From 61ec70e0896360d80a85f7864c16edbf44787fb9 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Wed, 4 May 2016 23:34:28 +0200 Subject: Added existing database parameter. --- .../server/ca/rest/CAInstallerService.java | 2 +- .../cms/servlet/test/ConfigurationTest.java | 20 ++--- base/common/python/pki/system.py | 6 +- .../certsrv/system/ConfigurationRequest.java | 28 ++++--- .../server/kra/rest/KRAInstallerService.java | 2 +- .../cms/servlet/csadmin/ConfigurationUtils.java | 89 +++++++++++++++++----- .../dogtagpki/server/rest/SystemConfigService.java | 18 ++--- base/server/etc/default.cfg | 1 + .../python/pki/server/deployment/pkihelper.py | 11 ++- 9 files changed, 121 insertions(+), 56 deletions(-) diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/CAInstallerService.java b/base/ca/src/org/dogtagpki/server/ca/rest/CAInstallerService.java index d9b6f81ca..ff744676e 100644 --- a/base/ca/src/org/dogtagpki/server/ca/rest/CAInstallerService.java +++ b/base/ca/src/org/dogtagpki/server/ca/rest/CAInstallerService.java @@ -56,7 +56,7 @@ public class CAInstallerService extends SystemConfigService { try { if (!request.isClone()) { - ConfigurationUtils.updateNextRanges(); + ConfigurationUtils.updateNextRanges(request); } } catch (Exception e) { diff --git a/base/common/functional/src/com/netscape/cms/servlet/test/ConfigurationTest.java b/base/common/functional/src/com/netscape/cms/servlet/test/ConfigurationTest.java index 69994fa38..0f0b5ac6e 100644 --- a/base/common/functional/src/com/netscape/cms/servlet/test/ConfigurationTest.java +++ b/base/common/functional/src/com/netscape/cms/servlet/test/ConfigurationTest.java @@ -28,8 +28,6 @@ import java.util.ArrayList; import java.util.Iterator; import java.util.List; -import netscape.security.x509.X500Name; - import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.CommandLineParser; import org.apache.commons.cli.HelpFormatter; @@ -64,6 +62,8 @@ import com.netscape.certsrv.system.SystemCertData; import com.netscape.certsrv.system.SystemConfigClient; import com.netscape.cmsutil.util.Utils; +import netscape.security.x509.X500Name; + /** * @author alee * @@ -260,7 +260,7 @@ public class ConfigurationTest { data.setBindDN("cn=Directory Manager"); data.setDatabase("o=testca2"); data.setBindpwd("redhat123"); - data.setRemoveData("true"); + data.setRemoveData(true); data.setSecureConn("false"); data.setBackupKeys("true"); @@ -362,7 +362,7 @@ public class ConfigurationTest { data.setBindDN("cn=Directory Manager"); data.setDatabase("o=testsubca"); data.setBindpwd("redhat123"); - data.setRemoveData("true"); + data.setRemoveData(true); data.setSecureConn("false"); data.setBackupKeys("true"); @@ -464,7 +464,7 @@ public class ConfigurationTest { data.setBindDN("cn=Directory Manager"); data.setDatabase("o=testexternalca"); data.setBindpwd("redhat123"); - data.setRemoveData("true"); + data.setRemoveData(true); data.setSecureConn("false"); data.setBackupKeys("true"); @@ -566,7 +566,7 @@ public class ConfigurationTest { data.setBindDN("cn=Directory Manager"); data.setDatabase("o=testexternalca"); data.setBindpwd("redhat123"); - data.setRemoveData("true"); + data.setRemoveData(true); data.setSecureConn("false"); data.setBackupKeys("true"); @@ -690,7 +690,7 @@ public class ConfigurationTest { data.setBindDN("cn=Directory Manager"); data.setDatabase("o=testca2"); data.setBindpwd("redhat123"); - data.setRemoveData("true"); + data.setRemoveData(true); data.setSecureConn("false"); data.setBackupKeys("false"); @@ -733,7 +733,7 @@ public class ConfigurationTest { data.setBindDN("cn=Directory Manager"); data.setDatabase("o=testkra"); data.setBindpwd("redhat123"); - data.setRemoveData("true"); + data.setRemoveData(true); data.setSecureConn("false"); data.setBackupKeys("true"); @@ -836,7 +836,7 @@ public class ConfigurationTest { data.setBindDN("cn=Directory Manager"); data.setDatabase("o=testocsp22"); data.setBindpwd("redhat123"); - data.setRemoveData("true"); + data.setRemoveData(true); data.setSecureConn("false"); data.setBackupKeys("true"); @@ -928,7 +928,7 @@ public class ConfigurationTest { data.setBindDN("cn=Directory Manager"); data.setDatabase("o=testtks22"); data.setBindpwd("redhat123"); - data.setRemoveData("true"); + data.setRemoveData(true); data.setSecureConn("false"); data.setBackupKeys("true"); diff --git a/base/common/python/pki/system.py b/base/common/python/pki/system.py index 65ca32183..1151c78fa 100644 --- a/base/common/python/pki/system.py +++ b/base/common/python/pki/system.py @@ -283,7 +283,7 @@ class SystemConfigClient(object): headers = {'Content-type': 'application/json', 'Accept': 'application/json'} self.connection.post('/rest/installer/finalize', None, - headers) + headers) def configureSecurityDomain(self): """ @@ -292,8 +292,8 @@ class SystemConfigClient(object): """ headers = {'Content-type': 'application/json', 'Accept': 'application/json'} - response = self.connection.post('/rest/installer/finalize', None, - headers) + self.connection.post('/rest/installer/finalize', None, + headers) def finalize(self): """ diff --git a/base/common/src/com/netscape/certsrv/system/ConfigurationRequest.java b/base/common/src/com/netscape/certsrv/system/ConfigurationRequest.java index 890f7d01f..426e904f2 100644 --- a/base/common/src/com/netscape/certsrv/system/ConfigurationRequest.java +++ b/base/common/src/com/netscape/certsrv/system/ConfigurationRequest.java @@ -94,7 +94,10 @@ public class ConfigurationRequest { protected String baseDN; @XmlElement - protected String createNewDB; + protected boolean createNewDB = true; + + @XmlElement + protected boolean existingDatabase; @XmlElement protected String bindDN; @@ -109,7 +112,7 @@ public class ConfigurationRequest { protected String secureConn; @XmlElement - protected String removeData; + protected boolean removeData = true; @XmlElement protected String masterReplicationPort; @@ -461,14 +464,14 @@ public class ConfigurationRequest { /** * @return the removeData */ - public String getRemoveData() { + public boolean getRemoveData() { return removeData; } /** * @param removeData the removeData to set */ - public void setRemoveData(String removeData) { + public void setRemoveData(boolean removeData) { this.removeData = removeData; } @@ -912,15 +915,19 @@ public class ConfigurationRequest { this.sharedDBUserDN = sharedDBUserDN; } + public boolean getExistingDatabase() { + return existingDatabase; + } + + public void setExistingDatabase(boolean existingDatabase) { + this.existingDatabase = existingDatabase; + } + public boolean getCreateNewDB() { - // default to true - if (createNewDB == null) { - return true; - } - return createNewDB.equalsIgnoreCase("true"); + return createNewDB; } - public void setCreateNewDB(String createNewDB) { + public void setCreateNewDB(boolean createNewDB) { this.createNewDB = createNewDB; } @@ -991,6 +998,7 @@ public class ConfigurationRequest { ", generateSubsystemCert=" + generateSubsystemCert + ", sharedDB=" + sharedDB + ", sharedDBUserDN=" + sharedDBUserDN + + ", existingDatabase=" + existingDatabase + ", createNewDB=" + createNewDB + ", setupReplication=" + setupReplication + ", subordinateSecurityDomainName=" + subordinateSecurityDomainName + diff --git a/base/kra/src/org/dogtagpki/server/kra/rest/KRAInstallerService.java b/base/kra/src/org/dogtagpki/server/kra/rest/KRAInstallerService.java index 5e0eae11b..337aa48b1 100644 --- a/base/kra/src/org/dogtagpki/server/kra/rest/KRAInstallerService.java +++ b/base/kra/src/org/dogtagpki/server/kra/rest/KRAInstallerService.java @@ -54,7 +54,7 @@ public class KRAInstallerService extends SystemConfigService { try { if (!request.isClone()) { - ConfigurationUtils.updateNextRanges(); + ConfigurationUtils.updateNextRanges(request); } } catch (Exception e) { diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java index 94a301ad3..49cf79865 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java @@ -139,6 +139,7 @@ import com.netscape.certsrv.key.KeyData; import com.netscape.certsrv.ldap.ILdapConnFactory; import com.netscape.certsrv.ocsp.IDefStore; import com.netscape.certsrv.ocsp.IOCSPAuthority; +import com.netscape.certsrv.system.ConfigurationRequest; import com.netscape.certsrv.system.InstallToken; import com.netscape.certsrv.system.SecurityDomainClient; import com.netscape.certsrv.system.TPSConnectorClient; @@ -1283,7 +1284,13 @@ public class ConfigurationUtils { } } - public static void enableUSNPlugin() throws IOException, EBaseException { + public static void enableUSNPlugin(ConfigurationRequest request) throws IOException, EBaseException { + + if (request.getExistingDatabase()) { + CMS.debug("ConfigurationUtils.enableUSNPlugin(): Using existing database"); + return; + } + IConfigStore cs = CMS.getConfigStore(); IConfigStore dbCfg = cs.getSubStore("internaldb"); @@ -1300,14 +1307,19 @@ public class ConfigurationUtils { } } - public static void populateDB() throws Exception { + public static void populateDB(ConfigurationRequest request) throws Exception { + + if (request.getExistingDatabase()) { + CMS.debug("ConfigurationUtils.populateDB(): Using existing database"); + return; + } IConfigStore cs = CMS.getConfigStore(); String baseDN = cs.getString("internaldb.basedn"); String database = cs.getString("internaldb.database", ""); String select = cs.getString("preop.subsystem.select", ""); - boolean remove = cs.getBoolean("preop.database.removeData", false); - boolean createNewDB = cs.getBoolean("preop.database.createNewDB", true); + boolean removeData = request.getRemoveData(); + boolean createNewDB = request.getCreateNewDB(); boolean setupReplication = cs.getBoolean("preop.database.setupReplication", true); IConfigStore dbCfg = cs.getSubStore("internaldb"); @@ -1318,16 +1330,16 @@ public class ConfigurationUtils { try { if (createNewDB) { // check if base entry already exists - LDAPEntry baseEntry = getBaseEntry(baseDN, remove, conn); + LDAPEntry baseEntry = getBaseEntry(baseDN, removeData, conn); // check if mapping entry already exists String mappingDN = "cn=\"" + baseDN + "\",cn=mapping tree, cn=config"; - LDAPEntry mappingEntry = getMappingEntry(baseDN, remove, conn, mappingDN); + LDAPEntry mappingEntry = getMappingEntry(baseDN, removeData, conn, mappingDN); // check if the database already exists String databaseDN = "cn=" + LDAPUtil.escapeRDNValue(database) + ",cn=ldbm database, cn=plugins, cn=config"; - LDAPEntry databaseEntry = getDatabaseEntry(database, remove, conn, databaseDN); + LDAPEntry databaseEntry = getDatabaseEntry(database, removeData, conn, databaseDN); // check if database is used by another subtree confirmNoConflictingMappingsForDB(baseDN, database, conn); @@ -1353,14 +1365,17 @@ public class ConfigurationUtils { createDatabaseEntry(baseDN, database, conn, databaseDN); createDatabaseMappingEntry(baseDN, database, conn, mappingDN); createBaseEntry(baseDN, conn); - } else { + + } else { // use existing DB + if (select.equals("clone") && !setupReplication) { // cloning a system where the database is a subtree of an existing tree // and not setting up replication agreements. The assumption then is // that the data is already replicated. No need to set up the base DN + } else { // check if base entry already exists - LDAPEntry baseEntry = getBaseEntry(baseDN, remove, conn); + LDAPEntry baseEntry = getBaseEntry(baseDN, removeData, conn); // delete subtree data in case it's stored by another database if (baseEntry != null) { @@ -1609,14 +1624,14 @@ public class ConfigurationUtils { return mappingEntry; } - private static LDAPEntry getBaseEntry(String baseDN, boolean remove, LDAPConnection conn) throws EBaseException { + private static LDAPEntry getBaseEntry(String baseDN, boolean removeData, LDAPConnection conn) throws EBaseException { LDAPEntry baseEntry = null; try { CMS.debug("getBaseDNEntry: Checking subtree " + baseDN + "."); baseEntry = conn.read(baseDN); CMS.debug("getBaseDNEntry: Subtree " + baseDN + " already exists."); - if (!remove) { + if (!removeData) { throw new EBaseException("The base DN (" + baseDN + ") has already been used. " + "Please confirm to remove and reuse this base DN."); } @@ -1837,7 +1852,13 @@ public class ConfigurationUtils { return dir.delete(); } - public static void populateDBManager() throws Exception { + public static void populateDBManager(ConfigurationRequest request) throws Exception { + + if (request.getExistingDatabase()) { + CMS.debug("ConfigurationUtils.populateDBManager(): Using existing database"); + return; + } + CMS.debug("populateDBManager(): start"); IConfigStore cs = CMS.getConfigStore(); @@ -1856,7 +1877,13 @@ public class ConfigurationUtils { } } - public static void populateVLVIndexes() throws Exception { + public static void populateVLVIndexes(ConfigurationRequest request) throws Exception { + + if (request.getExistingDatabase()) { + CMS.debug("ConfigurationUtils.populateVLVIndexes(): Using existing database"); + return; + } + CMS.debug("populateVLVIndexes(): start"); IConfigStore cs = CMS.getConfigStore(); @@ -1883,7 +1910,13 @@ public class ConfigurationUtils { } } - public static void setupReplication() throws EBaseException, IOException { + public static void setupReplication(ConfigurationRequest request) throws EBaseException, IOException { + + if (request.getExistingDatabase()) { + CMS.debug("ConfigurationUtils.setupReplication(): Using existing database"); + return; + } + IConfigStore cs = CMS.getConfigStore(); String machinename = cs.getString("machineName", ""); @@ -3724,8 +3757,14 @@ public class ConfigurationUtils { } } - public static void createSecurityDomain() throws EBaseException, LDAPException, NumberFormatException, IOException, + public static void createSecurityDomain(ConfigurationRequest request) throws EBaseException, LDAPException, NumberFormatException, IOException, SAXException, ParserConfigurationException { + + if (request.getExistingDatabase()) { + CMS.debug("ConfigurationUtils.createSecurityDomain(): Using existing database"); + return; + } + IConfigStore cs = CMS.getConfigStore(); IConfigStore dbCfg = cs.getSubStore("internaldb"); ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory("ConfigurationUtils"); @@ -4232,7 +4271,7 @@ public class ConfigurationUtils { } } - public static void setupDBUser() throws CertificateException, LDAPException, EBaseException, + public static void setupDBUser(ConfigurationRequest request) throws CertificateException, LDAPException, EBaseException, NotInitializedException, ObjectNotFoundException, TokenException, IOException { IUGSubsystem system = (IUGSubsystem) CMS.getSubsystem(IUGSubsystem.ID); @@ -4278,7 +4317,7 @@ public class ConfigurationUtils { // remove old db users CMS.debug("setupDBUser(): removing seeAlso from old dbusers"); - removeOldDBUsers(certs[0].getSubjectDN().toString()); + removeOldDBUsers(request, certs[0].getSubjectDN().toString()); // workaround for ticket #1595 IConfigStore cs = CMS.getConfigStore(); @@ -4419,7 +4458,13 @@ public class ConfigurationUtils { } } - public static void removeOldDBUsers(String subjectDN) throws EBaseException, LDAPException { + public static void removeOldDBUsers(ConfigurationRequest request, String subjectDN) throws EBaseException, LDAPException { + + if (request.getExistingDatabase()) { + CMS.debug("ConfigurationUtils.removeOldDBUsers(): Using existing database"); + return; + } + IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID)); IConfigStore cs = CMS.getConfigStore(); String userbasedn = "ou=people, " + cs.getString("internaldb.basedn"); @@ -4476,7 +4521,13 @@ public class ConfigurationUtils { } - public static void updateNextRanges() throws EBaseException, LDAPException { + public static void updateNextRanges(ConfigurationRequest request) throws EBaseException, LDAPException { + + if (request.getExistingDatabase()) { + CMS.debug("ConfigurationUtils.updateNextRanges(): Using existing database"); + return; + } + IConfigStore cs = CMS.getConfigStore(); String endRequestNumStr = cs.getString("dbs.endRequestNumber", ""); diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java index cc350e947..bd7e93caf 100644 --- a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java +++ b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java @@ -256,7 +256,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou private void setupDBUser(ConfigurationRequest data) { try { - if (!data.getSharedDB()) ConfigurationUtils.setupDBUser(); + if (!data.getSharedDB()) ConfigurationUtils.setupDBUser(data); } catch (Exception e) { CMS.debug(e); throw new PKIException("Errors in creating or updating dbuser: " + e); @@ -268,7 +268,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou String securityDomainType = data.getSecurityDomainType(); if (securityDomainType.equals(ConfigurationRequest.NEW_DOMAIN)) { CMS.debug("Creating new security domain"); - ConfigurationUtils.createSecurityDomain(); + ConfigurationUtils.createSecurityDomain(data); } else if (securityDomainType.equals(ConfigurationRequest.NEW_SUBDOMAIN)) { CMS.debug("Creating subordinate CA security domain"); @@ -280,7 +280,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou cs.putString("securitydomain.httpsagentport", CMS.getAgentPort()); cs.putString("securitydomain.httpseeport", CMS.getEESSLPort()); cs.putString("securitydomain.httpsadminport", CMS.getAdminPort()); - ConfigurationUtils.createSecurityDomain(); + ConfigurationUtils.createSecurityDomain(data); } else { CMS.debug("Updating existing security domain"); ConfigurationUtils.updateSecurityDomain(); @@ -708,8 +708,6 @@ public class SystemConfigService extends PKIService implements SystemConfigResou cs.putString("internaldb.basedn", data.getBaseDN()); cs.putString("internaldb.ldapauth.bindDN", data.getBindDN()); cs.putBoolean("internaldb.ldapconn.secureConn", data.getSecureConn().equals("true")); - cs.putString("preop.database.removeData", data.getRemoveData()); - cs.putBoolean("preop.database.createNewDB", data.getCreateNewDB()); cs.putBoolean("preop.database.setupReplication", data.getSetupReplication()); cs.putBoolean("preop.database.reindexData", data.getReindexData()); } @@ -782,8 +780,8 @@ public class SystemConfigService extends PKIService implements SystemConfigResou psStore.commit(false); if (!data.getStepTwo()) { - ConfigurationUtils.enableUSNPlugin(); - ConfigurationUtils.populateDB(); + ConfigurationUtils.enableUSNPlugin(data); + ConfigurationUtils.populateDB(data); cs.putString("preop.internaldb.replicationpwd", replicationPassword); cs.putString("preop.database.removeData", "false"); @@ -794,12 +792,12 @@ public class SystemConfigService extends PKIService implements SystemConfigResou if (data.isClone() && data.getSetupReplication()) { CMS.debug("Start setting up replication."); - ConfigurationUtils.setupReplication(); + ConfigurationUtils.setupReplication(data); } ConfigurationUtils.reInitSubsystem(csType); - ConfigurationUtils.populateDBManager(); - ConfigurationUtils.populateVLVIndexes(); + ConfigurationUtils.populateDBManager(data); + ConfigurationUtils.populateVLVIndexes(data); } } catch (Exception e) { e.printStackTrace(); diff --git a/base/server/etc/default.cfg b/base/server/etc/default.cfg index f217f6850..c759556de 100644 --- a/base/server/etc/default.cfg +++ b/base/server/etc/default.cfg @@ -89,6 +89,7 @@ pki_client_database_purge=True pki_client_dir=%(home_dir)s/.dogtag/%(pki_instance_name)s pki_client_pkcs12_password= pki_ds_bind_dn=cn=Directory Manager +pki_ds_existing_database=False pki_ds_create_new_db=True pki_ds_ldap_port=389 pki_ds_ldaps_port=636 diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index 13a7755b8..1b2324f6d 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -4039,8 +4039,7 @@ class ConfigClient: self.set_subca_security_domain(data) # database - if self.subsystem != "RA": - self.set_database_parameters(data) + self.set_database_parameters(data) # backup if self.mdict['pki_instance_type'] == "Tomcat": @@ -4391,25 +4390,33 @@ class ConfigClient: self.mdict['pki_subordinate_security_domain_name']) def set_database_parameters(self, data): + data.dsHost = self.mdict['pki_ds_hostname'] + if config.str2bool(self.mdict['pki_ds_secure_connection']): data.secureConn = "true" data.dsPort = self.mdict['pki_ds_ldaps_port'] else: data.secureConn = "false" data.dsPort = self.mdict['pki_ds_ldap_port'] + data.baseDN = self.mdict['pki_ds_base_dn'] data.bindDN = self.mdict['pki_ds_bind_dn'] data.database = self.mdict['pki_ds_database'] data.bindpwd = self.mdict['pki_ds_password'] + + data.existingDatabase = config.str2bool(self.mdict['pki_ds_existing_database']) + if config.str2bool(self.mdict['pki_ds_create_new_db']): data.createNewDB = "true" else: data.createNewDB = "false" + if config.str2bool(self.mdict['pki_ds_remove_data']): data.removeData = "true" else: data.removeData = "false" + if config.str2bool(self.mdict['pki_share_db']): data.sharedDB = "true" data.sharedDBUserDN = self.mdict['pki_share_dbuser_dn'] -- cgit