diff options
Diffstat (limited to 'base/server/python/pki/server/deployment/scriptlets/initialization.py')
-rw-r--r-- | base/server/python/pki/server/deployment/scriptlets/initialization.py | 52 |
1 files changed, 25 insertions, 27 deletions
diff --git a/base/server/python/pki/server/deployment/scriptlets/initialization.py b/base/server/python/pki/server/deployment/scriptlets/initialization.py index 0e315431f..5217ffa10 100644 --- a/base/server/python/pki/server/deployment/scriptlets/initialization.py +++ b/base/server/python/pki/server/deployment/scriptlets/initialization.py @@ -31,49 +31,47 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def spawn(self, deployer): + if config.str2bool(deployer.mdict['pki_skip_installation']): + config.pki_log.info(log.SKIP_INITIALIZATION_SPAWN_1, __name__, + extra=config.PKI_INDENTATION_LEVEL_1) + return + # begin official logging config.pki_log.info(log.PKISPAWN_BEGIN_MESSAGE_2, deployer.mdict['pki_subsystem'], deployer.mdict['pki_instance_name'], extra=config.PKI_INDENTATION_LEVEL_0) - # ALWAYS initialize 'uid' and 'gid' - deployer.identity.add_uid_and_gid(deployer.mdict['pki_user'], - deployer.mdict['pki_group']) - # ALWAYS establish 'uid' and 'gid' - deployer.identity.set_uid(deployer.mdict['pki_user']) - deployer.identity.set_gid(deployer.mdict['pki_group']) - # ALWAYS initialize HSMs (when and if present) - deployer.hsm.initialize() - if config.str2bool(deployer.mdict['pki_skip_installation']): - config.pki_log.info(log.SKIP_INITIALIZATION_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - return + + config.pki_log.info(log.INITIALIZATION_SPAWN_1, __name__, + extra=config.PKI_INDENTATION_LEVEL_1) + + if (deployer.mdict['pki_subsystem'] == "CA" or + config.str2bool(deployer.mdict['pki_standalone'])) and \ + config.str2bool(deployer.mdict['pki_external_step_two']): + # verify that this External CA (Step 2), or Stand-alone PKI + # (Step 2) currently EXISTS for this "instance" + deployer.mdict['pki_skip_installation'] = "True" else: - config.pki_log.info(log.INITIALIZATION_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - if (deployer.mdict['pki_subsystem'] == "CA" or - config.str2bool(deployer.mdict['pki_standalone'])) and \ - config.str2bool(deployer.mdict['pki_external_step_two']): - # verify that this External CA (Step 2), or Stand-alone PKI - # (Step 2) currently EXISTS for this "instance" - deployer.instance.verify_subsystem_exists() - deployer.mdict['pki_skip_installation'] = "True" - else: - # verify that this type of "subsystem" does NOT yet - # exist for this "instance" - deployer.instance.verify_subsystem_does_not_exist() - # detect and avoid any namespace collisions - deployer.namespace.collision_detection() + # verify that this type of "subsystem" does NOT yet + # exist for this "instance" + deployer.instance.verify_subsystem_does_not_exist() + # detect and avoid any namespace collisions + deployer.namespace.collision_detection() + # verify existence of SENSITIVE configuration file data deployer.configuration_file.verify_sensitive_data() + # verify existence of MUTUALLY EXCLUSIVE configuration file data deployer.configuration_file.verify_mutually_exclusive_data() + # verify existence of PREDEFINED configuration file data deployer.configuration_file.verify_predefined_configuration_file_data() + # verify selinux context of selected ports deployer.configuration_file.populate_non_default_ports() deployer.configuration_file.verify_selinux_ports() + # If secure DS connection is required, verify parameters deployer.configuration_file.verify_ds_secure_connection_data() |