From 4193f16053aa317af7d61ffed0e40df3be853aa9 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Wed, 27 Apr 2016 17:52:58 +0200
Subject: Refactored initialization scriptlets.

---
 .../python/pki/server/deployment/pkihelper.py      | 13 ++++++
 .../server/deployment/scriptlets/configuration.py  |  2 +
 .../server/deployment/scriptlets/initialization.py | 52 +++++++++++-----------
 .../deployment/scriptlets/subsystem_layout.py      |  1 +
 base/server/sbin/pkispawn                          |  2 +
 5 files changed, 43 insertions(+), 27 deletions(-)

diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py
index 2898d7fe0..ad9a88e63 100644
--- a/base/server/python/pki/server/deployment/pkihelper.py
+++ b/base/server/python/pki/server/deployment/pkihelper.py
@@ -4650,6 +4650,19 @@ class PKIDeployer:
         self.tps_connector = TPSConnector(self)
         self.config_client = ConfigClient(self)
 
+    def init(self):
+
+        # ALWAYS initialize 'uid' and 'gid'
+        self.identity.add_uid_and_gid(self.mdict['pki_user'],
+                                      self.mdict['pki_group'])
+
+        # ALWAYS establish 'uid' and 'gid'
+        self.identity.set_uid(self.mdict['pki_user'])
+        self.identity.set_gid(self.mdict['pki_group'])
+
+        # ALWAYS initialize HSMs (when and if present)
+        self.hsm.initialize()
+
     def deploy_webapp(self, name, doc_base, descriptor):
         """
         Deploy a web application into a Tomcat instance.
diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py
index 8f4a69d58..4c40244d8 100644
--- a/base/server/python/pki/server/deployment/scriptlets/configuration.py
+++ b/base/server/python/pki/server/deployment/scriptlets/configuration.py
@@ -47,6 +47,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
         config.pki_log.info(log.CONFIGURATION_SPAWN_1, __name__,
                             extra=config.PKI_INDENTATION_LEVEL_1)
 
+        deployer.instance.verify_subsystem_exists()
+
         instance = pki.server.PKIInstance(deployer.mdict['pki_instance_name'])
         instance.load()
 
diff --git a/base/server/python/pki/server/deployment/scriptlets/initialization.py b/base/server/python/pki/server/deployment/scriptlets/initialization.py
index 0e315431f..5217ffa10 100644
--- a/base/server/python/pki/server/deployment/scriptlets/initialization.py
+++ b/base/server/python/pki/server/deployment/scriptlets/initialization.py
@@ -31,49 +31,47 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
 
     def spawn(self, deployer):
 
+        if config.str2bool(deployer.mdict['pki_skip_installation']):
+            config.pki_log.info(log.SKIP_INITIALIZATION_SPAWN_1, __name__,
+                                extra=config.PKI_INDENTATION_LEVEL_1)
+            return
+
         # begin official logging
         config.pki_log.info(log.PKISPAWN_BEGIN_MESSAGE_2,
                             deployer.mdict['pki_subsystem'],
                             deployer.mdict['pki_instance_name'],
                             extra=config.PKI_INDENTATION_LEVEL_0)
-        # ALWAYS initialize 'uid' and 'gid'
-        deployer.identity.add_uid_and_gid(deployer.mdict['pki_user'],
-                                          deployer.mdict['pki_group'])
-        # ALWAYS establish 'uid' and 'gid'
-        deployer.identity.set_uid(deployer.mdict['pki_user'])
-        deployer.identity.set_gid(deployer.mdict['pki_group'])
-        # ALWAYS initialize HSMs (when and if present)
-        deployer.hsm.initialize()
-        if config.str2bool(deployer.mdict['pki_skip_installation']):
-            config.pki_log.info(log.SKIP_INITIALIZATION_SPAWN_1, __name__,
-                                extra=config.PKI_INDENTATION_LEVEL_1)
-            return
+
+        config.pki_log.info(log.INITIALIZATION_SPAWN_1, __name__,
+                            extra=config.PKI_INDENTATION_LEVEL_1)
+
+        if (deployer.mdict['pki_subsystem'] == "CA" or
+            config.str2bool(deployer.mdict['pki_standalone'])) and \
+                config.str2bool(deployer.mdict['pki_external_step_two']):
+            # verify that this External CA (Step 2), or Stand-alone PKI
+            # (Step 2) currently EXISTS for this "instance"
+            deployer.mdict['pki_skip_installation'] = "True"
 
         else:
-            config.pki_log.info(log.INITIALIZATION_SPAWN_1, __name__,
-                                extra=config.PKI_INDENTATION_LEVEL_1)
-            if (deployer.mdict['pki_subsystem'] == "CA" or
-                config.str2bool(deployer.mdict['pki_standalone'])) and \
-                    config.str2bool(deployer.mdict['pki_external_step_two']):
-                # verify that this External CA (Step 2), or Stand-alone PKI
-                # (Step 2) currently EXISTS for this "instance"
-                deployer.instance.verify_subsystem_exists()
-                deployer.mdict['pki_skip_installation'] = "True"
-            else:
-                # verify that this type of "subsystem" does NOT yet
-                # exist for this "instance"
-                deployer.instance.verify_subsystem_does_not_exist()
-                # detect and avoid any namespace collisions
-                deployer.namespace.collision_detection()
+            # verify that this type of "subsystem" does NOT yet
+            # exist for this "instance"
+            deployer.instance.verify_subsystem_does_not_exist()
+            # detect and avoid any namespace collisions
+            deployer.namespace.collision_detection()
+
         # verify existence of SENSITIVE configuration file data
         deployer.configuration_file.verify_sensitive_data()
+
         # verify existence of MUTUALLY EXCLUSIVE configuration file data
         deployer.configuration_file.verify_mutually_exclusive_data()
+
         # verify existence of PREDEFINED configuration file data
         deployer.configuration_file.verify_predefined_configuration_file_data()
+
         # verify selinux context of selected ports
         deployer.configuration_file.populate_non_default_ports()
         deployer.configuration_file.verify_selinux_ports()
+
         # If secure DS connection is required, verify parameters
         deployer.configuration_file.verify_ds_secure_connection_data()
 
diff --git a/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py b/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py
index 2b2246a72..612081c98 100644
--- a/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py
+++ b/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py
@@ -38,6 +38,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
 
         config.pki_log.info(log.SUBSYSTEM_SPAWN_1, __name__,
                             extra=config.PKI_INDENTATION_LEVEL_1)
+
         # establish instance-based subsystem logs
         deployer.directory.create(deployer.mdict['pki_subsystem_log_path'])
         deployer.directory.create(
diff --git a/base/server/sbin/pkispawn b/base/server/sbin/pkispawn
index f75fa43ae..7c38cf915 100755
--- a/base/server/sbin/pkispawn
+++ b/base/server/sbin/pkispawn
@@ -514,7 +514,9 @@ def main(argv):
 
     # Process the various "scriptlets" to create the specified PKI subsystem.
     pki_subsystem_scriptlets = parser.mdict['spawn_scriplets'].split()
+
     deployer = util.PKIDeployer(parser.mdict, parser.slots_dict)
+    deployer.init()
 
     try:
         for scriptlet_name in pki_subsystem_scriptlets:
-- 
cgit