summaryrefslogtreecommitdiffstats
path: root/base/server/python/pki/server/deployment/scriptlets/configuration.py
diff options
context:
space:
mode:
Diffstat (limited to 'base/server/python/pki/server/deployment/scriptlets/configuration.py')
-rw-r--r--base/server/python/pki/server/deployment/scriptlets/configuration.py85
1 files changed, 45 insertions, 40 deletions
diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py
index 465ccc56e..78ec9ba80 100644
--- a/base/server/python/pki/server/deployment/scriptlets/configuration.py
+++ b/base/server/python/pki/server/deployment/scriptlets/configuration.py
@@ -38,10 +38,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
# ALWAYS establish the following Tomcat instance symbolic link since
# this link is required by both automatic pkispawn instance
# configuration as well as manual browser GUI instance configuration
- deployer.symlink.create(deployer.master_dict['pki_systemd_service'],
- deployer.master_dict['pki_systemd_service_link'])
+ deployer.symlink.create(deployer.mdict['pki_systemd_service'],
+ deployer.mdict['pki_systemd_service_link'])
- if config.str2bool(deployer.master_dict['pki_skip_configuration']):
+ if config.str2bool(deployer.mdict['pki_skip_configuration']):
config.pki_log.info(log.SKIP_CONFIGURATION_SPAWN_1, __name__,
extra=config.PKI_INDENTATION_LEVEL_1)
return self.rv
@@ -50,7 +50,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
# Place "slightly" less restrictive permissions on
# the top-level client directory ONLY
- deployer.directory.create(deployer.master_dict['pki_client_subsystem_dir'],
+ deployer.directory.create(
+ deployer.mdict['pki_client_subsystem_dir'],
uid=0, gid=0,
perms=config.PKI_DEPLOYMENT_DEFAULT_CLIENT_DIR_PERMISSIONS)
# Since 'certutil' does NOT strip the 'token=' portion of
@@ -58,39 +59,41 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
# which ONLY contains the 'password' for the purposes of
# allowing 'certutil' to generate the security databases
deployer.password.create_password_conf(
- deployer.master_dict['pki_client_password_conf'],
- deployer.master_dict['pki_client_database_password'], pin_sans_token=True)
- deployer.file.modify(deployer.master_dict['pki_client_password_conf'],
- uid=0, gid=0)
+ deployer.mdict['pki_client_password_conf'],
+ deployer.mdict['pki_client_database_password'], pin_sans_token=True)
+ deployer.file.modify(
+ deployer.mdict['pki_client_password_conf'],
+ uid=0, gid=0)
# Similarly, create a simple password file containing the
# PKCS #12 password used when exporting the "Admin Certificate"
# into a PKCS #12 file
deployer.password.create_client_pkcs12_password_conf(
- deployer.master_dict['pki_client_pkcs12_password_conf'])
- deployer.file.modify(deployer.master_dict['pki_client_pkcs12_password_conf'])
- deployer.directory.create(deployer.master_dict['pki_client_database_dir'],
- uid=0, gid=0)
+ deployer.mdict['pki_client_pkcs12_password_conf'])
+ deployer.file.modify(deployer.mdict['pki_client_pkcs12_password_conf'])
+ deployer.directory.create(
+ deployer.mdict['pki_client_database_dir'],
+ uid=0, gid=0)
deployer.certutil.create_security_databases(
- deployer.master_dict['pki_client_database_dir'],
- deployer.master_dict['pki_client_cert_database'],
- deployer.master_dict['pki_client_key_database'],
- deployer.master_dict['pki_client_secmod_database'],
- password_file=deployer.master_dict['pki_client_password_conf'])
+ deployer.mdict['pki_client_database_dir'],
+ deployer.mdict['pki_client_cert_database'],
+ deployer.mdict['pki_client_key_database'],
+ deployer.mdict['pki_client_secmod_database'],
+ password_file=deployer.mdict['pki_client_password_conf'])
# Start/Restart this Apache/Tomcat PKI Process
- if deployer.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS:
+ if deployer.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS:
apache_instance_subsystems = \
deployer.instance.apache_instance_subsystems()
if apache_instance_subsystems == 1:
deployer.systemd.start()
elif apache_instance_subsystems > 1:
deployer.systemd.restart()
- elif deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
+ elif deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
# Optionally prepare to enable a java debugger
# (e. g. - 'eclipse'):
- if config.str2bool(deployer.master_dict['pki_enable_java_debugger']):
+ if config.str2bool(deployer.mdict['pki_enable_java_debugger']):
config.prepare_for_an_external_java_debugger(
- deployer.master_dict['pki_target_tomcat_conf_instance_id'])
+ deployer.mdict['pki_target_tomcat_conf_instance_id'])
tomcat_instance_subsystems = \
len(deployer.instance.tomcat_instance_subsystems())
if tomcat_instance_subsystems == 1:
@@ -100,28 +103,30 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
# wait for startup
status = deployer.instance.wait_for_startup(60)
- if status == None:
- config.pki_log.error("server failed to restart",
- extra=config.PKI_INDENTATION_LEVEL_2)
+ if status is None:
+ config.pki_log.error(
+ "server failed to restart",
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception("server failed to restart")
# Optionally wait for debugger to attach (e. g. - 'eclipse'):
- if config.str2bool(deployer.master_dict['pki_enable_java_debugger']):
+ if config.str2bool(deployer.mdict['pki_enable_java_debugger']):
config.wait_to_attach_an_external_java_debugger()
# Construct PKI Subsystem Configuration Data
data = None
- if deployer.master_dict['pki_instance_type'] == "Apache":
- if deployer.master_dict['pki_subsystem'] == "RA":
- config.pki_log.info(log.PKI_CONFIG_NOT_YET_IMPLEMENTED_1,
- deployer.master_dict['pki_subsystem'],
+ if deployer.mdict['pki_instance_type'] == "Apache":
+ if deployer.mdict['pki_subsystem'] == "RA":
+ config.pki_log.info(
+ log.PKI_CONFIG_NOT_YET_IMPLEMENTED_1,
+ deployer.mdict['pki_subsystem'],
extra=config.PKI_INDENTATION_LEVEL_2)
return self.rv
- elif deployer.master_dict['pki_instance_type'] == "Tomcat":
+ elif deployer.mdict['pki_instance_type'] == "Tomcat":
# CA, KRA, OCSP, TKS, or TPS
data = deployer.config_client.construct_pki_configuration_data()
- # Configure the substem
+ # Configure the subsystem
deployer.config_client.configure_pki_data(
json.dumps(data, cls=pki.encoder.CustomTypeEncoder))
@@ -131,14 +136,14 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
config.pki_log.info(log.CONFIGURATION_DESTROY_1, __name__,
extra=config.PKI_INDENTATION_LEVEL_1)
- if deployer.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\
+ if deployer.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\
deployer.instance.apache_instance_subsystems() == 1:
- if deployer.directory.exists(deployer.master_dict['pki_client_dir']):
- deployer.directory.delete(deployer.master_dict['pki_client_dir'])
- deployer.symlink.delete(deployer.master_dict['pki_systemd_service_link'])
- elif deployer.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\
- len(deployer.instance.tomcat_instance_subsystems()) == 1:
- if deployer.directory.exists(deployer.master_dict['pki_client_dir']):
- deployer.directory.delete(deployer.master_dict['pki_client_dir'])
- deployer.symlink.delete(deployer.master_dict['pki_systemd_service_link'])
+ if deployer.directory.exists(deployer.mdict['pki_client_dir']):
+ deployer.directory.delete(deployer.mdict['pki_client_dir'])
+ deployer.symlink.delete(deployer.mdict['pki_systemd_service_link'])
+ elif deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS \
+ and len(deployer.instance.tomcat_instance_subsystems()) == 1:
+ if deployer.directory.exists(deployer.mdict['pki_client_dir']):
+ deployer.directory.delete(deployer.mdict['pki_client_dir'])
+ deployer.symlink.delete(deployer.mdict['pki_systemd_service_link'])
return self.rv
generated by cgit (git 2.34.1) at 2024-09-22 06:53:40 +0000