summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--base/deploy/etc/default.cfg74
-rw-r--r--base/deploy/src/scriptlets/pkiparser.py138
2 files changed, 73 insertions, 139 deletions
diff --git a/base/deploy/etc/default.cfg b/base/deploy/etc/default.cfg
index f665bb8..56686c0 100644
--- a/base/deploy/etc/default.cfg
+++ b/base/deploy/etc/default.cfg
@@ -57,12 +57,12 @@ destroy_scriplets=
# case someone wants to override them in their config file.
#
# Tomcat instances:
-# pki_subsystem_name=pki_tomcat
+# pki_instance_name=pki_tomcat
# pki_https_port=8443
# pki_http_port=8080
#
# Apache instances:
-# pki_subsystem_name=pki_tomcat
+# pki_instance_name=pki_tomcat
# pki_https_port=443
# pki_http_port=80
@@ -113,6 +113,16 @@ pki_token_name=internal
pki_token_password=
pki_user=pkiuser
+# Paths:
+# These are used in the processing of pkispawn and are not supposed
+# to be overwritten by user configuration files.
+#
+pki_source_conf_path=/usr/share/pki/%{pki_subsystem_type}/conf
+pki_source_setup_path=/usr/share/pki/setup
+pki_source_server_path=/usr/share/pki/server/conf
+pki_source_cs_cfg=/usr/share/pki/%{pki_subsystem_type}/conf/CS.cfg
+pki_source_registry=/usr/share/pki/setup/pkidaemon_registry
+
###############################################################################
## Apache Configuration: ##
## ##
@@ -122,6 +132,19 @@ pki_user=pkiuser
###############################################################################
[Apache]
+# Paths
+# These are used in the processing of pkispawn and are not supposed
+# to be overwritten by user configuration files.
+#
+pki_systemd_service=/lib/systemd/system/pki-apached@.service
+pki_systemd_target=/lib/systemd/system/pki-apached.target
+pki_systemd_target_wants=/etc/systemd/system/pki-apached.target.wants
+pki_systemd_service_link=%(pki_systemd_target_wants)s/pki-apached@%(pki_instance_name)s.service
+pki_cgroup_systemd_service_path=/sys/fs/cgroup/systemd/system/%(pki_systemd_service)s
+pki_cgroup_systemd_service=%(pki_cgroup_systemd_service_path)s/%(pki_instance_name)s
+pki_cgroup_cpu_systemd_service_path=/sys/fs/cgroup/cpu\,cpuacct/system/%(pki_systemd_service)s
+pki_cgroup_cpu_systemd_service=%(pki_cgroup_cpu_systemd_service_path)s/%(pki_systemd_service)s
+
###############################################################################
## Tomcat Configuration: ##
## ##
@@ -154,6 +177,28 @@ pki_proxy_https_port=443
pki_security_manager=true
pki_tomcat_server_port=8005
+# Paths
+# These are used in the processing of pkispawn and are not supposed
+# to be overwritten by user configuration files.
+#
+pki_systemd_service=/lib/systemd/system/pki-tomcatd@.service
+pki_systemd_target=/lib/systemd/system/pki-tomcatd.target
+pki_systemd_target_wants=/etc/systemd/system/pki-tomcatd.target.wants
+pki_systemd_service_link=%(pki_systemd_target_wants)s/pki-tomcatd@%(pki_instance_name)s.service
+pki_cgroup_systemd_service_path=/sys/fs/cgroup/systemd/system/%(pki_systemd_service)s
+pki_cgroup_systemd_service=%(pki_cgroup_systemd_service_path)s/%(pki_instance_name)s
+pki_cgroup_cpu_systemd_service_path=/sys/fs/cgroup/cpu\,cpuacct/system/%(pki_systemd_service)s
+pki_cgroup_cpu_systemd_service=%(pki_cgroup_cpu_systemd_service_path)s/%(pki_systemd_service)s
+pki_tomcat_bin_path=/usr/share/tomcat/bin
+pki_tomcat_lib_path=/usr/share/tomcat/lib
+pki_tomcat_systemd=/usr/sbin/tomcat-sysd
+pki_source_catalina_properties=%(pki_source_server_path)s/catalina.properties
+pki_source_servercertnick_conf=%(pki_source_server_path)s/serverCertNick.conf
+pki_source_server_xml=%(pki_source_server_path)s/server.xml
+pki_source_context_xml=%(pki_source_server_path)s/context.xml
+pki_source_tomcat_conf=%(pki_source_server_path)s/tomcat.conf
+
+
###############################################################################
## CA Configuration: ##
## ##
@@ -206,6 +251,22 @@ pki_subsystem_name=CA %(pki_hostname)s %(pki_https_port)s
pki_subsystem_nickname=subsystemCert cert-%(pki_instance_name)s CA
pki_subsystem_subject_dn=cn=CA Subsystem Certificate,o=%(pki_security_domain_name)s
+# Paths
+# These are used in the processing of pkispawn and are not supposed
+# to be overwritten by user configuration files.
+#
+pki_source_emails=/usr/share/pki/ca/emails
+pki_source_flatfile_txt=%(pki_source_conf_path)s/flatfile.txt
+pki_source_profiles=/usr/share/pki/ca/profiles
+pki_source_proxy_conf=%(pki_source_conf_path)s/proxy.conf
+pki_source_registry_cfg=%(pki_source_conf_path)s/registry.cfg
+pki_source_admincert_profile=%(pki_source_conf_path)s/adminCert.profile
+pki_source_caauditsigningcert_profile=%(pki_source_conf_path)s/caAuditSigningCert.profile
+pki_source_cacert_profile=%(pki_source_conf_path)s/caCert.profile
+pki_source_caocspcert_profile=%(pki_source_conf_path)s/caOCSPCert.profile
+pki_source_servercert_profile=%(pki_source_conf_path)s/serverCert.profile
+pki_source_subsystemcert_profile=%(pki_source_conf_path)s/subsystemCert.profile
+
###############################################################################
## KRA Configuration: ##
@@ -244,6 +305,15 @@ pki_subsystem_name=KRA %(pki_hostname)s %(pki_https_port)s
pki_subsystem_nickname=subsystemCert cert-%(pki_instance_name)s KRA
pki_subsystem_subject_dn=cn=KRA Subsystem Certificate,o=%(pki_security_domain_name)s
+# Paths
+# These are used in the processing of pkispawn and are not supposed
+# to be overwritten by user configuration files.
+#
+pki_source_servercert_profile=%(pki_source_conf_path)s/serverCert.profile
+pki_source_storagecert_profile=%(pki_source_conf_path)s/storageCert.profile
+pki_source_subsystemcert_profile=%(pki_source_conf_path)s/subsystemCert.profile
+pki_source_transportcert_profile=%(pki_source_conf_path)s/transportCert.profile
+
###############################################################################
## OCSP Configuration: ##
## ##
diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py
index c0f5a43..a971fcb 100644
--- a/base/deploy/src/scriptlets/pkiparser.py
+++ b/base/deploy/src/scriptlets/pkiparser.py
@@ -198,6 +198,7 @@ class PKIConfigParser:
'pki_https_port': default_https_port,
'pki_dns_domainname': config.pki_dns_domainname,
'pki_subsystem' : config.pki_subsystem,
+ 'pki_subsystem_type': config.pki_subsystem.lower(),
'pki_hostname': config.pki_hostname}
self.pki_config = ConfigParser.SafeConfigParser(predefined_dict)
@@ -327,143 +328,6 @@ class PKIConfigParser:
# (e. g. Apache: "pki-apache", "pki-apache.example.com")
#
- # PKI Source name/value pairs
- config.pki_master_dict['pki_source_conf_path'] =\
- os.path.join(config.PKI_DEPLOYMENT_SOURCE_ROOT,
- config.pki_master_dict['pki_subsystem'].lower(),
- "conf")
- config.pki_master_dict['pki_source_setup_path'] =\
- os.path.join(config.PKI_DEPLOYMENT_SOURCE_ROOT,
- "setup")
- config.pki_master_dict['pki_source_server_path'] =\
- os.path.join(config.PKI_DEPLOYMENT_SOURCE_ROOT,
- "server",
- "conf")
- config.pki_master_dict['pki_source_cs_cfg'] =\
- os.path.join(config.pki_master_dict['pki_source_conf_path'],
- "CS.cfg")
- config.pki_master_dict['pki_source_registry'] =\
- os.path.join(config.pki_master_dict['pki_source_setup_path'],
- "pkidaemon_registry")
- if config.pki_master_dict['pki_subsystem'] in\
- config.PKI_APACHE_SUBSYSTEMS:
- config.pki_master_dict['pki_systemd_service'] =\
- config.PKI_DEPLOYMENT_SYSTEMD_ROOT + "/" +\
- "pki-apached" + "@" + ".service"
- config.pki_master_dict['pki_systemd_target'] =\
- config.PKI_DEPLOYMENT_SYSTEMD_ROOT + "/" +\
- "pki-apached.target"
- config.pki_master_dict['pki_systemd_target_wants'] =\
- config.PKI_DEPLOYMENT_SYSTEMD_CONFIGURATION_ROOT + "/" +\
- "pki-apached.target.wants"
- config.pki_master_dict['pki_systemd_service_link'] =\
- config.pki_master_dict['pki_systemd_target_wants'] + "/" +\
- "pki-apached" + "@" +\
- config.pki_master_dict['pki_instance_name'] + ".service"
- elif config.pki_master_dict['pki_subsystem'] in\
- config.PKI_TOMCAT_SUBSYSTEMS:
- config.pki_master_dict['pki_systemd_service'] =\
- config.PKI_DEPLOYMENT_SYSTEMD_ROOT + "/" +\
- "pki-tomcatd" + "@" + ".service"
- config.pki_master_dict['pki_systemd_target'] =\
- config.PKI_DEPLOYMENT_SYSTEMD_ROOT + "/" +\
- "pki-tomcatd.target"
- config.pki_master_dict['pki_systemd_target_wants'] =\
- config.PKI_DEPLOYMENT_SYSTEMD_CONFIGURATION_ROOT + "/" +\
- "pki-tomcatd.target.wants"
- config.pki_master_dict['pki_systemd_service_link'] =\
- config.pki_master_dict['pki_systemd_target_wants'] + "/" +\
- "pki-tomcatd" + "@" +\
- config.pki_master_dict['pki_instance_name'] + ".service"
- config.pki_master_dict['pki_tomcat_bin_path'] =\
- os.path.join(config.PKI_DEPLOYMENT_TOMCAT_ROOT,
- "bin")
- config.pki_master_dict['pki_tomcat_lib_path'] =\
- os.path.join(config.PKI_DEPLOYMENT_TOMCAT_ROOT,
- "lib")
- config.pki_master_dict['pki_tomcat_systemd'] =\
- config.PKI_DEPLOYMENT_TOMCAT_SYSTEMD
- config.pki_master_dict['pki_source_catalina_properties'] =\
- os.path.join(config.pki_master_dict['pki_source_server_path'],
- "catalina.properties")
- config.pki_master_dict['pki_source_servercertnick_conf'] =\
- os.path.join(config.pki_master_dict['pki_source_server_path'],
- "serverCertNick.conf")
- config.pki_master_dict['pki_source_server_xml'] =\
- os.path.join(config.pki_master_dict['pki_source_server_path'],
- "server.xml")
- config.pki_master_dict['pki_source_context_xml'] =\
- os.path.join(config.pki_master_dict['pki_source_server_path'],
- "context.xml")
- config.pki_master_dict['pki_source_tomcat_conf'] =\
- os.path.join(config.pki_master_dict['pki_source_server_path'],
- "tomcat.conf")
- if config.pki_master_dict['pki_subsystem'] == "CA":
- config.pki_master_dict['pki_source_emails'] =\
- os.path.join(config.PKI_DEPLOYMENT_SOURCE_ROOT,
- "ca",
- "emails")
- config.pki_master_dict['pki_source_flatfile_txt'] =\
- os.path.join(config.pki_master_dict['pki_source_conf_path'],
- "flatfile.txt")
- config.pki_master_dict['pki_source_profiles'] =\
- os.path.join(config.PKI_DEPLOYMENT_SOURCE_ROOT,
- "ca",
- "profiles")
- config.pki_master_dict['pki_source_proxy_conf'] =\
- os.path.join(config.pki_master_dict['pki_source_conf_path'],
- "proxy.conf")
- config.pki_master_dict['pki_source_registry_cfg'] =\
- os.path.join(config.pki_master_dict['pki_source_conf_path'],
- "registry.cfg")
- # '*.profile'
- config.pki_master_dict['pki_source_admincert_profile'] =\
- os.path.join(config.pki_master_dict['pki_source_conf_path'],
- "adminCert.profile")
- config.pki_master_dict['pki_source_caauditsigningcert_profile']\
- = os.path.join(
- config.pki_master_dict['pki_source_conf_path'],
- "caAuditSigningCert.profile")
- config.pki_master_dict['pki_source_cacert_profile'] =\
- os.path.join(config.pki_master_dict['pki_source_conf_path'],
- "caCert.profile")
- config.pki_master_dict['pki_source_caocspcert_profile'] =\
- os.path.join(config.pki_master_dict['pki_source_conf_path'],
- "caOCSPCert.profile")
- config.pki_master_dict['pki_source_servercert_profile'] =\
- os.path.join(config.pki_master_dict['pki_source_conf_path'],
- "serverCert.profile")
- config.pki_master_dict['pki_source_subsystemcert_profile'] =\
- os.path.join(config.pki_master_dict['pki_source_conf_path'],
- "subsystemCert.profile")
- elif config.pki_master_dict['pki_subsystem'] == "KRA":
- # '*.profile'
- config.pki_master_dict['pki_source_servercert_profile'] =\
- os.path.join(config.pki_master_dict['pki_source_conf_path'],
- "serverCert.profile")
- config.pki_master_dict['pki_source_storagecert_profile'] =\
- os.path.join(config.pki_master_dict['pki_source_conf_path'],
- "storageCert.profile")
- config.pki_master_dict['pki_source_subsystemcert_profile'] =\
- os.path.join(config.pki_master_dict['pki_source_conf_path'],
- "subsystemCert.profile")
- config.pki_master_dict['pki_source_transportcert_profile'] =\
- os.path.join(config.pki_master_dict['pki_source_conf_path'],
- "transportCert.profile")
- config.pki_master_dict['pki_cgroup_systemd_service_path'] =\
- os.path.join("/sys/fs/cgroup/systemd/system",
- config.pki_master_dict['pki_systemd_service'])
- config.pki_master_dict['pki_cgroup_systemd_service'] =\
- os.path.join(
- config.pki_master_dict['pki_cgroup_systemd_service_path'],
- config.pki_master_dict['pki_instance_name'])
- config.pki_master_dict['pki_cgroup_cpu_systemd_service_path'] =\
- os.path.join("/sys/fs/cgroup/cpu\,cpuacct/system",
- config.pki_master_dict['pki_systemd_service'])
- config.pki_master_dict['pki_cgroup_cpu_systemd_service'] =\
- os.path.join(
- config.pki_master_dict['pki_cgroup_cpu_systemd_service_path'],
- config.pki_master_dict['pki_instance_name'])
# PKI top-level file system layout name/value pairs
# NOTE: Never use 'os.path.join()' whenever 'pki_root_prefix'
# is being prepended!!!