summaryrefslogtreecommitdiffstats
path: root/base/server/sbin
Commit message (Collapse)AuthorAgeFilesLines
* Added support for fine-grained installation steps.Endi S. Dewata2016-05-031-1/+39
| | | | https://fedorahosted.org/pki/ticket/2244
* Refactored initialization scriptlets.Endi S. Dewata2016-05-031-0/+2
|
* Fixed duplicate executions of finalization scriptlet.Endi S. Dewata2016-04-301-39/+110
| | | | | | | | | | | | | | | | | Previously the finalization scriptlet was always executed in each pkispawn execution. In multi-step installations (e.g. external CA, standalone, or installation/configuration-only mode) some of the code in the scriptlet such as enabling systemd service, restarting the service, and purging client database will be redundant. Now the scriptlet has been modified to execute only in the final step of the installation. The code that archives the deployment and manifest files has been moved into pkispawn to ensure that it is always executed in each pkispawn execution. For clarity the method that displays the installation summary has been broken up into separate methods for standalone step 1, installation-only mode, and configuration-only/full installation.
* Removed unused code for existing CA installation.Endi S. Dewata2016-04-301-16/+1
| | | | | | | | The print_existing_ca_step_one_information() has been removed from pkispawn since existing CA installation no longer requires two-step operation. https://fedorahosted.org/pki/ticket/1736
* Fixed incorrect clone installation summaryMatthew Harmsen2016-04-281-0/+6
| | | | - PKI TRAC Ticket #856 - Incorrect clone installation summary
* Removed unused variables in deployment scriptlets.Endi S. Dewata2016-04-282-28/+54
| | | | | | | | The unused rv instance variables in all deployment scriptlets have been removed. The spawn() and destroy() are now returning None instead of error code. If an error happens during execution the scriptlet will throw an exception which will be caught by pkispawn or pkidestroy and then displayed to the user.
* fix bashismsMatthew Harmsen2016-04-261-1/+1
| | | | | | - PKI TRAC Ticket #2249 - fix bashisms - changes 'source' to '.' - changes 'bash' to 'sh'
* Install tools clean-up.Endi S. Dewata2016-03-302-12/+12
| | | | | | | | | | | | Some variables in pkispawn and pkidestroy have been renamed for clarity. The unused PKI_CERT_DB_PASSWORD_SLOT variable has been removed. The constant pki_self_signed_token property has been moved into default.cfg. https://fedorahosted.org/pki/ticket/2247
* Add precheck option for pkispawn.Ade Lee2016-02-261-76/+101
| | | | | | | | | --precheck can be used to run specific tests prior to ensure that the installation parameters are sane, without actually doing the installation. There are also optional parameters to disable specific tests. Trac Ticket #2042
* Added pki-server commands to export system certificates.Endi S. Dewata2016-02-251-0/+9
| | | | | | | | | | | | | | | | Some pki-server commands have been added to simplify exporting the required certificates for subsystem installations. These commands will invoke the pki pkcs12 utility to export the certificates from the instance NSS database. The pki-server ca-cert-chain-export command will export the the certificate chain needed for installing additional subsystems running on a separate instance. The pki-server <subsystem>-clone-prepare commands will export the certificates required for cloning a subsystem. https://fedorahosted.org/pki/ticket/1742
* Modify dnsdomainname test in pkispawnAde Lee2016-02-172-2/+2
| | | | | | We do a check for the dnsdomainname, which fails in Openstack CI because this is not set. Instead of exiting, default to the hostname.
* Fixed KRA installation.Endi S. Dewata2016-02-031-1/+1
| | | | | | | | | Due to a recent change the KRA installation failed because the installer was trying to read the pki_external_csr_path parameter which is not available for KRA installation. The installer has been fixed to read the parameter in external CA case only. https://fedorahosted.org/pki/ticket/456
* Fixed installation summary for existing CA.Endi S. Dewata2016-01-231-3/+19
| | | | | | | The pkispawn has been modified to display the proper summary for external CA and existing CA cases. https://fedorahosted.org/pki/ticket/456
* Fixed external CA case for IPA compatibility.Endi S. Dewata2016-01-081-1/+22
| | | | | | | | | | | | | The installation code for external CA case has been fixed such that IPA can detect step 1 completion properly. The code that handles certificate data conversion has been fixed to reformat base-64 data for PEM output properly. The installation summary for step 1 has been updated to provide more accurate information. https://fedorahosted.org/pki/ticket/456
* Added CLI to update cert data and request in CS.cfg.Endi S. Dewata2015-09-041-0/+2
| | | | | | | | | A set of new pki-server commands have been added to simplify updating the cert data and cert request stored in the CS.cfg with the cert data and cert request stored in the NSS and LDAP database, respectively. https://fedorahosted.org/pki/ticket/1551
* Py3 compatibility: encode output of subprocess callChristian Heimes2015-08-172-9/+6
| | | | | | | | | In Python 3 subprocess.Popen() and check_out() return bytes. The rest of PKI expects text, so the output has to be decoded. - ascii for dnsdomainname - sys.getfilesystemencoding() for paths - utf-8 for the rest
* Py3 modernization: misc manual fixesChristian Heimes2015-08-171-6/+5
| | | | | | | | | | | | | | | | | | | | | | Python 3's exception class has no message attribute. e.message can either be replaced with string representation of e or e.args[0]. Use print(line, end='') instead of sys.stdout.write(). With end='' no new line is appended. Use six.reraise() to reraise an exception. Remove sys.exc_clear() as it is no longer available in Python 3. Conditionally import shutil.WindowsError. Use six.move to import correct modules / function like quote, urlparse and configparser. Silence some pylint warnings. pylint doesn't understand six.moves magic and emits a import-error warning. Add additional tox envs to check for Python 3 compatibility.
* Py3 modernization: libmodernize.fixes.fix_printChristian Heimes2015-08-174-125/+129
| | | | | | | | | Replace print statement with Python 3's print() function. For Python 2 'from __future__ import print_function' turns the print statement into Python 3 compatible print function. See https://www.python.org/dev/peps/pep-3105/
* Py3 modernization: libmodernize.fixes.fix_importChristian Heimes2015-08-174-0/+4
| | | | | | | | | | | | | | Enforce absolute imports or explicit relative imports. Python 3 no longer supports implicit relative imports, that is unqualified imports from a module's directory. In order to load a module from the same directory inside a package, use from . import module The future feature 'from __future__ import absolute_import' ensures that pki uses absolute imports on Python 2, too. See https://www.python.org/dev/peps/pep-0328/
* Make pki PEP 8 compatibleChristian Heimes2015-08-143-33/+34
| | | | | | | | | | | | | | | | | | | Large portions of the patch was automatically created with autopep8: find base/ -name '*.py' | xargs autopep8 --in-place --ignore E309 \ --aggressive find base/common/upgrade base/server/upgrade -type f -and \ -not -name .gitignore | autopep8 --in-place --ignore E309 --aggressive autopep8 --in-place --ignore E309 --aggressive \ base/common/sbin/pki-upgrade \ base/server/sbin/pkispawn \ base/server/sbin/pkidestroy \ base/server/sbin/pki-server \ base/server/sbin/pki-server-upgrade About two dozent violations were fixed manually. https://fedorahosted.org/pki/ticket/708
* In-tree tests and linting with toxChristian Heimes2015-07-102-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | | Before the patch it wasn't possible to run pylint outside a RPM build. The Python sources were split into common and server files in two separate trees. With setup.py and tox the pki package can now be installed and tested in a virtual env. Tox enables developers to automate installation and testing in Python virtual environment. The new tox.ini performs several tasks with one command: * It creates and installs a source distribution of pki packages and its command line scripts * It verifies that all CLI scripts can be execute (using its --help argument). * It runs pylint on all Python files and CLI scripts. * It can run flake8 on all Python and CLI files (disabled for now). * Finally it builds Sphinx autodocs. I had to delay the root check in pkispawn and pkidestroy and modify two files to get rid of Sphinx warnings. https://fedorahosted.org/pki/ticket/696 http://tox.readthedocs.org
* Limited Interactive Installation SupportMatthew Harmsen2015-07-021-33/+37
| | | | | - PKI TRAC Ticket #1441 - Lack of Interactive Installation Support (Cloning, Subordinates, Externals, HSMs, ECC)
* Displaying pkispawn/pkidestroy log file names.Endi S. Dewata2015-06-182-0/+4
| | | | | To simplify troubleshooting the pkispawn and pkidestroy have been modified to show the name of the log file used in each run.
* Suppress interactive HSM installationMatthew Harmsen2015-06-161-15/+20
| | | | - PKI TRAC Ticket #1417 - Interactive pkispawn of CA with HSM fails
* Cleaned up links in main page.Endi S. Dewata2015-06-111-8/+3
| | | | | | | | | | | | | The ROOT's index.jsp has been modified to show the links to all subsystems installed on the instance. When opened, it will show the services provided by the subsystem. The pkispawn output has been modified to show the subsystem URL more consistently: https://<hostname>:<port>/<subsystem> In all subsystems except TPS the page will redirect to: https://<hostname>:<port>/<subsystem>/services
* Fix interactive install to not reprompt for portsAde Lee2015-04-291-7/+31
| | | | | Ports are already set when deploying into an existing instance. Having a user re-enter these is repetitious and error prone.
* Add ability to pki-server to enable/disable nuxwdog for an instanceAde Lee2015-04-281-0/+3
| | | | | | This adds the ability to either enable or disable an instance using the pki-server utility. Additional documentation and additions to the man pages will be added in a separate patch.
* Added pki-server-nuxwdog tool to create config file for nuxwdogAde Lee2015-04-221-0/+43
| | | | | This config file can be used in starting up the instance in a standalone fashion.
* Added server migration command.Endi S. Dewata2015-04-211-3/+9
| | | | | | | | | | | | New pki-server CLI commands have been added to migrate the server configuration from Tomcat 7 to Tomcat 8 and vice versa. These commands can be used later during system upgrade to migrate existing instances from Tomcat 7 in F22 to Tomcat 8 in F23. The Python CLI framework has been refactored to provide a way to find other CLI modules by the command names. https://fedorahosted.org/pki/ticket/1264
* Add HSM options to pkispawnMatthew Harmsen2015-04-141-0/+27
| | | | - PKI TRAC Ticket #1346 - pkispawn should have an HSM library option
* pki-tomcatd fails to start on system bootMatthew Harmsen2015-04-131-6/+11
| | | | | - PKI TRAC Ticket #1315 - pki-tomcatd fails to start on system boot - PKI TRAC Ticket #1340 - pkidestroy should not remove /var/lib/pki
* Allow use of secure LDAPS connectionMatthew Harmsen2015-03-131-3/+38
| | | | - PKI TRAC Ticket #1144 - pkispawn needs option to specify ca cert for ldap
* PKI TRAC Ticket #1284 - pkispawn URL redirect issue (simple fix)Matthew Harmsen2015-03-061-0/+4
|
* Fixed pylint report.Endi S. Dewata2015-02-053-7/+7
| | | | | | | | | | | | | | | Previously pylint report was saved it into a file which may not be accessible on a build system. The pylint-build-scan.sh has been changed to display the report so it will appear in the build log. The pylint configuration has also been modified to disable C and R messages by default. This way when other errors or warnings occur the build will fail without having to check for specific codes. Some Python codes have been modified to reduce the number of pylint warnings. https://fedorahosted.org/pki/ticket/703
* Added server management CLI.Endi S. Dewata2015-01-281-0/+84
| | | | | | | | | | | | | A new pki-server CLI has been added to manage the instances and subsystems using the server management library. This CLI manages the system files directly, so it can only be run locally on the server by the system administrator. The autoDeploy setting in server.xml has been enabled by default. An upgrade script has been added to enable the autoDeploy setting in existing instances. https://fedorahosted.org/pki/ticket/1183
* Fix sub-CA installation with own security domainAde Lee2014-10-011-8/+1
| | | | | | | | | Installation code failed to anticipate installation of a subordinate CA that would host its own security domain. This patch includes changes to python installation code, java configuration servlet and changes to man pages. Ticket 1132
* Disable PKI GUI ConfigurationMatthew Harmsen2014-08-281-3/+3
| | | | - PKI TRAC Ticket #1120 - Remove Firefox PKI GUI Configuration Panel Interface
* More formatting changesAde Lee2014-06-101-5/+4
| | | | | Improve the layout of strings in pkimessages and fix a couple more PEP 8 issues.
* Fix pycharm warnings for server python classesAde Lee2014-06-103-90/+176
| | | | | Mostly reformatting due to PEP8. Not all pycharm warnings are addressed, but the vast majority are.
* Modify master_dict to mdict to improve readabilityAde Lee2014-06-102-41/+41
| | | | | | Most of the install python scripts do not meet PEP8 including being less than 80 chars. Changing master_dict to mdict helps fix this and improves or at least does not degrade readability.
* Add methods to getKeyInfo and change key statusAde Lee2014-02-191-1/+0
|
* Added decorator to handle exceptionsAde Lee2014-02-192-8/+8
| | | | | | Decorator catches HttpErrorExceptions from Requests and extracts the relevant PKIException object, and rethrows it.
* Cannot connect to ds when anon. access is offAbhishek Koneru2014-01-081-18/+3
| | | | | | | | | | | | | The connection to ds is checked during installation. But the current method of checking the ds connection before binding with the ds throws an Inappropriate Authentication error when Anonymous access is off. This patch uses the following method to check the connection to a DS server. 1. Initialize the connection 2. Bind with the DS. 3. Perform the ldap search. Ticket #811
* Stand-alone DRMMatthew Harmsen2013-10-151-8/+21
| | | | * TRAC Ticket #667 - provide option for ca-less drm install
* Added interactive install for tomcat TPSAde Lee2013-09-201-0/+65
| | | | | | Up to now, only pkispawn with a config file worked for tomcat-tps installation. This patch adds the functionality for the interactive installation.
* TRAC Ticket #707 - Do not "require" the following pkispawn parameters for ↵Matthew Harmsen2013-09-161-0/+20
| | | | GUI-based configuration
* Fixed pylint false positive.Endi S. Dewata2013-08-162-4/+6
| | | | | | | Under some circumstances build would fail due to pylint E1103 error saying "Instance of 'list' has no 'strip' member". This is a false positive since the object is actually a string. To avoid the error the code has been changed to explicitly convert the value to string.
* Added man pages for upgrade tools.Endi S. Dewata2013-07-221-16/+18
| | | | | | | New man pages have been added for pki-upgrade and pki-server-upgrade. The spec file and build scripts have been updated accordingly. Ticket #582
* Minor issue - redundant import in pkispawnAbhishek Koneru2013-07-221-1/+0
| | | | | | | A redundant import has been added in one ofthe previous patches. Fixed another small issue while using the escape character. Pylint fixes.
* Reorganized deployment tools.Endi S. Dewata2013-07-222-0/+697
| | | | | | | The pkispawn and pkidestroy scripts have been moved into sbin folder. The Python deployment library and the scriptlets were moved into pki.server.deployment and pki.server.deployment.scriptlets packages, respectively.
generated by cgit (git 2.34.1) at 2024-05-28 03:39:00 +0000