From a3f7d585fed02fb8b0adaf46228f23bf1275c596 Mon Sep 17 00:00:00 2001 From: Ade Lee Date: Tue, 4 Dec 2012 11:25:55 -0500 Subject: Interpolation correction patch based on review comments --- base/deploy/config/deployment.cfg | 77 +++++++++++++++++-------------- base/deploy/src/pkidestroy | 16 ++----- base/deploy/src/pkispawn | 16 ++----- base/deploy/src/scriptlets/pkimessages.py | 7 +-- base/deploy/src/scriptlets/pkiparser.py | 16 +++---- 5 files changed, 57 insertions(+), 75 deletions(-) diff --git a/base/deploy/config/deployment.cfg b/base/deploy/config/deployment.cfg index 9eb930414..abd0fb441 100644 --- a/base/deploy/config/deployment.cfg +++ b/base/deploy/config/deployment.cfg @@ -1,5 +1,5 @@ ############################################################################### -## Common Configuration: ## +## Default Configuration: ## ## ## ## Values in this section are common to more than one PKI subsystem, and ## ## contain required information which MAY be overridden by users as ## @@ -52,8 +52,21 @@ destroy_scriplets= infrastructure_layout finalization +# By default, the following parameters will be set for Tomcat and Apache instances. +# There is no reason to uncomment these. They are provided for reference in +# case someone wants to override them in their config file. +# +# Tomcat instances: +# pki_subsystem_name=pki_tomcat +# pki_https_port=8443 +# pki_http_port=8080 +# +# Apache instances: +# pki_subsystem_name=pki_tomcat +# pki_https_port=443 +# pki_http_port=80 + pki_admin_cert_request_type=crmf -pki_admin_domain_name= pki_admin_dualkey=False pki_admin_keysize=2048 pki_admin_password= @@ -77,15 +90,12 @@ pki_ds_password= pki_ds_remove_data=True pki_ds_secure_connection=False pki_group=pkiuser -pki_http_port=%(default_http_port)s -pki_https_port=%(default_https_port)s pki_instance_id=%(pki_instance_name)s -pki_instance_name=%(default_instance_name)s pki_issuing_ca= pki_restart_configured_instance=True -pki_security_domain_hostname=%(hostname)s +pki_security_domain_hostname=%(pki_hostname)s pki_security_domain_https_port=8443 -pki_security_domain_name=%(dns_domainname)s Security Domain +pki_security_domain_name=%(pki_dns_domainname)s Security Domain pki_security_domain_password= pki_security_domain_user= pki_skip_configuration=False @@ -94,9 +104,8 @@ pki_ssl_server_key_algorithm=SHA256withRSA pki_ssl_server_key_size=2048 pki_ssl_server_key_type=rsa pki_ssl_server_nickname=Server-Cert cert-%(pki_instance_id)s -pki_ssl_server_subject_dn=cn=%(hostname)s,o=%(pki_security_domain_name)s +pki_ssl_server_subject_dn=cn=%(pki_hostname)s,o=%(pki_security_domain_name)s pki_ssl_server_token=Internal Key Storage Token -pki_subsystem=%(subsystem_type)s pki_subsystem_key_algorithm=SHA256withRSA pki_subsystem_key_size=2048 pki_subsystem_key_type=rsa @@ -166,7 +175,7 @@ pki_tomcat_server_port=8005 pki_ca_signing_key_algorithm=SHA256withRSA pki_ca_signing_key_size=2048 pki_ca_signing_key_type=rsa -pki_ca_signing_nickname=caSigningCert cert-%(pki_instance_id)s %(pki_subsystem)s +pki_ca_signing_nickname=caSigningCert cert-%(pki_instance_id)s CA pki_ca_signing_signing_algorithm=SHA256withRSA pki_ca_signing_subject_dn=cn=CA Signing Certificate,o=%(pki_security_domain_name)s pki_ca_signing_token=Internal Key Storage Token @@ -179,22 +188,22 @@ pki_import_admin_cert=False pki_ocsp_signing_key_algorithm=SHA256withRSA pki_ocsp_signing_key_size=2048 pki_ocsp_signing_key_type=rsa -pki_ocsp_signing_nickname=ocspSigningCert cert-%(pki_instance_id)s %(pki_subsystem)s +pki_ocsp_signing_nickname=ocspSigningCert cert-%(pki_instance_id)s CA pki_ocsp_signing_signing_algorithm=SHA256withRSA pki_ocsp_signing_subject_dn=cn=CA OCSP Signing Certificate,o=%(pki_security_domain_name)s pki_ocsp_signing_token=Internal Key Storage Token pki_subordinate=False -pki_admin_email=%(pki_admin_name)s@%(dns_domainname)s +pki_admin_email=%(pki_admin_name)s@%(pki_dns_domainname)s pki_admin_name=%(pki_admin_uid)s -pki_admin_nickname=PKI Administrator for %(dns_domainname)s +pki_admin_nickname=PKI Administrator for %(pki_dns_domainname)s pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s pki_admin_uid=caadmin -pki_audit_signing_nickname= auditSigningCert cert-%(pki_instance_id)s CA +pki_audit_signing_nickname=auditSigningCert cert-%(pki_instance_id)s CA pki_audit_signing_subject_dn=cn=CA Audit Signing Certificate,o=%(pki_security_domain_name)s pki_ds_base_dn=o=%(pki_instance_id)s-CA pki_ds_database=%(pki_instance_name)s-CA -pki_ds_hostname=%(hostname)s -pki_subsystem_name=CA %(hostname)s %(pki_https_port)s +pki_ds_hostname=%(pki_hostname)s +pki_subsystem_name=CA %(pki_hostname)s %(pki_https_port)s pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s CA pki_subsystem_subject_dn=cn=CA Subsystem Certificate,o=%(pki_security_domain_name)s @@ -222,17 +231,17 @@ pki_transport_nickname=transportCert cert-%(pki_instance_id)s KRA pki_transport_signing_algorithm=SHA256withRSA pki_transport_subject_dn=cn=DRM Transport Certificate,o=%(pki_security_domain_name)s pki_transport_token=Internal Key Storage Token -pki_admin_email=%(pki_admin_name)s@%(dns_domainname)s +pki_admin_email=%(pki_admin_name)s@%(pki_dns_domainname)s pki_admin_name=%(pki_admin_uid)s -pki_admin_nickname=PKI Administrator for %(dns_domainname)s -pki_admin_subject_dn=cn=PKI Administrator,,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s +pki_admin_nickname=PKI Administrator for %(pki_dns_domainname)s +pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s pki_admin_uid=kraadmin -pki_audit_signing_nickname= auditSigningCert cert-%(pki_instance_id)s KRA +pki_audit_signing_nickname=auditSigningCert cert-%(pki_instance_id)s KRA pki_audit_signing_subject_dn=cn=KRA Audit Signing Certificate,o=%(pki_security_domain_name)s pki_ds_base_dn=o=%(pki_instance_id)s-KRA pki_ds_database=%(pki_instance_name)s-KRA -pki_ds_hostname=%(hostname)s -pki_subsystem_name=KRA %(hostname)s %(pki_https_port)s +pki_ds_hostname=%(pki_hostname)s +pki_subsystem_name=KRA %(pki_hostname)s %(pki_https_port)s pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s KRA pki_subsystem_subject_dn=cn=KRA Subsystem Certificate,o=%(pki_security_domain_name)s @@ -252,17 +261,17 @@ pki_ocsp_signing_nickname=ocspSigningCert cert-%(pki_instance_id)s OCSP pki_ocsp_signing_signing_algorithm=SHA256withRSA pki_ocsp_signing_subject_dn=cn=OCSP Signing Certificate,o=%(pki_security_domain_name)s pki_ocsp_signing_token=Internal Key Storage Token -pki_admin_email=%(pki_admin_name)s@%(dns_domainname)s +pki_admin_email=%(pki_admin_name)s@%(pki_dns_domainname)s pki_admin_name=%(pki_admin_uid)s -pki_admin_nickname=PKI Administrator for %(dns_domainname)s -pki_admin_subject_dn=cn=PKI Administrator,,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s +pki_admin_nickname=PKI Administrator for %(pki_dns_domainname)s +pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s pki_admin_uid=ocspadmin -pki_audit_signing_nickname= auditSigningCert cert-%(pki_instance_id)s OCSP +pki_audit_signing_nickname=auditSigningCert cert-%(pki_instance_id)s OCSP pki_audit_signing_subject_dn=cn=OCSP Audit Signing Certificate,o=%(pki_security_domain_name)s pki_ds_base_dn=o=%(pki_instance_id)s-OCSP pki_ds_database=%(pki_instance_name)s-OCSP -pki_ds_hostname=%(hostname)s -pki_subsystem_name=OCSP %(hostname)s %(pki_https_port)s +pki_ds_hostname=%(pki_hostname)s +pki_subsystem_name=OCSP %(pki_hostname)s %(pki_https_port)s pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s OCSP pki_subsystem_subject_dn=cn=OCSP Subsystem Certificate,o=%(pki_security_domain_name)s @@ -283,17 +292,17 @@ pki_subsystem_subject_dn=cn=OCSP Subsystem Certificate,o=%(pki_security_domain_n ############################################################################### [TKS] pki_import_admin_cert=True -pki_admin_email=%(pki_admin_name)s@%(dns_domainname)s +pki_admin_email=%(pki_admin_name)s@%(pki_dns_domainname)s pki_admin_name=%(pki_admin_uid)s -pki_admin_nickname=PKI Administrator for %(dns_domainname)s -pki_admin_subject_dn=cn=PKI Administrator,,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s +pki_admin_nickname=PKI Administrator for %(pki_dns_domainname)s +pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s pki_admin_uid=tksadmin -pki_audit_signing_nickname= auditSigningCert cert-%(pki_instance_id)s TKS +pki_audit_signing_nickname=auditSigningCert cert-%(pki_instance_id)s TKS pki_audit_signing_subject_dn=cn=TKS Audit Signing Certificate,o=%(pki_security_domain_name)s pki_ds_base_dn=o=%(pki_instance_id)s-TKS pki_ds_database=%(pki_instance_name)s-TKS -pki_ds_hostname=%(hostname)s -pki_subsystem_name=TKS %(hostname)s %(pki_https_port)s +pki_ds_hostname=%(pki_hostname)s +pki_subsystem_name=TKS %(pki_hostname)s %(pki_https_port)s pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s TKS pki_subsystem_subject_dn=cn=TKS Subsystem Certificate,o=%(pki_security_domain_name)s diff --git a/base/deploy/src/pkidestroy b/base/deploy/src/pkidestroy index 69daa13ad..9e0a37396 100755 --- a/base/deploy/src/pkidestroy +++ b/base/deploy/src/pkidestroy @@ -115,21 +115,11 @@ def main(argv): config.pki_log.error(log.PKI_UNABLE_TO_PARSE_1, rv, extra=config.PKI_INDENTATION_LEVEL_0) sys.exit(1) - else: - # NEVER print out 'sensitive' name/value pairs!!! - config.pki_log.debug(log.PKI_DICTIONARY_COMMON, - extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER, - extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pkilogging.format(config.pki_web_server_dict), - extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(log.PKI_DICTIONARY_SUBSYSTEM, - extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pkilogging.format(config.pki_subsystem_dict), - extra=config.PKI_INDENTATION_LEVEL_0) # NEVER print out 'sensitive' name/value pairs!!! - config.pki_log.debug(log.PKI_DICTIONARY_COMMON, + config.pki_log.debug(log.PKI_DICTIONARY_DEFAULT, + extra=config.PKI_INDENTATION_LEVEL_0) + config.pki_log.debug(pkilogging.format(config.pki_default_dict), extra=config.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER, extra=config.PKI_INDENTATION_LEVEL_0) diff --git a/base/deploy/src/pkispawn b/base/deploy/src/pkispawn index 79ab1b230..21da9aef7 100755 --- a/base/deploy/src/pkispawn +++ b/base/deploy/src/pkispawn @@ -135,21 +135,11 @@ def main(argv): config.pki_log.error(log.PKI_UNABLE_TO_PARSE_1, rv, extra=config.PKI_INDENTATION_LEVEL_0) sys.exit(1) - else: - # NEVER print out 'sensitive' name/value pairs!!! - config.pki_log.debug(log.PKI_DICTIONARY_COMMON, - extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER, - extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pkilogging.format(config.pki_web_server_dict), - extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(log.PKI_DICTIONARY_SUBSYSTEM, - extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pkilogging.format(config.pki_subsystem_dict), - extra=config.PKI_INDENTATION_LEVEL_0) # NEVER print out 'sensitive' name/value pairs!!! - config.pki_log.debug(log.PKI_DICTIONARY_COMMON, + config.pki_log.debug(log.PKI_DICTIONARY_DEFAULT, + extra=config.PKI_INDENTATION_LEVEL_0) + config.pki_log.debug(pkilogging.format(config.pki_default_dict), extra=config.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER, extra=config.PKI_INDENTATION_LEVEL_0) diff --git a/base/deploy/src/scriptlets/pkimessages.py b/base/deploy/src/scriptlets/pkimessages.py index dbfb8e1f7..8d7ba1b6e 100644 --- a/base/deploy/src/scriptlets/pkimessages.py +++ b/base/deploy/src/scriptlets/pkimessages.py @@ -20,9 +20,9 @@ # # PKI Deployment Engine Messages -PKI_DICTIONARY_COMMON ="\n"\ +PKI_DICTIONARY_DEFAULT ="\n"\ "=====================================================\n"\ -" DISPLAY CONTENTS OF PKI COMMON DICTIONARY\n"\ +" DISPLAY CONTENTS OF PKI DEFAULT DICTIONARY\n"\ "=====================================================" PKI_DICTIONARY_MASTER="\n"\ "=====================================================\n"\ @@ -137,9 +137,6 @@ PKISPAWN_EPILOG =\ " Apache: 'pki_instance_name', 'pki_http_port', and 'pki_https_port'\n"\ " Tomcat: 'pki_instance_name', 'pki_http_port', 'pki_https_port',\n"\ " 'pki_ajp_port', and 'pki_tomcat_server_port'\n\n"\ -" Optionally, the 'pki_admin_domain_name' may be changed instead of, or\n"\ -" in addition to, the 'pki_instance_name' since a PKI instance is\n"\ -" defined as '${pki_instance_name}[.${pki_admin_domain_name}]'.\n\n"\ " Finally, if an optional '-p ' is defined, this value WILL NOT\n"\ " be prepended in front of the mandatory '-f '.\n\n" +\ PKI_VERBOSITY diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py index 05536f424..6109e7486 100644 --- a/base/deploy/src/scriptlets/pkiparser.py +++ b/base/deploy/src/scriptlets/pkiparser.py @@ -227,12 +227,12 @@ class PKIConfigParser: default_http_port = '80' default_https_port = '443' - predefined_dict = {'default_instance_name': default_instance_name, - 'default_http_port': default_http_port, - 'default_https_port': default_https_port, - 'dns_domainname': config.pki_dns_domainname, - 'subsystem_type' : config.pki_subsystem, - 'hostname': config.pki_hostname} + predefined_dict = {'pki_instance_name': default_instance_name, + 'pki_http_port': default_http_port, + 'pki_https_port': default_https_port, + 'pki_dns_domainname': config.pki_dns_domainname, + 'pki_subsystem' : config.pki_subsystem, + 'pki_hostname': config.pki_hostname} self.pki_config = ConfigParser.SafeConfigParser(predefined_dict) # Make keys case-sensitive! @@ -283,9 +283,6 @@ class PKIConfigParser: config.pki_master_dict['pki_certificate_timestamp'] =\ config.pki_certificate_timestamp config.pki_master_dict['pki_architecture'] = config.pki_architecture - config.pki_master_dict['pki_hostname'] = config.pki_hostname - config.pki_master_dict['pki_dns_domainname'] =\ - config.pki_dns_domainname config.pki_master_dict['pki_jython_log_level'] =\ config.pki_jython_log_level config.pki_master_dict['pki_deployment_cfg'] = config.pkideployment_cfg @@ -362,7 +359,6 @@ class PKIConfigParser: # (e. g. Tomcat: "pki-tomcat", "pki-tomcat.example.com") # (e. g. Apache: "pki-apache", "pki-apache.example.com") # - config.pki_master_dict['pki_instance_id'] = config.pki_master_dict['pki_instance_name'] # PKI Source name/value pairs config.pki_master_dict['pki_source_conf_path'] =\ -- cgit