From 4a894138cd46cd400fe06f158b1b6782e45fd7c0 Mon Sep 17 00:00:00 2001 From: Ade Lee Date: Mon, 3 Dec 2012 12:08:58 -0500 Subject: do parameter interpolation part 1 --- base/deploy/config/deployment.cfg | 49 +++++++++------------------ base/deploy/src/pkidestroy | 4 --- base/deploy/src/pkispawn | 4 --- base/deploy/src/scriptlets/pkiconfig.py | 1 - base/deploy/src/scriptlets/pkiparser.py | 59 +++++++++------------------------ 5 files changed, 31 insertions(+), 86 deletions(-) diff --git a/base/deploy/config/deployment.cfg b/base/deploy/config/deployment.cfg index 6ff7a35bb..bb2bfa9b9 100644 --- a/base/deploy/config/deployment.cfg +++ b/base/deploy/config/deployment.cfg @@ -1,8 +1,13 @@ ############################################################################### -## Default Configuration: ## +## Common Configuration: ## +## ## +## Values in this section are common to more than one PKI subsystem, and ## +## contain required information which MAY be overridden by users as ## +## necessary. ## +## ## +## There are also some meta-parameters that determine how the PKI ## +## configuratiion should work. ## ## ## -## This section contains meta-parameters that determine how the PKI ## -## configuration should work. ## ############################################################################### [DEFAULT] @@ -47,17 +52,6 @@ destroy_scriplets= infrastructure_layout finalization -############################################################################### -## Common Configuration: ## -## ## -## Values in this section are common to more than one PKI subsystem, and ## -## contain required information which MAY be overridden by users as ## -## necessary. ## -## ## -## NOTE: Default values will be generated for any and all required ## -## 'common' data values which are left undefined. ## -############################################################################### -[Common] pki_admin_cert_request_type=crmf pki_admin_domain_name= pki_admin_dualkey=False @@ -85,14 +79,17 @@ pki_client_dir= pki_client_pkcs12_password= pki_ds_base_dn= pki_ds_bind_dn=cn=Directory Manager -pki_ds_database= -pki_ds_hostname= +pki_ds_database=%(pki_instance_name)s-%(pki_subsystem)s +pki_ds_hostname=%(hostname)s pki_ds_ldap_port=389 pki_ds_ldaps_port=636 pki_ds_password= pki_ds_remove_data=True pki_ds_secure_connection=False pki_group=pkiuser +pki_http_port=%(default_http_port)s +pki_https_port=%(default_https_port)s +pki_instance_name=%(default_instance_name)s pki_issuing_ca= pki_restart_configured_instance=True pki_security_domain_hostname= @@ -108,9 +105,11 @@ pki_ssl_server_key_type=rsa pki_ssl_server_nickname= pki_ssl_server_subject_dn= pki_ssl_server_token= +pki_subsystem=%(subsystem_type)s pki_subsystem_key_algorithm=SHA256withRSA pki_subsystem_key_size=2048 pki_subsystem_key_type=rsa +pki_subsystem_name=%(pki_subsystem)s %(hostname)s %(pki_https_port)s pki_subsystem_nickname= pki_subsystem_subject_dn= pki_subsystem_token= @@ -126,9 +125,6 @@ pki_user=pkiuser ## required information which MAY be overridden by users as necessary. ## ############################################################################### [Apache] -pki_instance_name=pki-apache -pki_http_port=80 -pki_https_port=443 ############################################################################### ## Tomcat Configuration: ## @@ -157,9 +153,6 @@ pki_clone_replication_security=None pki_clone_uri= pki_enable_java_debugger=False pki_enable_proxy=False -pki_http_port=8080 -pki_https_port=8443 -pki_instance_name=pki-tomcat pki_proxy_http_port=80 pki_proxy_https_port=443 pki_security_manager=true @@ -203,8 +196,6 @@ pki_ocsp_signing_signing_algorithm=SHA256withRSA pki_ocsp_signing_subject_dn= pki_ocsp_signing_token= pki_subordinate=False -pki_subsystem=CA -pki_subsystem_name= ############################################################################### ## KRA Configuration: ## @@ -222,8 +213,6 @@ pki_storage_nickname= pki_storage_signing_algorithm=SHA256withRSA pki_storage_subject_dn= pki_storage_token= -pki_subsystem=KRA -pki_subsystem_name= pki_transport_key_algorithm=SHA256withRSA pki_transport_key_size=2048 pki_transport_key_type=rsa @@ -248,8 +237,6 @@ pki_ocsp_signing_nickname= pki_ocsp_signing_signing_algorithm=SHA256withRSA pki_ocsp_signing_subject_dn= pki_ocsp_signing_token= -pki_subsystem=OCSP -pki_subsystem_name= ############################################################################### ## RA Configuration: ## @@ -258,8 +245,6 @@ pki_subsystem_name= ## required information which MAY be overridden by users as necessary. ## ############################################################################### [RA] -pki_subsystem=RA -pki_subsystem_name= ############################################################################### ## TKS Configuration: ## @@ -270,8 +255,6 @@ pki_subsystem_name= ############################################################################### [TKS] pki_import_admin_cert=True -pki_subsystem=TKS -pki_subsystem_name= ############################################################################### ## TPS Configuration: ## @@ -280,5 +263,3 @@ pki_subsystem_name= ## required information which MAY be overridden by users as necessary. ## ############################################################################### [TPS] -pki_subsystem=TPS -pki_subsystem_name= diff --git a/base/deploy/src/pkidestroy b/base/deploy/src/pkidestroy index 4e8bca9d1..69daa13ad 100755 --- a/base/deploy/src/pkidestroy +++ b/base/deploy/src/pkidestroy @@ -119,8 +119,6 @@ def main(argv): # NEVER print out 'sensitive' name/value pairs!!! config.pki_log.debug(log.PKI_DICTIONARY_COMMON, extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pkilogging.format(config.pki_common_dict), - extra=config.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER, extra=config.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(pkilogging.format(config.pki_web_server_dict), @@ -133,8 +131,6 @@ def main(argv): # NEVER print out 'sensitive' name/value pairs!!! config.pki_log.debug(log.PKI_DICTIONARY_COMMON, extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pkilogging.format(config.pki_common_dict), - extra=config.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER, extra=config.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(pkilogging.format(config.pki_web_server_dict), diff --git a/base/deploy/src/pkispawn b/base/deploy/src/pkispawn index 73d236247..79ab1b230 100755 --- a/base/deploy/src/pkispawn +++ b/base/deploy/src/pkispawn @@ -139,8 +139,6 @@ def main(argv): # NEVER print out 'sensitive' name/value pairs!!! config.pki_log.debug(log.PKI_DICTIONARY_COMMON, extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pkilogging.format(config.pki_common_dict), - extra=config.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER, extra=config.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(pkilogging.format(config.pki_web_server_dict), @@ -153,8 +151,6 @@ def main(argv): # NEVER print out 'sensitive' name/value pairs!!! config.pki_log.debug(log.PKI_DICTIONARY_COMMON, extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pkilogging.format(config.pki_common_dict), - extra=config.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER, extra=config.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(pkilogging.format(config.pki_web_server_dict), diff --git a/base/deploy/src/scriptlets/pkiconfig.py b/base/deploy/src/scriptlets/pkiconfig.py index 35c80a5f7..ec6c5ea38 100644 --- a/base/deploy/src/scriptlets/pkiconfig.py +++ b/base/deploy/src/scriptlets/pkiconfig.py @@ -205,7 +205,6 @@ pki_console_log_level = None # PKI Deployment Global Dictionaries pki_default_dict = None -pki_common_dict = None pki_web_server_dict = None pki_subsystem_dict = None pki_master_dict = None diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py index a99425960..520aabe5e 100644 --- a/base/deploy/src/scriptlets/pkiparser.py +++ b/base/deploy/src/scriptlets/pkiparser.py @@ -219,7 +219,22 @@ class PKIConfigParser: "Read configuration file sections into dictionaries" rv = 0 try: - self.pki_config = ConfigParser.ConfigParser() + if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: + default_instance_name = 'pki-tomcat' + default_http_port = '8080' + default_https_port = '8443' + else: + default_instance_name = 'pki-apache' + default_http_port = '80' + default_https_port = '443' + + predefined_dict = {'default_instance_name': default_instance_name, + 'default_http_port': default_http_port, + 'default_https_port': default_https_port, + 'subsystem_type' : config.pki_subsystem, + 'hostname': config.pki_hostname} + + self.pki_config = ConfigParser.SafeConfigParser(predefined_dict) # Make keys case-sensitive! self.pki_config.optionxform = str self.pki_config.read([ @@ -227,7 +242,6 @@ class PKIConfigParser: config.pkideployment_cfg]) config.pki_default_dict = self.pki_config.defaults() pkilogging.sensitive_parameters = config.pki_default_dict['sensitive_parameters'].split() - config.pki_common_dict = dict(self.pki_config._sections['Common']) if config.pki_subsystem == "CA": config.pki_web_server_dict = dict(self.pki_config._sections['Tomcat']) config.pki_subsystem_dict = dict(self.pki_config._sections['CA']) @@ -249,7 +263,6 @@ class PKIConfigParser: # Insert empty record into dictionaries for "pretty print" statements # NEVER print "sensitive" key value pairs!!! config.pki_default_dict[0] = None - config.pki_common_dict[0] = None config.pki_web_server_dict[0] = None config.pki_subsystem_dict[0] = None except ConfigParser.ParsingError, err: @@ -296,7 +309,6 @@ class PKIConfigParser: # Configuration file name/value pairs # NEVER add "sensitive" key value pairs to the master dictionary!!! config.pki_master_dict.update(config.pki_default_dict) - config.pki_master_dict.update(config.pki_common_dict) config.pki_master_dict.update(config.pki_web_server_dict) config.pki_master_dict.update(config.pki_subsystem_dict) config.pki_master_dict.update(__name__="PKI Master Dictionary") @@ -1466,7 +1478,6 @@ class PKIConfigParser: # config.pki_master_dict['pki_issuing_ca'] # config.pki_master_dict['pki_security_domain_hostname'] # config.pki_master_dict['pki_security_domain_name'] - # config.pki_master_dict['pki_subsystem_name'] # # if security domain user is not defined @@ -1488,34 +1499,6 @@ class PKIConfigParser: else: config.pki_master_dict['pki_security_domain_user'] = "caadmin" - if not len(config.pki_master_dict['pki_subsystem_name']): - if config.pki_master_dict['pki_subsystem'] in\ - config.PKI_TOMCAT_SUBSYSTEMS and \ - config.str2bool(config.pki_master_dict['pki_clone']): - config.pki_master_dict['pki_subsystem_name'] =\ - config.PKI_DEPLOYMENT_CLONED_PKI_SUBSYSTEM + " " +\ - config.pki_subsystem + " " +\ - config.pki_master_dict['pki_hostname'] + " " +\ - config.pki_master_dict['pki_https_port'] - elif config.pki_subsystem == "CA" and \ - config.str2bool(config.pki_master_dict['pki_external']): - config.pki_master_dict['pki_subsystem_name'] =\ - config.PKI_DEPLOYMENT_EXTERNAL_CA + " " +\ - config.pki_subsystem + " " +\ - config.pki_master_dict['pki_hostname'] + " " +\ - config.pki_master_dict['pki_https_port'] - elif config.pki_subsystem == "CA" and \ - config.str2bool(config.pki_master_dict['pki_subordinate']): - config.pki_master_dict['pki_subsystem_name'] =\ - config.PKI_DEPLOYMENT_SUBORDINATE_CA + " " +\ - config.pki_subsystem + " " +\ - config.pki_master_dict['pki_hostname'] + " " +\ - config.pki_master_dict['pki_https_port'] - else: - config.pki_master_dict['pki_subsystem_name'] =\ - config.pki_subsystem + " " +\ - config.pki_master_dict['pki_hostname'] + " " +\ - config.pki_master_dict['pki_https_port'] if config.pki_subsystem != "CA" or\ config.str2bool(config.pki_master_dict['pki_clone']) or\ config.str2bool(config.pki_master_dict['pki_subordinate']): @@ -1581,8 +1564,6 @@ class PKIConfigParser: # deployment configuration file and potentially overridden below: # # config.pki_master_dict['pki_ds_base_dn'] - # config.pki_master_dict['pki_ds_database'] - # config.pki_master_dict['pki_ds_hostname'] # if not config.str2bool(config.pki_master_dict['pki_clone']): if not len(config.pki_master_dict['pki_ds_base_dn']): @@ -1596,14 +1577,6 @@ class PKIConfigParser: config.pki_master_dict['pki_ds_base_dn'] =\ "o=" + config.pki_master_dict['pki_instance_id'] +\ "-" + config.pki_subsystem - if not len(config.pki_master_dict['pki_ds_database']): - config.pki_master_dict['pki_ds_database'] =\ - config.pki_master_dict['pki_instance_id'] +\ - "-" + config.pki_subsystem - if not len(config.pki_master_dict['pki_ds_hostname']): - # Guess that the Directory Server resides on the local host - config.pki_master_dict['pki_ds_hostname'] =\ - config.pki_master_dict['pki_hostname'] # Jython scriptlet # 'External CA' Configuration name/value pairs # -- cgit