summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--base/deploy/CMakeLists.txt11
-rw-r--r--base/deploy/etc/default.cfg (renamed from base/deploy/config/deployment.cfg)0
-rwxr-xr-xbase/deploy/src/pkidestroy53
-rwxr-xr-xbase/deploy/src/pkispawn29
-rw-r--r--base/deploy/src/scriptlets/finalization.py6
-rw-r--r--base/deploy/src/scriptlets/infrastructure_layout.py6
-rw-r--r--base/deploy/src/scriptlets/pkiconfig.py8
-rw-r--r--base/deploy/src/scriptlets/pkihelper.py52
-rw-r--r--base/deploy/src/scriptlets/pkiparser.py157
-rw-r--r--specs/pki-core.spec6
10 files changed, 199 insertions, 129 deletions
diff --git a/base/deploy/CMakeLists.txt b/base/deploy/CMakeLists.txt
index 3848bd499..a602d44a6 100644
--- a/base/deploy/CMakeLists.txt
+++ b/base/deploy/CMakeLists.txt
@@ -57,9 +57,16 @@ install(
install(
DIRECTORY
- config
+ config/
DESTINATION
- ${DATA_INSTALL_DIR}/deployment
+ ${DATA_INSTALL_DIR}/deployment/config
+)
+
+install(
+ DIRECTORY
+ etc/
+ DESTINATION
+ ${SYSCONF_INSTALL_DIR}/pki
)
find_package(PythonInterp REQUIRED)
diff --git a/base/deploy/config/deployment.cfg b/base/deploy/etc/default.cfg
index 6ff7a35bb..6ff7a35bb 100644
--- a/base/deploy/config/deployment.cfg
+++ b/base/deploy/etc/default.cfg
diff --git a/base/deploy/src/pkidestroy b/base/deploy/src/pkidestroy
index 4e8bca9d1..36aee4142 100755
--- a/base/deploy/src/pkidestroy
+++ b/base/deploy/src/pkidestroy
@@ -52,6 +52,8 @@ error was:
def main(argv):
"main entry point"
+ config.pki_deployment_executable = os.path.basename(argv[0])
+
# Only run this program as "root".
if not os.geteuid() == 0:
sys.exit("'%s' must be run as root!" % argv[0])
@@ -88,8 +90,55 @@ def main(argv):
sys.exit(1)
# Read and process command-line arguments.
- parser = PKIConfigParser()
- parser.process_command_line_arguments(argv)
+ parser = PKIConfigParser(
+ 'PKI Instance Removal',
+ log.PKIDESTROY_EPILOG)
+
+ parser.mandatory.add_argument('-i',
+ dest='pki_deployed_instance_name',
+ action='store',
+ nargs=1, required=True, metavar='<instance>',
+ help='FORMAT: ${pki_instance_name}'
+ '[.${pki_admin_domain_name}]')
+
+ args = parser.process_command_line_arguments(argv)
+
+ # -i <instance name>
+ config.pki_deployed_instance_name =\
+ str(args.pki_deployed_instance_name).strip('[\']')
+
+ # verify that previously deployed instance exists
+ deployed_pki_instance_path = config.pki_root_prefix +\
+ config.PKI_DEPLOYMENT_BASE_ROOT + "/" +\
+ config.pki_deployed_instance_name
+ if not os.path.exists(deployed_pki_instance_path):
+ print "ERROR: " + log.PKI_INSTANCE_DOES_NOT_EXIST_1 %\
+ deployed_pki_instance_path
+ print
+ parser.arg_parser.exit(-1);
+
+ # verify that previously deployed subsystem for this instance exists
+ deployed_pki_subsystem_path = deployed_pki_instance_path + "/" +\
+ config.pki_subsystem.lower()
+ if not os.path.exists(deployed_pki_subsystem_path):
+ print "ERROR: " + log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2 %\
+ (config.pki_subsystem, deployed_pki_instance_path)
+ print
+ parser.arg_parser.exit(-1);
+
+ # establish complete path to previously deployed configuration file
+ config.default_deployment_cfg =\
+ deployed_pki_subsystem_path + "/" +\
+ "registry" + "/" +\
+ config.pki_subsystem.lower() + "/" +\
+ config.DEFAULT_DEPLOYMENT_CONFIGURATION
+ config.user_deployment_cfg =\
+ deployed_pki_subsystem_path + "/" +\
+ "registry" + "/" +\
+ config.pki_subsystem.lower() + "/" +\
+ config.USER_DEPLOYMENT_CONFIGURATION
+
+ parser.validate()
# Enable 'pkidestroy' logging.
config.pki_log_dir = config.pki_root_prefix +\
diff --git a/base/deploy/src/pkispawn b/base/deploy/src/pkispawn
index 73d236247..94b1f5b39 100755
--- a/base/deploy/src/pkispawn
+++ b/base/deploy/src/pkispawn
@@ -52,6 +52,8 @@ error was:
def main(argv):
"main entry point"
+ config.pki_deployment_executable = os.path.basename(argv[0])
+
# Only run this program as "root".
if not os.geteuid() == 0:
sys.exit("'%s' must be run as root!" % argv[0])
@@ -88,8 +90,31 @@ def main(argv):
sys.exit(1)
# Read and process command-line arguments.
- parser = PKIConfigParser()
- parser.process_command_line_arguments(argv)
+ parser = PKIConfigParser(
+ 'PKI Instance Installation and Configuration',
+ log.PKISPAWN_EPILOG)
+
+ parser.mandatory.add_argument('-f',
+ dest='user_deployment_cfg', action='store',
+ nargs=1, required=True, metavar='<file>',
+ help='configuration filename '
+ '(MUST specify complete path)')
+
+ parser.optional.add_argument('-u',
+ dest='pki_update_flag', action='store_true',
+ help='update instance of specified subsystem')
+
+ args = parser.process_command_line_arguments(argv)
+
+ config.default_deployment_cfg = config.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE
+
+ # -f <user deployment config>
+ config.user_deployment_cfg = str(args.user_deployment_cfg).strip('[\']')
+
+ # -u
+ config.pki_update_flag = args.pki_update_flag
+
+ parser.validate()
if not os.path.exists(config.PKI_DEPLOYMENT_SOURCE_ROOT +\
"/" + config.pki_subsystem.lower()):
diff --git a/base/deploy/src/scriptlets/finalization.py b/base/deploy/src/scriptlets/finalization.py
index 55a007bca..ec8fa6eff 100644
--- a/base/deploy/src/scriptlets/finalization.py
+++ b/base/deploy/src/scriptlets/finalization.py
@@ -41,8 +41,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
extra=config.PKI_INDENTATION_LEVEL_1)
# For debugging/auditing purposes, save a timestamped copy of
# this configuration file in the subsystem archive
- util.file.copy(master['pki_deployment_cfg_replica'],
- master['pki_deployment_cfg_spawn_archive'])
+ util.file.copy(master['pki_default_deployment_cfg_replica'],
+ master['pki_default_deployment_cfg_spawn_archive'])
+ util.file.copy(master['pki_user_deployment_cfg_replica'],
+ master['pki_user_deployment_cfg_spawn_archive'])
# Save a copy of the installation manifest file
config.pki_log.info(log.PKI_MANIFEST_MESSAGE_1, master['pki_manifest'],
extra=config.PKI_INDENTATION_LEVEL_2)
diff --git a/base/deploy/src/scriptlets/infrastructure_layout.py b/base/deploy/src/scriptlets/infrastructure_layout.py
index 8eed598cd..947fbcdfe 100644
--- a/base/deploy/src/scriptlets/infrastructure_layout.py
+++ b/base/deploy/src/scriptlets/infrastructure_layout.py
@@ -56,8 +56,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
util.directory.create(master['pki_instance_type_registry_path'])
util.directory.create(master['pki_instance_registry_path'])
util.directory.create(master['pki_subsystem_registry_path'])
- util.file.copy(master['pki_deployment_cfg'],
- master['pki_deployment_cfg_replica'])
+ util.file.copy(master['pki_default_deployment_cfg'],
+ master['pki_default_deployment_cfg_replica'])
+ util.file.copy(master['pki_user_deployment_cfg'],
+ master['pki_user_deployment_cfg_replica'])
# establish top-level infrastructure, instance, and subsystem
# base directories and create the "registry" symbolic link that
# the "pkidestroy" executable relies upon
diff --git a/base/deploy/src/scriptlets/pkiconfig.py b/base/deploy/src/scriptlets/pkiconfig.py
index 35c80a5f7..cb92b153b 100644
--- a/base/deploy/src/scriptlets/pkiconfig.py
+++ b/base/deploy/src/scriptlets/pkiconfig.py
@@ -102,9 +102,10 @@ PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME = "pki-tomcat"
PKI_DEPLOYMENT_CONFIGURATION_DIR =\
"/usr/share/pki/deployment/config"
-PKI_DEPLOYMENT_CONFIGURATION_FILE = "deployment.cfg"
+DEFAULT_DEPLOYMENT_CONFIGURATION = "default.cfg"
+USER_DEPLOYMENT_CONFIGURATION = "deployment.cfg"
PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE =\
- PKI_DEPLOYMENT_CONFIGURATION_DIR + "/" + PKI_DEPLOYMENT_CONFIGURATION_FILE
+ "/etc/pki/" + DEFAULT_DEPLOYMENT_CONFIGURATION
PKI_DEPLOYMENT_SLOTS_CONFIGURATION_FILE =\
PKI_DEPLOYMENT_CONFIGURATION_DIR + "/pkislots.cfg"
@@ -140,7 +141,8 @@ pki_deployment_executable = None
# PKI Deployment "Mandatory" Command-Line Variables
pki_subsystem = None
# 'pkispawn' ONLY
-pkideployment_cfg = None
+default_deployment_cfg = None
+user_deployment_cfg = None
# 'pkidestroy' ONLY
pki_deployed_instance_name = None
diff --git a/base/deploy/src/scriptlets/pkihelper.py b/base/deploy/src/scriptlets/pkihelper.py
index 8be6c5c5d..2d7b75938 100644
--- a/base/deploy/src/scriptlets/pkihelper.py
+++ b/base/deploy/src/scriptlets/pkihelper.py
@@ -442,7 +442,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_ds_password",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# Verify existence of Admin Password (except for Clones)
@@ -452,7 +452,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_admin_password",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# If required, verify existence of Backup Password
@@ -462,7 +462,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_backup_password",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# Verify existence of Client Pin for NSS client security databases
@@ -471,7 +471,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CLIENT_DATABASE_PASSWORD_2,
"pki_client_database_password",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# Verify existence of Client PKCS #12 Password for Admin Cert
@@ -480,7 +480,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_client_pkcs12_password",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# Verify existence of PKCS #12 Password (ONLY for Clones)
@@ -490,7 +490,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_clone_pkcs12_password",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# Verify existence of Security Domain Password File
@@ -503,7 +503,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_security_domain_password",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# If required, verify existence of Token Password
@@ -513,7 +513,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_token_password",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
return
@@ -527,28 +527,28 @@ class configuration_file:
config.str2bool(master['pki_subordinate']):
config.pki_log.error(
log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_SUB_CA,
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
elif config.str2bool(master['pki_clone']) and\
config.str2bool(master['pki_external']):
config.pki_log.error(
log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_CA,
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
elif config.str2bool(master['pki_clone']) and\
config.str2bool(master['pki_subordinate']):
config.pki_log.error(
log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_SUB_CA,
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
elif config.str2bool(master['pki_external']) and\
config.str2bool(master['pki_subordinate']):
config.pki_log.error(
log.PKIHELPER_MUTUALLY_EXCLUSIVE_EXTERNAL_SUB_CA,
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
@@ -571,7 +571,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_ds_base_dn",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if not master.has_key('pki_ds_ldap_port') or\
@@ -582,7 +582,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_ds_ldap_port",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if not master.has_key('pki_ds_ldaps_port') or\
@@ -593,7 +593,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_ds_ldaps_port",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
# NOTE: Although this will be checked prior to getting to
@@ -609,7 +609,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_ajp_port",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if not master.has_key('pki_http_port') or\
@@ -620,7 +620,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_http_port",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if not master.has_key('pki_https_port') or\
@@ -631,7 +631,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_https_port",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if not master.has_key('pki_tomcat_server_port') or\
@@ -642,7 +642,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_tomcat_server_port",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if not master.has_key('pki_clone_pkcs12_path') or\
@@ -650,7 +650,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_clone_pkcs12_path",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
elif not os.path.isfile(master['pki_clone_pkcs12_path']):
@@ -664,7 +664,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_clone_replication_security",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if not master.has_key('pki_clone_uri') or\
@@ -672,7 +672,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_clone_uri",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
elif master['pki_subsystem'] == "CA" and\
@@ -682,7 +682,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_external_step_two",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
if not config.str2bool(master['pki_step_two']):
@@ -691,7 +691,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_external_csr_path",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
elif not os.path.isfile(master['pki_external_csr_path']):
@@ -706,7 +706,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_external_ca_cert_chain_path",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
elif not os.path.isfile(
@@ -721,7 +721,7 @@ class configuration_file:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_external_ca_cert_path",
- master['pki_deployment_cfg'],
+ master['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
elif not os.path.isfile(
diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py
index a99425960..f05b8cce9 100644
--- a/base/deploy/src/scriptlets/pkiparser.py
+++ b/base/deploy/src/scriptlets/pkiparser.py
@@ -41,81 +41,53 @@ class PKIConfigParser:
COMMENT_CHAR = '#'
OPTION_CHAR = '='
- def __init__(self):
+ def __init__(self, description, epilog):
self.pki_config = None
- # PKI Deployment Helper Functions
- def process_command_line_arguments(self, argv):
"Read and process command-line options"
- config.pki_deployment_executable = os.path.basename(argv[0])
- description = None
- if config.pki_deployment_executable == 'pkispawn':
- description = 'PKI Instance Installation and Configuration'
- epilog = log.PKISPAWN_EPILOG
- elif config.pki_deployment_executable == 'pkidestroy':
- description = 'PKI Instance Removal'
- epilog = log.PKIDESTROY_EPILOG
- parser = argparse.ArgumentParser(
+ self.arg_parser = argparse.ArgumentParser(
description=description,
add_help=False,
formatter_class=argparse.RawDescriptionHelpFormatter,
epilog=epilog)
+
# Establish 'Mandatory' command-line options
- mandatory = parser.add_argument_group('mandatory arguments')
- mandatory.add_argument('-s',
+ self.mandatory = self.arg_parser.add_argument_group('mandatory arguments')
+ self.mandatory.add_argument('-s',
dest='pki_subsystem', action='store',
nargs=1, choices=config.PKI_SUBSYSTEMS,
required=True, metavar='<subsystem>',
help='where <subsystem> is '
'CA, KRA, OCSP, RA, TKS, or TPS')
- if config.pki_deployment_executable == 'pkispawn':
- mandatory.add_argument('-f',
- dest='pkideployment_cfg', action='store',
- nargs=1, required=True, metavar='<file>',
- help='configuration filename '
- '(MUST specify complete path)')
- elif config.pki_deployment_executable == 'pkidestroy':
- mandatory.add_argument('-i',
- dest='pki_deployed_instance_name',
- action='store',
- nargs=1, required=True, metavar='<instance>',
- help='FORMAT: ${pki_instance_name}'
- '[.${pki_admin_domain_name}]')
+
# Establish 'Optional' command-line options
- optional = parser.add_argument_group('optional arguments')
- optional.add_argument('-h', '--help',
+ self.optional = self.arg_parser.add_argument_group('optional arguments')
+ self.optional.add_argument('-h', '--help',
dest='help', action='help',
help='show this help message and exit')
- if config.pki_deployment_executable == 'pkispawn':
- optional.add_argument('-u',
- dest='pki_update_flag', action='store_true',
- help='update instance of specified subsystem')
- optional.add_argument('-v',
+ self.optional.add_argument('-v',
dest='pki_verbosity', action='count',
help='display verbose information (details below)')
+
# Establish 'Test' command-line options
- test = parser.add_argument_group('test arguments')
+ test = self.arg_parser.add_argument_group('test arguments')
test.add_argument('-p',
dest='pki_root_prefix', action='store',
nargs=1, metavar='<prefix>',
help='directory prefix to specify local directory '
'[TEST ONLY]')
+
+ # PKI Deployment Helper Functions
+ def process_command_line_arguments(self, argv):
+
# Parse command-line options
- args = parser.parse_args()
+ args = self.arg_parser.parse_args()
+
# Process 'Mandatory' command-line options
# '-s'
config.pki_subsystem = str(args.pki_subsystem).strip('[\']')
- if config.pki_deployment_executable == 'pkispawn':
- # '-f'
- config.pkideployment_cfg = str(args.pkideployment_cfg).strip('[\']')
- elif config.pki_deployment_executable == 'pkidestroy':
- # '-i'
- config.pki_deployed_instance_name =\
- str(args.pki_deployed_instance_name).strip('[\']')
+
# Process 'Optional' command-line options
- if config.pki_deployment_executable == 'pkispawn':
- # '-u'
- config.pki_update_flag = args.pki_update_flag
# '-v'
if args.pki_verbosity == 1:
config.pki_jython_log_level = config.PKI_JYTHON_INFO_LOG_LEVEL
@@ -132,17 +104,24 @@ class PKIConfigParser:
elif args.pki_verbosity > 3:
print "ERROR: " + log.PKI_VERBOSITY_LEVELS_MESSAGE
print
- parser.print_help()
- parser.exit(-1);
+ self.arg_parser.print_help()
+ self.arg_parser.exit(-1);
else:
# Set default log levels
config.pki_jython_log_level = config.PKI_JYTHON_WARNING_LOG_LEVEL
config.pki_console_log_level = logging.WARNING
config.pki_log_level = logging.INFO
+
# Process 'Test' command-line options
# '-p'
if not args.pki_root_prefix is None:
config.pki_root_prefix = str(args.pki_root_prefix).strip('[\']')
+
+ return args
+
+
+ def validate(self):
+
# Validate command-line options
if config.pki_root_prefix is None or\
len(config.pki_root_prefix) == 0:
@@ -153,42 +132,28 @@ class PKIConfigParser:
log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 %\
config.pki_root_prefix
print
- parser.print_help()
- parser.exit(-1);
- if config.pki_deployment_executable == 'pkidestroy':
- # verify that previously deployed instance exists
- deployed_pki_instance_path = config.pki_root_prefix +\
- config.PKI_DEPLOYMENT_BASE_ROOT + "/" +\
- config.pki_deployed_instance_name
- if not os.path.exists(deployed_pki_instance_path):
- print "ERROR: " + log.PKI_INSTANCE_DOES_NOT_EXIST_1 %\
- deployed_pki_instance_path
- print
- parser.exit(-1);
- # verify that previously deployed subsystem for this instance exists
- deployed_pki_subsystem_path = deployed_pki_instance_path + "/" +\
- config.pki_subsystem.lower()
- if not os.path.exists(deployed_pki_subsystem_path):
- print "ERROR: " + log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2 %\
- (config.pki_subsystem, deployed_pki_instance_path)
- print
- parser.exit(-1);
- # establish complete path to previously deployed configuration file
- config.pkideployment_cfg =\
- deployed_pki_subsystem_path + "/" +\
- "registry" + "/" +\
- config.pki_subsystem.lower() + "/" +\
- config.PKI_DEPLOYMENT_CONFIGURATION_FILE
- # always verify that configuration file exists
- if not os.path.exists(config.pkideployment_cfg) or\
- not os.path.isfile(config.pkideployment_cfg):
+ self.arg_parser.print_help()
+ self.arg_parser.exit(-1);
+
+ # always default that configuration file exists
+ if not os.path.exists(config.default_deployment_cfg) or\
+ not os.path.isfile(config.default_deployment_cfg):
print "ERROR: " +\
log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 %\
- config.pkideployment_cfg
+ config.default_deployment_cfg
print
- parser.print_help()
- parser.exit(-1);
- return
+ self.arg_parser.print_help()
+ self.arg_parser.exit(-1);
+
+ # verify user configuration file exists
+ if not os.path.exists(config.user_deployment_cfg) or\
+ not os.path.isfile(config.user_deployment_cfg):
+ print "ERROR: " +\
+ log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 %\
+ config.user_deployment_cfg
+ print
+ self.arg_parser.print_help()
+ self.arg_parser.exit(-1);
# The following code is based heavily upon
@@ -224,7 +189,7 @@ class PKIConfigParser:
self.pki_config.optionxform = str
self.pki_config.read([
config.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE,
- config.pkideployment_cfg])
+ config.user_deployment_cfg])
config.pki_default_dict = self.pki_config.defaults()
pkilogging.sensitive_parameters = config.pki_default_dict['sensitive_parameters'].split()
config.pki_common_dict = dict(self.pki_config._sections['Common'])
@@ -275,7 +240,8 @@ class PKIConfigParser:
config.pki_dns_domainname
config.pki_master_dict['pki_jython_log_level'] =\
config.pki_jython_log_level
- config.pki_master_dict['pki_deployment_cfg'] = config.pkideployment_cfg
+ config.pki_master_dict['pki_default_deployment_cfg'] = config.default_deployment_cfg
+ config.pki_master_dict['pki_user_deployment_cfg'] = config.user_deployment_cfg
config.pki_master_dict['pki_deployed_instance_name'] =\
config.pki_deployed_instance_name
# Generate random 'pin's for use as security database passwords
@@ -2200,18 +2166,31 @@ class PKIConfigParser:
config.pki_master_dict['pki_storage_token'] =\
"Internal Key Storage Token"
# Finalization name/value pairs
- config.pki_master_dict['pki_deployment_cfg_replica'] =\
+ config.pki_master_dict['pki_default_deployment_cfg_replica'] =\
os.path.join(config.pki_master_dict['pki_subsystem_registry_path'],
- config.PKI_DEPLOYMENT_CONFIGURATION_FILE)
- config.pki_master_dict['pki_deployment_cfg_spawn_archive'] =\
+ config.DEFAULT_DEPLOYMENT_CONFIGURATION)
+ config.pki_master_dict['pki_user_deployment_cfg_replica'] =\
+ os.path.join(config.pki_master_dict['pki_subsystem_registry_path'],
+ config.USER_DEPLOYMENT_CONFIGURATION)
+ config.pki_master_dict['pki_default_deployment_cfg_spawn_archive'] =\
+ config.pki_master_dict['pki_subsystem_archive_log_path'] + "/" +\
+ "spawn" + "_" +\
+ config.DEFAULT_DEPLOYMENT_CONFIGURATION + "." +\
+ config.pki_master_dict['pki_timestamp']
+ config.pki_master_dict['pki_user_deployment_cfg_spawn_archive'] =\
config.pki_master_dict['pki_subsystem_archive_log_path'] + "/" +\
"spawn" + "_" +\
- config.PKI_DEPLOYMENT_CONFIGURATION_FILE + "." +\
+ config.USER_DEPLOYMENT_CONFIGURATION + "." +\
+ config.pki_master_dict['pki_timestamp']
+ config.pki_master_dict['pki_default_deployment_cfg_respawn_archive'] =\
+ config.pki_master_dict['pki_subsystem_archive_log_path'] + "/" +\
+ "respawn" + "_" +\
+ config.DEFAULT_DEPLOYMENT_CONFIGURATION + "." +\
config.pki_master_dict['pki_timestamp']
- config.pki_master_dict['pki_deployment_cfg_respawn_archive'] =\
+ config.pki_master_dict['pki_user_deployment_cfg_respawn_archive'] =\
config.pki_master_dict['pki_subsystem_archive_log_path'] + "/" +\
"respawn" + "_" +\
- config.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE + "." +\
+ config.USER_DEPLOYMENT_CONFIGURATION + "." +\
config.pki_master_dict['pki_timestamp']
config.pki_master_dict['pki_manifest'] =\
config.pki_master_dict['pki_subsystem_registry_path'] + "/" +\
diff --git a/specs/pki-core.spec b/specs/pki-core.spec
index d0cdfcb2f..aba656b79 100644
--- a/specs/pki-core.spec
+++ b/specs/pki-core.spec
@@ -14,7 +14,7 @@ distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
Name: pki-core
Version: 10.0.0
-Release: %{?relprefix}53%{?prerel}%{?dist}
+Release: %{?relprefix}54%{?prerel}%{?dist}
Summary: Certificate System - PKI Core Components
URL: http://pki.fedoraproject.org/
License: GPLv2
@@ -816,6 +816,7 @@ fi
%{python_sitelib}/pki/_*
%{python_sitelib}/pki/deployment/
%dir %{_datadir}/pki/deployment
+%{_sysconfdir}/pki/default.cfg
%{_datadir}/pki/deployment/config/
%dir %{_datadir}/pki/scripts
%{_datadir}/pki/scripts/operations
@@ -958,6 +959,9 @@ fi
%changelog
+* Tue Dec 4 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.54.b3
+- Moved default deployment configuration to /etc/pki.
+
* Mon Nov 19 2012 Ade Lee <alee@redhat.com> 10.0.0-0.53.b3
- Cleaned up spec file to provide only support rhel 7+, f17+
- Added resteasy-base dependency for rhel 7