summaryrefslogtreecommitdiffstats
path: root/base/server/python
Commit message (Collapse)AuthorAgeFilesLines
* Debian: add init script functionalityAde Lee2014-01-082-5/+29
| | | | | | | | | | | | | | | The addtions in this patch will add start/stop/restart/status functionality to operations, so that Debian systems can perform these operations by calling these functions from an init script. We also introduce a parameter in the configuration scripts that can be used to determine if the system is a debian system. This parameter is used to specify a system V init script instead of a systemd script on a debian system, when the configuration scriptlets start and stop a system. Also source apparently does not work by default in debian. Used dot (.) instead.
* Cannot connect to ds when anon. access is offAbhishek Koneru2014-01-081-13/+34
| | | | | | | | | | | | | The connection to ds is checked during installation. But the current method of checking the ds connection before binding with the ds throws an Inappropriate Authentication error when Anonymous access is off. This patch uses the following method to check the connection to a DS server. 1. Initialize the connection 2. Bind with the DS. 3. Perform the ldap search. Ticket #811
* Moved web application context file.Endi S. Dewata2013-12-162-86/+79
| | | | | | | | | | | | | | The location of web application context file has been changed from <instance>/webapps/<name>/META-INF/context.xml into <instance>/conf/Catalina/localhost/<name>.xml. This will eventually allow deploying the web application directly from the shared folder. A new upgrade script has been added to move the context files in the existing instances. Ticket #499
* Replaced auth.properties with acl.properties.Endi S. Dewata2013-11-201-1/+1
| | | | | | | | | | | | | | The ACL mapping files have been renamed from auth.properties to acl.properties to match the actual content and moved into the subsystem conf folder. The authentication method mapping files have been extracted from the interceptor into actual files. The ACLInterceptor and AuthMethodInterceptors have been modified to read the default mapping first, then overwrite it with custom mapping if it exists in the subsystem folder. The UpdateAuthzProperties upgrade script has been replaced with RemoveAuthProperties that will remove the old auth.properties.
* Fix useradd command in pkispawn to not create avcAde Lee2013-11-191-2/+4
| | | | Ticket 803
* Renamed CLI commands.Endi S. Dewata2013-11-051-1/+1
| | | | | | | | | | | | | | | | | | The following commands have been renamed. The old commands will no longer work. * profile -> ca-profile * kraconnector -> ca-kraconnector The following commands have also been renamed, but the old commands will continue to work: * cert -> ca-cert * key -> kra-key The user and group commands have already been renamed to <subsytem>- user and <subsystem>-group. The old commands will continue to work and will use CA subsystem by default. Ticket #701
* Backup upgrade tracker.Endi S. Dewata2013-10-311-0/+1
| | | | | | | | | The upgrade framework has been modified to backup the files used to track the upgrade progress. If the tracker file is also modified by the upgrade scriptlet, it will only keep the initial backup (before any modifications were made). Ticket #763
* Stand-alone DRMMatthew Harmsen2013-10-252-263/+253
| | | | * TRAC Ticket #762 - Stand-alone DRM (cleanup tasks)
* Stand-alone DRMMatthew Harmsen2013-10-156-334/+597
| | | | * TRAC Ticket #667 - provide option for ca-less drm install
* Ticket 757 - Allow unescaped '%' characters in deployment file password valuesNathan Kinder2013-10-091-0/+33
| | | | | | | | | | | | | This patch allows password values in pkispawn deployment files to contain unescaped '%' characters. Non password settings support interpolation, so they still require escaping. This patch has been tested with deployment file based installs as well as interactive installs. The way it works is that we escape the password settings internally immediately after reading the deployment config file. The interactive installation code already escapes password values as it receives them from the user. This approach allows the rest of the installation code to remain as-is.
* Fixed pylint issue in pkiparser.py.Endi S. Dewata2013-10-071-1/+1
| | | | | | The exception handler in pkiparser.py has been modified to re-raise the exception such that it will be handled by the caller instead of exitting to the system immediately.
* Ticket 755 - Detect unescaped percent characters in deployment filesNathan Kinder2013-10-072-0/+12
| | | | | | | | | | | | The deployment config files used by pkispawn support interpolation as supplied by ConfigParser. Interpolation uses the '%' character, which means values that need to contain a '%' character need to be properly escaped. This patch detects errors with unescaped '%' characters and reports a useful message bac kto the user who is running pkispawn. This patch also adds notes to the pkispawn and pki_default.cfg man pages to explain that escaping of '%' characters is required.
* Changes to TPSConnectorService based on reviewAde Lee2013-09-301-1/+3
|
* Add service to generate and retrieve a shared secretAde Lee2013-09-303-0/+133
| | | | | | | | | | | | | | | | A new REST service has been added to the TKS to manage shared secrets. The shared secret is tied to the TKS-TPS connector, and is created at the end of the TPS configuration. At this point, the TPS contacts the TKS and requests that the shared secret be generated. The secret is returned to the TPS, wrapped using the subsystem certificate of the TPS. The TPS should then decrypt the shared secret and store it in its certificate database. This operations requires JSS changes, though, and so will be deferred to a later patch. For now, though, if the TPS and TKS share the same certdb, then it is sufficient to generate the shared secret. Clients and CLI are also provided. The CLI in particular is used to remove the TPSConnector entries and the shared secret when the TPS is pkidestroyed.
* Added interactive install for tomcat TPSAde Lee2013-09-201-0/+42
| | | | | | Up to now, only pkispawn with a config file worked for tomcat-tps installation. This patch adds the functionality for the interactive installation.
* Added new link for resteasy dependencyAde Lee2013-09-171-0/+2
| | | | | Resteasy 3.0.1 uses apache-commons-io. Also fixed PKIErrorInterceptor with correct method call and reformatted the interceptors.
* fixing for new tomcat systemd filesAde Lee2013-09-171-1/+1
| | | | | | | | tomcat now uses systemd unit files. We will reuse and customize those files accordingly. As a result, startup is simplified considerably - and pkidaemon has been gutted accordingly. We'll need to add migration scripts for older instances in a subsequent patch.
* TRAC Ticket #707 - Do not "require" the following pkispawn parameters for ↵Matthew Harmsen2013-09-161-19/+23
| | | | GUI-based configuration
* Catch all exceptions when checking for status.Ade Lee2013-09-062-10/+16
| | | | | | | | | | | | python-requests now throws a ProxyError if the server is not yet up. Previously only connect exceptions were seen. To ensure that we are not broken again when python-requests and the underlying libraries are changed, we will catch and log all exceptions. If the connection ultimately fails, we will time out in any case. Also fixed some new warnings from Pylint 1.0 Ticket 717
* Fixed pkispawn blocking during TPS deployment.Endi S. Dewata2013-08-261-2/+2
| | | | | | | Due to a recent change pkispawn would ask for the certificate database password interactively during TPS deployment. To fix the problem, the certutil invocation in pkihelper.py has been restored to the proper indentation.
* converted strings to lists and applied subprocess.check_call():Matthew Harmsen2013-08-221-168/+181
| | | | * TRAC Ticket #561 - Replace subprocess.call() with subprocess.check_call()
* By default, disable SSL3_RSA_WITH_DES_CBC_SHA.Matthew Harmsen2013-08-201-1/+1
| | | | * TRAC Ticket #706 - Disable SSL3_RSA_WITH_DES_CBC_SHA
* Fixed pylint false positive.Endi S. Dewata2013-08-161-4/+8
| | | | | | | Under some circumstances build would fail due to pylint E1103 error saying "Instance of 'list' has no 'strip' member". This is a false positive since the object is actually a string. To avoid the error the code has been changed to explicitly convert the value to string.
* Initial code to configure a TPS in tomcatAde Lee2013-08-132-1/+33
| | | | | This code allows pkispawn to configure a tps in tomcat. It does not include any config using the web UI panels.
* Fixed NullPointerException with external CA.Endi S. Dewata2013-07-231-2/+1
| | | | | | | The deployment tool has been modified to overwrite the pki_issuing_ca when configuring with external CA regardless of the default value. Bugzilla #986901
* Minor issue - redundant import in pkispawnAbhishek Koneru2013-07-221-2/+2
| | | | | | | A redundant import has been added in one ofthe previous patches. Fixed another small issue while using the escape character. Pylint fixes.
* Reorganized deployment tools.Endi S. Dewata2013-07-2219-0/+6710
| | | | | | | The pkispawn and pkidestroy scripts have been moved into sbin folder. The Python deployment library and the scriptlets were moved into pki.server.deployment and pki.server.deployment.scriptlets packages, respectively.
* Fix a defect in upgrade scripts.Abhishek Koneru2013-07-161-4/+4
| | | | | A bug introduced in upgrade scripts while fixing pylint errors and warnings are fixed.
* Fixes for issues reported by pylint.Abhishek Koneru2013-07-101-17/+17
| | | | | Fixes for issues in other files. Ticket #316
* Fixes for issues reported by pylint.Abhishek Koneru2013-07-031-4/+4
| | | | | Fixes for issues in other files. Ticket #316
* Fixes for issues reported by pylint.Abhishek Koneru2013-07-021-10/+10
| | | | | Fixes for issues in other files. Ticket #316
* Applied PEP8 formatting to python files.Abhishek Koneru2013-06-272-8/+8
| | | | | | | General formatting done for all the python files except for the line length issue, which could not be formatted using Pydev in Eclipse. Ticket #316
* Added support for backup/restore on upgrade.Endi Sukma Dewata2013-05-151-0/+6
| | | | | | | | | | The upgrade framework has been modified to support backup and restore functionality. A new method backup(filename) has been added to save a file into a backup folder. The CLI's have been modified to accept a --revert parameter which will restore the backup files one version at a time. Ticket #583
* Fixed undefined PKIException.Endi Sukma Dewata2013-04-291-2/+2
| | | | | The pki.server module has been fixed to include the module name of the PKIException.
* Fixed undefined BASE_DIR.Endi Sukma Dewata2013-04-291-4/+4
| | | | | The pki.server module has been fixed to include the module name of the BASE_DIR.
* Added upgrade scriptlet to add JNI_JAR_DIR.Endi Sukma Dewata2013-04-292-3/+1
| | | | | | | | | | A new upgrade scriptlet has been added to add JNI_JAR_DIR into pki.conf. The code to manipulate property files has been refactored from PKIUpgradeTracker into a separate PropertyFile class to allow reuse. The pki-base package has been modified to deliver a default pki.conf in /usr/share/pki/etc and copy it into /etc/pki if it doesn't exist.
* Fixed server upgrade problem on new installation.Endi Sukma Dewata2013-04-291-0/+4
| | | | | | | | The PKIServerUpgrader.get_current_version() incorrectly returns None if there is no instance on the system. It has been modified to return the target version so that no upgrade operation will occur. Bugzilla #957690
* Refactored upgrade framework into base and server upgrade.Endi Sukma Dewata2013-04-252-0/+400
The upgrade framework has been split into base and server upgrade frameworks since they will be run automatically by different RPM packages during upgrade. The base upgrade framework will upgrade the system configuration. The server upgrade framework will upgrade the instances and subsystems. Ticket #544
generated by cgit (git 2.34.1) at 2026-01-25 06:23:23 +0000