| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
https://fedorahosted.org/pki/ticket/2244
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously the finalization scriptlet was always executed in each
pkispawn execution. In multi-step installations (e.g. external CA,
standalone, or installation/configuration-only mode) some of the
code in the scriptlet such as enabling systemd service, restarting
the service, and purging client database will be redundant.
Now the scriptlet has been modified to execute only in the final
step of the installation. The code that archives the deployment
and manifest files has been moved into pkispawn to ensure that it
is always executed in each pkispawn execution.
For clarity the method that displays the installation summary has
been broken up into separate methods for standalone step 1,
installation-only mode, and configuration-only/full installation.
|
|
|
|
|
|
|
|
| |
The print_existing_ca_step_one_information() has been removed from
pkispawn since existing CA installation no longer requires two-step
operation.
https://fedorahosted.org/pki/ticket/1736
|
|
|
|
| |
- PKI TRAC Ticket #856 - Incorrect clone installation summary
|
|
|
|
|
|
|
|
| |
The unused rv instance variables in all deployment scriptlets have
been removed. The spawn() and destroy() are now returning None
instead of error code. If an error happens during execution the
scriptlet will throw an exception which will be caught by pkispawn
or pkidestroy and then displayed to the user.
|
|
|
|
|
|
| |
- PKI TRAC Ticket #2249 - fix bashisms
- changes 'source' to '.'
- changes 'bash' to 'sh'
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some variables in pkispawn and pkidestroy have been renamed for
clarity.
The unused PKI_CERT_DB_PASSWORD_SLOT variable has been removed.
The constant pki_self_signed_token property has been moved into
default.cfg.
https://fedorahosted.org/pki/ticket/2247
|
|
|
|
|
|
|
|
|
| |
--precheck can be used to run specific tests prior to ensure
that the installation parameters are sane, without actually
doing the installation.
There are also optional parameters to disable specific tests.
Trac Ticket #2042
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some pki-server commands have been added to simplify exporting
the required certificates for subsystem installations. These
commands will invoke the pki pkcs12 utility to export the
certificates from the instance NSS database.
The pki-server ca-cert-chain-export command will export the
the certificate chain needed for installing additional
subsystems running on a separate instance.
The pki-server <subsystem>-clone-prepare commands will export
the certificates required for cloning a subsystem.
https://fedorahosted.org/pki/ticket/1742
|
|
|
|
|
|
| |
We do a check for the dnsdomainname, which fails in Openstack
CI because this is not set. Instead of exiting, default to
the hostname.
|
|
|
|
|
|
|
|
|
| |
Due to a recent change the KRA installation failed because the
installer was trying to read the pki_external_csr_path parameter
which is not available for KRA installation. The installer has
been fixed to read the parameter in external CA case only.
https://fedorahosted.org/pki/ticket/456
|
|
|
|
|
|
|
| |
The pkispawn has been modified to display the proper summary for
external CA and existing CA cases.
https://fedorahosted.org/pki/ticket/456
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The installation code for external CA case has been fixed such
that IPA can detect step 1 completion properly.
The code that handles certificate data conversion has been fixed
to reformat base-64 data for PEM output properly.
The installation summary for step 1 has been updated to provide
more accurate information.
https://fedorahosted.org/pki/ticket/456
|
|
|
|
|
|
|
|
|
| |
A set of new pki-server commands have been added to simplify
updating the cert data and cert request stored in the CS.cfg with
the cert data and cert request stored in the NSS and LDAP database,
respectively.
https://fedorahosted.org/pki/ticket/1551
|
|
|
|
|
|
|
|
|
| |
In Python 3 subprocess.Popen() and check_out() return bytes. The rest of
PKI expects text, so the output has to be decoded.
- ascii for dnsdomainname
- sys.getfilesystemencoding() for paths
- utf-8 for the rest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Python 3's exception class has no message attribute. e.message can
either be replaced with string representation of e or e.args[0].
Use print(line, end='') instead of sys.stdout.write(). With end='' no
new line is appended.
Use six.reraise() to reraise an exception.
Remove sys.exc_clear() as it is no longer available in Python 3.
Conditionally import shutil.WindowsError.
Use six.move to import correct modules / function like quote, urlparse
and configparser.
Silence some pylint warnings. pylint doesn't understand six.moves magic
and emits a import-error warning.
Add additional tox envs to check for Python 3 compatibility.
|
|
|
|
|
|
|
|
|
| |
Replace print statement with Python 3's print() function.
For Python 2 'from __future__ import print_function' turns the print
statement into Python 3 compatible print function.
See https://www.python.org/dev/peps/pep-3105/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enforce absolute imports or explicit relative imports. Python 3 no
longer supports implicit relative imports, that is unqualified imports
from a module's directory. In order to load a module from the same
directory inside a package, use
from . import module
The future feature 'from __future__ import absolute_import' ensures that
pki uses absolute imports on Python 2, too.
See https://www.python.org/dev/peps/pep-0328/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Large portions of the patch was automatically created with autopep8:
find base/ -name '*.py' | xargs autopep8 --in-place --ignore E309 \
--aggressive
find base/common/upgrade base/server/upgrade -type f -and \
-not -name .gitignore | autopep8 --in-place --ignore E309 --aggressive
autopep8 --in-place --ignore E309 --aggressive \
base/common/sbin/pki-upgrade \
base/server/sbin/pkispawn \
base/server/sbin/pkidestroy \
base/server/sbin/pki-server \
base/server/sbin/pki-server-upgrade
About two dozent violations were fixed manually.
https://fedorahosted.org/pki/ticket/708
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before the patch it wasn't possible to run pylint outside a RPM build.
The Python sources were split into common and server files in two
separate trees. With setup.py and tox the pki package can now be
installed and tested in a virtual env.
Tox enables developers to automate installation and testing in Python
virtual environment. The new tox.ini performs several tasks with one
command:
* It creates and installs a source distribution of pki packages and its
command line scripts
* It verifies that all CLI scripts can be execute (using its --help
argument).
* It runs pylint on all Python files and CLI scripts.
* It can run flake8 on all Python and CLI files (disabled for now).
* Finally it builds Sphinx autodocs.
I had to delay the root check in pkispawn and pkidestroy and modify two
files to get rid of Sphinx warnings.
https://fedorahosted.org/pki/ticket/696
http://tox.readthedocs.org
|
|
|
|
|
| |
- PKI TRAC Ticket #1441 - Lack of Interactive Installation Support
(Cloning, Subordinates, Externals, HSMs, ECC)
|
|
|
|
|
| |
To simplify troubleshooting the pkispawn and pkidestroy have been
modified to show the name of the log file used in each run.
|
|
|
|
| |
- PKI TRAC Ticket #1417 - Interactive pkispawn of CA with HSM fails
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ROOT's index.jsp has been modified to show the links to all
subsystems installed on the instance. When opened, it will show
the services provided by the subsystem.
The pkispawn output has been modified to show the subsystem URL
more consistently:
https://<hostname>:<port>/<subsystem>
In all subsystems except TPS the page will redirect to:
https://<hostname>:<port>/<subsystem>/services
|
|
|
|
|
| |
Ports are already set when deploying into an existing instance.
Having a user re-enter these is repetitious and error prone.
|
|
|
|
|
|
| |
This adds the ability to either enable or disable an instance using
the pki-server utility. Additional documentation and additions to the
man pages will be added in a separate patch.
|
|
|
|
|
| |
This config file can be used in starting up the instance in a
standalone fashion.
|
|
|
|
|
|
|
|
|
|
|
|
| |
New pki-server CLI commands have been added to migrate the server
configuration from Tomcat 7 to Tomcat 8 and vice versa. These
commands can be used later during system upgrade to migrate
existing instances from Tomcat 7 in F22 to Tomcat 8 in F23.
The Python CLI framework has been refactored to provide a way to
find other CLI modules by the command names.
https://fedorahosted.org/pki/ticket/1264
|
|
|
|
| |
- PKI TRAC Ticket #1346 - pkispawn should have an HSM library option
|
|
|
|
|
| |
- PKI TRAC Ticket #1315 - pki-tomcatd fails to start on system boot
- PKI TRAC Ticket #1340 - pkidestroy should not remove /var/lib/pki
|
|
|
|
| |
- PKI TRAC Ticket #1144 - pkispawn needs option to specify ca cert for ldap
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously pylint report was saved it into a file which may not be
accessible on a build system. The pylint-build-scan.sh has been
changed to display the report so it will appear in the build log.
The pylint configuration has also been modified to disable C and R
messages by default. This way when other errors or warnings occur
the build will fail without having to check for specific codes.
Some Python codes have been modified to reduce the number of pylint
warnings.
https://fedorahosted.org/pki/ticket/703
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A new pki-server CLI has been added to manage the instances and
subsystems using the server management library. This CLI manages
the system files directly, so it can only be run locally on the
server by the system administrator.
The autoDeploy setting in server.xml has been enabled by default.
An upgrade script has been added to enable the autoDeploy setting
in existing instances.
https://fedorahosted.org/pki/ticket/1183
|
|
|
|
|
|
|
|
|
| |
Installation code failed to anticipate installation of a subordinate
CA that would host its own security domain. This patch includes changes
to python installation code, java configuration servlet and
changes to man pages.
Ticket 1132
|
|
|
|
| |
- PKI TRAC Ticket #1120 - Remove Firefox PKI GUI Configuration Panel Interface
|
|
|
|
|
| |
Improve the layout of strings in pkimessages and fix
a couple more PEP 8 issues.
|
|
|
|
|
| |
Mostly reformatting due to PEP8. Not all pycharm warnings are
addressed, but the vast majority are.
|
|
|
|
|
|
| |
Most of the install python scripts do not meet PEP8 including
being less than 80 chars. Changing master_dict to mdict helps
fix this and improves or at least does not degrade readability.
|
| |
|
|
|
|
|
|
| |
Decorator catches HttpErrorExceptions from Requests
and extracts the relevant PKIException object, and rethrows
it.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The connection to ds is checked during installation.
But the current method of checking the ds connection before
binding with the ds throws an Inappropriate Authentication error
when Anonymous access is off. This patch uses the following method to
check the connection to a DS server.
1. Initialize the connection
2. Bind with the DS.
3. Perform the ldap search.
Ticket #811
|
|
|
|
| |
* TRAC Ticket #667 - provide option for ca-less drm install
|
|
|
|
|
|
| |
Up to now, only pkispawn with a config file worked for tomcat-tps
installation. This patch adds the functionality for the interactive
installation.
|
|
|
|
| |
GUI-based configuration
|
|
|
|
|
|
|
| |
Under some circumstances build would fail due to pylint E1103 error
saying "Instance of 'list' has no 'strip' member". This is a false
positive since the object is actually a string. To avoid the error
the code has been changed to explicitly convert the value to string.
|
|
|
|
|
|
|
| |
New man pages have been added for pki-upgrade and pki-server-upgrade.
The spec file and build scripts have been updated accordingly.
Ticket #582
|
|
|
|
|
|
|
| |
A redundant import has been added in one ofthe previous patches.
Fixed another small issue while using the escape character.
Pylint fixes.
|
|
|
|
|
|
|
| |
The pkispawn and pkidestroy scripts have been moved into sbin folder.
The Python deployment library and the scriptlets were moved into
pki.server.deployment and pki.server.deployment.scriptlets packages,
respectively.
|