summaryrefslogtreecommitdiffstats
path: root/base/deploy/src/scriptlets/pkiconfig.py
diff options
context:
space:
mode:
Diffstat (limited to 'base/deploy/src/scriptlets/pkiconfig.py')
-rw-r--r--base/deploy/src/scriptlets/pkiconfig.py197
1 files changed, 100 insertions, 97 deletions
diff --git a/base/deploy/src/scriptlets/pkiconfig.py b/base/deploy/src/scriptlets/pkiconfig.py
index a86774555..c1d22bf10 100644
--- a/base/deploy/src/scriptlets/pkiconfig.py
+++ b/base/deploy/src/scriptlets/pkiconfig.py
@@ -19,93 +19,101 @@
# All rights reserved.
#
-# PKI Deployment Constants
-PKI_DEPLOYMENT_DEFAULT_CLIENT_DIR_PERMISSIONS = 00755
-PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS = 00770
-PKI_DEPLOYMENT_DEFAULT_EXE_PERMISSIONS = 00770
-PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS = 00660
-PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS = 00600
-PKI_DEPLOYMENT_DEFAULT_SGID_DIR_PERMISSIONS = 02770
-PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS = 00777
-PKI_DEPLOYMENT_DEFAULT_UMASK = 00002
-
-PKI_DEPLOYMENT_DEFAULT_COMMENT = "'Certificate System'"
-PKI_DEPLOYMENT_DEFAULT_GID = 17
-PKI_DEPLOYMENT_DEFAULT_GROUP = "pkiuser"
-PKI_DEPLOYMENT_DEFAULT_SHELL = "/sbin/nologin"
-PKI_DEPLOYMENT_DEFAULT_UID = 17
-PKI_DEPLOYMENT_DEFAULT_USER = "pkiuser"
-
-PKI_SUBSYSTEMS = ["CA","KRA","OCSP","RA","TKS","TPS"]
-PKI_SIGNED_AUDIT_SUBSYSTEMS = ["CA","KRA","OCSP","TKS","TPS"]
-PKI_APACHE_SUBSYSTEMS = ["RA","TPS"]
-PKI_TOMCAT_SUBSYSTEMS = ["CA","KRA","OCSP","TKS"]
-PKI_BASE_RESERVED_NAMES = ["alias", "bin", "ca", "common", "conf", "kra",
- "lib", "logs", "ocsp", "temp", "tks", "webapps",
- "work"]
-PKI_CONFIGURATION_RESERVED_NAMES = ["CA", "java", "nssdb", "rpm-gpg",
- "rsyslog", "tls"]
-PKI_APACHE_REGISTRY_RESERVED_NAMES = ["ra", "tps"]
-PKI_TOMCAT_REGISTRY_RESERVED_NAMES = ["ca", "kra", "ocsp", "tks"]
-
-PKI_INDENTATION_LEVEL_0 = {'indent' : ''}
-PKI_INDENTATION_LEVEL_1 = {'indent' : '... '}
-PKI_INDENTATION_LEVEL_2 = {'indent' : '....... '}
-PKI_INDENTATION_LEVEL_3 = {'indent' : '........... '}
-PKI_INDENTATION_LEVEL_4 = {'indent' : '............... '}
-
-PKI_DEPLOYMENT_INTERRUPT_BANNER = "-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+"\
- "-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-"
-PKI_DEPLOYMENT_JAR_SOURCE_ROOT = "/usr/share/java"
-PKI_DEPLOYMENT_HTTPCOMPONENTS_JAR_SOURCE_ROOT = "/usr/share/java/httpcomponents"
-PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT = "/usr/share/java/pki"
-PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT = "/usr/share/java/resteasy"
-PKI_DEPLOYMENT_SOURCE_ROOT = "/usr/share/pki"
-PKI_DEPLOYMENT_SYSTEMD_ROOT = "/lib/systemd/system"
-PKI_DEPLOYMENT_SYSTEMD_CONFIGURATION_ROOT = "/etc/systemd/system"
-PKI_DEPLOYMENT_TOMCAT_ROOT = "/usr/share/tomcat"
-PKI_DEPLOYMENT_TOMCAT_SYSTEMD = "/usr/sbin/tomcat-sysd"
-PKI_DEPLOYMENT_BASE_ROOT = "/var/lib/pki"
-# NOTE: Top-level "/etc/pki" is owned by the "filesystem" package!
-PKI_DEPLOYMENT_CONFIGURATION_ROOT = "/etc/pki"
-PKI_DEPLOYMENT_LOG_ROOT = "/var/log/pki"
-# NOTE: Well-known 'registry root', default 'instance', and default
-# 'configuration file' names MUST be created in order to potentially
-# obtain an instance-specific configuration file
-# (presuming one has not been specified during command-line parsing)
-# because command-line parsing happens prior to reading any
-# configuration files. Although the 'registry root' MUST remain fixed,
-# the default 'instance' name may be overridden by the value specified
-# in the configuration file (the value in the default configuration file
-# should always match the 'default' instance name specified below).
-PKI_DEPLOYMENT_REGISTRY_ROOT = "/etc/sysconfig/pki"
-PKI_DEPLOYMENT_DEFAULT_ADMIN_DOMAIN_NAME = None
-PKI_DEPLOYMENT_DEFAULT_APACHE_SERVICE_NAME = "apache"
-PKI_DEPLOYMENT_DEFAULT_TOMCAT_SERVICE_NAME = "tomcat"
-PKI_DEPLOYMENT_DEFAULT_APACHE_INSTANCE_NAME = "pki-apache"
-PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME = "pki-tomcat"
-PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE = "pkideployment.cfg"
-PKI_DEPLOYMENT_SLOTS_CONFIGURATION_FILE =\
- "/usr/share/pki/deployment/config/pkislots.cfg"
-
-# subtypes of PKI subsystems
-PKI_DEPLOYMENT_CLONED_PKI_SUBSYSTEM = "Cloned"
-PKI_DEPLOYMENT_EXTERNAL_CA = "External"
-PKI_DEPLOYMENT_SUBORDINATE_CA = "Subordinate"
-
-# default ports (for defined selinux policy)
-PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTP_PORT = 8080
-PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTPS_PORT = 8443
-PKI_DEPLOYMENT_DEFAULT_TOMCAT_SERVER_PORT = 8005
-PKI_DEPLOYMENT_DEFAULT_TOMCAT_AJP_PORT = 8009
-
-# PKI Deployment Jython 2.2 Constants
-PKI_JYTHON_CRITICAL_LOG_LEVEL = 1
-PKI_JYTHON_ERROR_LOG_LEVEL = 2
-PKI_JYTHON_WARNING_LOG_LEVEL = 3
-PKI_JYTHON_INFO_LOG_LEVEL = 4
-PKI_JYTHON_DEBUG_LOG_LEVEL = 5
-
+class PKIConfig:
+
+ # PKI Deployment Constants
+ PKI_DEPLOYMENT_DEFAULT_CLIENT_DIR_PERMISSIONS = 00755
+ PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS = 00770
+ PKI_DEPLOYMENT_DEFAULT_EXE_PERMISSIONS = 00770
+ PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS = 00660
+ PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS = 00600
+ PKI_DEPLOYMENT_DEFAULT_SGID_DIR_PERMISSIONS = 02770
+ PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS = 00777
+ PKI_DEPLOYMENT_DEFAULT_UMASK = 00002
+
+ PKI_DEPLOYMENT_DEFAULT_COMMENT = "'Certificate System'"
+ PKI_DEPLOYMENT_DEFAULT_GID = 17
+ PKI_DEPLOYMENT_DEFAULT_GROUP = "pkiuser"
+ PKI_DEPLOYMENT_DEFAULT_SHELL = "/sbin/nologin"
+ PKI_DEPLOYMENT_DEFAULT_UID = 17
+ PKI_DEPLOYMENT_DEFAULT_USER = "pkiuser"
+
+ PKI_SUBSYSTEMS = ["CA","KRA","OCSP","RA","TKS","TPS"]
+ PKI_SIGNED_AUDIT_SUBSYSTEMS = ["CA","KRA","OCSP","TKS","TPS"]
+ PKI_APACHE_SUBSYSTEMS = ["RA","TPS"]
+ PKI_TOMCAT_SUBSYSTEMS = ["CA","KRA","OCSP","TKS"]
+ PKI_BASE_RESERVED_NAMES = ["alias", "bin", "ca", "common", "conf", "kra",
+ "lib", "logs", "ocsp", "temp", "tks", "webapps",
+ "work"]
+ PKI_CONFIGURATION_RESERVED_NAMES = ["CA", "java", "nssdb", "rpm-gpg",
+ "rsyslog", "tls"]
+ PKI_APACHE_REGISTRY_RESERVED_NAMES = ["ra", "tps"]
+ PKI_TOMCAT_REGISTRY_RESERVED_NAMES = ["ca", "kra", "ocsp", "tks"]
+
+ PKI_INDENTATION_LEVEL_0 = {'indent' : ''}
+ PKI_INDENTATION_LEVEL_1 = {'indent' : '... '}
+ PKI_INDENTATION_LEVEL_2 = {'indent' : '....... '}
+ PKI_INDENTATION_LEVEL_3 = {'indent' : '........... '}
+ PKI_INDENTATION_LEVEL_4 = {'indent' : '............... '}
+
+ PKI_DEPLOYMENT_INTERRUPT_BANNER = "-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+"\
+ "-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-"
+ PKI_DEPLOYMENT_JAR_SOURCE_ROOT = "/usr/share/java"
+ PKI_DEPLOYMENT_HTTPCOMPONENTS_JAR_SOURCE_ROOT = "/usr/share/java/httpcomponents"
+ PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT = "/usr/share/java/pki"
+ PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT = "/usr/share/java/resteasy"
+ PKI_DEPLOYMENT_SOURCE_ROOT = "/usr/share/pki"
+ PKI_DEPLOYMENT_SYSTEMD_ROOT = "/lib/systemd/system"
+ PKI_DEPLOYMENT_SYSTEMD_CONFIGURATION_ROOT = "/etc/systemd/system"
+ PKI_DEPLOYMENT_TOMCAT_ROOT = "/usr/share/tomcat"
+ PKI_DEPLOYMENT_TOMCAT_SYSTEMD = "/usr/sbin/tomcat-sysd"
+ PKI_DEPLOYMENT_BASE_ROOT = "/var/lib/pki"
+ # NOTE: Top-level "/etc/pki" is owned by the "filesystem" package!
+ PKI_DEPLOYMENT_CONFIGURATION_ROOT = "/etc/pki"
+ PKI_DEPLOYMENT_LOG_ROOT = "/var/log/pki"
+ # NOTE: Well-known 'registry root', default 'instance', and default
+ # 'configuration file' names MUST be created in order to potentially
+ # obtain an instance-specific configuration file
+ # (presuming one has not been specified during command-line parsing)
+ # because command-line parsing happens prior to reading any
+ # configuration files. Although the 'registry root' MUST remain fixed,
+ # the default 'instance' name may be overridden by the value specified
+ # in the configuration file (the value in the default configuration file
+ # should always match the 'default' instance name specified below).
+ PKI_DEPLOYMENT_REGISTRY_ROOT = "/etc/sysconfig/pki"
+ PKI_DEPLOYMENT_DEFAULT_ADMIN_DOMAIN_NAME = None
+ PKI_DEPLOYMENT_DEFAULT_APACHE_SERVICE_NAME = "apache"
+ PKI_DEPLOYMENT_DEFAULT_TOMCAT_SERVICE_NAME = "tomcat"
+ PKI_DEPLOYMENT_DEFAULT_APACHE_INSTANCE_NAME = "pki-apache"
+ PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME = "pki-tomcat"
+ PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE = "pkideployment.cfg"
+ PKI_DEPLOYMENT_SLOTS_CONFIGURATION_FILE =\
+ "/usr/share/pki/deployment/config/pkislots.cfg"
+
+ # subtypes of PKI subsystems
+ PKI_DEPLOYMENT_CLONED_PKI_SUBSYSTEM = "Cloned"
+ PKI_DEPLOYMENT_EXTERNAL_CA = "External"
+ PKI_DEPLOYMENT_SUBORDINATE_CA = "Subordinate"
+
+ # default ports (for defined selinux policy)
+ PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTP_PORT = 8080
+ PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTPS_PORT = 8443
+ PKI_DEPLOYMENT_DEFAULT_TOMCAT_SERVER_PORT = 8005
+ PKI_DEPLOYMENT_DEFAULT_TOMCAT_AJP_PORT = 8009
+
+ # PKI Deployment Jython 2.2 Constants
+ PKI_JYTHON_CRITICAL_LOG_LEVEL = 1
+ PKI_JYTHON_ERROR_LOG_LEVEL = 2
+ PKI_JYTHON_WARNING_LOG_LEVEL = 3
+ PKI_JYTHON_INFO_LOG_LEVEL = 4
+ PKI_JYTHON_DEBUG_LOG_LEVEL = 5
+
+ # PKI Selinux Constants
+ PKI_INSTANCE_SELINUX_CONTEXT = "pki_tomcat_var_lib_t"
+ PKI_LOG_SELINUX_CONTEXT = "pki_tomcat_log_t"
+ PKI_CFG_SELINUX_CONTEXT = "pki_tomcat_etc_rw_t"
+ PKI_CERTDB_SELINUX_CONTEXT = "pki_tomcat_cert_t"
+ PKI_PORT_SELINUX_CONTEXT = "http_port_t"
# PKI Deployment Global Variables
pki_install_time = None
@@ -139,7 +147,7 @@ def str2bool(string):
# 'pkideployment.cfg' configuration file.
def prepare_for_an_external_java_debugger(instance):
print
- print PKI_DEPLOYMENT_INTERRUPT_BANNER
+ print PKIConfig.PKI_DEPLOYMENT_INTERRUPT_BANNER
print
print "The following 'JAVA_OPTS' MUST be enabled (uncommented) in"
print "'%s':" % instance
@@ -150,13 +158,13 @@ def prepare_for_an_external_java_debugger(instance):
raw_input("Enable external java debugger 'JAVA_OPTS' "\
"and press return to continue . . . ")
print
- print PKI_DEPLOYMENT_INTERRUPT_BANNER
+ print PKIConfig.PKI_DEPLOYMENT_INTERRUPT_BANNER
print
return
def wait_to_attach_an_external_java_debugger():
print
- print PKI_DEPLOYMENT_INTERRUPT_BANNER
+ print PKIConfig.PKI_DEPLOYMENT_INTERRUPT_BANNER
print
print "Attach the java debugger to this process on the port specified by"
print "the 'address' selected by 'JAVA_OPTS' (e. g. - port 8000) and"
@@ -165,7 +173,7 @@ def wait_to_attach_an_external_java_debugger():
raw_input("Please attach an external java debugger "\
"and press return to continue . . . ")
print
- print PKI_DEPLOYMENT_INTERRUPT_BANNER
+ print PKIConfig.PKI_DEPLOYMENT_INTERRUPT_BANNER
print
return
@@ -188,10 +196,5 @@ pki_master_dict = None
pki_slots_dict = None
pki_master_jython_dict = None
-# PKI Selinux Constants and parameters
-PKI_INSTANCE_SELINUX_CONTEXT = "pki_tomcat_var_lib_t"
-PKI_LOG_SELINUX_CONTEXT = "pki_tomcat_log_t"
-PKI_CFG_SELINUX_CONTEXT = "pki_tomcat_etc_rw_t"
-PKI_CERTDB_SELINUX_CONTEXT = "pki_tomcat_cert_t"
-PKI_PORT_SELINUX_CONTEXT = "http_port_t"
+# PKI Selinux parameters
pki_selinux_config_ports = []
generated by cgit (git 2.34.1) at 2024-05-03 18:38:22 +0000