summaryrefslogtreecommitdiffstats
path: root/base/deploy/src/scriptlets/configuration.py
diff options
context:
space:
mode:
Diffstat (limited to 'base/deploy/src/scriptlets/configuration.py')
-rw-r--r--base/deploy/src/scriptlets/configuration.py69
1 files changed, 56 insertions, 13 deletions
diff --git a/base/deploy/src/scriptlets/configuration.py b/base/deploy/src/scriptlets/configuration.py
index f40573940..421e08dc0 100644
--- a/base/deploy/src/scriptlets/configuration.py
+++ b/base/deploy/src/scriptlets/configuration.py
@@ -36,9 +36,13 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
extra=config.PKI_INDENTATION_LEVEL_1)
if not config.pki_dry_run_flag:
util.directory.create(master['pki_client_path'], uid=0, gid=0)
+ # Since 'certutil' does NOT strip the 'token=' portion of
+ # the 'token=password' entries, create a client password file
+ # which ONLY contains the 'password' for the purposes of
+ # allowing 'certutil' to generate the security databases
util.password.create_password_conf(
master['pki_client_password_conf'],
- master['pki_client_pin'])
+ master['pki_client_pin'], pin_sans_token=True)
util.directory.create(master['pki_client_database_path'],
uid=0, gid=0)
util.certutil.create_security_databases(
@@ -47,19 +51,60 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
master['pki_client_key_database'],
master['pki_client_secmod_database'],
password_file=master['pki_client_password_conf'])
- util.symlink.create(
- config.pki_master_dict['pki_systemd_service'],
- config.pki_master_dict['pki_systemd_service_link'])
+ util.symlink.create(master['pki_systemd_service'],
+ master['pki_systemd_service_link'])
else:
+ # Since 'certutil' does NOT strip the 'token=' portion of
+ # the 'token=password' entries, create a client password file
+ # which ONLY contains the 'password' for the purposes of
+ # allowing 'certutil' to generate the security databases
util.password.create_password_conf(
master['pki_client_password_conf'],
- master['pki_client_pin'])
+ master['pki_client_pin'], pin_sans_token=True)
util.certutil.create_security_databases(
master['pki_client_database_path'],
master['pki_client_cert_database'],
master['pki_client_key_database'],
master['pki_client_secmod_database'],
password_file=master['pki_client_password_conf'])
+ # Start/Restart this Apache/Tomcat PKI Process
+ if not config.pki_dry_run_flag:
+ if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS:
+ apache_instances = util.instance.apache_instances()
+ if apache_instances == 1:
+ util.systemd.start()
+ elif apache_instances > 1:
+ util.systemd.restart()
+ elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
+ # Optionally prepare to enable a java debugger
+ # (e. g. - 'eclipse'):
+ if config.str2bool(master['pki_enable_java_debugger']):
+ config.prepare_for_an_external_java_debugger(
+ master['pki_target_tomcat_conf_instance_id'])
+ tomcat_instances = util.instance.tomcat_instances()
+ if tomcat_instances == 1:
+ util.systemd.start()
+ elif tomcat_instances > 1:
+ util.systemd.restart()
+ else:
+ # ALWAYS display correct information (even during dry_run)
+ if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS:
+ apache_instances = util.instance.apache_instances()
+ if apache_instances == 0:
+ util.systemd.start()
+ elif apache_instances > 0:
+ util.systemd.restart()
+ elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
+ # Optionally prepare to enable a java debugger
+ # (e. g. - 'eclipse'):
+ if config.str2bool(master['pki_enable_java_debugger']):
+ config.prepare_for_an_external_java_debugger(
+ master['pki_target_tomcat_conf_instance_id'])
+ tomcat_instances = util.instance.tomcat_instances()
+ if tomcat_instances == 0:
+ util.systemd.start()
+ elif tomcat_instances > 0:
+ util.systemd.restart()
# Pass control to the Java servlet via Jython 2.2 'configuration.jy'
util.jython.invoke(master['pki_jython_configuration_scriptlet'])
return self.rv
@@ -67,6 +112,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
def respawn(self):
config.pki_log.info(log.CONFIGURATION_RESPAWN_1, __name__,
extra=config.PKI_INDENTATION_LEVEL_1)
+ # ALWAYS Restart this Apache/Tomcat PKI Process
+ util.systemd.restart()
return self.rv
def destroy(self):
@@ -76,23 +123,19 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\
util.instance.apache_instances() == 1:
util.directory.delete(master['pki_client_path'])
- util.symlink.delete(
- config.pki_master_dict['pki_systemd_service_link'])
+ util.symlink.delete(master['pki_systemd_service_link'])
elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\
util.instance.tomcat_instances() == 1:
util.directory.delete(master['pki_client_path'])
- util.symlink.delete(
- config.pki_master_dict['pki_systemd_service_link'])
+ util.symlink.delete(master['pki_systemd_service_link'])
else:
# ALWAYS display correct information (even during dry_run)
if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\
util.instance.apache_instances() == 0:
util.directory.delete(master['pki_client_path'])
- util.symlink.delete(
- config.pki_master_dict['pki_systemd_service_link'])
+ util.symlink.delete(master['pki_systemd_service_link'])
elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\
util.instance.tomcat_instances() == 0:
util.directory.delete(master['pki_client_path'])
- util.symlink.delete(
- config.pki_master_dict['pki_systemd_service_link'])
+ util.symlink.delete(master['pki_systemd_service_link'])
return self.rv
generated by cgit (git 2.34.1) at 2024-04-24 06:23:54 +0000