diff options
Diffstat (limited to 'base/server/python/pki/server/deployment/scriptlets/configuration.py')
-rw-r--r-- | base/server/python/pki/server/deployment/scriptlets/configuration.py | 85 |
1 files changed, 45 insertions, 40 deletions
diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py index 465ccc56e..78ec9ba80 100644 --- a/base/server/python/pki/server/deployment/scriptlets/configuration.py +++ b/base/server/python/pki/server/deployment/scriptlets/configuration.py @@ -38,10 +38,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # ALWAYS establish the following Tomcat instance symbolic link since # this link is required by both automatic pkispawn instance # configuration as well as manual browser GUI instance configuration - deployer.symlink.create(deployer.master_dict['pki_systemd_service'], - deployer.master_dict['pki_systemd_service_link']) + deployer.symlink.create(deployer.mdict['pki_systemd_service'], + deployer.mdict['pki_systemd_service_link']) - if config.str2bool(deployer.master_dict['pki_skip_configuration']): + if config.str2bool(deployer.mdict['pki_skip_configuration']): config.pki_log.info(log.SKIP_CONFIGURATION_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) return self.rv @@ -50,7 +50,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # Place "slightly" less restrictive permissions on # the top-level client directory ONLY - deployer.directory.create(deployer.master_dict['pki_client_subsystem_dir'], + deployer.directory.create( + deployer.mdict['pki_client_subsystem_dir'], uid=0, gid=0, perms=config.PKI_DEPLOYMENT_DEFAULT_CLIENT_DIR_PERMISSIONS) # Since 'certutil' does NOT strip the 'token=' portion of @@ -58,39 +59,41 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # which ONLY contains the 'password' for the purposes of # allowing 'certutil' to generate the security databases deployer.password.create_password_conf( - deployer.master_dict['pki_client_password_conf'], - deployer.master_dict['pki_client_database_password'], pin_sans_token=True) - deployer.file.modify(deployer.master_dict['pki_client_password_conf'], - uid=0, gid=0) + deployer.mdict['pki_client_password_conf'], + deployer.mdict['pki_client_database_password'], pin_sans_token=True) + deployer.file.modify( + deployer.mdict['pki_client_password_conf'], + uid=0, gid=0) # Similarly, create a simple password file containing the # PKCS #12 password used when exporting the "Admin Certificate" # into a PKCS #12 file deployer.password.create_client_pkcs12_password_conf( - deployer.master_dict['pki_client_pkcs12_password_conf']) - deployer.file.modify(deployer.master_dict['pki_client_pkcs12_password_conf']) - deployer.directory.create(deployer.master_dict['pki_client_database_dir'], - uid=0, gid=0) + deployer.mdict['pki_client_pkcs12_password_conf']) + deployer.file.modify(deployer.mdict['pki_client_pkcs12_password_conf']) + deployer.directory.create( + deployer.mdict['pki_client_database_dir'], + uid=0, gid=0) deployer.certutil.create_security_databases( - deployer.master_dict['pki_client_database_dir'], - deployer.master_dict['pki_client_cert_database'], - deployer.master_dict['pki_client_key_database'], - deployer.master_dict['pki_client_secmod_database'], - password_file=deployer.master_dict['pki_client_password_conf']) + deployer.mdict['pki_client_database_dir'], + deployer.mdict['pki_client_cert_database'], + deployer.mdict['pki_client_key_database'], + deployer.mdict['pki_client_secmod_database'], + password_file=deployer.mdict['pki_client_password_conf']) # Start/Restart this Apache/Tomcat PKI Process - if deployer.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: + if deployer.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: apache_instance_subsystems = \ deployer.instance.apache_instance_subsystems() if apache_instance_subsystems == 1: deployer.systemd.start() elif apache_instance_subsystems > 1: deployer.systemd.restart() - elif deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + elif deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: # Optionally prepare to enable a java debugger # (e. g. - 'eclipse'): - if config.str2bool(deployer.master_dict['pki_enable_java_debugger']): + if config.str2bool(deployer.mdict['pki_enable_java_debugger']): config.prepare_for_an_external_java_debugger( - deployer.master_dict['pki_target_tomcat_conf_instance_id']) + deployer.mdict['pki_target_tomcat_conf_instance_id']) tomcat_instance_subsystems = \ len(deployer.instance.tomcat_instance_subsystems()) if tomcat_instance_subsystems == 1: @@ -100,28 +103,30 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # wait for startup status = deployer.instance.wait_for_startup(60) - if status == None: - config.pki_log.error("server failed to restart", - extra=config.PKI_INDENTATION_LEVEL_2) + if status is None: + config.pki_log.error( + "server failed to restart", + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception("server failed to restart") # Optionally wait for debugger to attach (e. g. - 'eclipse'): - if config.str2bool(deployer.master_dict['pki_enable_java_debugger']): + if config.str2bool(deployer.mdict['pki_enable_java_debugger']): config.wait_to_attach_an_external_java_debugger() # Construct PKI Subsystem Configuration Data data = None - if deployer.master_dict['pki_instance_type'] == "Apache": - if deployer.master_dict['pki_subsystem'] == "RA": - config.pki_log.info(log.PKI_CONFIG_NOT_YET_IMPLEMENTED_1, - deployer.master_dict['pki_subsystem'], + if deployer.mdict['pki_instance_type'] == "Apache": + if deployer.mdict['pki_subsystem'] == "RA": + config.pki_log.info( + log.PKI_CONFIG_NOT_YET_IMPLEMENTED_1, + deployer.mdict['pki_subsystem'], extra=config.PKI_INDENTATION_LEVEL_2) return self.rv - elif deployer.master_dict['pki_instance_type'] == "Tomcat": + elif deployer.mdict['pki_instance_type'] == "Tomcat": # CA, KRA, OCSP, TKS, or TPS data = deployer.config_client.construct_pki_configuration_data() - # Configure the substem + # Configure the subsystem deployer.config_client.configure_pki_data( json.dumps(data, cls=pki.encoder.CustomTypeEncoder)) @@ -131,14 +136,14 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): config.pki_log.info(log.CONFIGURATION_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - if deployer.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ + if deployer.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ deployer.instance.apache_instance_subsystems() == 1: - if deployer.directory.exists(deployer.master_dict['pki_client_dir']): - deployer.directory.delete(deployer.master_dict['pki_client_dir']) - deployer.symlink.delete(deployer.master_dict['pki_systemd_service_link']) - elif deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ - len(deployer.instance.tomcat_instance_subsystems()) == 1: - if deployer.directory.exists(deployer.master_dict['pki_client_dir']): - deployer.directory.delete(deployer.master_dict['pki_client_dir']) - deployer.symlink.delete(deployer.master_dict['pki_systemd_service_link']) + if deployer.directory.exists(deployer.mdict['pki_client_dir']): + deployer.directory.delete(deployer.mdict['pki_client_dir']) + deployer.symlink.delete(deployer.mdict['pki_systemd_service_link']) + elif deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS \ + and len(deployer.instance.tomcat_instance_subsystems()) == 1: + if deployer.directory.exists(deployer.mdict['pki_client_dir']): + deployer.directory.delete(deployer.mdict['pki_client_dir']) + deployer.symlink.delete(deployer.mdict['pki_systemd_service_link']) return self.rv |