summaryrefslogtreecommitdiffstats
path: root/base/deploy/src/scriptlets/configuration.py
diff options
context:
space:
mode:
Diffstat (limited to 'base/deploy/src/scriptlets/configuration.py')
-rw-r--r--base/deploy/src/scriptlets/configuration.py176
1 files changed, 62 insertions, 114 deletions
diff --git a/base/deploy/src/scriptlets/configuration.py b/base/deploy/src/scriptlets/configuration.py
index f2d3ab1b1..c9454d951 100644
--- a/base/deploy/src/scriptlets/configuration.py
+++ b/base/deploy/src/scriptlets/configuration.py
@@ -39,98 +39,59 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
return self.rv
config.pki_log.info(log.CONFIGURATION_SPAWN_1, __name__,
extra=config.PKI_INDENTATION_LEVEL_1)
- if not config.pki_dry_run_flag:
- # Place "slightly" less restrictive permissions on
- # the top-level client directory ONLY
- util.directory.create(master['pki_client_dir'],
- uid=0, gid=0,
- perms=config.PKI_DEPLOYMENT_DEFAULT_CLIENT_DIR_PERMISSIONS)
- # Since 'certutil' does NOT strip the 'token=' portion of
- # the 'token=password' entries, create a client password file
- # which ONLY contains the 'password' for the purposes of
- # allowing 'certutil' to generate the security databases
- util.password.create_password_conf(
- master['pki_client_password_conf'],
- sensitive['pki_client_database_password'], pin_sans_token=True)
- util.file.modify(master['pki_client_password_conf'],
- uid=0, gid=0)
- # Similarly, create a simple password file containing the
- # PKCS #12 password used when exporting the "Admin Certificate"
- # into a PKCS #12 file
- util.password.create_client_pkcs12_password_conf(
- master['pki_client_pkcs12_password_conf'])
- util.file.modify(master['pki_client_pkcs12_password_conf'])
- util.directory.create(master['pki_client_database_dir'],
- uid=0, gid=0)
- util.certutil.create_security_databases(
- master['pki_client_database_dir'],
- master['pki_client_cert_database'],
- master['pki_client_key_database'],
- master['pki_client_secmod_database'],
- password_file=master['pki_client_password_conf'])
- util.symlink.create(master['pki_systemd_service'],
- master['pki_systemd_service_link'])
- else:
- # Since 'certutil' does NOT strip the 'token=' portion of
- # the 'token=password' entries, create a client password file
- # which ONLY contains the 'password' for the purposes of
- # allowing 'certutil' to generate the security databases
- util.password.create_password_conf(
- master['pki_client_password_conf'],
- sensitive['pki_client_database_password'], pin_sans_token=True)
- # Similarly, create a simple password file containing the
- # PKCS #12 password used when exporting the "Admin Certificate"
- # into a PKCS #12 file
- util.password.create_client_pkcs12_password_conf(
- master['pki_client_pkcs12_password_conf'])
- util.certutil.create_security_databases(
- master['pki_client_database_dir'],
- master['pki_client_cert_database'],
- master['pki_client_key_database'],
- master['pki_client_secmod_database'],
- password_file=master['pki_client_password_conf'])
+
+ # Place "slightly" less restrictive permissions on
+ # the top-level client directory ONLY
+ util.directory.create(master['pki_client_dir'],
+ uid=0, gid=0,
+ perms=config.PKI_DEPLOYMENT_DEFAULT_CLIENT_DIR_PERMISSIONS)
+ # Since 'certutil' does NOT strip the 'token=' portion of
+ # the 'token=password' entries, create a client password file
+ # which ONLY contains the 'password' for the purposes of
+ # allowing 'certutil' to generate the security databases
+ util.password.create_password_conf(
+ master['pki_client_password_conf'],
+ sensitive['pki_client_database_password'], pin_sans_token=True)
+ util.file.modify(master['pki_client_password_conf'],
+ uid=0, gid=0)
+ # Similarly, create a simple password file containing the
+ # PKCS #12 password used when exporting the "Admin Certificate"
+ # into a PKCS #12 file
+ util.password.create_client_pkcs12_password_conf(
+ master['pki_client_pkcs12_password_conf'])
+ util.file.modify(master['pki_client_pkcs12_password_conf'])
+ util.directory.create(master['pki_client_database_dir'],
+ uid=0, gid=0)
+ util.certutil.create_security_databases(
+ master['pki_client_database_dir'],
+ master['pki_client_cert_database'],
+ master['pki_client_key_database'],
+ master['pki_client_secmod_database'],
+ password_file=master['pki_client_password_conf'])
+ util.symlink.create(master['pki_systemd_service'],
+ master['pki_systemd_service_link'])
+
# Start/Restart this Apache/Tomcat PKI Process
- if not config.pki_dry_run_flag:
- if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS:
- apache_instance_subsystems =\
- util.instance.apache_instance_subsystems()
- if apache_instance_subsystems == 1:
- util.systemd.start()
- elif apache_instance_subsystems > 1:
- util.systemd.restart()
- elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
- # Optionally prepare to enable a java debugger
- # (e. g. - 'eclipse'):
- if config.str2bool(master['pki_enable_java_debugger']):
- config.prepare_for_an_external_java_debugger(
- master['pki_target_tomcat_conf_instance_id'])
- tomcat_instance_subsystems =\
- util.instance.tomcat_instance_subsystems()
- if tomcat_instance_subsystems == 1:
- util.systemd.start()
- elif tomcat_instance_subsystems > 1:
- util.systemd.restart()
- else:
- # ALWAYS display correct information (even during dry_run)
- if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS:
- apache_instance_subsystems =\
- util.instance.apache_instance_subsystems()
- if apache_instance_subsystems == 0:
- util.systemd.start()
- elif apache_instance_subsystems > 0:
- util.systemd.restart()
- elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
- # Optionally prepare to enable a java debugger
- # (e. g. - 'eclipse'):
- if config.str2bool(master['pki_enable_java_debugger']):
- config.prepare_for_an_external_java_debugger(
- master['pki_target_tomcat_conf_instance_id'])
- tomcat_instance_subsystems =\
- util.instance.tomcat_instance_subsystems()
- if tomcat_instance_subsystems == 0:
- util.systemd.start()
- elif tomcat_instance_subsystems > 0:
- util.systemd.restart()
+ if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS:
+ apache_instance_subsystems =\
+ util.instance.apache_instance_subsystems()
+ if apache_instance_subsystems == 1:
+ util.systemd.start()
+ elif apache_instance_subsystems > 1:
+ util.systemd.restart()
+ elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
+ # Optionally prepare to enable a java debugger
+ # (e. g. - 'eclipse'):
+ if config.str2bool(master['pki_enable_java_debugger']):
+ config.prepare_for_an_external_java_debugger(
+ master['pki_target_tomcat_conf_instance_id'])
+ tomcat_instance_subsystems =\
+ util.instance.tomcat_instance_subsystems()
+ if tomcat_instance_subsystems == 1:
+ util.systemd.start()
+ elif tomcat_instance_subsystems > 1:
+ util.systemd.restart()
+
# Pass control to the Java servlet via Jython 2.2 'configuration.jy'
util.jython.invoke(master['pki_jython_configuration_scriptlet'])
return self.rv
@@ -143,27 +104,14 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
def destroy(self):
config.pki_log.info(log.CONFIGURATION_DESTROY_1, __name__,
extra=config.PKI_INDENTATION_LEVEL_1)
- if not config.pki_dry_run_flag:
- if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\
- util.instance.apache_instance_subsystems() == 1:
- if util.directory.exists(master['pki_client_dir']):
- util.directory.delete(master['pki_client_dir'])
- util.symlink.delete(master['pki_systemd_service_link'])
- elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\
- util.instance.tomcat_instance_subsystems() == 1:
- if util.directory.exists(master['pki_client_dir']):
- util.directory.delete(master['pki_client_dir'])
- util.symlink.delete(master['pki_systemd_service_link'])
- else:
- # ALWAYS display correct information (even during dry_run)
- if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\
- util.instance.apache_instance_subsystems() == 0:
- if util.directory.exists(master['pki_client_dir']):
- util.directory.delete(master['pki_client_dir'])
- util.symlink.delete(master['pki_systemd_service_link'])
- elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\
- util.instance.tomcat_instance_subsystems() == 0:
- if util.directory.exists(master['pki_client_dir']):
- util.directory.delete(master['pki_client_dir'])
- util.symlink.delete(master['pki_systemd_service_link'])
+ if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\
+ util.instance.apache_instance_subsystems() == 1:
+ if util.directory.exists(master['pki_client_dir']):
+ util.directory.delete(master['pki_client_dir'])
+ util.symlink.delete(master['pki_systemd_service_link'])
+ elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\
+ util.instance.tomcat_instance_subsystems() == 1:
+ if util.directory.exists(master['pki_client_dir']):
+ util.directory.delete(master['pki_client_dir'])
+ util.symlink.delete(master['pki_systemd_service_link'])
return self.rv
generated by cgit (git 2.34.1) at 2024-04-16 22:43:18 +0000