_DEPLOYMENT_SOURCE_ROOT +\ "/" + config.pki_subsystem.lower()): diff --git a/base/deploy/src/scriptlets/finalization.py b/base/deploy/src/scriptlets/finalization.py index 55a007bca..ec8fa6eff 100644 --- a/base/deploy/src/scriptlets/finalization.py +++ b/base/deploy/src/scriptlets/finalization.py @@ -41,8 +41,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): extra=config.PKI_INDENTATION_LEVEL_1) # For debugging/auditing purposes, save a timestamped copy of # this configuration file in the subsystem archive - util.file.copy(master['pki_deployment_cfg_replica'], - master['pki_deployment_cfg_spawn_archive']) + util.file.copy(master['pki_default_deployment_cfg_replica'], + master['pki_default_deployment_cfg_spawn_archive']) + util.file.copy(master['pki_user_deployment_cfg_replica'], + master['pki_user_deployment_cfg_spawn_archive']) # Save a copy of the installation manifest file config.pki_log.info(log.PKI_MANIFEST_MESSAGE_1, master['pki_manifest'], extra=config.PKI_INDENTATION_LEVEL_2) diff --git a/base/deploy/src/scriptlets/infrastructure_layout.py b/base/deploy/src/scriptlets/infrastructure_layout.py index 8eed598cd..947fbcdfe 100644 --- a/base/deploy/src/scriptlets/infrastructure_layout.py +++ b/base/deploy/src/scriptlets/infrastructure_layout.py @@ -56,8 +56,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): util.directory.create(master['pki_instance_type_registry_path']) util.directory.create(master['pki_instance_registry_path']) util.directory.create(master['pki_subsystem_registry_path']) - util.file.copy(master['pki_deployment_cfg'], - master['pki_deployment_cfg_replica']) + util.file.copy(master['pki_default_deployment_cfg'], + master['pki_default_deployment_cfg_replica']) + util.file.copy(master['pki_user_deployment_cfg'], + master['pki_user_deployment_cfg_replica']) # establish top-level infrastructure, instance, and subsystem # base directories and create the "registry" symbolic link that # the "pkidestroy" executable relies upon diff --git a/base/deploy/src/scriptlets/pkiconfig.py b/base/deploy/src/scriptlets/pkiconfig.py index 35c80a5f7..cb92b153b 100644 --- a/base/deploy/src/scriptlets/pkiconfig.py +++ b/base/deploy/src/scriptlets/pkiconfig.py @@ -102,9 +102,10 @@ PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME = "pki-tomcat" PKI_DEPLOYMENT_CONFIGURATION_DIR =\ "/usr/share/pki/deployment/config" -PKI_DEPLOYMENT_CONFIGURATION_FILE = "deployment.cfg" +DEFAULT_DEPLOYMENT_CONFIGURATION = "default.cfg" +USER_DEPLOYMENT_CONFIGURATION = "deployment.cfg" PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE =\ - PKI_DEPLOYMENT_CONFIGURATION_DIR + "/" + PKI_DEPLOYMENT_CONFIGURATION_FILE + "/etc/pki/" + DEFAULT_DEPLOYMENT_CONFIGURATION PKI_DEPLOYMENT_SLOTS_CONFIGURATION_FILE =\ PKI_DEPLOYMENT_CONFIGURATION_DIR + "/pkislots.cfg" @@ -140,7 +141,8 @@ pki_deployment_executable = None # PKI Deployment "Mandatory" Command-Line Variables pki_subsystem = None # 'pkispawn' ONLY -pkideployment_cfg = None +default_deployment_cfg = None +user_deployment_cfg = None # 'pkidestroy' ONLY pki_deployed_instance_name = None diff --git a/base/deploy/src/scriptlets/pkihelper.py b/base/deploy/src/scriptlets/pkihelper.py index 8be6c5c5d..2d7b75938 100644 --- a/base/deploy/src/scriptlets/pkihelper.py +++ b/base/deploy/src/scriptlets/pkihelper.py @@ -442,7 +442,7 @@ class configuration_file: config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_ds_password", - master['pki_deployment_cfg'], + master['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) sys.exit(1) # Verify existence of Admin Password (except for Clones) @@ -452,7 +452,7 @@ class configuration_file: config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_admin_password", - master['pki_deployment_cfg'], + master['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) sys.exit(1) # If required, verify existence of Backup Password @@ -462,7 +462,7 @@ class configuration_file: config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_backup_password", - master['pki_deployment_cfg'], + master['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) sys.exit(1) # Verify existence of Client Pin for NSS client security databases @@ -471,7 +471,7 @@ class configuration_file: config.pki_log.error( log.PKIHELPER_UNDEFINED_CLIENT_DATABASE_PASSWORD_2, "pki_client_database_password", - master['pki_deployment_cfg'], + master['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) sys.exit(1) # Verify existence of Client PKCS #12 Password for Admin Cert @@ -480,7 +480,7 @@ class configuration_file: config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_client_pkcs12_password", - master['pki_deployment_cfg'], + master['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) sys.exit(1) # Verify existence of PKCS #12 Password (ONLY for Clones) @@ -490,7 +490,7 @@ class configuration_file: config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_clone_pkcs12_password", - master['pki_deployment_cfg'], + master['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) sys.exit(1) # Verify existence of Security Domain Password File @@ -503,7 +503,7 @@ class configuration_file: config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_security_domain_password", - master['pki_deployment_cfg'], + master['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) sys.exit(1) # If required, verify existence of Token Password @@ -513,7 +513,7 @@ class configuration_file: config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_token_password", - master['pki_deployment_cfg'], + master['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) sys.exit(1) return @@ -527,28 +527,28 @@ class configuration_file: config.str2bool(master['pki_subordinate']): config.pki_log.error( log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_SUB_CA, - master['pki_deployment_cfg'], + master['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) sys.exit(1) elif config.str2bool(master['pki_clone']) and\ config.str2bool(master['pki_external']): config.pki_log.error( log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_CA, - master['pki_deployment_cfg'], + master['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) sys.exit(1) elif config.str2bool(master['pki_clone']) and\ config.str2bool(master['pki_subordinate']): config.pki_log.error( log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_SUB_CA, - master['pki_deployment_cfg'], + master['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) sys.exit(1) elif config.str2bool(master['pki_external']) and\ config.str2bool(master['pki_subordinate']): config.pki_log.error( log.PKIHELPER_MUTUALLY_EXCLUSIVE_EXTERNAL_SUB_CA, - master['pki_deployment_cfg'], + master['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) sys.exit(1) @@ -571,7 +571,7 @@ class configuration_file: config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_ds_base_dn", - master['pki_deployment_cfg'], + master['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) sys.exit(1) if not master.has_key('pki_ds_ldap_port') or\ @@ -582,7 +582,7 @@ class configuration_file: config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_ds_ldap_port", - master['pki_deployment_cfg'], + master['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) sys.exit(1) if not master.has_key('pki_ds_ldaps_port') or\ @@ -593,7 +593,7 @@ class configuration_file: config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_ds_ldaps_port", - master['pki_deployment_cfg'], + master['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) sys.exit(1) # NOTE: Although this will be checked prior to getting to @@ -609,7 +609,7 @@ class configuration_file: config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_ajp_port", - master['pki_deployment_cfg'], + master['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) sys.exit(1) if not master.has_key('pki_http_port') or\ @@ -620,7 +620,7 @@ class configuration_file: config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_http_port", - master['pki_deployment_cfg'], + master['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) sys.exit(1) if not master.has_key('pki_https_port') or\ @@ -631,7 +631,7 @@ class configuration_file: config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_https_port", - master['pki_deployment_cfg'], + master['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) sys.exit(1) if not master.has_key('pki_tomcat_server_port') or\ @@ -642,7 +642,7 @@ class configuration_file: config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_tomcat_server_port", - master['pki_deployment_cfg'], + master['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) sys.exit(1) if not master.has_key('pki_clone_pkcs12_path') or\ @@ -650,7 +650,7 @@ class configuration_file: config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_clone_pkcs12_path", - master['pki_deployment_cfg'], + master['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) sys.exit(1) elif not os.path.isfile(master['pki_clone_pkcs12_path']): @@ -664,7 +664,7 @@ class configuration_file: config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_clone_replication_security", - master['pki_deployment_cfg'], + master['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) sys.exit(1) if not master.has_key('pki_clone_uri') or\ @@ -672,7 +672,7 @@ class configuration_file: config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_clone_uri", - master['pki_deployment_cfg'], + master['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) sys.exit(1) elif master['pki_subsystem'] == "CA" and\ @@ -682,7 +682,7 @@ class configuration_file: config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_external_step_two", - master['pki_deployment_cfg'], + master['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) sys.exit(1) if not config.str2bool(master['pki_step_two']): @@ -691,7 +691,7 @@ class configuration_file: config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_external_csr_path", - master['pki_deployment_cfg'], + master['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) sys.exit(1) elif not os.path.isfile(master['pki_external_csr_path']): @@ -706,7 +706,7 @@ class configuration_file: config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_external_ca_cert_chain_path", - master['pki_deployment_cfg'], + master['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) sys.exit(1) elif not os.path.isfile( @@ -721,7 +721,7 @@ class configuration_file: config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_external_ca_cert_path", - master['pki_deployment_cfg'], + master['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) sys.exit(1) elif not os.path.isfile( diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py index a99425960..f05b8cce9 100644 --- a/base/deploy/src/scriptlets/pkiparser.py +++ b/base/deploy/src/scriptlets/pkiparser.py @@ -41,81 +41,53 @@ class PKIConfigParser: COMMENT_CHAR = '#' OPTION_CHAR = '=' - def __init__(self): + def __init__(self, description, epilog): self.pki_config = None - # PKI Deployment Helper Functions - def process_command_line_arguments(self, argv): "Read and process command-line options" - config.pki_deployment_executable = os.path.basename(argv[0]) - description = None - if config.pki_deployment_executable == 'pkispawn': - description = 'PKI Instance Installation and Configuration' - epilog = log.PKISPAWN_EPILOG - elif config.pki_deployment_executable == 'pkidestroy': - description = 'PKI Instance Removal' - epilog = log.PKIDESTROY_EPILOG - parser = argparse.ArgumentParser( + self.arg_parser = argparse.ArgumentParser( description=description, add_help=False, formatter_class=argparse.RawDescriptionHelpFormatter, epilog=epilog) + # Establish 'Mandatory' command-line options - mandatory = parser.add_argument_group('mandatory arguments') - mandatory.add_argument('-s', + self.mandatory = self.arg_parser.add_argument_group('mandatory arguments') + self.mandatory.add_argument('-s', dest='pki_subsystem', action='store', nargs=1, choices=config.PKI_SUBSYSTEMS, required=True, metavar='<subsystem>', help='where <subsystem> is ' 'CA, KRA, OCSP, RA, TKS, or TPS') - if config.pki_deployment_executable == 'pkispawn': - mandatory.add_argument('-f', - dest='pkideployment_cfg', action='store', - nargs=1, required=True, metavar='<file>', - help='configuration filename ' - '(MUST specify complete path)') - elif config.pki_deployment_executable == 'pkidestroy': - mandatory.add_argument('-i', - dest='pki_deployed_instance_name', - action='store', - nargs=1, required=True, metavar='<instance>', - help='FORMAT: ${pki_instance_name}' - '[.${pki_admin_domain_name}]') + # Establish 'Optional' command-line options - optional = parser.add_argument_group('optional arguments') - optional.add_argument('-h', '--help', + self.optional = self.arg_parser.add_argument_group('optional arguments') + self.optional.add_argument('-h', '--help', dest='help', action='help', help='show this help message and exit') - if config.pki_deployment_executable == 'pkispawn': - optional.add_argument('-u', - dest='pki_update_flag', action='store_true', - help='update instance of specified subsystem') - optional.add_argument('-v', + self.optional.add_argument('-v', dest='pki_verbosity', action='count', help='display verbose information (details below)') + # Establish 'Test' command-line options - test = parser.add_argument_group('test arguments') + test = self.arg_parser.add_argument_group('test arguments') test.add_argument('-p', dest='pki_root_prefix', action='store', nargs=1, metavar='<prefix>', help='directory prefix to specify local directory ' '[TEST ONLY]') + + # PKI Deployment Helper Functions + def process_command_line_arguments(self, argv): + # Parse command-line options - args = parser.parse_args() + args = self.arg_parser.parse_args() + # Process 'Mandatory' command-line options # '-s' config.pki_subsystem = str(args.pki_subsystem).strip('[\']') - if config.pki_deployment_executable == 'pkispawn': - # '-f' - config.pkideployment_cfg = str(args.pkideployment_cfg).strip('[\']') - elif config.pki_deployment_executable == 'pkidestroy': - # '-i' - config.pki_deployed_instance_name =\ - str(args.pki_deployed_instance_name).strip('[\']') + # Process 'Optional' command-line options - if config.pki_deployment_executable == 'pkispawn': - # '-u' - config.pki_update_flag = args.pki_update_flag # '-v' if args.pki_verbosity == 1: config.pki_jython_log_level = config.PKI_JYTHON_INFO_LOG_LEVEL @@ -132,17 +104,24 @@ class PKIConfigParser: elif args.pki_verbosity > 3: print "ERROR: " + log.PKI_VERBOSITY_LEVELS_MESSAGE print - parser.print_help() - parser.exit(-1); + self.arg_parser.print_help() + self.arg_parser.exit(-1); else: # Set default log levels config.pki_jython_log_level = config.PKI_JYTHON_WARNING_LOG_LEVEL config.pki_console_log_level = logging.WARNING config.pki_log_level = logging.INFO + # Process 'Test' command-line options # '-p' if not args.pki_root_prefix is None: config.pki_root_prefix = str(args.pki_root_prefix).strip('[\']') + + return args + + + def validate(self): + # Validate command-line options if config.pki_root_prefix is None or\ len(config.pki_root_prefix) == 0: @@ -153,42 +132,28 @@ class PKIConfigParser: log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 %\ config.pki_root_prefix print - parser.print_help() - parser.exit(-1); - if config.pki_deployment_executable == 'pkidestroy': - # verify that previously deployed instance exists - deployed_pki_instance_path = config.pki_root_prefix +\ - config.PKI_DEPLOYMENT_BASE_ROOT + "/" +\ - config.pki_deployed_instance_name - if not os.path.exists(deployed_pki_instance_path): - print "ERROR: " + log.PKI_INSTANCE_DOES_NOT_EXIST_1 %\ - deployed_pki_instance_path - print - parser.exit(-1); - # verify that previously deployed subsystem for this instance exists - deployed_pki_subsystem_path = deployed_pki_instance_path + "/" +\ - config.pki_subsystem.lower() - if not os.path.exists(deployed_pki_subsystem_path): - print "ERROR: " + log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2 %\ - (config.pki_subsystem, deployed_pki_instance_path) - print - parser.exit(-1); - # establish complete path to previously deployed configuration file - config.pkideployment_cfg =\ - deployed_pki_subsystem_path + "/" +\ - "registry" + "/" +\ - config.pki_subsystem.lower() + "/" +\ - config.PKI_DEPLOYMENT_CONFIGURATION_FILE - # always verify that configuration file exists - if not os.path.exists(config.pkideployment_cfg) or\ - not os.path.isfile(config.pkideployment_cfg): + self.arg_parser.print_help() + self.arg_parser.exit(-1); + + # always default that configuration file exists + if not os.path.exists(config.default_deployment_cfg) or\ + not os.path.isfile(config.default_deployment_cfg): print "ERROR: " +\ log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 %\ - config.pkideployment_cfg + config.default_deployment_cfg print - parser.print_help() - parser.exit(-1); - return + self.arg_parser.print_help() + self.arg_parser.exit(-1); + + # verify user configuration file exists + if not os.path.exists(config.user_deployment_cfg) or\ + not os.path.isfile(config.user_deployment_cfg): + print "ERROR: " +\ + log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 %\ + config.user_deployment_cfg + print + self.arg_parser.print_help() + self.arg_parser.exit(-1); # The following code is based heavily upon @@ -224,7 +189,7 @@ class PKIConfigParser: self.pki_config.optionxform = str self.pki_config.read([ config.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE, - config.pkideployment_cfg]) + config.user_deployment_cfg]) config.pki_default_dict = self.pki_config.defaults() pkilogging.sensitive_parameters = config.pki_default_dict['sensitive_parameters'].split() config.pki_common_dict = dict(self.pki_config._sections['Common']) @@ -275,7 +240,8 @@ class PKIConfigParser: config.pki_dns_domainname config.pki_master_dict['pki_jython_log_level'] =\ config.pki_jython_log_level - config.pki_master_dict['pki_deployment_cfg'] = config.pkideployment_cfg + config.pki_master_dict['pki_default_deployment_cfg'] = config.default_deployment_cfg + config.pki_master_dict['pki_user_deployment_cfg'] = config.user_deployment_cfg config.pki_master_dict['pki_deployed_instance_name'] =\ config.pki_deployed_instance_name # Generate random 'pin's for use as security database passwords @@ -2200,18 +2166,31 @@ class PKIConfigParser: config.pki_master_dict['pki_storage_token'] =\ "Internal Key Storage Token" # Finalization name/value pairs - config.pki_master_dict['pki_deployment_cfg_replica'] =\ + config.pki_master_dict['pki_default_deployment_cfg_replica'] =\ os.path.join(config.pki_master_dict['pki_subsystem_registry_path'], - config.PKI_DEPLOYMENT_CONFIGURATION_FILE) - config.pki_master_dict['pki_deployment_cfg_spawn_archive'] =\ + config.DEFAULT_DEPLOYMENT_CONFIGURATION) + config.pki_master_dict['pki_user_deployment_cfg_replica'] =\ + os.path.join(config.pki_master_dict['pki_subsystem_registry_path'], + config.USER_DEPLOYMENT_CONFIGURATION) + config.pki_master_dict['pki_default_deployment_cfg_spawn_archive'] =\ + config.pki_master_dict['pki_subsystem_archive_log_path'] + "/" +\ + "spawn" + "_" +\ + config.DEFAULT_DEPLOYMENT_CONFIGURATION + "." +\ + config.pki_master_dict['pki_timestamp'] + config.pki_master_dict['pki_user_deployment_cfg_spawn_archive'] =\ config.pki_master_dict['pki_subsystem_archive_log_path'] + "/" +\ "spawn" + "_" +\ - config.PKI_DEPLOYMENT_CONFIGURATION_FILE + "." +\ + config.USER_DEPLOYMENT_CONFIGURATION + "." +\ + config.pki_master_dict['pki_timestamp'] + config.pki_master_dict['pki_default_deployment_cfg_respawn_archive'] =\ + config.pki_master_dict['pki_subsystem_archive_log_path'] + "/" +\ + "respawn" + "_" +\ + config.DEFAULT_DEPLOYMENT_CONFIGURATION + "." +\ config.pki_master_dict['pki_timestamp'] - config.pki_master_dict['pki_deployment_cfg_respawn_archive'] =\ + config.pki_master_dict['pki_user_deployment_cfg_respawn_archive'] =\ config.pki_master_dict['pki_subsystem_archive_log_path'] + "/" +\ "respawn" + "_" +\ - config.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE + "." +\ + config.USER_DEPLOYMENT_CONFIGURATION + "." +\ config.pki_master_dict['pki_timestamp'] config.pki_master_dict['pki_manifest'] =\ config.pki_master_dict['pki_subsystem_registry_path'] + "/" +\ diff --git a/specs/pki-core.spec b/specs/pki-core.spec index d0cdfcb2f..aba656b79 100644 --- a/specs/pki-core.spec +++ b/specs/pki-core.spec @@ -14,7 +14,7 @@ distutils.sysconfig import get_python_lib; print(get_python_lib(1))")} Name: pki-core Version: 10.0.0 -Release: %{?relprefix}53%{?prerel}%{?dist} +Release: %{?relprefix}54%{?prerel}%{?dist} Summary: Certificate System - PKI Core Components URL: http://pki.fedoraproject.org/ License: GPLv2 @@ -816,6 +816,7 @@ fi %{python_sitelib}/pki/_* %{python_sitelib}/pki/deployment/ %dir %{_datadir}/pki/deployment +%{_sysconfdir}/pki/default.cfg %{_datadir}/pki/deployment/config/ %dir %{_datadir}/pki/scripts %{_datadir}/pki/scripts/operations @@ -958,6 +959,9 @@ fi %changelog +* Tue Dec 4 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.54.b3 +- Moved default deployment configuration to /etc/pki. + * Mon Nov 19 2012 Ade Lee <alee@redhat.com> 10.0.0-0.53.b3 - Cleaned up spec file to provide only support rhel 7+, f17+ - Added resteasy-base dependency for rhel 7 |