diff options
Diffstat (limited to 'base/server/sbin/pkispawn')
-rwxr-xr-x | base/server/sbin/pkispawn | 149 |
1 files changed, 110 insertions, 39 deletions
diff --git a/base/server/sbin/pkispawn b/base/server/sbin/pkispawn index b019d8869..f75fa43ae 100755 --- a/base/server/sbin/pkispawn +++ b/base/server/sbin/pkispawn @@ -40,6 +40,7 @@ try: import traceback from time import strftime as date from pki.server.deployment import pkiconfig as config + from pki.server.deployment import pkimanifest as manifest from pki.server.deployment.pkiparser import PKIConfigParser from pki.server.deployment import pkilogging from pki.server.deployment import pkimessages as log @@ -534,18 +535,60 @@ def main(argv): print() sys.exit(1) + # ALWAYS archive configuration file and manifest file + + config.pki_log.info( + log.PKI_ARCHIVE_CONFIG_MESSAGE_1, + deployer.mdict['pki_user_deployment_cfg_spawn_archive'], + extra=config.PKI_INDENTATION_LEVEL_1) + + # For debugging/auditing purposes, save a timestamped copy of + # this configuration file in the subsystem archive + deployer.file.copy( + deployer.mdict['pki_user_deployment_cfg_replica'], + deployer.mdict['pki_user_deployment_cfg_spawn_archive']) + + config.pki_log.info( + log.PKI_ARCHIVE_MANIFEST_MESSAGE_1, + deployer.mdict['pki_manifest_spawn_archive'], + extra=config.PKI_INDENTATION_LEVEL_1) + + # for record in manifest.database: + # print tuple(record) + + manifest_file = manifest.File(deployer.manifest_db) + manifest_file.register(deployer.mdict['pki_manifest']) + manifest_file.write() + + deployer.file.modify(deployer.mdict['pki_manifest'], silent=True) + + # Also, for debugging/auditing purposes, save a timestamped copy of + # this installation manifest file + deployer.file.copy( + deployer.mdict['pki_manifest'], + deployer.mdict['pki_manifest_spawn_archive']) + config.pki_log.debug(log.PKI_DICTIONARY_MASTER, extra=config.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(pkilogging.log_format(parser.mdict), extra=config.PKI_INDENTATION_LEVEL_0) external = deployer.configuration_file.external + standalone = deployer.configuration_file.standalone step_one = deployer.configuration_file.external_step_one + skip_configuration = deployer.configuration_file.skip_configuration if external and step_one: print_external_ca_step_one_information(parser.mdict) + + elif standalone and step_one: + print_standalone_step_one_information(parser.mdict) + + elif skip_configuration: + print_skip_configuration_information(parser.mdict) + else: - print_install_information(parser.mdict) + print_final_install_information(parser.mdict) def start_logging(): @@ -672,48 +715,76 @@ def print_external_ca_step_one_information(mdict): print(log.PKI_SPAWN_INFORMATION_FOOTER) -def print_install_information(mdict): +def print_standalone_step_one_information(mdict): + + print(log.PKI_SPAWN_INFORMATION_HEADER) + print(" The %s subsystem of the '%s' instance is still incomplete." % + (config.pki_subsystem, mdict['pki_instance_name'])) + print() + print(" The CSRs for the %s certificates have been generated in:\n" + " %s" + % (config.pki_subsystem, mdict['pki_instance_configuration_path'])) + print(log.PKI_CHECK_STATUS_MESSAGE % mdict['pki_instance_name']) + print(log.PKI_INSTANCE_RESTART_MESSAGE % mdict['pki_instance_name']) + print(log.PKI_CONFIGURATION_STANDALONE_1 % config.pki_subsystem) + print(log.PKI_SPAWN_INFORMATION_FOOTER) + + +def print_skip_configuration_information(mdict): + + print(log.PKI_SPAWN_INFORMATION_HEADER) + print(" The %s subsystem of the '%s' instance\n" + " must still be configured!" % + (config.pki_subsystem, mdict['pki_instance_name'])) + print(log.PKI_CHECK_STATUS_MESSAGE % mdict['pki_instance_name']) + print(log.PKI_INSTANCE_RESTART_MESSAGE % mdict['pki_instance_name']) + + print(log.PKI_ACCESS_URL % (mdict['pki_hostname'], + mdict['pki_https_port'], + config.pki_subsystem.lower())) + if not config.str2bool(mdict['pki_enable_on_system_boot']): + print(log.PKI_SYSTEM_BOOT_STATUS_MESSAGE % "disabled") + else: + print(log.PKI_SYSTEM_BOOT_STATUS_MESSAGE % "enabled") + print(log.PKI_SPAWN_INFORMATION_FOOTER) + + +def print_final_install_information(mdict): - skip_configuration = config.str2bool(mdict['pki_skip_configuration']) print(log.PKI_SPAWN_INFORMATION_HEADER) - if skip_configuration: - print(" The %s subsystem of the '%s' instance\n" - " must still be configured!" % + print(" Administrator's username: %s" % + mdict['pki_admin_uid']) + + if os.path.isfile(mdict['pki_client_admin_cert_p12']): + print(" Administrator's PKCS #12 file:\n %s" % + mdict['pki_client_admin_cert_p12']) + + if not config.str2bool(mdict['pki_client_database_purge']): + print() + print(" Administrator's certificate nickname:\n %s" + % mdict['pki_admin_nickname']) + + if not config.str2bool(mdict['pki_clone']): + print(" Administrator's certificate database:\n %s" + % mdict['pki_client_database_dir']) + + else: + print() + print(" This %s subsystem of the '%s' instance\n" + " is a clone." % (config.pki_subsystem, mdict['pki_instance_name'])) + + print(log.PKI_CHECK_STATUS_MESSAGE % mdict['pki_instance_name']) + print(log.PKI_INSTANCE_RESTART_MESSAGE % mdict['pki_instance_name']) + + print(log.PKI_ACCESS_URL % (mdict['pki_hostname'], + mdict['pki_https_port'], + config.pki_subsystem.lower())) + if not config.str2bool(mdict['pki_enable_on_system_boot']): + print(log.PKI_SYSTEM_BOOT_STATUS_MESSAGE % "disabled") else: - print(" Administrator's username: %s" % - mdict['pki_admin_uid']) - if os.path.isfile(mdict['pki_client_admin_cert_p12']): - print(" Administrator's PKCS #12 file:\n %s" % - mdict['pki_client_admin_cert_p12']) - if not config.str2bool(mdict['pki_client_database_purge']): - print() - print(" Administrator's certificate nickname:\n %s" - % mdict['pki_admin_nickname']) - if not config.str2bool(mdict['pki_clone']): - print(" Administrator's certificate database:\n %s" - % mdict['pki_client_database_dir']) - else: - print() - print(" This %s subsystem of the '%s' instance\n" - " is a clone." % - (config.pki_subsystem, mdict['pki_instance_name'])) - print(log.PKI_CHECK_STATUS_MESSAGE % mdict['pki_instance_name']) - print(log.PKI_INSTANCE_RESTART_MESSAGE % mdict['pki_instance_name']) - if (((config.pki_subsystem == "KRA" or - config.pki_subsystem == "OCSP") and - config.str2bool(mdict['pki_standalone'])) and - not config.str2bool(mdict['pki_external_step_two'])): - # Stand-alone PKI KRA/OCSP (External CA Step 1) - print(log.PKI_CONFIGURATION_STANDALONE_1 % config.pki_subsystem) - else: - print(log.PKI_ACCESS_URL % (mdict['pki_hostname'], - mdict['pki_https_port'], - config.pki_subsystem.lower())) - if not config.str2bool(mdict['pki_enable_on_system_boot']): - print(log.PKI_SYSTEM_BOOT_STATUS_MESSAGE % "disabled") - else: - print(log.PKI_SYSTEM_BOOT_STATUS_MESSAGE % "enabled") + print(log.PKI_SYSTEM_BOOT_STATUS_MESSAGE % "enabled") + print(log.PKI_SPAWN_INFORMATION_FOOTER) |