From a957a3d2960d6ae39a7785cccb0656d5ac230701 Mon Sep 17 00:00:00 2001 From: Matthew Harmsen Date: Mon, 29 Oct 2012 22:08:00 -0700 Subject: Allow a PKI instance to be installed/configured independently * TRAC Ticket #286 - Dogtag 10: Create parameter for optionally allowing a user to skip configuration . . . --- base/deploy/config/pkideployment.cfg | 2 ++ base/deploy/src/scriptlets/configuration.py | 4 +++ base/deploy/src/scriptlets/finalization.py | 12 +++++++++ .../deploy/src/scriptlets/infrastructure_layout.py | 4 +++ base/deploy/src/scriptlets/initialization.py | 4 +++ base/deploy/src/scriptlets/instance_layout.py | 4 +++ base/deploy/src/scriptlets/pkihelper.py | 19 ++++++++++++++ base/deploy/src/scriptlets/pkimessages.py | 20 +++++++++++++++ base/deploy/src/scriptlets/pkiparser.py | 30 ++++++++++++++++++++++ base/deploy/src/scriptlets/security_databases.py | 4 +++ base/deploy/src/scriptlets/selinux_setup.py | 10 +++++--- base/deploy/src/scriptlets/slot_substitution.py | 4 +++ base/deploy/src/scriptlets/subsystem_layout.py | 4 +++ base/deploy/src/scriptlets/webapp_deployment.py | 5 ++++ 14 files changed, 123 insertions(+), 3 deletions(-) diff --git a/base/deploy/config/pkideployment.cfg b/base/deploy/config/pkideployment.cfg index 772d35f71..54840c8f3 100644 --- a/base/deploy/config/pkideployment.cfg +++ b/base/deploy/config/pkideployment.cfg @@ -63,6 +63,8 @@ pki_security_domain_hostname= pki_security_domain_https_port=8443 pki_security_domain_name= pki_security_domain_user=admin +pki_skip_configuration=False +pki_skip_installation=False pki_ssl_server_key_algorithm=SHA256withRSA pki_ssl_server_key_size=2048 pki_ssl_server_key_type=rsa diff --git a/base/deploy/src/scriptlets/configuration.py b/base/deploy/src/scriptlets/configuration.py index f7a9a66e6..6208db46a 100644 --- a/base/deploy/src/scriptlets/configuration.py +++ b/base/deploy/src/scriptlets/configuration.py @@ -33,6 +33,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 def spawn(self): + if config.str2bool(master['pki_skip_configuration']): + config.pki_log.info(log.SKIP_CONFIGURATION_SPAWN_1, __name__, + extra=config.PKI_INDENTATION_LEVEL_1) + return self.rv config.pki_log.info(log.CONFIGURATION_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) if not config.pki_dry_run_flag: diff --git a/base/deploy/src/scriptlets/finalization.py b/base/deploy/src/scriptlets/finalization.py index 05fd47c63..f327ffb04 100644 --- a/base/deploy/src/scriptlets/finalization.py +++ b/base/deploy/src/scriptlets/finalization.py @@ -33,6 +33,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 def spawn(self): + if config.str2bool(master['pki_skip_installation']): + config.pki_log.info(log.SKIP_FINALIZATION_SPAWN_1, __name__, + extra=config.PKI_INDENTATION_LEVEL_1) + return self.rv config.pki_log.info(log.FINALIZATION_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) # For debugging/auditing purposes, save a timestamped copy of @@ -65,6 +69,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): if config.str2bool(master['pki_client_database_purge']): if util.directory.exists(master['pki_client_dir']): util.directory.delete(master['pki_client_dir']) + # If instance has not been configured, print the + # configuration URL to the log + if config.str2bool(master['pki_skip_configuration']): + util.configuration_file.log_configuration_url() # Log final process messages config.pki_log.info(log.PKISPAWN_END_MESSAGE_2, master['pki_subsystem'], @@ -72,6 +80,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): extra=config.PKI_INDENTATION_LEVEL_0) if not config.pki_dry_run_flag: util.file.modify(master['pki_spawn_log'], silent=True) + # If instance has not been configured, print the + # configuration URL to the screen + if config.str2bool(master['pki_skip_configuration']): + util.configuration_file.display_configuration_url() return self.rv def respawn(self): diff --git a/base/deploy/src/scriptlets/infrastructure_layout.py b/base/deploy/src/scriptlets/infrastructure_layout.py index 586cc88b7..3faa0b9b9 100644 --- a/base/deploy/src/scriptlets/infrastructure_layout.py +++ b/base/deploy/src/scriptlets/infrastructure_layout.py @@ -32,6 +32,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 def spawn(self): + if config.str2bool(master['pki_skip_installation']): + config.pki_log.info(log.SKIP_ADMIN_DOMAIN_SPAWN_1, __name__, + extra=config.PKI_INDENTATION_LEVEL_1) + return self.rv config.pki_log.info(log.ADMIN_DOMAIN_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) # NOTE: It was determined that since the "pkidestroy" command diff --git a/base/deploy/src/scriptlets/initialization.py b/base/deploy/src/scriptlets/initialization.py index a5b09812f..6c41ef642 100644 --- a/base/deploy/src/scriptlets/initialization.py +++ b/base/deploy/src/scriptlets/initialization.py @@ -37,6 +37,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): master['pki_subsystem'], master['pki_instance_id'], extra=config.PKI_INDENTATION_LEVEL_0) + if config.str2bool(master['pki_skip_installation']): + config.pki_log.info(log.SKIP_INITIALIZATION_SPAWN_1, __name__, + extra=config.PKI_INDENTATION_LEVEL_1) + return self.rv config.pki_log.info(log.INITIALIZATION_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) # verify that this type of "subsystem" does NOT yet diff --git a/base/deploy/src/scriptlets/instance_layout.py b/base/deploy/src/scriptlets/instance_layout.py index 2f79de83c..219f049c8 100644 --- a/base/deploy/src/scriptlets/instance_layout.py +++ b/base/deploy/src/scriptlets/instance_layout.py @@ -37,6 +37,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 def spawn(self): + if config.str2bool(master['pki_skip_installation']): + config.pki_log.info(log.SKIP_INSTANCE_SPAWN_1, __name__, + extra=config.PKI_INDENTATION_LEVEL_1) + return self.rv config.pki_log.info(log.INSTANCE_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) # establish instance logs diff --git a/base/deploy/src/scriptlets/pkihelper.py b/base/deploy/src/scriptlets/pkihelper.py index 0ae6ba97e..ecc1df791 100644 --- a/base/deploy/src/scriptlets/pkihelper.py +++ b/base/deploy/src/scriptlets/pkihelper.py @@ -416,6 +416,25 @@ class namespace: # PKI Deployment Configuration File Class class configuration_file: + def log_configuration_url(self): + # NOTE: This is the one and only parameter containing a sensitive + # parameter that may be stored in a log file. + config.pki_log.info(log.PKI_CONFIGURATION_WIZARD_URL_1, + sensitive['pki_configuration_url'], + extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.info(log.PKI_CONFIGURATION_WIZARD_RESTART_1, + master['pki_registry_initscript_command'], + extra=config.PKI_INDENTATION_LEVEL_2) + + def display_configuration_url(self): + # NOTE: This is the one and only parameter containing a sensitive + # parameter that may be displayed to the screen. + print log.PKI_CONFIGURATION_URL_1 % sensitive['pki_configuration_url'] + print + print log.PKI_CONFIGURATION_RESTART_1 %\ + master['pki_registry_initscript_command'] + print + def verify_sensitive_data(self): # Silently verify the existence of 'sensitive' data if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: diff --git a/base/deploy/src/scriptlets/pkimessages.py b/base/deploy/src/scriptlets/pkimessages.py index 33dd311f5..cce2e8f0e 100644 --- a/base/deploy/src/scriptlets/pkimessages.py +++ b/base/deploy/src/scriptlets/pkimessages.py @@ -55,6 +55,12 @@ PKI_VERBOSITY=\ # PKI Deployment Error Messages PKI_BADZIPFILE_ERROR_1 = "zipfile.BadZipFile: %s!" +PKI_CONFIGURATION_RESTART_1 = "After configuration, the server can be "\ + "operated by the command:\n\n%s" +PKI_CONFIGURATION_URL_1 = "Please start the configuration by accessing:\n\n%s" +PKI_CONFIGURATION_WIZARD_RESTART_1 = "After configuration, the server can be "\ + "operated by the command:\n%s" +PKI_CONFIGURATION_WIZARD_URL_1 = "Configuration Wizard listening on\n%s" PKI_DIRECTORY_ALREADY_EXISTS_1 = "Directory '%s' already exists!" PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1 = "Directory '%s' already "\ "exists BUT it is NOT a "\ @@ -329,6 +335,9 @@ RESIDUAL_SPAWN_1 = "populating '%s'" SECURITY_DATABASES_DESTROY_1 = "removing '%s'" SECURITY_DATABASES_RESPAWN_1 = "regenerating '%s'" SECURITY_DATABASES_SPAWN_1 = "generating '%s'" +SELINUX_DESTROY_1 = "depopulating '%s'" +SELINUX_RESPAWN_1 = "repopulating '%s'" +SELINUX_SPAWN_1 = "populating '%s'" SLOT_ASSIGNMENT_DESTROY_1 = "unassigning slots for '%s'" SLOT_ASSIGNMENT_RESPAWN_1 = "reassigning slots for '%s'" SLOT_ASSIGNMENT_SPAWN_1 = "assigning slots for '%s'" @@ -338,3 +347,14 @@ SUBSYSTEM_SPAWN_1 = "populating '%s'" WEBAPP_DEPLOYMENT_DESTROY_1 = "removing '%s'" WEBAPP_DEPLOYMENT_RESPAWN_1 = "redeploying '%s'" WEBAPP_DEPLOYMENT_SPAWN_1 = "deploying '%s'" +SKIP_ADMIN_DOMAIN_SPAWN_1 = "skip populating '%s'" +SKIP_CONFIGURATION_SPAWN_1 = "skip configuring '%s'" +SKIP_FINALIZATION_SPAWN_1 = "skip finalizing '%s'" +SKIP_INITIALIZATION_SPAWN_1 = "skip initializing '%s'" +SKIP_INSTANCE_SPAWN_1 = "skip populating '%s'" +SKIP_RESIDUAL_SPAWN_1 = "skip populating '%s'" +SKIP_SECURITY_DATABASES_SPAWN_1 = "skip generating '%s'" +SKIP_SELINUX_SPAWN_1 = "skip populating '%s'" +SKIP_SLOT_ASSIGNMENT_SPAWN_1 = "skip assigning slots for '%s'" +SKIP_SUBSYSTEM_SPAWN_1 = "skip populating '%s'" +SKIP_WEBAPP_DEPLOYMENT_SPAWN_1 = "skip deploying '%s'" diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py index cb419031f..d8fc6d98b 100644 --- a/base/deploy/src/scriptlets/pkiparser.py +++ b/base/deploy/src/scriptlets/pkiparser.py @@ -2266,6 +2266,36 @@ def compose_pki_master_dictionary(): config.pki_master_dict['pki_subsystem_archive_log_path'] + "/" +\ "respawn" + "_" + "manifest" + "." +\ config.pki_master_dict['pki_timestamp'] + # Construct the configuration URL containing the one-time pin + # and add this to the "sensitive" key value pairs read in from + # the configuration file + # + # NOTE: This is the one and only parameter containing a sensitive + # parameter that may be stored in a log file and displayed + # to the screen. + # + config.pki_sensitive_dict['pki_configuration_url'] =\ + "https://{}:{}/{}/{}?pin={}".format( + config.pki_master_dict['pki_hostname'], + config.pki_master_dict['pki_https_port'], + config.pki_master_dict['pki_subsystem'].lower(), + "admin/console/config/login", + config.pki_sensitive_dict['pki_one_time_pin']) + # Compose this "systemd" execution management command + if config.pki_master_dict['pki_subsystem'] in\ + config.PKI_APACHE_SUBSYSTEMS: + config.pki_master_dict['pki_registry_initscript_command'] =\ + "systemctl" + " " +\ + "restart" + " " +\ + "pki-apached" + "@" +\ + config.pki_master_dict['pki_instance_id'] + "." + "service" + elif config.pki_master_dict['pki_subsystem'] in\ + config.PKI_TOMCAT_SUBSYSTEMS: + config.pki_master_dict['pki_registry_initscript_command'] =\ + "systemctl" + " " +\ + "restart" + " " +\ + "pki-tomcatd" + "@" +\ + config.pki_master_dict['pki_instance_id'] + "." + "service" except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) diff --git a/base/deploy/src/scriptlets/security_databases.py b/base/deploy/src/scriptlets/security_databases.py index 4b55cee14..e60c5f24d 100644 --- a/base/deploy/src/scriptlets/security_databases.py +++ b/base/deploy/src/scriptlets/security_databases.py @@ -33,6 +33,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 def spawn(self): + if config.str2bool(master['pki_skip_installation']): + config.pki_log.info(log.SKIP_SECURITY_DATABASES_SPAWN_1, __name__, + extra=config.PKI_INDENTATION_LEVEL_1) + return self.rv config.pki_log.info(log.SECURITY_DATABASES_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) if not config.pki_dry_run_flag: diff --git a/base/deploy/src/scriptlets/selinux_setup.py b/base/deploy/src/scriptlets/selinux_setup.py index 0292081be..98bfcd48e 100644 --- a/base/deploy/src/scriptlets/selinux_setup.py +++ b/base/deploy/src/scriptlets/selinux_setup.py @@ -40,7 +40,11 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): selinux.restorecon(master['pki_instance_configuration_path'], True) def spawn(self): - config.pki_log.info(log.SUBSYSTEM_SPAWN_1, __name__, + if config.str2bool(master['pki_skip_installation']): + config.pki_log.info(log.SKIP_SELINUX_SPAWN_1, __name__, + extra=config.PKI_INDENTATION_LEVEL_1) + return self.rv + config.pki_log.info(log.SELINUX_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) # check first if any transactions are required @@ -98,13 +102,13 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): return self.rv def respawn(self): - config.pki_log.info(log.SUBSYSTEM_RESPAWN_1, __name__, + config.pki_log.info(log.SELINUX_RESPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) self.restore_context() return self.rv def destroy(self): - config.pki_log.info(log.SUBSYSTEM_DESTROY_1, __name__, + config.pki_log.info(log.SELINUX_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) # check first if any transactions are required diff --git a/base/deploy/src/scriptlets/slot_substitution.py b/base/deploy/src/scriptlets/slot_substitution.py index 39887611a..dcd367ac6 100644 --- a/base/deploy/src/scriptlets/slot_substitution.py +++ b/base/deploy/src/scriptlets/slot_substitution.py @@ -33,6 +33,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 def spawn(self): + if config.str2bool(master['pki_skip_installation']): + config.pki_log.info(log.SKIP_SLOT_ASSIGNMENT_SPAWN_1, __name__, + extra=config.PKI_INDENTATION_LEVEL_1) + return self.rv config.pki_log.info(log.SLOT_ASSIGNMENT_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) util.file.copy_with_slot_substitution(master['pki_source_cs_cfg'], diff --git a/base/deploy/src/scriptlets/subsystem_layout.py b/base/deploy/src/scriptlets/subsystem_layout.py index 207cd022b..fde69b093 100644 --- a/base/deploy/src/scriptlets/subsystem_layout.py +++ b/base/deploy/src/scriptlets/subsystem_layout.py @@ -32,6 +32,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 def spawn(self): + if config.str2bool(master['pki_skip_installation']): + config.pki_log.info(log.SKIP_SUBSYSTEM_SPAWN_1, __name__, + extra=config.PKI_INDENTATION_LEVEL_1) + return self.rv config.pki_log.info(log.SUBSYSTEM_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) # establish instance-based subsystem logs diff --git a/base/deploy/src/scriptlets/webapp_deployment.py b/base/deploy/src/scriptlets/webapp_deployment.py index cc2086fc7..507d23c32 100644 --- a/base/deploy/src/scriptlets/webapp_deployment.py +++ b/base/deploy/src/scriptlets/webapp_deployment.py @@ -37,6 +37,11 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def spawn(self): if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + if config.str2bool(master['pki_skip_installation']): + config.pki_log.info(log.SKIP_WEBAPP_DEPLOYMENT_SPAWN_1, + __name__, + extra=config.PKI_INDENTATION_LEVEL_1) + return self.rv config.pki_log.info(log.WEBAPP_DEPLOYMENT_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) # deploy war file -- cgit