summaryrefslogtreecommitdiffstats
path: root/base/server/sbin/pkispawn
Commit message (Collapse)AuthorAgeFilesLines
* Removed superfluous deployment configuration backup.Endi S. Dewata2017-06-021-6/+1
| | | | | | | | | | | | The pkispawn has been modified to generate a temporary backup file (instead of permanent and timestamped backup files) of the deployment configuration file before normalizing its content. The temporary backup will be removed automatically when the normalization is complete. https://pagure.io/dogtagpki/issue/2674 Change-Id: Ia541e23314acc120954fa574d1f6f885961c8047
* Added pkispawn options for two-step installation.Endi S. Dewata2017-05-311-6/+34
| | | | | | | | | | | New --skip-configuration and --skip-installation options have been added to pkispawn to provide a mechanism to set the pki_skip_configuration and pki_skip_installation parameters without changing the deployment configuration file. https://pagure.io/dogtagpki/issue/2707 Change-Id: I069b51b5be65dee2fe0f4ca75e3693bcd21007de
* Correct section headings in user deployment configuration fileMatthew Harmsen2017-05-171-0/+39
| | | | | | Bugzilla Bug #1447144 - CA brought down during separate KRA instance creation dogtagpki Pagure Issue #2674 - CA brought down during separate KRA instance creation
* Added FIPS class to pkispawnMatthew Harmsen2017-05-161-0/+10
| | | | | Bugzilla Bug #1450143 - CA installation with HSM in FIPS mode fails dogtagpki Pagure Issue #2684 - CA installation with HSM in FIPS mode fails
* Refactored deployment system variables.Endi S. Dewata2016-12-221-21/+0
| | | | | | To improve reusability the deployment system variables have been converted from global variables in pkiconfig.py into attributes in PKIDeployer.
* Refactored deployment timestamp variables.Endi S. Dewata2016-12-221-12/+1
| | | | | | To improve reusability the deployment timestamp variables have been converted from global variables in pkiconfig.py into attributes in PKIDeployer.
* Refactored PKIDeployer.Endi S. Dewata2016-12-221-2/+2
| | | | | To improve reusability the PKIDeployer class has been moved from the pkihelper.py into the top level pki.server.deployment module.
* Refactored pki_subsystem object in pkiconfig.py.Endi S. Dewata2016-12-211-56/+57
| | | | | | To improve reusability the pki_subsystem object has been converted from a global variable in pkiconfig.py into an attribute in PKIDeployer.
* Refactored master & slots dictionaries creation.Endi S. Dewata2016-12-211-2/+5
| | | | | | | To improve reusability the deployment tools have been modified such that the master and slots dictionary objects are created in PKIDeployer at the beginning of the program. The PKIConfigParser has been modified to use the same dictionary objects.
* Improved SystemConfigService.configure() error message.Endi S. Dewata2016-08-081-2/+18
| | | | | | | | | | | The pkispawn has been modified to improve the way it displays the error message returned by SystemConfigService.configure(). If the method throws a PKIException, the response is returned as a JSON message, so pkispawn will parse it and display the actual error message. For other exceptions pkispawn will display the entire HTML message returned by Tomcat. https://fedorahosted.org/pki/ticket/2399
* Fixed pkispawn installation summary.Endi S. Dewata2016-07-201-4/+3
| | | | | | | | | The pkispawn installation summary has been modified not to show the admin certificate nickname and NSS database if pki_client_database_purge or pki_clone is set to true since the NSS database will not be created in those cases. https://fedorahosted.org/pki/ticket/2399
* Removed redundant question in interactive pkispawn.Endi S. Dewata2016-07-201-4/+4
| | | | | | | | The pkispawn has been modified such that if the admin selects to import the admin certificate the admin will not be asked where to export the certificate. https://fedorahosted.org/pki/ticket/2399
* Fixed install-only message in external CA case.Endi S. Dewata2016-05-121-9/+4
| | | | | | | | | | | | | | | | | | Previously, in external CA case if pkispawn was executed with pki_skip_configuration=True, it would stop the execution before the step 1 was fully completed (i.e. generating CSR), but it would incorrectly show a message indicating the CSR has been generated. The code that displays the installation summary has been fixed to check for pki_skip_configuration first before checking for external CA case to ensure that it displays the appropriate message for each step. The code that generates the Tomcat instance systemd service link was moved into instance_layout.py to avoid redundant executions. The pkispawn and pkidestroy have also be modified to remove redundant log of deployment parameters in master dictionary.
* Fixed duplicate executions of finalization scriptlet.Endi S. Dewata2016-04-301-39/+110
| | | | | | | | | | | | | | | | | Previously the finalization scriptlet was always executed in each pkispawn execution. In multi-step installations (e.g. external CA, standalone, or installation/configuration-only mode) some of the code in the scriptlet such as enabling systemd service, restarting the service, and purging client database will be redundant. Now the scriptlet has been modified to execute only in the final step of the installation. The code that archives the deployment and manifest files has been moved into pkispawn to ensure that it is always executed in each pkispawn execution. For clarity the method that displays the installation summary has been broken up into separate methods for standalone step 1, installation-only mode, and configuration-only/full installation.
* Removed unused code for existing CA installation.Endi S. Dewata2016-04-301-16/+1
| | | | | | | | The print_existing_ca_step_one_information() has been removed from pkispawn since existing CA installation no longer requires two-step operation. https://fedorahosted.org/pki/ticket/1736
* Fixed incorrect clone installation summaryMatthew Harmsen2016-04-281-0/+6
| | | | - PKI TRAC Ticket #856 - Incorrect clone installation summary
* Removed unused variables in deployment scriptlets.Endi S. Dewata2016-04-281-19/+20
| | | | | | | | The unused rv instance variables in all deployment scriptlets have been removed. The spawn() and destroy() are now returning None instead of error code. If an error happens during execution the scriptlet will throw an exception which will be caught by pkispawn or pkidestroy and then displayed to the user.
* Install tools clean-up.Endi S. Dewata2016-03-301-6/+6
| | | | | | | | | | | | Some variables in pkispawn and pkidestroy have been renamed for clarity. The unused PKI_CERT_DB_PASSWORD_SLOT variable has been removed. The constant pki_self_signed_token property has been moved into default.cfg. https://fedorahosted.org/pki/ticket/2247
* Add precheck option for pkispawn.Ade Lee2016-02-261-76/+101
| | | | | | | | | --precheck can be used to run specific tests prior to ensure that the installation parameters are sane, without actually doing the installation. There are also optional parameters to disable specific tests. Trac Ticket #2042
* Modify dnsdomainname test in pkispawnAde Lee2016-02-171-1/+1
| | | | | | We do a check for the dnsdomainname, which fails in Openstack CI because this is not set. Instead of exiting, default to the hostname.
* Fixed KRA installation.Endi S. Dewata2016-02-031-1/+1
| | | | | | | | | Due to a recent change the KRA installation failed because the installer was trying to read the pki_external_csr_path parameter which is not available for KRA installation. The installer has been fixed to read the parameter in external CA case only. https://fedorahosted.org/pki/ticket/456
* Fixed installation summary for existing CA.Endi S. Dewata2016-01-231-3/+19
| | | | | | | The pkispawn has been modified to display the proper summary for external CA and existing CA cases. https://fedorahosted.org/pki/ticket/456
* Fixed external CA case for IPA compatibility.Endi S. Dewata2016-01-081-1/+22
| | | | | | | | | | | | | The installation code for external CA case has been fixed such that IPA can detect step 1 completion properly. The code that handles certificate data conversion has been fixed to reformat base-64 data for PEM output properly. The installation summary for step 1 has been updated to provide more accurate information. https://fedorahosted.org/pki/ticket/456
* Py3 compatibility: encode output of subprocess callChristian Heimes2015-08-171-4/+3
| | | | | | | | | In Python 3 subprocess.Popen() and check_out() return bytes. The rest of PKI expects text, so the output has to be decoded. - ascii for dnsdomainname - sys.getfilesystemencoding() for paths - utf-8 for the rest
* Py3 modernization: misc manual fixesChristian Heimes2015-08-171-6/+5
| | | | | | | | | | | | | | | | | | | | | | Python 3's exception class has no message attribute. e.message can either be replaced with string representation of e or e.args[0]. Use print(line, end='') instead of sys.stdout.write(). With end='' no new line is appended. Use six.reraise() to reraise an exception. Remove sys.exc_clear() as it is no longer available in Python 3. Conditionally import shutil.WindowsError. Use six.move to import correct modules / function like quote, urlparse and configparser. Silence some pylint warnings. pylint doesn't understand six.moves magic and emits a import-error warning. Add additional tox envs to check for Python 3 compatibility.
* Py3 modernization: libmodernize.fixes.fix_printChristian Heimes2015-08-171-62/+63
| | | | | | | | | Replace print statement with Python 3's print() function. For Python 2 'from __future__ import print_function' turns the print statement into Python 3 compatible print function. See https://www.python.org/dev/peps/pep-3105/
* Py3 modernization: libmodernize.fixes.fix_importChristian Heimes2015-08-171-0/+1
| | | | | | | | | | | | | | Enforce absolute imports or explicit relative imports. Python 3 no longer supports implicit relative imports, that is unqualified imports from a module's directory. In order to load a module from the same directory inside a package, use from . import module The future feature 'from __future__ import absolute_import' ensures that pki uses absolute imports on Python 2, too. See https://www.python.org/dev/peps/pep-0328/
* Make pki PEP 8 compatibleChristian Heimes2015-08-141-26/+28
| | | | | | | | | | | | | | | | | | | Large portions of the patch was automatically created with autopep8: find base/ -name '*.py' | xargs autopep8 --in-place --ignore E309 \ --aggressive find base/common/upgrade base/server/upgrade -type f -and \ -not -name .gitignore | autopep8 --in-place --ignore E309 --aggressive autopep8 --in-place --ignore E309 --aggressive \ base/common/sbin/pki-upgrade \ base/server/sbin/pkispawn \ base/server/sbin/pkidestroy \ base/server/sbin/pki-server \ base/server/sbin/pki-server-upgrade About two dozent violations were fixed manually. https://fedorahosted.org/pki/ticket/708
* In-tree tests and linting with toxChristian Heimes2015-07-101-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | Before the patch it wasn't possible to run pylint outside a RPM build. The Python sources were split into common and server files in two separate trees. With setup.py and tox the pki package can now be installed and tested in a virtual env. Tox enables developers to automate installation and testing in Python virtual environment. The new tox.ini performs several tasks with one command: * It creates and installs a source distribution of pki packages and its command line scripts * It verifies that all CLI scripts can be execute (using its --help argument). * It runs pylint on all Python files and CLI scripts. * It can run flake8 on all Python and CLI files (disabled for now). * Finally it builds Sphinx autodocs. I had to delay the root check in pkispawn and pkidestroy and modify two files to get rid of Sphinx warnings. https://fedorahosted.org/pki/ticket/696 http://tox.readthedocs.org
* Limited Interactive Installation SupportMatthew Harmsen2015-07-021-33/+37
| | | | | - PKI TRAC Ticket #1441 - Lack of Interactive Installation Support (Cloning, Subordinates, Externals, HSMs, ECC)
* Displaying pkispawn/pkidestroy log file names.Endi S. Dewata2015-06-181-0/+2
| | | | | To simplify troubleshooting the pkispawn and pkidestroy have been modified to show the name of the log file used in each run.
* Suppress interactive HSM installationMatthew Harmsen2015-06-161-15/+20
| | | | - PKI TRAC Ticket #1417 - Interactive pkispawn of CA with HSM fails
* Cleaned up links in main page.Endi S. Dewata2015-06-111-8/+3
| | | | | | | | | | | | | The ROOT's index.jsp has been modified to show the links to all subsystems installed on the instance. When opened, it will show the services provided by the subsystem. The pkispawn output has been modified to show the subsystem URL more consistently: https://<hostname>:<port>/<subsystem> In all subsystems except TPS the page will redirect to: https://<hostname>:<port>/<subsystem>/services
* Fix interactive install to not reprompt for portsAde Lee2015-04-291-7/+31
| | | | | Ports are already set when deploying into an existing instance. Having a user re-enter these is repetitious and error prone.
* Add HSM options to pkispawnMatthew Harmsen2015-04-141-0/+27
| | | | - PKI TRAC Ticket #1346 - pkispawn should have an HSM library option
* pki-tomcatd fails to start on system bootMatthew Harmsen2015-04-131-6/+11
| | | | | - PKI TRAC Ticket #1315 - pki-tomcatd fails to start on system boot - PKI TRAC Ticket #1340 - pkidestroy should not remove /var/lib/pki
* Allow use of secure LDAPS connectionMatthew Harmsen2015-03-131-3/+38
| | | | - PKI TRAC Ticket #1144 - pkispawn needs option to specify ca cert for ldap
* PKI TRAC Ticket #1284 - pkispawn URL redirect issue (simple fix)Matthew Harmsen2015-03-061-0/+4
|
* Fixed pylint report.Endi S. Dewata2015-02-051-5/+5
| | | | | | | | | | | | | | | Previously pylint report was saved it into a file which may not be accessible on a build system. The pylint-build-scan.sh has been changed to display the report so it will appear in the build log. The pylint configuration has also been modified to disable C and R messages by default. This way when other errors or warnings occur the build will fail without having to check for specific codes. Some Python codes have been modified to reduce the number of pylint warnings. https://fedorahosted.org/pki/ticket/703
* Fix sub-CA installation with own security domainAde Lee2014-10-011-8/+1
| | | | | | | | | Installation code failed to anticipate installation of a subordinate CA that would host its own security domain. This patch includes changes to python installation code, java configuration servlet and changes to man pages. Ticket 1132
* Disable PKI GUI ConfigurationMatthew Harmsen2014-08-281-3/+3
| | | | - PKI TRAC Ticket #1120 - Remove Firefox PKI GUI Configuration Panel Interface
* More formatting changesAde Lee2014-06-101-5/+4
| | | | | Improve the layout of strings in pkimessages and fix a couple more PEP 8 issues.
* Fix pycharm warnings for server python classesAde Lee2014-06-101-60/+133
| | | | | Mostly reformatting due to PEP8. Not all pycharm warnings are addressed, but the vast majority are.
* Modify master_dict to mdict to improve readabilityAde Lee2014-06-101-36/+36
| | | | | | Most of the install python scripts do not meet PEP8 including being less than 80 chars. Changing master_dict to mdict helps fix this and improves or at least does not degrade readability.
* Add methods to getKeyInfo and change key statusAde Lee2014-02-191-1/+0
|
* Added decorator to handle exceptionsAde Lee2014-02-191-6/+6
| | | | | | Decorator catches HttpErrorExceptions from Requests and extracts the relevant PKIException object, and rethrows it.
* Cannot connect to ds when anon. access is offAbhishek Koneru2014-01-081-18/+3
| | | | | | | | | | | | | The connection to ds is checked during installation. But the current method of checking the ds connection before binding with the ds throws an Inappropriate Authentication error when Anonymous access is off. This patch uses the following method to check the connection to a DS server. 1. Initialize the connection 2. Bind with the DS. 3. Perform the ldap search. Ticket #811
* Stand-alone DRMMatthew Harmsen2013-10-151-8/+21
| | | | * TRAC Ticket #667 - provide option for ca-less drm install
* Added interactive install for tomcat TPSAde Lee2013-09-201-0/+65
| | | | | | Up to now, only pkispawn with a config file worked for tomcat-tps installation. This patch adds the functionality for the interactive installation.
* TRAC Ticket #707 - Do not "require" the following pkispawn parameters for ↵Matthew Harmsen2013-09-161-0/+20
| | | | GUI-based configuration
generated by cgit (git 2.34.1) at 2026-03-06 14:34:34 +0000