diff options
Diffstat (limited to 'base/server/python')
4 files changed, 41 insertions, 27 deletions
diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index 2898d7fe0..ad9a88e63 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -4650,6 +4650,19 @@ class PKIDeployer: self.tps_connector = TPSConnector(self) self.config_client = ConfigClient(self) + def init(self): + + # ALWAYS initialize 'uid' and 'gid' + self.identity.add_uid_and_gid(self.mdict['pki_user'], + self.mdict['pki_group']) + + # ALWAYS establish 'uid' and 'gid' + self.identity.set_uid(self.mdict['pki_user']) + self.identity.set_gid(self.mdict['pki_group']) + + # ALWAYS initialize HSMs (when and if present) + self.hsm.initialize() + def deploy_webapp(self, name, doc_base, descriptor): """ Deploy a web application into a Tomcat instance. diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py index a0734b150..d8cf1145a 100644 --- a/base/server/python/pki/server/deployment/scriptlets/configuration.py +++ b/base/server/python/pki/server/deployment/scriptlets/configuration.py @@ -46,6 +46,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): config.pki_log.info(log.CONFIGURATION_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) + deployer.instance.verify_subsystem_exists() + instance = pki.server.PKIInstance(deployer.mdict['pki_instance_name']) instance.load() diff --git a/base/server/python/pki/server/deployment/scriptlets/initialization.py b/base/server/python/pki/server/deployment/scriptlets/initialization.py index 0e315431f..5217ffa10 100644 --- a/base/server/python/pki/server/deployment/scriptlets/initialization.py +++ b/base/server/python/pki/server/deployment/scriptlets/initialization.py @@ -31,49 +31,47 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def spawn(self, deployer): + if config.str2bool(deployer.mdict['pki_skip_installation']): + config.pki_log.info(log.SKIP_INITIALIZATION_SPAWN_1, __name__, + extra=config.PKI_INDENTATION_LEVEL_1) + return + # begin official logging config.pki_log.info(log.PKISPAWN_BEGIN_MESSAGE_2, deployer.mdict['pki_subsystem'], deployer.mdict['pki_instance_name'], extra=config.PKI_INDENTATION_LEVEL_0) - # ALWAYS initialize 'uid' and 'gid' - deployer.identity.add_uid_and_gid(deployer.mdict['pki_user'], - deployer.mdict['pki_group']) - # ALWAYS establish 'uid' and 'gid' - deployer.identity.set_uid(deployer.mdict['pki_user']) - deployer.identity.set_gid(deployer.mdict['pki_group']) - # ALWAYS initialize HSMs (when and if present) - deployer.hsm.initialize() - if config.str2bool(deployer.mdict['pki_skip_installation']): - config.pki_log.info(log.SKIP_INITIALIZATION_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - return + + config.pki_log.info(log.INITIALIZATION_SPAWN_1, __name__, + extra=config.PKI_INDENTATION_LEVEL_1) + + if (deployer.mdict['pki_subsystem'] == "CA" or + config.str2bool(deployer.mdict['pki_standalone'])) and \ + config.str2bool(deployer.mdict['pki_external_step_two']): + # verify that this External CA (Step 2), or Stand-alone PKI + # (Step 2) currently EXISTS for this "instance" + deployer.mdict['pki_skip_installation'] = "True" else: - config.pki_log.info(log.INITIALIZATION_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - if (deployer.mdict['pki_subsystem'] == "CA" or - config.str2bool(deployer.mdict['pki_standalone'])) and \ - config.str2bool(deployer.mdict['pki_external_step_two']): - # verify that this External CA (Step 2), or Stand-alone PKI - # (Step 2) currently EXISTS for this "instance" - deployer.instance.verify_subsystem_exists() - deployer.mdict['pki_skip_installation'] = "True" - else: - # verify that this type of "subsystem" does NOT yet - # exist for this "instance" - deployer.instance.verify_subsystem_does_not_exist() - # detect and avoid any namespace collisions - deployer.namespace.collision_detection() + # verify that this type of "subsystem" does NOT yet + # exist for this "instance" + deployer.instance.verify_subsystem_does_not_exist() + # detect and avoid any namespace collisions + deployer.namespace.collision_detection() + # verify existence of SENSITIVE configuration file data deployer.configuration_file.verify_sensitive_data() + # verify existence of MUTUALLY EXCLUSIVE configuration file data deployer.configuration_file.verify_mutually_exclusive_data() + # verify existence of PREDEFINED configuration file data deployer.configuration_file.verify_predefined_configuration_file_data() + # verify selinux context of selected ports deployer.configuration_file.populate_non_default_ports() deployer.configuration_file.verify_selinux_ports() + # If secure DS connection is required, verify parameters deployer.configuration_file.verify_ds_secure_connection_data() diff --git a/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py b/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py index 2b2246a72..612081c98 100644 --- a/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py +++ b/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py @@ -38,6 +38,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): config.pki_log.info(log.SUBSYSTEM_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) + # establish instance-based subsystem logs deployer.directory.create(deployer.mdict['pki_subsystem_log_path']) deployer.directory.create( |