summaryrefslogtreecommitdiffstats
path: root/base/server/sbin
Commit message (Collapse)AuthorAgeFilesLines
* Added banner validation during server startup.Endi S. Dewata2017-06-161-0/+2
| | | | | | | | | | | | Some pki-server CLIs have been added to inspect and validate the content of the banner file. The PKI server startup script has been modified to validate the content of the banner file using the new CLI. https://pagure.io/dogtagpki/issue/2671 Change-Id: Ibc51afee184d0a720cc0d2961af08ef75d2b54c4
* Removed superfluous deployment configuration backup.Endi S. Dewata2017-06-021-6/+1
| | | | | | | | | | | | The pkispawn has been modified to generate a temporary backup file (instead of permanent and timestamped backup files) of the deployment configuration file before normalizing its content. The temporary backup will be removed automatically when the normalization is complete. https://pagure.io/dogtagpki/issue/2674 Change-Id: Ia541e23314acc120954fa574d1f6f885961c8047
* Added pkispawn options for two-step installation.Endi S. Dewata2017-05-311-6/+34
| | | | | | | | | | | New --skip-configuration and --skip-installation options have been added to pkispawn to provide a mechanism to set the pki_skip_configuration and pki_skip_installation parameters without changing the deployment configuration file. https://pagure.io/dogtagpki/issue/2707 Change-Id: I069b51b5be65dee2fe0f4ca75e3693bcd21007de
* Correct section headings in user deployment configuration fileMatthew Harmsen2017-05-171-0/+39
| | | | | | Bugzilla Bug #1447144 - CA brought down during separate KRA instance creation dogtagpki Pagure Issue #2674 - CA brought down during separate KRA instance creation
* Added FIPS class to pkispawnMatthew Harmsen2017-05-161-0/+10
| | | | | Bugzilla Bug #1450143 - CA installation with HSM in FIPS mode fails dogtagpki Pagure Issue #2684 - CA installation with HSM in FIPS mode fails
* Refactored deployment system variables.Endi S. Dewata2016-12-222-43/+0
| | | | | | To improve reusability the deployment system variables have been converted from global variables in pkiconfig.py into attributes in PKIDeployer.
* Refactored deployment timestamp variables.Endi S. Dewata2016-12-222-24/+2
| | | | | | To improve reusability the deployment timestamp variables have been converted from global variables in pkiconfig.py into attributes in PKIDeployer.
* Refactored PKIDeployer.Endi S. Dewata2016-12-222-4/+4
| | | | | To improve reusability the PKIDeployer class has been moved from the pkihelper.py into the top level pki.server.deployment module.
* Refactored pki_subsystem object in pkiconfig.py.Endi S. Dewata2016-12-212-65/+67
| | | | | | To improve reusability the pki_subsystem object has been converted from a global variable in pkiconfig.py into an attribute in PKIDeployer.
* Refactored master & slots dictionaries creation.Endi S. Dewata2016-12-212-4/+10
| | | | | | | To improve reusability the deployment tools have been modified such that the master and slots dictionary objects are created in PKIDeployer at the beginning of the program. The PKIConfigParser has been modified to use the same dictionary objects.
* Added check for pki-server-nuxwdog parameterAbhijeet Kasurde2016-08-291-1/+11
| | | | | | Partially fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1353245 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Improved SystemConfigService.configure() error message.Endi S. Dewata2016-08-081-2/+18
| | | | | | | | | | | The pkispawn has been modified to improve the way it displays the error message returned by SystemConfigService.configure(). If the method throws a PKIException, the response is returned as a JSON message, so pkispawn will parse it and display the actual error message. For other exceptions pkispawn will display the entire HTML message returned by Tomcat. https://fedorahosted.org/pki/ticket/2399
* Fixed pkispawn installation summary.Endi S. Dewata2016-07-201-4/+3
| | | | | | | | | The pkispawn installation summary has been modified not to show the admin certificate nickname and NSS database if pki_client_database_purge or pki_clone is set to true since the NSS database will not be created in those cases. https://fedorahosted.org/pki/ticket/2399
* Removed redundant question in interactive pkispawn.Endi S. Dewata2016-07-201-4/+4
| | | | | | | | The pkispawn has been modified such that if the admin selects to import the admin certificate the admin will not be asked where to export the certificate. https://fedorahosted.org/pki/ticket/2399
* Added general exception handling for pki-server CLI.Endi S. Dewata2016-07-061-0/+6
| | | | | | | | The pki-server CLI has been modified to catch all exceptions and display a simple exception message. In verbose mode it will display the stack trace. https://fedorahosted.org/pki/ticket/2381
* Added condition for checking instance id in kra commandsAbhijeet Kasurde2016-07-011-1/+12
| | | | Partially Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1351295
* Renamed pki-server ca-db-upgrade to db-upgrade.Endi S. Dewata2016-05-141-0/+2
| | | | | | | | | The pki-server ca-db-upgrade command has been renamed to db-upgrade to be more general. In the future the command can be refactored to handle additional upgrade scripts. Additional log messages have been added to show the upgrade activities in verbose mode. https://fedorahosted.org/pki/ticket/1667
* Fixed install-only message in external CA case.Endi S. Dewata2016-05-122-14/+4
| | | | | | | | | | | | | | | | | | Previously, in external CA case if pkispawn was executed with pki_skip_configuration=True, it would stop the execution before the step 1 was fully completed (i.e. generating CSR), but it would incorrectly show a message indicating the CSR has been generated. The code that displays the installation summary has been fixed to check for pki_skip_configuration first before checking for external CA case to ensure that it displays the appropriate message for each step. The code that generates the Tomcat instance systemd service link was moved into instance_layout.py to avoid redundant executions. The pkispawn and pkidestroy have also be modified to remove redundant log of deployment parameters in master dictionary.
* Fixed duplicate executions of finalization scriptlet.Endi S. Dewata2016-04-301-39/+110
| | | | | | | | | | | | | | | | | Previously the finalization scriptlet was always executed in each pkispawn execution. In multi-step installations (e.g. external CA, standalone, or installation/configuration-only mode) some of the code in the scriptlet such as enabling systemd service, restarting the service, and purging client database will be redundant. Now the scriptlet has been modified to execute only in the final step of the installation. The code that archives the deployment and manifest files has been moved into pkispawn to ensure that it is always executed in each pkispawn execution. For clarity the method that displays the installation summary has been broken up into separate methods for standalone step 1, installation-only mode, and configuration-only/full installation.
* Removed unused code for existing CA installation.Endi S. Dewata2016-04-301-16/+1
| | | | | | | | The print_existing_ca_step_one_information() has been removed from pkispawn since existing CA installation no longer requires two-step operation. https://fedorahosted.org/pki/ticket/1736
* Fixed incorrect clone installation summaryMatthew Harmsen2016-04-281-0/+6
| | | | - PKI TRAC Ticket #856 - Incorrect clone installation summary
* Removed unused variables in deployment scriptlets.Endi S. Dewata2016-04-282-28/+54
| | | | | | | | The unused rv instance variables in all deployment scriptlets have been removed. The spawn() and destroy() are now returning None instead of error code. If an error happens during execution the scriptlet will throw an exception which will be caught by pkispawn or pkidestroy and then displayed to the user.
* fix bashismsMatthew Harmsen2016-04-261-1/+1
| | | | | | - PKI TRAC Ticket #2249 - fix bashisms - changes 'source' to '.' - changes 'bash' to 'sh'
* Install tools clean-up.Endi S. Dewata2016-03-302-12/+12
| | | | | | | | | | | | Some variables in pkispawn and pkidestroy have been renamed for clarity. The unused PKI_CERT_DB_PASSWORD_SLOT variable has been removed. The constant pki_self_signed_token property has been moved into default.cfg. https://fedorahosted.org/pki/ticket/2247
* Add precheck option for pkispawn.Ade Lee2016-02-261-76/+101
| | | | | | | | | --precheck can be used to run specific tests prior to ensure that the installation parameters are sane, without actually doing the installation. There are also optional parameters to disable specific tests. Trac Ticket #2042
* Added pki-server commands to export system certificates.Endi S. Dewata2016-02-251-0/+9
| | | | | | | | | | | | | | | | Some pki-server commands have been added to simplify exporting the required certificates for subsystem installations. These commands will invoke the pki pkcs12 utility to export the certificates from the instance NSS database. The pki-server ca-cert-chain-export command will export the the certificate chain needed for installing additional subsystems running on a separate instance. The pki-server <subsystem>-clone-prepare commands will export the certificates required for cloning a subsystem. https://fedorahosted.org/pki/ticket/1742
* Modify dnsdomainname test in pkispawnAde Lee2016-02-172-2/+2
| | | | | | We do a check for the dnsdomainname, which fails in Openstack CI because this is not set. Instead of exiting, default to the hostname.
* Fixed KRA installation.Endi S. Dewata2016-02-031-1/+1
| | | | | | | | | Due to a recent change the KRA installation failed because the installer was trying to read the pki_external_csr_path parameter which is not available for KRA installation. The installer has been fixed to read the parameter in external CA case only. https://fedorahosted.org/pki/ticket/456
* Fixed installation summary for existing CA.Endi S. Dewata2016-01-231-3/+19
| | | | | | | The pkispawn has been modified to display the proper summary for external CA and existing CA cases. https://fedorahosted.org/pki/ticket/456
* Fixed external CA case for IPA compatibility.Endi S. Dewata2016-01-081-1/+22
| | | | | | | | | | | | | The installation code for external CA case has been fixed such that IPA can detect step 1 completion properly. The code that handles certificate data conversion has been fixed to reformat base-64 data for PEM output properly. The installation summary for step 1 has been updated to provide more accurate information. https://fedorahosted.org/pki/ticket/456
* Added CLI to update cert data and request in CS.cfg.Endi S. Dewata2015-09-041-0/+2
| | | | | | | | | A set of new pki-server commands have been added to simplify updating the cert data and cert request stored in the CS.cfg with the cert data and cert request stored in the NSS and LDAP database, respectively. https://fedorahosted.org/pki/ticket/1551
* Py3 compatibility: encode output of subprocess callChristian Heimes2015-08-172-9/+6
| | | | | | | | | In Python 3 subprocess.Popen() and check_out() return bytes. The rest of PKI expects text, so the output has to be decoded. - ascii for dnsdomainname - sys.getfilesystemencoding() for paths - utf-8 for the rest
* Py3 modernization: misc manual fixesChristian Heimes2015-08-171-6/+5
| | | | | | | | | | | | | | | | | | | | | | Python 3's exception class has no message attribute. e.message can either be replaced with string representation of e or e.args[0]. Use print(line, end='') instead of sys.stdout.write(). With end='' no new line is appended. Use six.reraise() to reraise an exception. Remove sys.exc_clear() as it is no longer available in Python 3. Conditionally import shutil.WindowsError. Use six.move to import correct modules / function like quote, urlparse and configparser. Silence some pylint warnings. pylint doesn't understand six.moves magic and emits a import-error warning. Add additional tox envs to check for Python 3 compatibility.
* Py3 modernization: libmodernize.fixes.fix_printChristian Heimes2015-08-174-125/+129
| | | | | | | | | Replace print statement with Python 3's print() function. For Python 2 'from __future__ import print_function' turns the print statement into Python 3 compatible print function. See https://www.python.org/dev/peps/pep-3105/
* Py3 modernization: libmodernize.fixes.fix_importChristian Heimes2015-08-174-0/+4
| | | | | | | | | | | | | | Enforce absolute imports or explicit relative imports. Python 3 no longer supports implicit relative imports, that is unqualified imports from a module's directory. In order to load a module from the same directory inside a package, use from . import module The future feature 'from __future__ import absolute_import' ensures that pki uses absolute imports on Python 2, too. See https://www.python.org/dev/peps/pep-0328/
* Make pki PEP 8 compatibleChristian Heimes2015-08-143-33/+34
| | | | | | | | | | | | | | | | | | | Large portions of the patch was automatically created with autopep8: find base/ -name '*.py' | xargs autopep8 --in-place --ignore E309 \ --aggressive find base/common/upgrade base/server/upgrade -type f -and \ -not -name .gitignore | autopep8 --in-place --ignore E309 --aggressive autopep8 --in-place --ignore E309 --aggressive \ base/common/sbin/pki-upgrade \ base/server/sbin/pkispawn \ base/server/sbin/pkidestroy \ base/server/sbin/pki-server \ base/server/sbin/pki-server-upgrade About two dozent violations were fixed manually. https://fedorahosted.org/pki/ticket/708
* In-tree tests and linting with toxChristian Heimes2015-07-102-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | | Before the patch it wasn't possible to run pylint outside a RPM build. The Python sources were split into common and server files in two separate trees. With setup.py and tox the pki package can now be installed and tested in a virtual env. Tox enables developers to automate installation and testing in Python virtual environment. The new tox.ini performs several tasks with one command: * It creates and installs a source distribution of pki packages and its command line scripts * It verifies that all CLI scripts can be execute (using its --help argument). * It runs pylint on all Python files and CLI scripts. * It can run flake8 on all Python and CLI files (disabled for now). * Finally it builds Sphinx autodocs. I had to delay the root check in pkispawn and pkidestroy and modify two files to get rid of Sphinx warnings. https://fedorahosted.org/pki/ticket/696 http://tox.readthedocs.org
* Limited Interactive Installation SupportMatthew Harmsen2015-07-021-33/+37
| | | | | - PKI TRAC Ticket #1441 - Lack of Interactive Installation Support (Cloning, Subordinates, Externals, HSMs, ECC)
* Displaying pkispawn/pkidestroy log file names.Endi S. Dewata2015-06-182-0/+4
| | | | | To simplify troubleshooting the pkispawn and pkidestroy have been modified to show the name of the log file used in each run.
* Suppress interactive HSM installationMatthew Harmsen2015-06-161-15/+20
| | | | - PKI TRAC Ticket #1417 - Interactive pkispawn of CA with HSM fails
* Cleaned up links in main page.Endi S. Dewata2015-06-111-8/+3
| | | | | | | | | | | | | The ROOT's index.jsp has been modified to show the links to all subsystems installed on the instance. When opened, it will show the services provided by the subsystem. The pkispawn output has been modified to show the subsystem URL more consistently: https://<hostname>:<port>/<subsystem> In all subsystems except TPS the page will redirect to: https://<hostname>:<port>/<subsystem>/services
* Fix interactive install to not reprompt for portsAde Lee2015-04-291-7/+31
| | | | | Ports are already set when deploying into an existing instance. Having a user re-enter these is repetitious and error prone.
* Add ability to pki-server to enable/disable nuxwdog for an instanceAde Lee2015-04-281-0/+3
| | | | | | This adds the ability to either enable or disable an instance using the pki-server utility. Additional documentation and additions to the man pages will be added in a separate patch.
* Added pki-server-nuxwdog tool to create config file for nuxwdogAde Lee2015-04-221-0/+43
| | | | | This config file can be used in starting up the instance in a standalone fashion.
* Added server migration command.Endi S. Dewata2015-04-211-3/+9
| | | | | | | | | | | | New pki-server CLI commands have been added to migrate the server configuration from Tomcat 7 to Tomcat 8 and vice versa. These commands can be used later during system upgrade to migrate existing instances from Tomcat 7 in F22 to Tomcat 8 in F23. The Python CLI framework has been refactored to provide a way to find other CLI modules by the command names. https://fedorahosted.org/pki/ticket/1264
* Add HSM options to pkispawnMatthew Harmsen2015-04-141-0/+27
| | | | - PKI TRAC Ticket #1346 - pkispawn should have an HSM library option
* pki-tomcatd fails to start on system bootMatthew Harmsen2015-04-131-6/+11
| | | | | - PKI TRAC Ticket #1315 - pki-tomcatd fails to start on system boot - PKI TRAC Ticket #1340 - pkidestroy should not remove /var/lib/pki
* Allow use of secure LDAPS connectionMatthew Harmsen2015-03-131-3/+38
| | | | - PKI TRAC Ticket #1144 - pkispawn needs option to specify ca cert for ldap
* PKI TRAC Ticket #1284 - pkispawn URL redirect issue (simple fix)Matthew Harmsen2015-03-061-0/+4
|
* Fixed pylint report.Endi S. Dewata2015-02-053-7/+7
| | | | | | | | | | | | | | | Previously pylint report was saved it into a file which may not be accessible on a build system. The pylint-build-scan.sh has been changed to display the report so it will appear in the build log. The pylint configuration has also been modified to disable C and R messages by default. This way when other errors or warnings occur the build will fail without having to check for specific codes. Some Python codes have been modified to reduce the number of pylint warnings. https://fedorahosted.org/pki/ticket/703
generated by cgit (git 2.34.1) at 2025-10-01 23:05:01 +0000