From d5bc2ead8c73943c0053198fb3ba9959a78b2b41 Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Tue, 13 Nov 2012 22:31:37 -0500 Subject: Refactored constants in pkiconfig.py. The constants in pkiconfig.py have been moved into a new PKIConfig class. All references have been modified accordingly. Ticket #380 --- base/deploy/src/pkidestroy | 41 +- base/deploy/src/pkispawn | 47 +- base/deploy/src/scriptlets/configuration.jy | 5 +- base/deploy/src/scriptlets/configuration.py | 17 +- base/deploy/src/scriptlets/finalization.py | 17 +- .../deploy/src/scriptlets/infrastructure_layout.py | 13 +- base/deploy/src/scriptlets/initialization.py | 11 +- base/deploy/src/scriptlets/instance_layout.py | 13 +- base/deploy/src/scriptlets/pkiconfig.py | 197 +++---- base/deploy/src/scriptlets/pkihelper.py | 595 +++++++++++---------- base/deploy/src/scriptlets/pkijython.py | 17 +- base/deploy/src/scriptlets/pkimanifest.py | 5 +- base/deploy/src/scriptlets/pkiparser.py | 187 +++---- base/deploy/src/scriptlets/security_databases.py | 17 +- base/deploy/src/scriptlets/selinux_setup.py | 53 +- base/deploy/src/scriptlets/slot_substitution.py | 11 +- base/deploy/src/scriptlets/subsystem_layout.py | 13 +- base/deploy/src/scriptlets/webapp_deployment.py | 21 +- 18 files changed, 650 insertions(+), 630 deletions(-) diff --git a/base/deploy/src/pkidestroy b/base/deploy/src/pkidestroy index 1597712e1..f5c6f1bf2 100755 --- a/base/deploy/src/pkidestroy +++ b/base/deploy/src/pkidestroy @@ -36,6 +36,7 @@ try: import time from time import strftime as date from pki.deployment import pkiconfig as config + from pki.deployment.pkiconfig import PKIConfig from pki.deployment.pkiparser import PKIConfigParser from pki.deployment import pkilogging from pki.deployment import pkimessages as log @@ -58,7 +59,7 @@ def main(argv): sys.exit("'%s' must be run as root!" % argv[0]) # Set the umask - os.umask(config.PKI_DEPLOYMENT_DEFAULT_UMASK) + os.umask(PKIConfig.PKI_DEPLOYMENT_DEFAULT_UMASK) # Set installation time ticks = time.time() @@ -97,7 +98,7 @@ def main(argv): # Enable 'pkidestroy' logging. config.pki_log_dir = config.pki_root_prefix +\ - config.PKI_DEPLOYMENT_LOG_ROOT + PKIConfig.PKI_DEPLOYMENT_LOG_ROOT config.pki_log_name = "pki" + "-" +\ config.pki_subsystem.lower() +\ "-" + "destroy" + "." +\ @@ -117,45 +118,45 @@ def main(argv): rv = parser.read_pki_configuration_file() if rv != 0: config.pki_log.error(PKI_UNABLE_TO_PARSE_1, rv, - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) sys.exit(1) else: # NEVER print out 'sensitive' name/value pairs!!! config.pki_log.debug(log.PKI_DICTIONARY_COMMON, - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(pp.pformat(config.pki_common_dict), - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER, - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(pp.pformat(config.pki_web_server_dict), - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(log.PKI_DICTIONARY_SUBSYSTEM, - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(pp.pformat(config.pki_subsystem_dict), - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) # NEVER print out 'sensitive' name/value pairs!!! config.pki_log.debug(log.PKI_DICTIONARY_COMMON, - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(pp.pformat(config.pki_common_dict), - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER, - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(pp.pformat(config.pki_web_server_dict), - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(log.PKI_DICTIONARY_SUBSYSTEM, - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(pp.pformat(config.pki_subsystem_dict), - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) # Combine the various sectional dictionaries into a PKI master dictionary parser.compose_pki_master_dictionary() config.pki_master_dict['pki_destroy_log'] = config.pki_log_dir + "/" +\ config.pki_log_name config.pki_log.debug(log.PKI_DICTIONARY_MASTER, - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(pp.pformat(config.pki_master_dict), - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) # Remove the specified PKI subsystem. pki_scriptlets_path = "/usr/share/pki/deployment/destroy" +\ @@ -164,7 +165,7 @@ def main(argv): not os.path.isdir(pki_scriptlets_path): config.pki_log.error(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, pki_scriptlets_path, - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) sys.exit(1) pki_subsystem_scriptlets = os.listdir(pki_scriptlets_path) pki_subsystem_scriptlets.sort() @@ -180,9 +181,9 @@ def main(argv): if rv != 0: sys.exit(1) config.pki_log.debug(log.PKI_DICTIONARY_MASTER, - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(pp.pformat(config.pki_master_dict), - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) # PKI Deployment Entry Point diff --git a/base/deploy/src/pkispawn b/base/deploy/src/pkispawn index fbb6b8e26..63a827fcb 100755 --- a/base/deploy/src/pkispawn +++ b/base/deploy/src/pkispawn @@ -36,6 +36,7 @@ try: import time from time import strftime as date from pki.deployment import pkiconfig as config + from pki.deployment.pkiconfig import PKIConfig from pki.deployment.pkiparser import PKIConfigParser from pki.deployment import pkilogging from pki.deployment import pkimessages as log @@ -58,7 +59,7 @@ def main(argv): sys.exit("'%s' must be run as root!" % argv[0]) # Set the umask - os.umask(config.PKI_DEPLOYMENT_DEFAULT_UMASK) + os.umask(PKIConfig.PKI_DEPLOYMENT_DEFAULT_UMASK) # Set installation time ticks = time.time() @@ -95,7 +96,7 @@ def main(argv): parser = PKIConfigParser() parser.process_command_line_arguments(argv) - if not os.path.exists(config.PKI_DEPLOYMENT_SOURCE_ROOT +\ + if not os.path.exists(PKIConfig.PKI_DEPLOYMENT_SOURCE_ROOT +\ "/" + config.pki_subsystem.lower()): print "ERROR: " + log.PKI_SUBSYSTEM_NOT_INSTALLED_1 %\ config.pki_subsystem.lower() @@ -104,7 +105,7 @@ def main(argv): # Enable 'pkispawn' logging. rv = 0 config.pki_log_dir = config.pki_root_prefix +\ - config.PKI_DEPLOYMENT_LOG_ROOT + PKIConfig.PKI_DEPLOYMENT_LOG_ROOT config.pki_log_name = "pki" + "-" +\ config.pki_subsystem.lower() +\ "-" + "spawn" + "." +\ @@ -124,52 +125,52 @@ def main(argv): rv = parser.read_pki_configuration_file() if rv != 0: config.pki_log.error(PKI_UNABLE_TO_PARSE_1, rv, - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) sys.exit(1) else: # NEVER print out 'sensitive' name/value pairs!!! config.pki_log.debug(log.PKI_DICTIONARY_COMMON, - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(pp.pformat(config.pki_common_dict), - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER, - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(pp.pformat(config.pki_web_server_dict), - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(log.PKI_DICTIONARY_SUBSYSTEM, - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(pp.pformat(config.pki_subsystem_dict), - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) # NEVER print out 'sensitive' name/value pairs!!! config.pki_log.debug(log.PKI_DICTIONARY_COMMON, - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(pp.pformat(config.pki_common_dict), - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER, - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(pp.pformat(config.pki_web_server_dict), - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(log.PKI_DICTIONARY_SUBSYSTEM, - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(pp.pformat(config.pki_subsystem_dict), - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) # Read in the PKI slots configuration file. parser.compose_pki_slots_dictionary() config.pki_log.debug(log.PKI_DICTIONARY_SLOTS, - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(pp.pformat(config.pki_slots_dict), - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) # Combine the various sectional dictionaries into a PKI master dictionary parser.compose_pki_master_dictionary() config.pki_master_dict['pki_spawn_log'] = config.pki_log_dir + "/" +\ config.pki_log_name config.pki_log.debug(log.PKI_DICTIONARY_MASTER, - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(pp.pformat(config.pki_master_dict), - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) # Install and configure the specified PKI subsystem. pki_scriptlets_path = "/usr/share/pki/deployment/spawn" +\ @@ -178,7 +179,7 @@ def main(argv): not os.path.isdir(pki_scriptlets_path): config.pki_log.error(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, pki_scriptlets_path, - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) sys.exit(1) pki_subsystem_scriptlets = os.listdir(pki_scriptlets_path) pki_subsystem_scriptlets.sort() @@ -194,9 +195,9 @@ def main(argv): if rv != 0: sys.exit(1) config.pki_log.debug(log.PKI_DICTIONARY_MASTER, - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(pp.pformat(config.pki_master_dict), - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) # PKI Deployment Entry Point diff --git a/base/deploy/src/scriptlets/configuration.jy b/base/deploy/src/scriptlets/configuration.jy index bf89a0170..a9c7d5037 100644 --- a/base/deploy/src/scriptlets/configuration.jy +++ b/base/deploy/src/scriptlets/configuration.jy @@ -9,6 +9,7 @@ import sys # PKI Python Imports import pkijython as jyutil import pkiconfig as config +from pkiconfig import PKIConfig import pkimessages as log @@ -55,7 +56,7 @@ def main(argv): # in which case a single process could be executed # end-to-end from installation through configuration). # - if master['pki_jython_log_level'] >= config.PKI_JYTHON_DEBUG_LOG_LEVEL: + if master['pki_jython_log_level'] >= PKIConfig.PKI_JYTHON_DEBUG_LOG_LEVEL: # javasystem.out.println("Hello") print "%s %s" %\ (log.PKI_JYTHON_INDENTATION_2, sys.path) @@ -107,7 +108,7 @@ def main(argv): if config.str2bool(master['pki_external']): print "%s '%s %s' %s" %\ (log.PKI_JYTHON_INDENTATION_2, - config.PKI_DEPLOYMENT_EXTERNAL_CA, + PKIConfig.PKI_DEPLOYMENT_EXTERNAL_CA, master['pki_subsystem'], log.PKI_JYTHON_NOT_YET_IMPLEMENTED) return rv diff --git a/base/deploy/src/scriptlets/configuration.py b/base/deploy/src/scriptlets/configuration.py index c6c43d047..44d017d72 100644 --- a/base/deploy/src/scriptlets/configuration.py +++ b/base/deploy/src/scriptlets/configuration.py @@ -21,6 +21,7 @@ # PKI Deployment Imports import pkiconfig as config +from pkiconfig import PKIConfig from pkiconfig import pki_master_dict as master from pkiconfig import pki_sensitive_dict as sensitive import pkihelper as util @@ -35,16 +36,16 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def spawn(self): if config.str2bool(master['pki_skip_configuration']): config.pki_log.info(log.SKIP_CONFIGURATION_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) + extra=PKIConfig.PKI_INDENTATION_LEVEL_1) return self.rv config.pki_log.info(log.CONFIGURATION_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) + extra=PKIConfig.PKI_INDENTATION_LEVEL_1) # Place "slightly" less restrictive permissions on # the top-level client directory ONLY util.directory.create(master['pki_client_dir'], uid=0, gid=0, - perms=config.PKI_DEPLOYMENT_DEFAULT_CLIENT_DIR_PERMISSIONS) + perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_CLIENT_DIR_PERMISSIONS) # Since 'certutil' does NOT strip the 'token=' portion of # the 'token=password' entries, create a client password file # which ONLY contains the 'password' for the purposes of @@ -72,14 +73,14 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): master['pki_systemd_service_link']) # Start/Restart this Apache/Tomcat PKI Process - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: + if master['pki_subsystem'] in PKIConfig.PKI_APACHE_SUBSYSTEMS: apache_instance_subsystems =\ util.instance.apache_instance_subsystems() if apache_instance_subsystems == 1: util.systemd.start() elif apache_instance_subsystems > 1: util.systemd.restart() - elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + elif master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: # Optionally prepare to enable a java debugger # (e. g. - 'eclipse'): if config.str2bool(master['pki_enable_java_debugger']): @@ -98,13 +99,13 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def destroy(self): config.pki_log.info(log.CONFIGURATION_DESTROY_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ + extra=PKIConfig.PKI_INDENTATION_LEVEL_1) + if master['pki_subsystem'] in PKIConfig.PKI_APACHE_SUBSYSTEMS and\ util.instance.apache_instance_subsystems() == 1: if util.directory.exists(master['pki_client_dir']): util.directory.delete(master['pki_client_dir']) util.symlink.delete(master['pki_systemd_service_link']) - elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ + elif master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS and\ util.instance.tomcat_instance_subsystems() == 1: if util.directory.exists(master['pki_client_dir']): util.directory.delete(master['pki_client_dir']) diff --git a/base/deploy/src/scriptlets/finalization.py b/base/deploy/src/scriptlets/finalization.py index d871dd354..2cc3ad203 100644 --- a/base/deploy/src/scriptlets/finalization.py +++ b/base/deploy/src/scriptlets/finalization.py @@ -21,6 +21,7 @@ # PKI Deployment Imports import pkiconfig as config +from pkiconfig import PKIConfig from pkiconfig import pki_master_dict as master import pkihelper as util import pkimanifest as manifest @@ -35,17 +36,17 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def spawn(self): if config.str2bool(master['pki_skip_installation']): config.pki_log.info(log.SKIP_FINALIZATION_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) + extra=PKIConfig.PKI_INDENTATION_LEVEL_1) return self.rv config.pki_log.info(log.FINALIZATION_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) + extra=PKIConfig.PKI_INDENTATION_LEVEL_1) # For debugging/auditing purposes, save a timestamped copy of # this configuration file in the subsystem archive util.file.copy(master['pki_deployment_cfg_replica'], master['pki_deployment_cfg_spawn_archive']) # Save a copy of the installation manifest file config.pki_log.info(log.PKI_MANIFEST_MESSAGE_1, master['pki_manifest'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) # for record in manifest.database: # print tuple(record) manifest.file.register(master['pki_manifest']) @@ -77,7 +78,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): config.pki_log.info(log.PKISPAWN_END_MESSAGE_2, master['pki_subsystem'], master['pki_instance_id'], - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) util.file.modify(master['pki_spawn_log'], silent=True) # If instance has not been configured, print the # configuration URL to the screen @@ -87,17 +88,17 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def destroy(self): config.pki_log.info(log.FINALIZATION_DESTROY_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) + extra=PKIConfig.PKI_INDENTATION_LEVEL_1) util.file.modify(master['pki_destroy_log'], silent=True) # Start this Apache/Tomcat PKI Process - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ + if master['pki_subsystem'] in PKIConfig.PKI_APACHE_SUBSYSTEMS and\ util.instance.apache_instance_subsystems() >= 1: util.systemd.start() - elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ + elif master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS and\ util.instance.tomcat_instance_subsystems() >= 1: util.systemd.start() config.pki_log.info(log.PKIDESTROY_END_MESSAGE_2, master['pki_subsystem'], master['pki_instance_id'], - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) return self.rv diff --git a/base/deploy/src/scriptlets/infrastructure_layout.py b/base/deploy/src/scriptlets/infrastructure_layout.py index 31c788bfd..9113e8131 100644 --- a/base/deploy/src/scriptlets/infrastructure_layout.py +++ b/base/deploy/src/scriptlets/infrastructure_layout.py @@ -21,6 +21,7 @@ # PKI Deployment Imports import pkiconfig as config +from pkiconfig import PKIConfig from pkiconfig import pki_master_dict as master import pkihelper as util import pkimessages as log @@ -34,10 +35,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def spawn(self): if config.str2bool(master['pki_skip_installation']): config.pki_log.info(log.SKIP_ADMIN_DOMAIN_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) + extra=PKIConfig.PKI_INDENTATION_LEVEL_1) return self.rv config.pki_log.info(log.ADMIN_DOMAIN_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) + extra=PKIConfig.PKI_INDENTATION_LEVEL_1) # NOTE: It was determined that since the "pkidestroy" command # relies upon a symbolic link to a replica of the original # "pkideployment.cfg" configuration file used by the @@ -77,15 +78,15 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # util.directory.create(master['pki_log_path']) # establish top-level infrastructure configuration if master['pki_configuration_path'] !=\ - config.PKI_DEPLOYMENT_CONFIGURATION_ROOT: + PKIConfig.PKI_DEPLOYMENT_CONFIGURATION_ROOT: util.directory.create(master['pki_configuration_path']) return self.rv def destroy(self): config.pki_log.info(log.ADMIN_DOMAIN_DESTROY_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) + extra=PKIConfig.PKI_INDENTATION_LEVEL_1) # remove top-level infrastructure base - if master['pki_subsystem'] in config.PKI_SUBSYSTEMS and\ + if master['pki_subsystem'] in PKIConfig.PKI_SUBSYSTEMS and\ util.instance.pki_instance_subsystems() == 0: # remove top-level infrastructure base util.directory.delete(master['pki_path']) @@ -95,7 +96,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # remove top-level infrastructure configuration if util.directory.is_empty(master['pki_configuration_path'])\ and master['pki_configuration_path'] !=\ - config.PKI_DEPLOYMENT_CONFIGURATION_ROOT: + PKIConfig.PKI_DEPLOYMENT_CONFIGURATION_ROOT: util.directory.delete(master['pki_configuration_path']) # remove top-level infrastructure registry util.directory.delete(master['pki_registry_path']) diff --git a/base/deploy/src/scriptlets/initialization.py b/base/deploy/src/scriptlets/initialization.py index 2b5cc3861..dead48fff 100644 --- a/base/deploy/src/scriptlets/initialization.py +++ b/base/deploy/src/scriptlets/initialization.py @@ -21,6 +21,7 @@ # PKI Deployment Imports import pkiconfig as config +from pkiconfig import PKIConfig from pkiconfig import pki_master_dict as master import pkihelper as util import pkimessages as log @@ -36,13 +37,13 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): config.pki_log.info(log.PKISPAWN_BEGIN_MESSAGE_2, master['pki_subsystem'], master['pki_instance_id'], - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) if config.str2bool(master['pki_skip_installation']): config.pki_log.info(log.SKIP_INITIALIZATION_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) + extra=PKIConfig.PKI_INDENTATION_LEVEL_1) return self.rv config.pki_log.info(log.INITIALIZATION_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) + extra=PKIConfig.PKI_INDENTATION_LEVEL_1) # verify that this type of "subsystem" does NOT yet # exist for this "instance" util.instance.verify_subsystem_does_not_exist() @@ -69,9 +70,9 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): config.pki_log.info(log.PKIDESTROY_BEGIN_MESSAGE_2, master['pki_subsystem'], master['pki_instance_id'], - extra=config.PKI_INDENTATION_LEVEL_0) + extra=PKIConfig.PKI_INDENTATION_LEVEL_0) config.pki_log.info(log.INITIALIZATION_DESTROY_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) + extra=PKIConfig.PKI_INDENTATION_LEVEL_1) # verify that this type of "subsystem" currently EXISTS # for this "instance" util.instance.verify_subsystem_exists() diff --git a/base/deploy/src/scriptlets/instance_layout.py b/base/deploy/src/scriptlets/instance_layout.py index 67de6d01e..c320e421d 100644 --- a/base/deploy/src/scriptlets/instance_layout.py +++ b/base/deploy/src/scriptlets/instance_layout.py @@ -25,6 +25,7 @@ import os # PKI Deployment Imports import pkiconfig as config +from pkiconfig import PKIConfig from pkiconfig import pki_master_dict as master import pkihelper as util import pkimessages as log @@ -39,16 +40,16 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def spawn(self): if config.str2bool(master['pki_skip_installation']): config.pki_log.info(log.SKIP_INSTANCE_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) + extra=PKIConfig.PKI_INDENTATION_LEVEL_1) return self.rv config.pki_log.info(log.INSTANCE_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) + extra=PKIConfig.PKI_INDENTATION_LEVEL_1) # establish instance logs util.directory.create(master['pki_instance_log_path']) # establish instance configuration util.directory.create(master['pki_instance_configuration_path']) # establish Apache/Tomcat specific instance - if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + if master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: # establish Tomcat instance configuration util.directory.copy(master['pki_source_server_path'], master['pki_instance_configuration_path'], @@ -146,10 +147,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def destroy(self): config.pki_log.info(log.INSTANCE_DESTROY_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) + extra=PKIConfig.PKI_INDENTATION_LEVEL_1) if master['pki_subsystem'] == 'TKS': util.symlink.delete(master['pki_symkey_jar_link']) - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ + if master['pki_subsystem'] in PKIConfig.PKI_APACHE_SUBSYSTEMS and\ util.instance.apache_instance_subsystems() == 0: # remove Apache instance base util.directory.delete(master['pki_instance_path']) @@ -164,7 +165,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): if util.instance.apache_instances() == 0: util.directory.delete( master['pki_instance_type_registry_path']) - elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ + elif master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS and\ util.instance.tomcat_instance_subsystems() == 0: # remove Tomcat instance base util.directory.delete(master['pki_instance_path']) diff --git a/base/deploy/src/scriptlets/pkiconfig.py b/base/deploy/src/scriptlets/pkiconfig.py index a86774555..c1d22bf10 100644 --- a/base/deploy/src/scriptlets/pkiconfig.py +++ b/base/deploy/src/scriptlets/pkiconfig.py @@ -19,93 +19,101 @@ # All rights reserved. # -# PKI Deployment Constants -PKI_DEPLOYMENT_DEFAULT_CLIENT_DIR_PERMISSIONS = 00755 -PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS = 00770 -PKI_DEPLOYMENT_DEFAULT_EXE_PERMISSIONS = 00770 -PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS = 00660 -PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS = 00600 -PKI_DEPLOYMENT_DEFAULT_SGID_DIR_PERMISSIONS = 02770 -PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS = 00777 -PKI_DEPLOYMENT_DEFAULT_UMASK = 00002 - -PKI_DEPLOYMENT_DEFAULT_COMMENT = "'Certificate System'" -PKI_DEPLOYMENT_DEFAULT_GID = 17 -PKI_DEPLOYMENT_DEFAULT_GROUP = "pkiuser" -PKI_DEPLOYMENT_DEFAULT_SHELL = "/sbin/nologin" -PKI_DEPLOYMENT_DEFAULT_UID = 17 -PKI_DEPLOYMENT_DEFAULT_USER = "pkiuser" - -PKI_SUBSYSTEMS = ["CA","KRA","OCSP","RA","TKS","TPS"] -PKI_SIGNED_AUDIT_SUBSYSTEMS = ["CA","KRA","OCSP","TKS","TPS"] -PKI_APACHE_SUBSYSTEMS = ["RA","TPS"] -PKI_TOMCAT_SUBSYSTEMS = ["CA","KRA","OCSP","TKS"] -PKI_BASE_RESERVED_NAMES = ["alias", "bin", "ca", "common", "conf", "kra", - "lib", "logs", "ocsp", "temp", "tks", "webapps", - "work"] -PKI_CONFIGURATION_RESERVED_NAMES = ["CA", "java", "nssdb", "rpm-gpg", - "rsyslog", "tls"] -PKI_APACHE_REGISTRY_RESERVED_NAMES = ["ra", "tps"] -PKI_TOMCAT_REGISTRY_RESERVED_NAMES = ["ca", "kra", "ocsp", "tks"] - -PKI_INDENTATION_LEVEL_0 = {'indent' : ''} -PKI_INDENTATION_LEVEL_1 = {'indent' : '... '} -PKI_INDENTATION_LEVEL_2 = {'indent' : '....... '} -PKI_INDENTATION_LEVEL_3 = {'indent' : '........... '} -PKI_INDENTATION_LEVEL_4 = {'indent' : '............... '} - -PKI_DEPLOYMENT_INTERRUPT_BANNER = "-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+"\ - "-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-" -PKI_DEPLOYMENT_JAR_SOURCE_ROOT = "/usr/share/java" -PKI_DEPLOYMENT_HTTPCOMPONENTS_JAR_SOURCE_ROOT = "/usr/share/java/httpcomponents" -PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT = "/usr/share/java/pki" -PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT = "/usr/share/java/resteasy" -PKI_DEPLOYMENT_SOURCE_ROOT = "/usr/share/pki" -PKI_DEPLOYMENT_SYSTEMD_ROOT = "/lib/systemd/system" -PKI_DEPLOYMENT_SYSTEMD_CONFIGURATION_ROOT = "/etc/systemd/system" -PKI_DEPLOYMENT_TOMCAT_ROOT = "/usr/share/tomcat" -PKI_DEPLOYMENT_TOMCAT_SYSTEMD = "/usr/sbin/tomcat-sysd" -PKI_DEPLOYMENT_BASE_ROOT = "/var/lib/pki" -# NOTE: Top-level "/etc/pki" is owned by the "filesystem" package! -PKI_DEPLOYMENT_CONFIGURATION_ROOT = "/etc/pki" -PKI_DEPLOYMENT_LOG_ROOT = "/var/log/pki" -# NOTE: Well-known 'registry root', default 'instance', and default -# 'configuration file' names MUST be created in order to potentially -# obtain an instance-specific configuration file -# (presuming one has not been specified during command-line parsing) -# because command-line parsing happens prior to reading any -# configuration files. Although the 'registry root' MUST remain fixed, -# the default 'instance' name may be overridden by the value specified -# in the configuration file (the value in the default configuration file -# should always match the 'default' instance name specified below). -PKI_DEPLOYMENT_REGISTRY_ROOT = "/etc/sysconfig/pki" -PKI_DEPLOYMENT_DEFAULT_ADMIN_DOMAIN_NAME = None -PKI_DEPLOYMENT_DEFAULT_APACHE_SERVICE_NAME = "apache" -PKI_DEPLOYMENT_DEFAULT_TOMCAT_SERVICE_NAME = "tomcat" -PKI_DEPLOYMENT_DEFAULT_APACHE_INSTANCE_NAME = "pki-apache" -PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME = "pki-tomcat" -PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE = "pkideployment.cfg" -PKI_DEPLOYMENT_SLOTS_CONFIGURATION_FILE =\ - "/usr/share/pki/deployment/config/pkislots.cfg" - -# subtypes of PKI subsystems -PKI_DEPLOYMENT_CLONED_PKI_SUBSYSTEM = "Cloned" -PKI_DEPLOYMENT_EXTERNAL_CA = "External" -PKI_DEPLOYMENT_SUBORDINATE_CA = "Subordinate" - -# default ports (for defined selinux policy) -PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTP_PORT = 8080 -PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTPS_PORT = 8443 -PKI_DEPLOYMENT_DEFAULT_TOMCAT_SERVER_PORT = 8005 -PKI_DEPLOYMENT_DEFAULT_TOMCAT_AJP_PORT = 8009 - -# PKI Deployment Jython 2.2 Constants -PKI_JYTHON_CRITICAL_LOG_LEVEL = 1 -PKI_JYTHON_ERROR_LOG_LEVEL = 2 -PKI_JYTHON_WARNING_LOG_LEVEL = 3 -PKI_JYTHON_INFO_LOG_LEVEL = 4 -PKI_JYTHON_DEBUG_LOG_LEVEL = 5 - +class PKIConfig: + + # PKI Deployment Constants + PKI_DEPLOYMENT_DEFAULT_CLIENT_DIR_PERMISSIONS = 00755 + PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS = 00770 + PKI_DEPLOYMENT_DEFAULT_EXE_PERMISSIONS = 00770 + PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS = 00660 + PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS = 00600 + PKI_DEPLOYMENT_DEFAULT_SGID_DIR_PERMISSIONS = 02770 + PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS = 00777 + PKI_DEPLOYMENT_DEFAULT_UMASK = 00002 + + PKI_DEPLOYMENT_DEFAULT_COMMENT = "'Certificate System'" + PKI_DEPLOYMENT_DEFAULT_GID = 17 + PKI_DEPLOYMENT_DEFAULT_GROUP = "pkiuser" + PKI_DEPLOYMENT_DEFAULT_SHELL = "/sbin/nologin" + PKI_DEPLOYMENT_DEFAULT_UID = 17 + PKI_DEPLOYMENT_DEFAULT_USER = "pkiuser" + + PKI_SUBSYSTEMS = ["CA","KRA","OCSP","RA","TKS","TPS"] + PKI_SIGNED_AUDIT_SUBSYSTEMS = ["CA","KRA","OCSP","TKS","TPS"] + PKI_APACHE_SUBSYSTEMS = ["RA","TPS"] + PKI_TOMCAT_SUBSYSTEMS = ["CA","KRA","OCSP","TKS"] + PKI_BASE_RESERVED_NAMES = ["alias", "bin", "ca", "common", "conf", "kra", + "lib", "logs", "ocsp", "temp", "tks", "webapps", + "work"] + PKI_CONFIGURATION_RESERVED_NAMES = ["CA", "java", "nssdb", "rpm-gpg", + "rsyslog", "tls"] + PKI_APACHE_REGISTRY_RESERVED_NAMES = ["ra", "tps"] + PKI_TOMCAT_REGISTRY_RESERVED_NAMES = ["ca", "kra", "ocsp", "tks"] + + PKI_INDENTATION_LEVEL_0 = {'indent' : ''} + PKI_INDENTATION_LEVEL_1 = {'indent' : '... '} + PKI_INDENTATION_LEVEL_2 = {'indent' : '....... '} + PKI_INDENTATION_LEVEL_3 = {'indent' : '........... '} + PKI_INDENTATION_LEVEL_4 = {'indent' : '............... '} + + PKI_DEPLOYMENT_INTERRUPT_BANNER = "-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+"\ + "-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-" + PKI_DEPLOYMENT_JAR_SOURCE_ROOT = "/usr/share/java" + PKI_DEPLOYMENT_HTTPCOMPONENTS_JAR_SOURCE_ROOT = "/usr/share/java/httpcomponents" + PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT = "/usr/share/java/pki" + PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT = "/usr/share/java/resteasy" + PKI_DEPLOYMENT_SOURCE_ROOT = "/usr/share/pki" + PKI_DEPLOYMENT_SYSTEMD_ROOT = "/lib/systemd/system" + PKI_DEPLOYMENT_SYSTEMD_CONFIGURATION_ROOT = "/etc/systemd/system" + PKI_DEPLOYMENT_TOMCAT_ROOT = "/usr/share/tomcat" + PKI_DEPLOYMENT_TOMCAT_SYSTEMD = "/usr/sbin/tomcat-sysd" + PKI_DEPLOYMENT_BASE_ROOT = "/var/lib/pki" + # NOTE: Top-level "/etc/pki" is owned by the "filesystem" package! + PKI_DEPLOYMENT_CONFIGURATION_ROOT = "/etc/pki" + PKI_DEPLOYMENT_LOG_ROOT = "/var/log/pki" + # NOTE: Well-known 'registry root', default 'instance', and default + # 'configuration file' names MUST be created in order to potentially + # obtain an instance-specific configuration file + # (presuming one has not been specified during command-line parsing) + # because command-line parsing happens prior to reading any + # configuration files. Although the 'registry root' MUST remain fixed, + # the default 'instance' name may be overridden by the value specified + # in the configuration file (the value in the default configuration file + # should always match the 'default' instance name specified below). + PKI_DEPLOYMENT_REGISTRY_ROOT = "/etc/sysconfig/pki" + PKI_DEPLOYMENT_DEFAULT_ADMIN_DOMAIN_NAME = None + PKI_DEPLOYMENT_DEFAULT_APACHE_SERVICE_NAME = "apache" + PKI_DEPLOYMENT_DEFAULT_TOMCAT_SERVICE_NAME = "tomcat" + PKI_DEPLOYMENT_DEFAULT_APACHE_INSTANCE_NAME = "pki-apache" + PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME = "pki-tomcat" + PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE = "pkideployment.cfg" + PKI_DEPLOYMENT_SLOTS_CONFIGURATION_FILE =\ + "/usr/share/pki/deployment/config/pkislots.cfg" + + # subtypes of PKI subsystems + PKI_DEPLOYMENT_CLONED_PKI_SUBSYSTEM = "Cloned" + PKI_DEPLOYMENT_EXTERNAL_CA = "External" + PKI_DEPLOYMENT_SUBORDINATE_CA = "Subordinate" + + # default ports (for defined selinux policy) + PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTP_PORT = 8080 + PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTPS_PORT = 8443 + PKI_DEPLOYMENT_DEFAULT_TOMCAT_SERVER_PORT = 8005 + PKI_DEPLOYMENT_DEFAULT_TOMCAT_AJP_PORT = 8009 + + # PKI Deployment Jython 2.2 Constants + PKI_JYTHON_CRITICAL_LOG_LEVEL = 1 + PKI_JYTHON_ERROR_LOG_LEVEL = 2 + PKI_JYTHON_WARNING_LOG_LEVEL = 3 + PKI_JYTHON_INFO_LOG_LEVEL = 4 + PKI_JYTHON_DEBUG_LOG_LEVEL = 5 + + # PKI Selinux Constants + PKI_INSTANCE_SELINUX_CONTEXT = "pki_tomcat_var_lib_t" + PKI_LOG_SELINUX_CONTEXT = "pki_tomcat_log_t" + PKI_CFG_SELINUX_CONTEXT = "pki_tomcat_etc_rw_t" + PKI_CERTDB_SELINUX_CONTEXT = "pki_tomcat_cert_t" + PKI_PORT_SELINUX_CONTEXT = "http_port_t" # PKI Deployment Global Variables pki_install_time = None @@ -139,7 +147,7 @@ def str2bool(string): # 'pkideployment.cfg' configuration file. def prepare_for_an_external_java_debugger(instance): print - print PKI_DEPLOYMENT_INTERRUPT_BANNER + print PKIConfig.PKI_DEPLOYMENT_INTERRUPT_BANNER print print "The following 'JAVA_OPTS' MUST be enabled (uncommented) in" print "'%s':" % instance @@ -150,13 +158,13 @@ def prepare_for_an_external_java_debugger(instance): raw_input("Enable external java debugger 'JAVA_OPTS' "\ "and press return to continue . . . ") print - print PKI_DEPLOYMENT_INTERRUPT_BANNER + print PKIConfig.PKI_DEPLOYMENT_INTERRUPT_BANNER print return def wait_to_attach_an_external_java_debugger(): print - print PKI_DEPLOYMENT_INTERRUPT_BANNER + print PKIConfig.PKI_DEPLOYMENT_INTERRUPT_BANNER print print "Attach the java debugger to this process on the port specified by" print "the 'address' selected by 'JAVA_OPTS' (e. g. - port 8000) and" @@ -165,7 +173,7 @@ def wait_to_attach_an_external_java_debugger(): raw_input("Please attach an external java debugger "\ "and press return to continue . . . ") print - print PKI_DEPLOYMENT_INTERRUPT_BANNER + print PKIConfig.PKI_DEPLOYMENT_INTERRUPT_BANNER print return @@ -188,10 +196,5 @@ pki_master_dict = None pki_slots_dict = None pki_master_jython_dict = None -# PKI Selinux Constants and parameters -PKI_INSTANCE_SELINUX_CONTEXT = "pki_tomcat_var_lib_t" -PKI_LOG_SELINUX_CONTEXT = "pki_tomcat_log_t" -PKI_CFG_SELINUX_CONTEXT = "pki_tomcat_etc_rw_t" -PKI_CERTDB_SELINUX_CONTEXT = "pki_tomcat_cert_t" -PKI_PORT_SELINUX_CONTEXT = "http_port_t" +# PKI Selinux parameters pki_selinux_config_ports = [] diff --git a/base/deploy/src/scriptlets/pkihelper.py b/base/deploy/src/scriptlets/pkihelper.py index b16fbf620..59f69ba8f 100644 --- a/base/deploy/src/scriptlets/pkihelper.py +++ b/base/deploy/src/scriptlets/pkihelper.py @@ -41,6 +41,7 @@ import seobject # PKI Deployment Imports import pkiconfig as config +from pkiconfig import PKIConfig from pkiconfig import pki_master_dict as master from pkiconfig import pki_sensitive_dict as sensitive from pkiconfig import pki_slots_dict as slots @@ -131,18 +132,18 @@ class identity: pki_gid = getgrnam(pki_group)[2] # Yes, group 'pki_group' exists! config.pki_log.info(log.PKIHELPER_GROUP_ADD_2, pki_group, pki_gid, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) except KeyError as exc: # No, group 'pki_group' does not exist! config.pki_log.debug(log.PKIHELPER_GROUP_ADD_KEYERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) try: # Is the default well-known GID already defined? - group = getgrgid(config.PKI_DEPLOYMENT_DEFAULT_GID)[0] + group = getgrgid(PKIConfig.PKI_DEPLOYMENT_DEFAULT_GID)[0] # Yes, the default well-known GID exists! config.pki_log.info(log.PKIHELPER_GROUP_ADD_DEFAULT_2, - group, config.PKI_DEPLOYMENT_DEFAULT_GID, - extra=config.PKI_INDENTATION_LEVEL_2) + group, PKIConfig.PKI_DEPLOYMENT_DEFAULT_GID, + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) # Attempt to create 'pki_group' using a random GID. command = "/usr/sbin/groupadd" + " " +\ pki_group + " " +\ @@ -150,14 +151,14 @@ class identity: except KeyError as exc: # No, the default well-known GID does not exist! config.pki_log.debug(log.PKIHELPER_GROUP_ADD_GID_KEYERROR_1, - exc, extra=config.PKI_INDENTATION_LEVEL_2) + exc, extra=PKIConfig.PKI_INDENTATION_LEVEL_2) # Is the specified 'pki_group' the default well-known group? - if pki_group == config.PKI_DEPLOYMENT_DEFAULT_GROUP: + if pki_group == PKIConfig.PKI_DEPLOYMENT_DEFAULT_GROUP: # Yes, attempt to create the default well-known group # using the default well-known GID. command = "/usr/sbin/groupadd" + " " +\ "-g" + " " +\ - str(config.PKI_DEPLOYMENT_DEFAULT_GID) + " " +\ + str(PKIConfig.PKI_DEPLOYMENT_DEFAULT_GID) + " " +\ "-r" + " " +\ pki_group + " " +\ "> /dev/null 2>&1" @@ -170,7 +171,7 @@ class identity: subprocess.call(command, shell=True) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) return @@ -181,50 +182,50 @@ class identity: pki_uid = getpwnam(pki_user)[2] # Yes, user 'pki_user' exists! config.pki_log.info(log.PKIHELPER_USER_ADD_2, pki_user, pki_uid, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) # NOTE: For now, never check validity of specified 'pki_group'! except KeyError as exc: # No, user 'pki_user' does not exist! config.pki_log.debug(log.PKIHELPER_USER_ADD_KEYERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) try: # Is the default well-known UID already defined? - user = getpwuid(config.PKI_DEPLOYMENT_DEFAULT_UID)[0] + user = getpwuid(PKIConfig.PKI_DEPLOYMENT_DEFAULT_UID)[0] # Yes, the default well-known UID exists! config.pki_log.info(log.PKIHELPER_USER_ADD_DEFAULT_2, - user, config.PKI_DEPLOYMENT_DEFAULT_UID, - extra=config.PKI_INDENTATION_LEVEL_2) + user, PKIConfig.PKI_DEPLOYMENT_DEFAULT_UID, + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) # Attempt to create 'pki_user' using a random UID. command = "/usr/sbin/useradd" + " " +\ "-g" + " " +\ pki_group + " " +\ "-d" + " " +\ - config.PKI_DEPLOYMENT_SOURCE_ROOT + " " +\ + PKIConfig.PKI_DEPLOYMENT_SOURCE_ROOT + " " +\ "-s" + " " +\ - config.PKI_DEPLOYMENT_DEFAULT_SHELL + " " +\ + PKIConfig.PKI_DEPLOYMENT_DEFAULT_SHELL + " " +\ "-c" + " " +\ - config.PKI_DEPLOYMENT_DEFAULT_COMMENT + " " +\ + PKIConfig.PKI_DEPLOYMENT_DEFAULT_COMMENT + " " +\ pki_user + " " +\ "> /dev/null 2>&1" except KeyError as exc: # No, the default well-known UID does not exist! config.pki_log.debug(log.PKIHELPER_USER_ADD_UID_KEYERROR_1, - exc, extra=config.PKI_INDENTATION_LEVEL_2) + exc, extra=PKIConfig.PKI_INDENTATION_LEVEL_2) # Is the specified 'pki_user' the default well-known user? - if pki_user == config.PKI_DEPLOYMENT_DEFAULT_USER: + if pki_user == PKIConfig.PKI_DEPLOYMENT_DEFAULT_USER: # Yes, attempt to create the default well-known user # using the default well-known UID. command = "/usr/sbin/useradd" + " " +\ "-g" + " " +\ pki_group + " " +\ "-d" + " " +\ - config.PKI_DEPLOYMENT_SOURCE_ROOT + " " +\ + PKIConfig.PKI_DEPLOYMENT_SOURCE_ROOT + " " +\ "-s" + " " +\ - config.PKI_DEPLOYMENT_DEFAULT_SHELL + " " +\ + PKIConfig.PKI_DEPLOYMENT_DEFAULT_SHELL + " " +\ "-c" + " " +\ - config.PKI_DEPLOYMENT_DEFAULT_COMMENT + " " +\ + PKIConfig.PKI_DEPLOYMENT_DEFAULT_COMMENT + " " +\ "-u" + " " +\ - str(config.PKI_DEPLOYMENT_DEFAULT_UID) + " " +\ + str(PKIConfig.PKI_DEPLOYMENT_DEFAULT_UID) + " " +\ "-r" + " " +\ pki_user + " " +\ "> /dev/null 2>&1" @@ -234,18 +235,18 @@ class identity: "-g" + " " +\ pki_group + " " +\ "-d" + " " +\ - config.PKI_DEPLOYMENT_SOURCE_ROOT + " " +\ + PKIConfig.PKI_DEPLOYMENT_SOURCE_ROOT + " " +\ "-s" + " " +\ - config.PKI_DEPLOYMENT_DEFAULT_SHELL + " " +\ + PKIConfig.PKI_DEPLOYMENT_DEFAULT_SHELL + " " +\ "-c" + " " +\ - config.PKI_DEPLOYMENT_DEFAULT_COMMENT + " " +\ + PKIConfig.PKI_DEPLOYMENT_DEFAULT_COMMENT + " " +\ pki_user + " " +\ "> /dev/null 2>&1" # Execute this "useradd" command. subprocess.call(command, shell=True) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) return @@ -259,7 +260,7 @@ class identity: pki_uid = master['pki_uid'] except KeyError as exc: config.pki_log.error(log.PKI_KEYERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) return pki_uid @@ -269,7 +270,7 @@ class identity: pki_gid = master['pki_gid'] except KeyError as exc: config.pki_log.error(log.PKI_KEYERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) return pki_gid @@ -277,15 +278,15 @@ class identity: def set_uid(self, name, critical_failure=True): try: config.pki_log.debug(log.PKIHELPER_USER_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) # id -u pki_uid = getpwnam(name)[2] master['pki_uid']=pki_uid config.pki_log.debug(log.PKIHELPER_UID_2, name, pki_uid, - extra=config.PKI_INDENTATION_LEVEL_3) + extra=PKIConfig.PKI_INDENTATION_LEVEL_3) except KeyError as exc: config.pki_log.error(log.PKI_KEYERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) return pki_uid @@ -293,15 +294,15 @@ class identity: def set_gid(self, name, critical_failure=True): try: config.pki_log.debug(log.PKIHELPER_GROUP_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) # id -g pki_gid = getgrnam(name)[2] master['pki_gid']=pki_gid config.pki_log.debug(log.PKIHELPER_GID_2, name, pki_gid, - extra=config.PKI_INDENTATION_LEVEL_3) + extra=PKIConfig.PKI_INDENTATION_LEVEL_3) except KeyError as exc: config.pki_log.error(log.PKI_KEYERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) return pki_gid @@ -320,7 +321,7 @@ class namespace: log.PKIHELPER_NAMESPACE_COLLISION_2, master['pki_instance_id'], master['pki_instance_path'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) else: if os.path.exists(master['pki_target_tomcat_conf_instance_id']): @@ -329,7 +330,7 @@ class namespace: log.PKIHELPER_NAMESPACE_COLLISION_2, master['pki_instance_id'], master['pki_target_tomcat_conf_instance_id'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) if os.path.exists(master['pki_cgroup_systemd_service']): # Systemd cgroup path collision @@ -337,7 +338,7 @@ class namespace: log.PKIHELPER_NAMESPACE_COLLISION_2, master['pki_instance_id'], master['pki_cgroup_systemd_service_path'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) if os.path.exists(master['pki_cgroup_cpu_systemd_service']): # Systemd cgroup CPU path collision @@ -345,7 +346,7 @@ class namespace: log.PKIHELPER_NAMESPACE_COLLISION_2, master['pki_instance_id'], master['pki_cgroup_cpu_systemd_service_path'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) if os.path.exists(master['pki_instance_log_path']) and\ os.path.exists(master['pki_subsystem_log_path']): @@ -354,7 +355,7 @@ class namespace: log.PKIHELPER_NAMESPACE_COLLISION_2, master['pki_instance_id'], master['pki_instance_log_path'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) if os.path.exists(master['pki_instance_configuration_path']) and\ os.path.exists(master['pki_subsystem_configuration_path']): @@ -363,7 +364,7 @@ class namespace: log.PKIHELPER_NAMESPACE_COLLISION_2, master['pki_instance_id'], master['pki_instance_configuration_path'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) if os.path.exists(master['pki_instance_registry_path']) and\ os.path.exists(master['pki_subsystem_registry_path']): @@ -372,45 +373,45 @@ class namespace: log.PKIHELPER_NAMESPACE_COLLISION_2, master['pki_instance_id'], master['pki_instance_registry_path'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) # Run simple checks for reserved name namespace collisions - if master['pki_instance_id'] in config.PKI_BASE_RESERVED_NAMES: + if master['pki_instance_id'] in PKIConfig.PKI_BASE_RESERVED_NAMES: # Top-Level PKI base path reserved name collision config.pki_log.error( log.PKIHELPER_NAMESPACE_RESERVED_NAME_2, master['pki_instance_id'], master['pki_instance_path'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) # No need to check for reserved name under Top-Level PKI log path - if master['pki_instance_id'] in config.PKI_CONFIGURATION_RESERVED_NAMES: + if master['pki_instance_id'] in PKIConfig.PKI_CONFIGURATION_RESERVED_NAMES: # Top-Level PKI configuration path reserved name collision config.pki_log.error( log.PKIHELPER_NAMESPACE_RESERVED_NAME_2, master['pki_instance_id'], master['pki_instance_configuration_path'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: + if master['pki_subsystem'] in PKIConfig.PKI_APACHE_SUBSYSTEMS: # Top-Level Apache PKI registry path reserved name collision if master['pki_instance_id'] in\ - config.PKI_APACHE_REGISTRY_RESERVED_NAMES: + PKIConfig.PKI_APACHE_REGISTRY_RESERVED_NAMES: config.pki_log.error( log.PKIHELPER_NAMESPACE_RESERVED_NAME_2, master['pki_instance_id'], master['pki_instance_registry_path'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) - elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + elif master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: # Top-Level Tomcat PKI registry path reserved name collision if master['pki_instance_id'] in\ - config.PKI_TOMCAT_REGISTRY_RESERVED_NAMES: + PKIConfig.PKI_TOMCAT_REGISTRY_RESERVED_NAMES: config.pki_log.error( log.PKIHELPER_NAMESPACE_RESERVED_NAME_2, master['pki_instance_id'], master['pki_instance_registry_path'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) @@ -421,10 +422,10 @@ class configuration_file: # parameter that may be stored in a log file. config.pki_log.info(log.PKI_CONFIGURATION_WIZARD_URL_1, sensitive['pki_configuration_url'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) config.pki_log.info(log.PKI_CONFIGURATION_WIZARD_RESTART_1, master['pki_registry_initscript_command'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) def display_configuration_url(self): # NOTE: This is the one and only parameter containing a sensitive @@ -437,7 +438,7 @@ class configuration_file: def verify_sensitive_data(self): # Silently verify the existence of 'sensitive' data - if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + if master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: # Verify existence of Directory Server Password (ALWAYS) if not sensitive.has_key('pki_ds_password') or\ not len(sensitive['pki_ds_password']): @@ -445,7 +446,7 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_ds_password", master['pki_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) # Verify existence of Admin Password (except for Clones) if not config.str2bool(master['pki_clone']): @@ -455,7 +456,7 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_admin_password", master['pki_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) # If required, verify existence of Backup Password if config.str2bool(master['pki_backup_keys']): @@ -465,7 +466,7 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_backup_password", master['pki_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) # Verify existence of Client Pin for NSS client security databases if not sensitive.has_key('pki_client_database_password') or\ @@ -474,7 +475,7 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CLIENT_DATABASE_PASSWORD_2, "pki_client_database_password", master['pki_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) # Verify existence of Client PKCS #12 Password for Admin Cert if not sensitive.has_key('pki_client_pkcs12_password') or\ @@ -483,7 +484,7 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_client_pkcs12_password", master['pki_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) # Verify existence of PKCS #12 Password (ONLY for Clones) if config.str2bool(master['pki_clone']): @@ -493,7 +494,7 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_clone_pkcs12_password", master['pki_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) # Verify existence of Security Domain Password File # (ONLY for Clones, KRA, OCSP, TKS, or Subordinate CA) @@ -506,7 +507,7 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_security_domain_password", master['pki_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) # If required, verify existence of Token Password if not master['pki_token_name'] == "internal": @@ -516,13 +517,13 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_token_password", master['pki_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) return def verify_mutually_exclusive_data(self): # Silently verify the existence of 'mutually exclusive' data - if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + if master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: if master['pki_subsystem'] == "CA": if config.str2bool(master['pki_clone']) and\ config.str2bool(master['pki_external']) and\ @@ -530,28 +531,28 @@ class configuration_file: config.pki_log.error( log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_SUB_CA, master['pki_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) elif config.str2bool(master['pki_clone']) and\ config.str2bool(master['pki_external']): config.pki_log.error( log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_CA, master['pki_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) elif config.str2bool(master['pki_clone']) and\ config.str2bool(master['pki_subordinate']): config.pki_log.error( log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_SUB_CA, master['pki_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) elif config.str2bool(master['pki_external']) and\ config.str2bool(master['pki_subordinate']): config.pki_log.error( log.PKIHELPER_MUTUALLY_EXCLUSIVE_EXTERNAL_SUB_CA, master['pki_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) def verify_predefined_configuration_file_data(self): @@ -565,7 +566,7 @@ class configuration_file: # etc.), and "correctness" (e. g. - file, directory, boolean # 'True' or 'False', etc.) of ALL required "value" parameters. # - if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + if master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: if config.str2bool(master['pki_clone']): # Verify existence of clone parameters if not master.has_key('pki_ds_base_dn') or\ @@ -574,7 +575,7 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_ds_base_dn", master['pki_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) if not master.has_key('pki_ds_ldap_port') or\ not len(master['pki_ds_ldap_port']): @@ -585,7 +586,7 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_ds_ldap_port", master['pki_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) if not master.has_key('pki_ds_ldaps_port') or\ not len(master['pki_ds_ldaps_port']): @@ -596,7 +597,7 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_ds_ldaps_port", master['pki_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) # NOTE: Although this will be checked prior to getting to # this method, this clone's 'pki_instance_name' MUST @@ -612,7 +613,7 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_ajp_port", master['pki_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) if not master.has_key('pki_http_port') or\ not len(master['pki_http_port']): @@ -623,7 +624,7 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_http_port", master['pki_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) if not master.has_key('pki_https_port') or\ not len(master['pki_https_port']): @@ -634,7 +635,7 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_https_port", master['pki_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) if not master.has_key('pki_tomcat_server_port') or\ not len(master['pki_tomcat_server_port']): @@ -645,7 +646,7 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_tomcat_server_port", master['pki_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) if not master.has_key('pki_clone_pkcs12_path') or\ not len(master['pki_clone_pkcs12_path']): @@ -653,13 +654,13 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_clone_pkcs12_path", master['pki_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) elif not os.path.isfile(master['pki_clone_pkcs12_path']): config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, master['pki_clone_pkcs12_path'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) if not master.has_key('pki_clone_replication_security') or\ not len(master['pki_clone_replication_security']): @@ -667,7 +668,7 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_clone_replication_security", master['pki_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) if not master.has_key('pki_clone_uri') or\ not len(master['pki_clone_uri']): @@ -675,7 +676,7 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_clone_uri", master['pki_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) elif master['pki_subsystem'] == "CA" and\ config.str2bool(master['pki_external']): @@ -685,7 +686,7 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_external_step_two", master['pki_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) if not config.str2bool(master['pki_step_two']): if not master.has_key('pki_external_csr_path') or\ @@ -694,13 +695,13 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_external_csr_path", master['pki_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) elif not os.path.isfile(master['pki_external_csr_path']): config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, master['pki_external_csr_path'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) else: if not master.has_key('pki_external_ca_cert_chain_path') or\ @@ -709,14 +710,14 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_external_ca_cert_chain_path", master['pki_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) elif not os.path.isfile( master['pki_external_ca_cert_chain_path']): config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, master['pki_external_ca_cert_chain_path'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) if not master.has_key('pki_external_ca_cert_path') or\ not len(master['pki_external_ca_cert_path']): @@ -724,29 +725,29 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_external_ca_cert_path", master['pki_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) elif not os.path.isfile( master['pki_external_ca_cert_path']): config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, master['pki_external_ca_cert_path'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) return def populate_non_default_ports(self): if master['pki_http_port'] != \ - str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTP_PORT): + str(PKIConfig.PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTP_PORT): ports.append(master['pki_http_port']) if master['pki_https_port'] != \ - str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTPS_PORT): + str(PKIConfig.PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTPS_PORT): ports.append(master['pki_https_port']) if master['pki_tomcat_server_port'] != \ - str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_SERVER_PORT): + str(PKIConfig.PKI_DEPLOYMENT_DEFAULT_TOMCAT_SERVER_PORT): ports.append(master['pki_tomcat_server_port']) if master['pki_ajp_port'] != \ - str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_AJP_PORT): + str(PKIConfig.PKI_DEPLOYMENT_DEFAULT_TOMCAT_AJP_PORT): ports.append(master['pki_ajp_port']) return @@ -772,7 +773,7 @@ class configuration_file: # port has no current context # leave it in list of ports to set continue - elif context == config.PKI_PORT_SELINUX_CONTEXT: + elif context == PKIConfig.PKI_PORT_SELINUX_CONTEXT: # port is already set correctly # remove from list of ports to set ports.remove(port) @@ -780,7 +781,7 @@ class configuration_file: config.pki_log.error( log.PKIHELPER_INVALID_SELINUX_CONTEXT_FOR_PORT, port, context, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) return @@ -794,7 +795,7 @@ class configuration_file: log.PKIHELPER_COMMAND_LINE_PARAMETER_MISMATCH_2, master['pki_deployed_instance_name'], master['pki_instance_id'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) return @@ -807,7 +808,7 @@ class configuration_file: # web_xml_target): # config.pki_log.info(log.PKIHELPER_REMOVE_FILTER_SECTION_1, # master['pki_target_subsystem_web_xml'], -# extra=config.PKI_INDENTATION_LEVEL_2) +# extra=PKIConfig.PKI_INDENTATION_LEVEL_2) # begin_filters_section = False # begin_servlet_section = False # FILE = open(web_xml_target, "w") @@ -840,16 +841,16 @@ class instance: try: # count number of PKI subsystems present # within the specified Apache instance - for subsystem in config.PKI_APACHE_SUBSYSTEMS: + for subsystem in PKIConfig.PKI_APACHE_SUBSYSTEMS: path = master['pki_instance_path'] + "/" + subsystem.lower() if os.path.exists(path) and os.path.isdir(path): rv = rv + 1 config.pki_log.debug(log.PKIHELPER_APACHE_INSTANCE_SUBSYSTEMS_2, master['pki_instance_path'], - rv, extra=config.PKI_INDENTATION_LEVEL_2) + rv, extra=PKIConfig.PKI_INDENTATION_LEVEL_2) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) return rv @@ -873,10 +874,10 @@ class instance: config.pki_log.debug(log.PKIHELPER_APACHE_INSTANCES_2, master['pki_instance_type_registry_path'], rv, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) return rv @@ -897,14 +898,14 @@ class instance: for name in os.listdir(dir): if os.path.isdir(os.path.join(dir,name)) and\ not os.path.islink(os.path.join(dir,name)): - if name.upper() in config.PKI_SUBSYSTEMS: + if name.upper() in PKIConfig.PKI_SUBSYSTEMS: rv = rv + 1 config.pki_log.debug(log.PKIHELPER_PKI_INSTANCE_SUBSYSTEMS_2, master['pki_instance_path'], rv, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) return rv @@ -913,16 +914,16 @@ class instance: try: # count number of PKI subsystems present # within the specified Tomcat instance - for subsystem in config.PKI_TOMCAT_SUBSYSTEMS: + for subsystem in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: path = master['pki_instance_path'] + "/" + subsystem.lower() if os.path.exists(path) and os.path.isdir(path): rv = rv + 1 config.pki_log.debug(log.PKIHELPER_TOMCAT_INSTANCE_SUBSYSTEMS_2, master['pki_instance_path'], - rv, extra=config.PKI_INDENTATION_LEVEL_2) + rv, extra=PKIConfig.PKI_INDENTATION_LEVEL_2) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) return rv @@ -946,10 +947,10 @@ class instance: config.pki_log.debug(log.PKIHELPER_TOMCAT_INSTANCES_2, master['pki_instance_type_registry_path'], rv, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) return rv @@ -959,11 +960,11 @@ class instance: config.pki_log.error(log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2, master['pki_subsystem'], master['pki_instance_id'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) def verify_subsystem_does_not_exist(self): @@ -972,28 +973,28 @@ class instance: config.pki_log.error(log.PKI_SUBSYSTEM_ALREADY_EXISTS_2, master['pki_subsystem'], master['pki_instance_id'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) # PKI Deployment Directory Class class directory: def create(self, name, uid=None, gid=None, - perms=config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS, + perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS, acls=None, critical_failure=True): try: if not os.path.exists(name): # mkdir -p config.pki_log.info(log.PKIHELPER_MKDIR_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) os.makedirs(name) # chmod config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra=PKIConfig.PKI_INDENTATION_LEVEL_3) os.chmod(name, perms) # chown : if uid == None: @@ -1002,7 +1003,7 @@ class directory: gid = identity.get_gid() config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra=PKIConfig.PKI_INDENTATION_LEVEL_3) os.chown(name, uid, gid) # Store record in installation manifest record = manifest.record() @@ -1018,7 +1019,7 @@ class directory: elif not os.path.isdir(name): config.pki_log.error( log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) except OSError as exc: @@ -1026,30 +1027,30 @@ class directory: pass else: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) return def modify(self, name, uid=None, gid=None, - perms=config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS, + perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS, acls=None, silent=False, critical_failure=True): try: if os.path.exists(name): if not os.path.isdir(name): config.pki_log.error( log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1, - name, extra=config.PKI_INDENTATION_LEVEL_2) + name, extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) # Always re-process each directory whether it needs it or not if not silent: config.pki_log.info(log.PKIHELPER_MODIFY_DIR_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) # chmod if not silent: config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra=PKIConfig.PKI_INDENTATION_LEVEL_3) os.chmod(name, perms) # chown : if uid == None: @@ -1059,7 +1060,7 @@ class directory: if not silent: config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra=PKIConfig.PKI_INDENTATION_LEVEL_3) os.chown(name, uid, gid) # Store record in installation manifest if not silent: @@ -1076,12 +1077,12 @@ class directory: else: config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) return @@ -1092,21 +1093,21 @@ class directory: # Simply issue a warning and continue config.pki_log.warning( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) else: if recursive_flag == True: # rm -rf config.pki_log.info(log.PKIHELPER_RM_RF_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) shutil.rmtree(name) else: # rmdir config.pki_log.info(log.PKIHELPER_RMDIR_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) os.rmdir(name) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) return @@ -1119,41 +1120,41 @@ class directory: return True except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) def is_empty(self, name): try: if not os.listdir(name): config.pki_log.debug(log.PKIHELPER_DIRECTORY_IS_EMPTY_1, - name, extra=config.PKI_INDENTATION_LEVEL_2) + name, extra=PKIConfig.PKI_INDENTATION_LEVEL_2) return True else: config.pki_log.debug(log.PKIHELPER_DIRECTORY_IS_NOT_EMPTY_1, - name, extra=config.PKI_INDENTATION_LEVEL_2) + name, extra=PKIConfig.PKI_INDENTATION_LEVEL_2) return False except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) def set_mode(self, name, uid=None, gid=None, - dir_perms=config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS, - file_perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, + dir_perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS, + file_perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, symlink_perms=\ - config.PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS, + PKIConfig.PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS, dir_acls=None, file_acls=None, symlink_acls=None, recursive_flag=True, critical_failure=True): try: if not os.path.exists(name) or not os.path.isdir(name): config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) else: config.pki_log.info( log.PKIHELPER_SET_MODE_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if uid == None: uid = identity.get_uid() if gid == None: @@ -1166,16 +1167,16 @@ class directory: file = entity config.pki_log.debug( log.PKIHELPER_IS_A_FILE_1, file, - extra=config.PKI_INDENTATION_LEVEL_3) + extra=PKIConfig.PKI_INDENTATION_LEVEL_3) # chmod config.pki_log.debug(log.PKIHELPER_CHMOD_2, file_perms, file, - extra=config.PKI_INDENTATION_LEVEL_3) + extra=PKIConfig.PKI_INDENTATION_LEVEL_3) os.chmod(file, file_perms) # chown : config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, file, - extra=config.PKI_INDENTATION_LEVEL_3) + extra=PKIConfig.PKI_INDENTATION_LEVEL_3) os.chown(file, uid, gid) # Store record in installation manifest record = manifest.record() @@ -1192,7 +1193,7 @@ class directory: symlink = entity config.pki_log.debug( log.PKIHELPER_IS_A_SYMLINK_1, symlink, - extra=config.PKI_INDENTATION_LEVEL_3) + extra=PKIConfig.PKI_INDENTATION_LEVEL_3) # REMINDER: Due to POSIX compliance, 'lchmod' # is NEVER implemented on Linux # systems since 'chmod' CANNOT be @@ -1201,7 +1202,7 @@ class directory: # chown -h : config.pki_log.debug(log.PKIHELPER_CHOWN_H_3, uid, gid, symlink, - extra=config.PKI_INDENTATION_LEVEL_3) + extra=PKIConfig.PKI_INDENTATION_LEVEL_3) os.lchown(symlink, uid, gid) # Store record in installation manifest record = manifest.record() @@ -1218,16 +1219,16 @@ class directory: dir = os.path.join(root, name) config.pki_log.debug( log.PKIHELPER_IS_A_DIRECTORY_1, dir, - extra=config.PKI_INDENTATION_LEVEL_3) + extra=PKIConfig.PKI_INDENTATION_LEVEL_3) # chmod config.pki_log.debug(log.PKIHELPER_CHMOD_2, dir_perms, dir, - extra=config.PKI_INDENTATION_LEVEL_3) + extra=PKIConfig.PKI_INDENTATION_LEVEL_3) os.chmod(dir, dir_perms) # chown : config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, dir, - extra=config.PKI_INDENTATION_LEVEL_3) + extra=PKIConfig.PKI_INDENTATION_LEVEL_3) os.chown(dir, uid, gid) # Store record in installation manifest record = manifest.record() @@ -1243,17 +1244,17 @@ class directory: else: config.pki_log.debug( log.PKIHELPER_IS_A_DIRECTORY_1, name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra=PKIConfig.PKI_INDENTATION_LEVEL_3) name = os.path.join(root, name) # chmod config.pki_log.debug(log.PKIHELPER_CHMOD_2, dir_perms, name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra=PKIConfig.PKI_INDENTATION_LEVEL_3) os.chmod(name, dir_perms) # chown : config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra=PKIConfig.PKI_INDENTATION_LEVEL_3) os.chown(name, uid, gid) # Store record in installation manifest record = manifest.record() @@ -1268,34 +1269,34 @@ class directory: manifest.database.append(record) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) def copy(self, old_name, new_name, uid=None, gid=None, - dir_perms=config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS, - file_perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, - symlink_perms=config.PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS, + dir_perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS, + file_perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, + symlink_perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS, dir_acls=None, file_acls=None, symlink_acls=None, recursive_flag=True, overwrite_flag=False, critical_failure=True): try: if not os.path.exists(old_name) or not os.path.isdir(old_name): config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, old_name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) else: if os.path.exists(new_name): if not overwrite_flag: config.pki_log.error( log.PKI_DIRECTORY_ALREADY_EXISTS_1, new_name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) if recursive_flag == True: # cp -rp config.pki_log.info(log.PKIHELPER_CP_RP_2, old_name, new_name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) # Due to a limitation in the 'shutil.copytree()' # implementation which requires that # 'The destination directory must not already exist.', @@ -1308,7 +1309,7 @@ class directory: # cp -p config.pki_log.info(log.PKIHELPER_CP_P_2, old_name, new_name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) shutil.copy2(old_name, new_name) # set ownerships, permissions, and acls # of newly created top-level directory @@ -1322,12 +1323,12 @@ class directory: recursive_flag, critical_failure) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) except shutil.Error as exc: config.pki_log.error(log.PKI_SHUTIL_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) return @@ -1336,17 +1337,17 @@ class directory: # PKI Deployment File Class (also used for executables) class file: def create(self, name, uid=None, gid=None, - perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, + perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, acls=None, critical_failure=True): try: if not os.path.exists(name): # touch config.pki_log.info(log.PKIHELPER_TOUCH_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) open(name, "w").close() # chmod config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra=PKIConfig.PKI_INDENTATION_LEVEL_3) os.chmod(name, perms) # chown : if uid == None: @@ -1355,7 +1356,7 @@ class file: gid = identity.get_gid() config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra=PKIConfig.PKI_INDENTATION_LEVEL_3) os.chown(name, uid, gid) # Store record in installation manifest record = manifest.record() @@ -1371,7 +1372,7 @@ class file: elif not os.path.isfile(name): config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) except OSError as exc: @@ -1379,30 +1380,30 @@ class file: pass else: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) return def modify(self, name, uid=None, gid=None, - perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, + perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, acls=None, silent=False, critical_failure=True): try: if os.path.exists(name): if not os.path.isfile(name): config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, - name, extra=config.PKI_INDENTATION_LEVEL_2) + name, extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) # Always re-process each file whether it needs it or not if not silent: config.pki_log.info(log.PKIHELPER_MODIFY_FILE_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) # chmod if not silent: config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra=PKIConfig.PKI_INDENTATION_LEVEL_3) os.chmod(name, perms) # chown : if uid == None: @@ -1412,7 +1413,7 @@ class file: if not silent: config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra=PKIConfig.PKI_INDENTATION_LEVEL_3) os.chown(name, uid, gid) # Store record in installation manifest if not silent: @@ -1429,12 +1430,12 @@ class file: else: config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) return @@ -1445,15 +1446,15 @@ class file: # Simply issue a warning and continue config.pki_log.warning( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) else: # rm -f config.pki_log.info(log.PKIHELPER_RM_F_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) os.remove(name) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) return @@ -1466,29 +1467,29 @@ class file: return True except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) def copy(self, old_name, new_name, uid=None, gid=None, - perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, acls=None, + perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, acls=None, overwrite_flag=False, critical_failure=True): try: if not os.path.exists(old_name) or not os.path.isfile(old_name): config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, old_name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) else: if os.path.exists(new_name): if not overwrite_flag: config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_1, new_name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) # cp -p config.pki_log.info(log.PKIHELPER_CP_P_2, old_name, new_name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) shutil.copy2(old_name, new_name) if uid == None: uid = identity.get_uid() @@ -1497,12 +1498,12 @@ class file: # chmod config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, new_name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra=PKIConfig.PKI_INDENTATION_LEVEL_3) os.chmod(new_name, perms) # chown : config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, new_name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra=PKIConfig.PKI_INDENTATION_LEVEL_3) os.chown(new_name, uid, gid) # Store record in installation manifest record = manifest.record() @@ -1517,37 +1518,37 @@ class file: manifest.database.append(record) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) except shutil.Error as exc: config.pki_log.error(log.PKI_SHUTIL_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) return def apply_slot_substitution( self, name, uid=None, gid=None, - perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, + perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, acls=None, critical_failure=True): try: if not os.path.exists(name) or not os.path.isfile(name): config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) # applying in-place slot substitutions on config.pki_log.info(log.PKIHELPER_APPLY_SLOT_SUBSTITUTION_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) for line in fileinput.FileInput(name, inplace=1): for slot in slots: if slot != '__name__' and slots[slot] in line: config.pki_log.debug( log.PKIHELPER_SLOT_SUBSTITUTION_2, slots[slot], master[slot], - extra=config.PKI_INDENTATION_LEVEL_3) + extra=PKIConfig.PKI_INDENTATION_LEVEL_3) line=line.replace(slots[slot],master[slot]) sys.stdout.write(line) if uid == None: @@ -1557,12 +1558,12 @@ class file: # chmod config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra=PKIConfig.PKI_INDENTATION_LEVEL_3) os.chmod(name, perms) # chown : config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra=PKIConfig.PKI_INDENTATION_LEVEL_3) os.chown(name, uid, gid) # Store record in installation manifest record = manifest.record() @@ -1577,38 +1578,38 @@ class file: manifest.database.append(record) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) except shutil.Error as exc: config.pki_log.error(log.PKI_SHUTIL_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) return def copy_with_slot_substitution( self, old_name, new_name, uid=None, gid=None, - perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, + perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, acls=None, overwrite_flag=False, critical_failure=True): try: if not os.path.exists(old_name) or not os.path.isfile(old_name): config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, old_name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) else: if os.path.exists(new_name): if not overwrite_flag: config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_1, new_name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) # copy to with slot substitutions config.pki_log.info(log.PKIHELPER_COPY_WITH_SLOT_SUBSTITUTION_2, old_name, new_name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) FILE = open(new_name, "w") for line in fileinput.FileInput(old_name): for slot in slots: @@ -1616,7 +1617,7 @@ class file: config.pki_log.debug( log.PKIHELPER_SLOT_SUBSTITUTION_2, slots[slot], master[slot], - extra=config.PKI_INDENTATION_LEVEL_3) + extra=PKIConfig.PKI_INDENTATION_LEVEL_3) line=line.replace(slots[slot],master[slot]) FILE.write(line) FILE.close() @@ -1627,12 +1628,12 @@ class file: # chmod config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, new_name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra=PKIConfig.PKI_INDENTATION_LEVEL_3) os.chmod(new_name, perms) # chown : config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, new_name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra=PKIConfig.PKI_INDENTATION_LEVEL_3) os.chown(new_name, uid, gid) # Store record in installation manifest record = manifest.record() @@ -1647,25 +1648,25 @@ class file: manifest.database.append(record) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) except shutil.Error as exc: config.pki_log.error(log.PKI_SHUTIL_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) return def generate_noise_file(self, name, bytes, uid=None, gid=None, - perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, + perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, acls=None, critical_failure=True): try: if not os.path.exists(name): # generating noise file called and # filling it with random bytes config.pki_log.info(log.PKIHELPER_NOISE_FILE_2, name, bytes, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) open(name, "w").close() FILE = open(name, "w") noise = ''.join(random.choice(string.ascii_letters +\ @@ -1674,7 +1675,7 @@ class file: FILE.close() # chmod config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra=PKIConfig.PKI_INDENTATION_LEVEL_3) os.chmod(name, perms) # chown : if uid == None: @@ -1683,7 +1684,7 @@ class file: gid = identity.get_gid() config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra=PKIConfig.PKI_INDENTATION_LEVEL_3) os.chown(name, uid, gid) # Store record in installation manifest record = manifest.record() @@ -1699,7 +1700,7 @@ class file: elif not os.path.isfile(name): config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) except OSError as exc: @@ -1707,7 +1708,7 @@ class file: pass else: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) return @@ -1722,12 +1723,12 @@ class symlink: if not os.path.exists(name): config.pki_log.warning( log.PKIHELPER_DANGLING_SYMLINK_2, link, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if not allow_dangling_symlink: sys.exit(1) # ln -s config.pki_log.info(log.PKIHELPER_LINK_S_2, name, link, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) os.symlink(name, link) # REMINDER: Due to POSIX compliance, 'lchmod' is NEVER # implemented on Linux systems since 'chmod' @@ -1739,7 +1740,7 @@ class symlink: gid = identity.get_gid() config.pki_log.debug(log.PKIHELPER_CHOWN_H_3, uid, gid, link, - extra=config.PKI_INDENTATION_LEVEL_3) + extra=PKIConfig.PKI_INDENTATION_LEVEL_3) os.lchown(link, uid, gid) # Store record in installation manifest record = manifest.record() @@ -1750,13 +1751,13 @@ class symlink: record.uid = uid record.gid = gid record.permissions =\ - config.PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS + PKIConfig.PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS record.acls = acls manifest.database.append(record) elif not os.path.islink(link): config.pki_log.error( log.PKI_SYMLINK_ALREADY_EXISTS_NOT_A_SYMLINK_1, link, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) except OSError as exc: @@ -1764,7 +1765,7 @@ class symlink: pass else: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) return @@ -1776,13 +1777,13 @@ class symlink: if not os.path.islink(link): config.pki_log.error( log.PKI_SYMLINK_ALREADY_EXISTS_NOT_A_SYMLINK_1, - link, extra=config.PKI_INDENTATION_LEVEL_2) + link, extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) # Always re-process each link whether it needs it or not if not silent: config.pki_log.info(log.PKIHELPER_MODIFY_SYMLINK_1, link, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) # REMINDER: Due to POSIX compliance, 'lchmod' is NEVER # implemented on Linux systems since 'chmod' # CANNOT be run directly against symbolic links! @@ -1794,7 +1795,7 @@ class symlink: if not silent: config.pki_log.debug(log.PKIHELPER_CHOWN_H_3, uid, gid, link, - extra=config.PKI_INDENTATION_LEVEL_3) + extra=PKIConfig.PKI_INDENTATION_LEVEL_3) os.lchown(link, uid, gid) # Store record in installation manifest if not silent: @@ -1806,18 +1807,18 @@ class symlink: record.uid = uid record.gid = gid record.permissions =\ - config.PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS + PKIConfig.PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS record.acls = acls manifest.database.append(record) else: config.pki_log.error( log.PKI_SYMLINK_MISSING_OR_NOT_A_SYMLINK_1, link, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) return @@ -1828,15 +1829,15 @@ class symlink: # Simply issue a warning and continue config.pki_log.warning( log.PKI_SYMLINK_MISSING_OR_NOT_A_SYMLINK_1, link, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) else: # rm -f config.pki_log.info(log.PKIHELPER_RM_F_1, link, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) os.remove(link) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) return @@ -1849,7 +1850,7 @@ class symlink: return True except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) @@ -1861,18 +1862,18 @@ class war: if not zipfile.is_zipfile(name): config.pki_log.error( log.PKI_FILE_NOT_A_WAR_FILE_1, - name, extra=config.PKI_INDENTATION_LEVEL_2) + name, extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) if not os.path.exists(path) or not os.path.isdir(path): config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, - path, extra=config.PKI_INDENTATION_LEVEL_2) + path, extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) # jar -xf -C config.pki_log.info(log.PKIHELPER_JAR_XF_C_2, name, path, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) # Open war file war = zipfile.ZipFile(name, 'r') # Extract contents of war file to path @@ -1880,22 +1881,22 @@ class war: else: config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) except zipfile.BadZipfile as exc: config.pki_log.error(log.PKI_BADZIPFILE_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) except zipfile.LargeZipFile as exc: config.pki_log.error(log.PKI_LARGEZIPFILE_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) return @@ -1910,13 +1911,13 @@ class password: if overwrite_flag: config.pki_log.info( log.PKIHELPER_PASSWORD_CONF_1, path, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) # overwrite the existing 'password.conf' file with open(path, "wt") as fd: if pin_sans_token == True: fd.write(str(pin)) elif master['pki_subsystem'] in\ - config.PKI_APACHE_SUBSYSTEMS: + PKIConfig.PKI_APACHE_SUBSYSTEMS: fd.write(master['pki_self_signed_token'] +\ ":" + str(pin)) else: @@ -1925,13 +1926,13 @@ class password: fd.closed else: config.pki_log.info(log.PKIHELPER_PASSWORD_CONF_1, path, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) # create a new 'password.conf' file with open(path, "wt") as fd: if pin_sans_token == True: fd.write(str(pin)) elif master['pki_subsystem'] in\ - config.PKI_APACHE_SUBSYSTEMS: + PKIConfig.PKI_APACHE_SUBSYSTEMS: fd.write(master['pki_self_signed_token'] +\ ":" + str(pin)) else: @@ -1940,7 +1941,7 @@ class password: fd.closed except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) return @@ -1952,21 +1953,21 @@ class password: if overwrite_flag: config.pki_log.info( log.PKIHELPER_PASSWORD_CONF_1, path, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) # overwrite the existing 'pkcs12_password.conf' file with open(path, "wt") as fd: fd.write(sensitive['pki_client_pkcs12_password']) fd.closed else: config.pki_log.info(log.PKIHELPER_PASSWORD_CONF_1, path, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) # create a new 'pkcs12_password.conf' file with open(path, "wt") as fd: fd.write(sensitive['pki_client_pkcs12_password']) fd.closed except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) return @@ -1987,7 +1988,7 @@ class certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_PATH, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) if password_file != None: command = command + " " + "-f" + " " + password_file @@ -1996,7 +1997,7 @@ class certutil: if not os.path.exists(path): config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, path, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) if os.path.exists(pki_cert_database) or\ os.path.exists(pki_key_database) or\ @@ -2007,7 +2008,7 @@ class certutil: pki_cert_database, pki_key_database, pki_secmod_database, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) else: if password_file != None: if not os.path.exists(password_file) or\ @@ -2015,23 +2016,23 @@ class certutil: config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, password_file, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) # Display this "certutil" command config.pki_log.info( log.PKIHELPER_CREATE_SECURITY_DATABASES_1, command, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) # Execute this "certutil" command subprocess.call(command, shell=True) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) return @@ -2050,7 +2051,7 @@ class certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_PATH, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) # Specify the 'token' if token: @@ -2058,7 +2059,7 @@ class certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_TOKEN, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) # Specify the nickname of this self-signed certificate if nickname: @@ -2066,7 +2067,7 @@ class certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_NICKNAME, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) # OPTIONALLY specify a password file if password_file != None: @@ -2077,7 +2078,7 @@ class certutil: if not os.path.exists(path): config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, path, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) if not os.path.exists(pki_cert_database) or\ not os.path.exists(pki_key_database) or\ @@ -2088,7 +2089,7 @@ class certutil: pki_cert_database, pki_key_database, pki_secmod_database, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) if password_file != None: if not os.path.exists(password_file) or\ @@ -2096,7 +2097,7 @@ class certutil: config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, password_file, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) # Execute this "certutil" command subprocess.check_call(command, shell=True) @@ -2104,7 +2105,7 @@ class certutil: return False except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) return True @@ -2126,7 +2127,7 @@ class certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_PATH, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) # Specify the 'token' if token: @@ -2134,7 +2135,7 @@ class certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_TOKEN, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) # Specify the nickname of this self-signed certificate if nickname: @@ -2142,7 +2143,7 @@ class certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_NICKNAME, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) # Specify the subject name (RFC1485) if subject: @@ -2150,7 +2151,7 @@ class certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_SUBJECT, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) # Specify the serial number if serial_number != None: @@ -2158,7 +2159,7 @@ class certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_SERIAL_NUMBER, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) # Specify the months valid if validity_period != None: @@ -2166,7 +2167,7 @@ class certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_VALIDITY_PERIOD, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) # Specify the nickname of the issuer certificate if issuer_name: @@ -2175,7 +2176,7 @@ class certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_ISSUER_NAME, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) # Specify the certificate trust attributes if trustargs: @@ -2183,7 +2184,7 @@ class certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_TRUSTARGS, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) # Specify a noise file to be used for key generation if noise_file: @@ -2191,7 +2192,7 @@ class certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_NOISE_FILE, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) # OPTIONALLY specify a password file if password_file != None: @@ -2203,11 +2204,11 @@ class certutil: # Display this "certutil" command config.pki_log.info( log.PKIHELPER_CERTUTIL_SELF_SIGNED_CERTIFICATE_1, command, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if not os.path.exists(path): config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, path, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) if not os.path.exists(pki_cert_database) or\ not os.path.exists(pki_key_database) or\ @@ -2218,13 +2219,13 @@ class certutil: pki_cert_database, pki_key_database, pki_secmod_database, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) if not os.path.exists(noise_file): config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, noise_file, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) if password_file != None: if not os.path.exists(password_file) or\ @@ -2232,18 +2233,18 @@ class certutil: config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, password_file, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) # Execute this "certutil" command subprocess.call(command, shell=True) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) return @@ -2280,10 +2281,10 @@ class security_domain: log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_2, typeval, secname, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) config.pki_log.error( log.PKIHELPER_UNDEFINED_SUBSYSTEM_NICKNAME, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(-1) else: @@ -2305,10 +2306,10 @@ class security_domain: log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_2, typeval, secname, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) config.pki_log.error( log.PKIHELPER_SECURITY_DOMAIN_UNDEFINED, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(-1) else: @@ -2318,7 +2319,7 @@ class security_domain: # This is not a domain master, so we need to update the master config.pki_log.info(log.PKIHELPER_SECURITY_DOMAIN_CONTACT_1, secname, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) listval = typeval.lower() + "List" urlheader = "https://{}:{}".format(sechost, seceeport) urlagentheader = "https://{}:{}".format(sechost, secagentport) @@ -2348,10 +2349,10 @@ class security_domain: log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_2, typeval, secname, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) config.pki_log.error(log.PKIHELPER_PASSWORD_NOT_FOUND_1, token_name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(-1) else: @@ -2385,14 +2386,14 @@ class security_domain: shell=True) config.pki_log.debug(log.PKIHELPER_SSLGET_OUTPUT_1, output, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) # Search the output for Status status = re.findall("\(.*?)\<\/Status\>", output) if not status: config.pki_log.warning( log.PKIHELPER_SECURITY_DOMAIN_UNREACHABLE_1, secname, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(-1) elif status[0] != "0": @@ -2403,13 +2404,13 @@ class security_domain: log.PKIHELPER_SECURITY_DOMAIN_UNREGISTERED_2, typeval, secname, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) config.pki_log.error( log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_3, typeval, secname, error, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(-1) else: @@ -2417,19 +2418,19 @@ class security_domain: log.PKIHELPER_SECURITY_DOMAIN_UPDATE_SUCCESS_2, typeval, secname, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) except subprocess.CalledProcessError as exc: config.pki_log.warning( log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_2, typeval, secname, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) config.pki_log.warning( log.PKIHELPER_SECURITY_DOMAIN_UNREACHABLE_1, secname, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(-1) return @@ -2440,12 +2441,12 @@ class systemd: def start(self, critical_failure=True): try: # Compose this "systemd" execution management command - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: + if master['pki_subsystem'] in PKIConfig.PKI_APACHE_SUBSYSTEMS: command = "systemctl" + " " +\ "start" + " " +\ "pki-apached" + "@" +\ master['pki_instance_id'] + "." + "service" - elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + elif master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: command = "systemctl" + " " +\ "start" + " " +\ "pki-tomcatd" + "@" +\ @@ -2453,12 +2454,12 @@ class systemd: # Display this "systemd" execution managment command config.pki_log.info( log.PKIHELPER_SYSTEMD_COMMAND_1, command, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) # Execute this "systemd" execution management command subprocess.call(command, shell=True) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) return @@ -2466,12 +2467,12 @@ class systemd: def stop(self, critical_failure=True): try: # Compose this "systemd" execution management command - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: + if master['pki_subsystem'] in PKIConfig.PKI_APACHE_SUBSYSTEMS: command = "systemctl" + " " +\ "stop" + " " +\ "pki-apached" + "@" +\ master['pki_instance_id'] + "." + "service" - elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + elif master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: command = "systemctl" + " " +\ "stop" + " " +\ "pki-tomcatd" + "@" +\ @@ -2479,12 +2480,12 @@ class systemd: # Display this "systemd" execution managment command config.pki_log.info( log.PKIHELPER_SYSTEMD_COMMAND_1, command, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) # Execute this "systemd" execution management command subprocess.call(command, shell=True) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) return @@ -2492,12 +2493,12 @@ class systemd: def restart(self, critical_failure=True): try: # Compose this "systemd" execution management command - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: + if master['pki_subsystem'] in PKIConfig.PKI_APACHE_SUBSYSTEMS: command = "systemctl" + " " +\ "restart" + " " +\ "pki-apached" + "@" +\ master['pki_instance_id'] + "." + "service" - elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + elif master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: command = "systemctl" + " " +\ "restart" + " " +\ "pki-tomcatd" + "@" +\ @@ -2505,12 +2506,12 @@ class systemd: # Display this "systemd" execution managment command config.pki_log.info( log.PKIHELPER_SYSTEMD_COMMAND_1, command, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) # Execute this "systemd" execution management command subprocess.call(command, shell=True) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) return @@ -2544,12 +2545,12 @@ class jython: config.pki_log.info( log.PKIHELPER_INVOKE_JYTHON_3, ld_library_path, property, scriptlet, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) # Invoke this "jython" command subprocess.call(command, shell=True) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) if critical_failure == True: sys.exit(1) return diff --git a/base/deploy/src/scriptlets/pkijython.py b/base/deploy/src/scriptlets/pkijython.py index 8d027f91a..3753c9e49 100644 --- a/base/deploy/src/scriptlets/pkijython.py +++ b/base/deploy/src/scriptlets/pkijython.py @@ -151,6 +151,7 @@ from netscape.security.x509 import X500Name # PKI Python Imports import pkiconfig as config +from pkiconfig import PKIConfig import pkimessages as log @@ -220,7 +221,7 @@ def read_simple_configuration_file(filename): class security_databases: def initialize_token(self, pki_database_path, log_level): try: - if log_level >= config.PKI_JYTHON_INFO_LOG_LEVEL: + if log_level >= PKIConfig.PKI_JYTHON_INFO_LOG_LEVEL: print "%s %s '%s'" %\ (log.PKI_JYTHON_INDENTATION_2, log.PKI_JYTHON_INITIALIZING_TOKEN, @@ -237,7 +238,7 @@ class security_databases: def log_into_token(self, pki_database_path, password_conf, log_level): token = None try: - if log_level >= config.PKI_JYTHON_INFO_LOG_LEVEL: + if log_level >= PKIConfig.PKI_JYTHON_INFO_LOG_LEVEL: print "%s %s '%s'" %\ (log.PKI_JYTHON_INDENTATION_2, log.PKI_JYTHON_LOG_INTO_TOKEN, @@ -281,7 +282,7 @@ class rest_client: self.master = master self.sensitive = sensitive log_level = master['pki_jython_log_level'] - if log_level >= config.PKI_JYTHON_INFO_LOG_LEVEL: + if log_level >= PKIConfig.PKI_JYTHON_INFO_LOG_LEVEL: print "%s %s '%s'" %\ (log.PKI_JYTHON_INDENTATION_2, log.PKI_JYTHON_INITIALIZING_REST_CLIENT, @@ -398,7 +399,7 @@ class rest_client: # Return list of PKI subsystems in the specified tomcat instance rv = [] try: - for subsystem in config.PKI_TOMCAT_SUBSYSTEMS: + for subsystem in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: path = self.master['pki_instance_path'] + "/" + subsystem.lower() if os.path.exists(path) and os.path.isdir(path): rv.append(subsystem) @@ -412,7 +413,7 @@ class rest_client: def construct_pki_configuration_data(self, token): data = None master = self.master - if master['pki_jython_log_level'] >= config.PKI_JYTHON_INFO_LOG_LEVEL: + if master['pki_jython_log_level'] >= PKIConfig.PKI_JYTHON_INFO_LOG_LEVEL: print "%s %s '%s'" %\ (log.PKI_JYTHON_INDENTATION_2, log.PKI_JYTHON_CONSTRUCTING_PKI_DATA, @@ -547,7 +548,7 @@ class rest_client: def configure_pki_data(self, data): master = self.master - if master['pki_jython_log_level'] >= config.PKI_JYTHON_INFO_LOG_LEVEL: + if master['pki_jython_log_level'] >= PKIConfig.PKI_JYTHON_INFO_LOG_LEVEL: print "%s %s '%s'" %\ (log.PKI_JYTHON_INDENTATION_2, log.PKI_JYTHON_CONFIGURING_PKI_DATA, @@ -592,7 +593,7 @@ class rest_client: # # os.chmod( # admin_cert_file, - # config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS) + # PKIConfig.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS) # # Emulate it with a system call. command = "chmod" + " 660 " + admin_cert_file @@ -650,7 +651,7 @@ class rest_client: # following operating system specific command: # # os.chmod(master['pki_client_admin_cert_p12'], - # config.\ + # PKIConfig.\ # PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) # # Emulate it with a system call. diff --git a/base/deploy/src/scriptlets/pkimanifest.py b/base/deploy/src/scriptlets/pkimanifest.py index 04a638f06..6e2b9c367 100644 --- a/base/deploy/src/scriptlets/pkimanifest.py +++ b/base/deploy/src/scriptlets/pkimanifest.py @@ -27,6 +27,7 @@ import sys # PKI Deployment Imports import pkiconfig as config +from pkiconfig import PKIConfig import pkimessages as log @@ -80,7 +81,7 @@ class file: fd.close() except IOError as exc: config.pki_log.error(log.PKI_IOERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_1) + extra=PKIConfig.PKI_INDENTATION_LEVEL_1) sys.exit(1) def read(self): @@ -92,7 +93,7 @@ class file: fd.close() except IOError as exc: config.pki_log.error(log.PKI_IOERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_1) + extra=PKIConfig.PKI_INDENTATION_LEVEL_1) sys.exit(1) diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py index e9d348840..971c64040 100644 --- a/base/deploy/src/scriptlets/pkiparser.py +++ b/base/deploy/src/scriptlets/pkiparser.py @@ -32,6 +32,7 @@ import time # PKI Deployment Imports import pkiconfig as config +from pkiconfig import PKIConfig import pkimessages as log @@ -63,7 +64,7 @@ class PKIConfigParser: mandatory = parser.add_argument_group('mandatory arguments') mandatory.add_argument('-s', dest='pki_subsystem', action='store', - nargs=1, choices=config.PKI_SUBSYSTEMS, + nargs=1, choices=PKIConfig.PKI_SUBSYSTEMS, required=True, metavar='', help='where is ' 'CA, KRA, OCSP, RA, TKS, or TPS') @@ -110,15 +111,15 @@ class PKIConfigParser: # Process 'Optional' command-line options # '-v' if args.pki_verbosity == 1: - config.pki_jython_log_level = config.PKI_JYTHON_INFO_LOG_LEVEL + config.pki_jython_log_level = PKIConfig.PKI_JYTHON_INFO_LOG_LEVEL config.pki_console_log_level = logging.INFO config.pki_log_level = logging.INFO elif args.pki_verbosity == 2: - config.pki_jython_log_level = config.PKI_JYTHON_INFO_LOG_LEVEL + config.pki_jython_log_level = PKIConfig.PKI_JYTHON_INFO_LOG_LEVEL config.pki_console_log_level = logging.INFO config.pki_log_level = logging.DEBUG elif args.pki_verbosity == 3: - config.pki_jython_log_level = config.PKI_JYTHON_DEBUG_LOG_LEVEL + config.pki_jython_log_level = PKIConfig.PKI_JYTHON_DEBUG_LOG_LEVEL config.pki_console_log_level = logging.DEBUG config.pki_log_level = logging.DEBUG elif args.pki_verbosity > 3: @@ -128,7 +129,7 @@ class PKIConfigParser: parser.exit(-1); else: # Set default log levels - config.pki_jython_log_level = config.PKI_JYTHON_WARNING_LOG_LEVEL + config.pki_jython_log_level = PKIConfig.PKI_JYTHON_WARNING_LOG_LEVEL config.pki_console_log_level = logging.WARNING config.pki_log_level = logging.INFO # Process 'Test' command-line options @@ -150,7 +151,7 @@ class PKIConfigParser: if config.pki_deployment_executable == 'pkidestroy': # verify that previously deployed instance exists deployed_pki_instance_path = config.pki_root_prefix +\ - config.PKI_DEPLOYMENT_BASE_ROOT + "/" +\ + PKIConfig.PKI_DEPLOYMENT_BASE_ROOT + "/" +\ config.pki_deployed_instance_name if not os.path.exists(deployed_pki_instance_path): print "ERROR: " + log.PKI_INSTANCE_DOES_NOT_EXIST_1 %\ @@ -170,7 +171,7 @@ class PKIConfigParser: deployed_pki_subsystem_path + "/" +\ "registry" + "/" +\ config.pki_subsystem.lower() + "/" +\ - config.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE + PKIConfig.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE # always verify that configuration file exists if not os.path.exists(config.pkideployment_cfg) or\ not os.path.isfile(config.pkideployment_cfg): @@ -344,14 +345,14 @@ class PKIConfigParser: config.pki_master_dict['pki_instance_name'] # PKI Source name/value pairs config.pki_master_dict['pki_source_conf_path'] =\ - os.path.join(config.PKI_DEPLOYMENT_SOURCE_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_SOURCE_ROOT, config.pki_master_dict['pki_subsystem'].lower(), "conf") config.pki_master_dict['pki_source_setup_path'] =\ - os.path.join(config.PKI_DEPLOYMENT_SOURCE_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_SOURCE_ROOT, "setup") config.pki_master_dict['pki_source_server_path'] =\ - os.path.join(config.PKI_DEPLOYMENT_SOURCE_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_SOURCE_ROOT, "server", "conf") config.pki_master_dict['pki_source_cs_cfg'] =\ @@ -361,43 +362,43 @@ class PKIConfigParser: os.path.join(config.pki_master_dict['pki_source_setup_path'], "pkidaemon_registry") if config.pki_master_dict['pki_subsystem'] in\ - config.PKI_APACHE_SUBSYSTEMS: + PKIConfig.PKI_APACHE_SUBSYSTEMS: config.pki_master_dict['pki_systemd_service'] =\ - config.PKI_DEPLOYMENT_SYSTEMD_ROOT + "/" +\ + PKIConfig.PKI_DEPLOYMENT_SYSTEMD_ROOT + "/" +\ "pki-apached" + "@" + ".service" config.pki_master_dict['pki_systemd_target'] =\ - config.PKI_DEPLOYMENT_SYSTEMD_ROOT + "/" +\ + PKIConfig.PKI_DEPLOYMENT_SYSTEMD_ROOT + "/" +\ "pki-apached.target" config.pki_master_dict['pki_systemd_target_wants'] =\ - config.PKI_DEPLOYMENT_SYSTEMD_CONFIGURATION_ROOT + "/" +\ + PKIConfig.PKI_DEPLOYMENT_SYSTEMD_CONFIGURATION_ROOT + "/" +\ "pki-apached.target.wants" config.pki_master_dict['pki_systemd_service_link'] =\ config.pki_master_dict['pki_systemd_target_wants'] + "/" +\ "pki-apached" + "@" +\ config.pki_master_dict['pki_instance_id'] + ".service" elif config.pki_master_dict['pki_subsystem'] in\ - config.PKI_TOMCAT_SUBSYSTEMS: + PKIConfig.PKI_TOMCAT_SUBSYSTEMS: config.pki_master_dict['pki_systemd_service'] =\ - config.PKI_DEPLOYMENT_SYSTEMD_ROOT + "/" +\ + PKIConfig.PKI_DEPLOYMENT_SYSTEMD_ROOT + "/" +\ "pki-tomcatd" + "@" + ".service" config.pki_master_dict['pki_systemd_target'] =\ - config.PKI_DEPLOYMENT_SYSTEMD_ROOT + "/" +\ + PKIConfig.PKI_DEPLOYMENT_SYSTEMD_ROOT + "/" +\ "pki-tomcatd.target" config.pki_master_dict['pki_systemd_target_wants'] =\ - config.PKI_DEPLOYMENT_SYSTEMD_CONFIGURATION_ROOT + "/" +\ + PKIConfig.PKI_DEPLOYMENT_SYSTEMD_CONFIGURATION_ROOT + "/" +\ "pki-tomcatd.target.wants" config.pki_master_dict['pki_systemd_service_link'] =\ config.pki_master_dict['pki_systemd_target_wants'] + "/" +\ "pki-tomcatd" + "@" +\ config.pki_master_dict['pki_instance_id'] + ".service" config.pki_master_dict['pki_tomcat_bin_path'] =\ - os.path.join(config.PKI_DEPLOYMENT_TOMCAT_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_TOMCAT_ROOT, "bin") config.pki_master_dict['pki_tomcat_lib_path'] =\ - os.path.join(config.PKI_DEPLOYMENT_TOMCAT_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_TOMCAT_ROOT, "lib") config.pki_master_dict['pki_tomcat_systemd'] =\ - config.PKI_DEPLOYMENT_TOMCAT_SYSTEMD + PKIConfig.PKI_DEPLOYMENT_TOMCAT_SYSTEMD config.pki_master_dict['pki_source_catalina_properties'] =\ os.path.join(config.pki_master_dict['pki_source_server_path'], "catalina.properties") @@ -415,14 +416,14 @@ class PKIConfigParser: "tomcat.conf") if config.pki_master_dict['pki_subsystem'] == "CA": config.pki_master_dict['pki_source_emails'] =\ - os.path.join(config.PKI_DEPLOYMENT_SOURCE_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_SOURCE_ROOT, "ca", "emails") config.pki_master_dict['pki_source_flatfile_txt'] =\ os.path.join(config.pki_master_dict['pki_source_conf_path'], "flatfile.txt") config.pki_master_dict['pki_source_profiles'] =\ - os.path.join(config.PKI_DEPLOYMENT_SOURCE_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_SOURCE_ROOT, "ca", "profiles") config.pki_master_dict['pki_source_proxy_conf'] =\ @@ -485,16 +486,16 @@ class PKIConfigParser: config.pki_master_dict['pki_root_prefix'] = config.pki_root_prefix config.pki_master_dict['pki_path'] =\ config.pki_master_dict['pki_root_prefix'] +\ - config.PKI_DEPLOYMENT_BASE_ROOT + PKIConfig.PKI_DEPLOYMENT_BASE_ROOT config.pki_master_dict['pki_log_path'] =\ config.pki_master_dict['pki_root_prefix'] +\ - config.PKI_DEPLOYMENT_LOG_ROOT + PKIConfig.PKI_DEPLOYMENT_LOG_ROOT config.pki_master_dict['pki_configuration_path'] =\ config.pki_master_dict['pki_root_prefix'] +\ - config.PKI_DEPLOYMENT_CONFIGURATION_ROOT + PKIConfig.PKI_DEPLOYMENT_CONFIGURATION_ROOT config.pki_master_dict['pki_registry_path'] =\ config.pki_master_dict['pki_root_prefix'] +\ - config.PKI_DEPLOYMENT_REGISTRY_ROOT + PKIConfig.PKI_DEPLOYMENT_REGISTRY_ROOT # Apache/Tomcat instance base name/value pairs config.pki_master_dict['pki_instance_path'] =\ os.path.join(config.pki_master_dict['pki_path'], @@ -510,7 +511,7 @@ class PKIConfigParser: # Apache/Tomcat instance registry name/value pairs # Apache-specific instance name/value pairs if config.pki_master_dict['pki_subsystem'] in\ - config.PKI_APACHE_SUBSYSTEMS: + PKIConfig.PKI_APACHE_SUBSYSTEMS: # Apache instance base name/value pairs config.pki_master_dict['pki_instance_type'] = "Apache" # Apache instance log name/value pairs @@ -527,7 +528,7 @@ class PKIConfigParser: # Apache instance convenience symbolic links # Tomcat-specific instance name/value pairs elif config.pki_master_dict['pki_subsystem'] in\ - config.PKI_TOMCAT_SUBSYSTEMS: + PKIConfig.PKI_TOMCAT_SUBSYSTEMS: # Tomcat instance base name/value pairs config.pki_master_dict['pki_instance_type'] = "Tomcat" config.pki_master_dict['pki_tomcat_common_path'] =\ @@ -617,87 +618,87 @@ class PKIConfigParser: os.path.join("/usr/lib/java", "symkey.jar") config.pki_master_dict['pki_apache_commons_collections_jar'] =\ - os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_JAR_SOURCE_ROOT, "apache-commons-collections.jar") config.pki_master_dict['pki_apache_commons_lang_jar'] =\ - os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_JAR_SOURCE_ROOT, "apache-commons-lang.jar") config.pki_master_dict['pki_apache_commons_logging_jar'] =\ - os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_JAR_SOURCE_ROOT, "apache-commons-logging.jar") config.pki_master_dict['pki_commons_codec_jar'] =\ - os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_JAR_SOURCE_ROOT, "commons-codec.jar") config.pki_master_dict['pki_httpclient_jar'] =\ os.path.join( - config.PKI_DEPLOYMENT_HTTPCOMPONENTS_JAR_SOURCE_ROOT, + PKIConfig.PKI_DEPLOYMENT_HTTPCOMPONENTS_JAR_SOURCE_ROOT, "httpclient.jar") config.pki_master_dict['pki_httpcore_jar'] =\ os.path.join( - config.PKI_DEPLOYMENT_HTTPCOMPONENTS_JAR_SOURCE_ROOT, + PKIConfig.PKI_DEPLOYMENT_HTTPCOMPONENTS_JAR_SOURCE_ROOT, "httpcore.jar") config.pki_master_dict['pki_javassist_jar'] =\ - os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_JAR_SOURCE_ROOT, "javassist.jar") config.pki_master_dict['pki_resteasy_jaxrs_api_jar'] =\ - os.path.join(config.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT, "jaxrs-api.jar") config.pki_master_dict['pki_jettison_jar'] =\ - os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_JAR_SOURCE_ROOT, "jettison.jar") config.pki_master_dict['pki_ldapjdk_jar'] =\ - os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_JAR_SOURCE_ROOT, "ldapjdk.jar") config.pki_master_dict['pki_certsrv_jar'] =\ - os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT, "pki-certsrv.jar") config.pki_master_dict['pki_cmsbundle'] =\ - os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT, "pki-cmsbundle.jar") config.pki_master_dict['pki_cmscore'] =\ - os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT, "pki-cmscore.jar") config.pki_master_dict['pki_cms'] =\ - os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT, "pki-cms.jar") config.pki_master_dict['pki_cmsutil'] =\ - os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT, "pki-cmsutil.jar") config.pki_master_dict['pki_nsutil'] =\ - os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT, "pki-nsutil.jar") config.pki_master_dict['pki_tomcat_jar'] =\ - os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT, "pki-tomcat.jar") config.pki_master_dict['pki_resteasy_atom_provider_jar'] =\ - os.path.join(config.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT, "resteasy-atom-provider.jar") config.pki_master_dict['pki_resteasy_jaxb_provider_jar'] =\ - os.path.join(config.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT, "resteasy-jaxb-provider.jar") config.pki_master_dict['pki_resteasy_jaxrs_jar'] =\ - os.path.join(config.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT, "resteasy-jaxrs.jar") config.pki_master_dict['pki_resteasy_jettison_provider_jar'] =\ - os.path.join(config.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT, "resteasy-jettison-provider.jar") config.pki_master_dict['pki_scannotation_jar'] =\ - os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_JAR_SOURCE_ROOT, "scannotation.jar") config.pki_master_dict['pki_tomcatjss_jar'] =\ - os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_JAR_SOURCE_ROOT, "tomcat7jss.jar") config.pki_master_dict['pki_velocity_jar'] =\ - os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_JAR_SOURCE_ROOT, "velocity.jar") config.pki_master_dict['pki_xerces_j2_jar'] =\ - os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_JAR_SOURCE_ROOT, "xerces-j2.jar") config.pki_master_dict['pki_xml_commons_apis_jar'] =\ - os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_JAR_SOURCE_ROOT, "xml-commons-apis.jar") config.pki_master_dict['pki_xml_commons_resolver_jar'] =\ - os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_JAR_SOURCE_ROOT, "xml-commons-resolver.jar") # Tomcat instance common lib jar symbolic links config.pki_master_dict['pki_jss_jar_link'] =\ @@ -829,7 +830,7 @@ class PKIConfigParser: config.pki_master_dict['pki_subsystem'].lower()) # Instance-based Apache/Tomcat PKI subsystem name/value pairs if config.pki_master_dict['pki_subsystem'] in\ - config.PKI_APACHE_SUBSYSTEMS: + PKIConfig.PKI_APACHE_SUBSYSTEMS: # Instance-based Apache PKI subsystem base name/value pairs # Instance-based Apache PKI subsystem log name/value pairs if config.pki_master_dict['pki_subsystem'] == "TPS": @@ -840,7 +841,7 @@ class PKIConfigParser: # Instance-based Apache PKI subsystem registry name/value pairs # Instance-based Apache PKI subsystem convenience symbolic links elif config.pki_master_dict['pki_subsystem'] in\ - config.PKI_TOMCAT_SUBSYSTEMS: + PKIConfig.PKI_TOMCAT_SUBSYSTEMS: # Instance-based Tomcat PKI subsystem base name/value pairs if config.pki_master_dict['pki_subsystem'] == "CA": config.pki_master_dict['pki_subsystem_emails_path'] =\ @@ -874,7 +875,7 @@ class PKIConfigParser: "registry") # PKI Target (war file) name/value pairs if config.pki_master_dict['pki_subsystem'] in\ - config.PKI_TOMCAT_SUBSYSTEMS: + PKIConfig.PKI_TOMCAT_SUBSYSTEMS: # Tomcat PKI subsystem war file base name/value pairs config.pki_master_dict['pki_tomcat_webapps_subsystem_path'] =\ os.path.join(config.pki_master_dict['pki_tomcat_webapps_path'], @@ -918,7 +919,7 @@ class PKIConfigParser: # Tomcat PKI subsystem war file convenience symbolic links if config.pki_master_dict['pki_subsystem'] == "CA": config.pki_master_dict['pki_ca_jar'] =\ - os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT, "pki-ca.jar") config.pki_master_dict['pki_ca_jar_link'] =\ os.path.join( @@ -927,7 +928,7 @@ class PKIConfigParser: "pki-ca.jar") elif config.pki_master_dict['pki_subsystem'] == "KRA": config.pki_master_dict['pki_kra_jar'] =\ - os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT, "pki-kra.jar") config.pki_master_dict['pki_kra_jar_link'] =\ os.path.join( @@ -936,7 +937,7 @@ class PKIConfigParser: "pki-kra.jar") elif config.pki_master_dict['pki_subsystem'] == "OCSP": config.pki_master_dict['pki_ocsp_jar'] =\ - os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT, "pki-ocsp.jar") config.pki_master_dict['pki_ocsp_jar_link'] =\ os.path.join( @@ -945,7 +946,7 @@ class PKIConfigParser: "pki-ocsp.jar") elif config.pki_master_dict['pki_subsystem'] == "TKS": config.pki_master_dict['pki_tks_jar'] =\ - os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT, + os.path.join(PKIConfig.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT, "pki-tks.jar") config.pki_master_dict['pki_tks_jar_link'] =\ os.path.join( @@ -961,7 +962,7 @@ class PKIConfigParser: os.path.join(config.pki_master_dict['pki_instance_registry_path'], config.pki_master_dict['pki_instance_id']) if config.pki_master_dict['pki_subsystem'] in\ - config.PKI_TOMCAT_SUBSYSTEMS: + PKIConfig.PKI_TOMCAT_SUBSYSTEMS: config.pki_master_dict['pki_target_catalina_properties'] =\ os.path.join( config.pki_master_dict['pki_instance_configuration_path'], @@ -1083,7 +1084,7 @@ class PKIConfigParser: os.path.join(config.pki_master_dict['pki_subsystem_registry_path'], config.pki_master_dict['pki_instance_id']) if config.pki_master_dict['pki_subsystem'] in\ - config.PKI_APACHE_SUBSYSTEMS: + PKIConfig.PKI_APACHE_SUBSYSTEMS: config.pki_master_dict['FORTITUDE_APACHE_SLOT'] = None config.pki_master_dict['FORTITUDE_AUTH_MODULES_SLOT'] = None config.pki_master_dict['FORTITUDE_DIR_SLOT'] = None @@ -1114,7 +1115,7 @@ class PKIConfigParser: config.pki_master_dict['TMP_DIR_SLOT'] = None config.pki_master_dict['TPS_DIR_SLOT'] = None elif config.pki_master_dict['pki_subsystem'] in\ - config.PKI_TOMCAT_SUBSYSTEMS: + PKIConfig.PKI_TOMCAT_SUBSYSTEMS: config.pki_master_dict['INSTALL_TIME_SLOT'] =\ config.pki_master_dict['pki_install_time'] config.pki_master_dict['PKI_ADMIN_SECURE_PORT_SLOT'] =\ @@ -1466,24 +1467,24 @@ class PKIConfigParser: if not len(config.pki_master_dict['pki_subsystem_name']): if config.pki_master_dict['pki_subsystem'] in\ - config.PKI_TOMCAT_SUBSYSTEMS and \ + PKIConfig.PKI_TOMCAT_SUBSYSTEMS and \ config.str2bool(config.pki_master_dict['pki_clone']): config.pki_master_dict['pki_subsystem_name'] =\ - config.PKI_DEPLOYMENT_CLONED_PKI_SUBSYSTEM + " " +\ + PKIConfig.PKI_DEPLOYMENT_CLONED_PKI_SUBSYSTEM + " " +\ config.pki_subsystem + " " +\ config.pki_master_dict['pki_hostname'] + " " +\ config.pki_master_dict['pki_https_port'] elif config.pki_subsystem == "CA" and \ config.str2bool(config.pki_master_dict['pki_external']): config.pki_master_dict['pki_subsystem_name'] =\ - config.PKI_DEPLOYMENT_EXTERNAL_CA + " " +\ + PKIConfig.PKI_DEPLOYMENT_EXTERNAL_CA + " " +\ config.pki_subsystem + " " +\ config.pki_master_dict['pki_hostname'] + " " +\ config.pki_master_dict['pki_https_port'] elif config.pki_subsystem == "CA" and \ config.str2bool(config.pki_master_dict['pki_subordinate']): config.pki_master_dict['pki_subsystem_name'] =\ - config.PKI_DEPLOYMENT_SUBORDINATE_CA + " " +\ + PKIConfig.PKI_DEPLOYMENT_SUBORDINATE_CA + " " +\ config.pki_subsystem + " " +\ config.pki_master_dict['pki_hostname'] + " " +\ config.pki_master_dict['pki_https_port'] @@ -1652,7 +1653,7 @@ class PKIConfigParser: config.pki_master_dict['pki_admin_name'] + "@" +\ config.pki_master_dict['pki_dns_domainname'] if not len(config.pki_master_dict['pki_admin_nickname']): - if config.pki_subsystem in config.PKI_APACHE_SUBSYSTEMS: + if config.pki_subsystem in PKIConfig.PKI_APACHE_SUBSYSTEMS: if config.pki_master_dict['pki_subsystem'] == "RA": # PKI RA config.pki_master_dict['pki_admin_nickname'] =\ @@ -1665,7 +1666,7 @@ class PKIConfigParser: "TPS Administrator's" + " " +\ config.pki_master_dict['pki_security_domain_name'] +\ " " + "ID" - elif config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: + elif config.pki_subsystem in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: if not config.str2bool(config.pki_master_dict['pki_clone']): if config.pki_master_dict['pki_subsystem'] == "CA": if config.str2bool( @@ -1709,7 +1710,7 @@ class PKIConfigParser: config.pki_master_dict['pki_security_domain_name']\ + " " + "ID" if not len(config.pki_master_dict['pki_admin_subject_dn']): - if config.pki_subsystem in config.PKI_APACHE_SUBSYSTEMS: + if config.pki_subsystem in PKIConfig.PKI_APACHE_SUBSYSTEMS: if config.pki_master_dict['pki_subsystem'] == "RA": # PKI RA config.pki_master_dict['pki_admin_subject_dn'] =\ @@ -1728,7 +1729,7 @@ class PKIConfigParser: config.pki_master_dict['pki_admin_email'] +\ "," + "o=" +\ config.pki_master_dict['pki_security_domain_name'] - elif config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: + elif config.pki_subsystem in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: if not config.str2bool(config.pki_master_dict['pki_clone']): if config.pki_master_dict['pki_subsystem'] == "CA": if config.str2bool( @@ -1810,7 +1811,7 @@ class PKIConfigParser: # config.pki_master_dict['pki_ca_signing_subject_dn'] # config.pki_master_dict['pki_ca_signing_token'] # - if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: + if config.pki_subsystem in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: if not config.str2bool(config.pki_master_dict['pki_clone']): if config.pki_master_dict['pki_subsystem'] == "CA": # config.pki_master_dict['pki_ca_signing_nickname'] @@ -1879,7 +1880,7 @@ class PKIConfigParser: # config.pki_master_dict['pki_ocsp_signing_subject_dn'] # config.pki_master_dict['pki_ocsp_signing_token'] # - if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: + if config.pki_subsystem in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: if not config.str2bool(config.pki_master_dict['pki_clone']): if config.pki_master_dict['pki_subsystem'] == "CA": if not len(config.pki_master_dict\ @@ -1973,13 +1974,13 @@ class PKIConfigParser: "Server-Cert" + " " + "cert-" +\ config.pki_master_dict['pki_instance_id'] if not len(config.pki_master_dict['pki_ssl_server_subject_dn']): - if config.pki_subsystem in config.PKI_APACHE_SUBSYSTEMS: + if config.pki_subsystem in PKIConfig.PKI_APACHE_SUBSYSTEMS: config.pki_master_dict['pki_ssl_server_subject_dn'] =\ "cn=" + config.pki_master_dict['pki_hostname'] +\ "," + "ou=" + config.pki_master_dict['pki_instance_id'] +\ "," + "o=" +\ config.pki_master_dict['pki_security_domain_name'] - elif config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: + elif config.pki_subsystem in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: if config.pki_master_dict['pki_subsystem'] == "CA" and\ config.str2bool(config.pki_master_dict['pki_external']): # External CA @@ -2022,7 +2023,7 @@ class PKIConfigParser: # config.pki_master_dict['pki_subsystem_subject_dn'] # config.pki_master_dict['pki_subsystem_token'] # - if config.pki_subsystem in config.PKI_APACHE_SUBSYSTEMS: + if config.pki_subsystem in PKIConfig.PKI_APACHE_SUBSYSTEMS: if not len(config.pki_master_dict['pki_subsystem_nickname']): config.pki_master_dict['pki_subsystem_nickname'] =\ "subsystemCert" + " " + "cert-" +\ @@ -2047,7 +2048,7 @@ class PKIConfigParser: if not len(config.pki_master_dict['pki_subsystem_token']): config.pki_master_dict['pki_subsystem_token'] =\ "Internal Key Storage Token" - elif config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: + elif config.pki_subsystem in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: if not config.str2bool(config.pki_master_dict['pki_clone']): if not len(config.pki_master_dict['pki_subsystem_nickname']): config.pki_master_dict['pki_subsystem_nickname'] =\ @@ -2128,7 +2129,7 @@ class PKIConfigParser: # config.pki_master_dict['pki_audit_signing_subject_dn'] # config.pki_master_dict['pki_audit_signing_token'] # - if config.pki_subsystem in config.PKI_APACHE_SUBSYSTEMS: + if config.pki_subsystem in PKIConfig.PKI_APACHE_SUBSYSTEMS: if config.pki_master_dict['pki_subsystem'] != "RA": if not len(config.pki_master_dict\ ['pki_audit_signing_nickname']): @@ -2148,7 +2149,7 @@ class PKIConfigParser: if not len(config.pki_master_dict['pki_audit_signing_token']): config.pki_master_dict['pki_audit_signing_token'] =\ "Internal Key Storage Token" - elif config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: + elif config.pki_subsystem in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: if not config.str2bool(config.pki_master_dict['pki_clone']): if not len(config.pki_master_dict\ ['pki_audit_signing_nickname']): @@ -2229,7 +2230,7 @@ class PKIConfigParser: # config.pki_master_dict['pki_transport_subject_dn'] # config.pki_master_dict['pki_transport_token'] # - if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: + if config.pki_subsystem in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: if not config.str2bool(config.pki_master_dict['pki_clone']): if config.pki_master_dict['pki_subsystem'] == "KRA": # PKI KRA @@ -2274,7 +2275,7 @@ class PKIConfigParser: # config.pki_master_dict['pki_storage_subject_dn'] # config.pki_master_dict['pki_storage_token'] # - if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: + if config.pki_subsystem in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: if not config.str2bool(config.pki_master_dict['pki_clone']): if config.pki_master_dict['pki_subsystem'] == "KRA": # PKI KRA @@ -2297,11 +2298,11 @@ class PKIConfigParser: # Finalization name/value pairs config.pki_master_dict['pki_deployment_cfg_replica'] =\ os.path.join(config.pki_master_dict['pki_subsystem_registry_path'], - config.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE) + PKIConfig.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE) config.pki_master_dict['pki_deployment_cfg_spawn_archive'] =\ config.pki_master_dict['pki_subsystem_archive_log_path'] + "/" +\ "spawn" + "_" +\ - config.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE + "." +\ + PKIConfig.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE + "." +\ config.pki_master_dict['pki_timestamp'] config.pki_master_dict['pki_manifest'] =\ config.pki_master_dict['pki_subsystem_registry_path'] + "/" +\ @@ -2327,14 +2328,14 @@ class PKIConfigParser: config.pki_sensitive_dict['pki_one_time_pin']) # Compose this "systemd" execution management command if config.pki_master_dict['pki_subsystem'] in\ - config.PKI_APACHE_SUBSYSTEMS: + PKIConfig.PKI_APACHE_SUBSYSTEMS: config.pki_master_dict['pki_registry_initscript_command'] =\ "systemctl" + " " +\ "restart" + " " +\ "pki-apached" + "@" +\ config.pki_master_dict['pki_instance_id'] + "." + "service" elif config.pki_master_dict['pki_subsystem'] in\ - config.PKI_TOMCAT_SUBSYSTEMS: + PKIConfig.PKI_TOMCAT_SUBSYSTEMS: config.pki_master_dict['pki_registry_initscript_command'] =\ "systemctl" + " " +\ "restart" + " " +\ @@ -2342,11 +2343,11 @@ class PKIConfigParser: config.pki_master_dict['pki_instance_id'] + "." + "service" except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) except KeyError as err: config.pki_log.error(log.PKIHELPER_DICTIONARY_MASTER_MISSING_KEY_1, - err, extra=config.PKI_INDENTATION_LEVEL_2) + err, extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) return @@ -2360,11 +2361,11 @@ class PKIConfigParser: parser = ConfigParser.ConfigParser() # Make keys case-sensitive! parser.optionxform = str - parser.read(config.PKI_DEPLOYMENT_SLOTS_CONFIGURATION_FILE) + parser.read(PKIConfig.PKI_DEPLOYMENT_SLOTS_CONFIGURATION_FILE) # Slots configuration file name/value pairs - if config.pki_subsystem in config.PKI_APACHE_SUBSYSTEMS: + if config.pki_subsystem in PKIConfig.PKI_APACHE_SUBSYSTEMS: config.pki_slots_dict = dict(parser._sections['Apache']) - elif config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: + elif config.pki_subsystem in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: config.pki_slots_dict = dict(parser._sections['Tomcat']) except ConfigParser.ParsingError, err: rv = err diff --git a/base/deploy/src/scriptlets/security_databases.py b/base/deploy/src/scriptlets/security_databases.py index be0eecf56..1a437e2da 100644 --- a/base/deploy/src/scriptlets/security_databases.py +++ b/base/deploy/src/scriptlets/security_databases.py @@ -21,6 +21,7 @@ # PKI Deployment Imports import pkiconfig as config +from pkiconfig import PKIConfig from pkiconfig import pki_master_dict as master from pkiconfig import pki_sensitive_dict as sensitive import pkihelper as util @@ -35,10 +36,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def spawn(self): if config.str2bool(master['pki_skip_installation']): config.pki_log.info(log.SKIP_SECURITY_DATABASES_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) + extra=PKIConfig.PKI_INDENTATION_LEVEL_1) return self.rv config.pki_log.info(log.SECURITY_DATABASES_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) + extra=PKIConfig.PKI_INDENTATION_LEVEL_1) util.password.create_password_conf( master['pki_shared_password_conf'], sensitive['pki_pin']) @@ -57,11 +58,11 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): master['pki_secmod_database'], password_file=master['pki_shared_pfile']) util.file.modify(master['pki_cert_database'], perms=\ - config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) + PKIConfig.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) util.file.modify(master['pki_key_database'], perms=\ - config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) + PKIConfig.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) util.file.modify(master['pki_secmod_database'], perms=\ - config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) + PKIConfig.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) if util.instance.tomcat_instance_subsystems() < 2: # only create a self signed cert for a new instance @@ -99,14 +100,14 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def destroy(self): config.pki_log.info(log.SECURITY_DATABASES_DESTROY_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ + extra=PKIConfig.PKI_INDENTATION_LEVEL_1) + if master['pki_subsystem'] in PKIConfig.PKI_APACHE_SUBSYSTEMS and\ util.instance.apache_instance_subsystems() == 0: util.file.delete(master['pki_cert_database']) util.file.delete(master['pki_key_database']) util.file.delete(master['pki_secmod_database']) util.file.delete(master['pki_shared_password_conf']) - elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ + elif master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS and\ util.instance.tomcat_instance_subsystems() == 0: util.file.delete(master['pki_cert_database']) util.file.delete(master['pki_key_database']) diff --git a/base/deploy/src/scriptlets/selinux_setup.py b/base/deploy/src/scriptlets/selinux_setup.py index 56d03fd1d..be976cd18 100644 --- a/base/deploy/src/scriptlets/selinux_setup.py +++ b/base/deploy/src/scriptlets/selinux_setup.py @@ -21,6 +21,7 @@ # PKI Deployment Imports import pkiconfig as config +from pkiconfig import PKIConfig from pkiconfig import pki_master_dict as master from pkiconfig import pki_selinux_config_ports as ports import pkihelper as util @@ -42,59 +43,59 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def spawn(self): if config.str2bool(master['pki_skip_installation']): config.pki_log.info(log.SKIP_SELINUX_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) + extra=PKIConfig.PKI_INDENTATION_LEVEL_1) return self.rv config.pki_log.info(log.SELINUX_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) + extra=PKIConfig.PKI_INDENTATION_LEVEL_1) # check first if any transactions are required if len(ports) == 0 and master['pki_instance_name'] == \ - config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: + PKIConfig.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: self.restore_context() return self.rv # add SELinux contexts when adding the first subsystem - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ + if master['pki_subsystem'] in PKIConfig.PKI_APACHE_SUBSYSTEMS and\ util.instance.apache_instance_subsystems() == 1 or\ - master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ + master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS and\ util.instance.tomcat_instance_subsystems() == 1: trans = seobject.semanageRecords("targeted") trans.start() if master['pki_instance_name'] != \ - config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: + PKIConfig.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: fcon = seobject.fcontextRecords() config.pki_log.info("adding selinux fcontext \"%s\"", master['pki_instance_path'] + self.suffix, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) fcon.add(master['pki_instance_path'] + self.suffix, - config.PKI_INSTANCE_SELINUX_CONTEXT, "", "s0", "") + PKIConfig.PKI_INSTANCE_SELINUX_CONTEXT, "", "s0", "") config.pki_log.info("adding selinux fcontext \"%s\"", master['pki_instance_log_path'] + self.suffix, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) fcon.add(master['pki_instance_log_path'] + self.suffix, - config.PKI_LOG_SELINUX_CONTEXT, "", "s0", "") + PKIConfig.PKI_LOG_SELINUX_CONTEXT, "", "s0", "") config.pki_log.info("adding selinux fcontext \"%s\"", master['pki_instance_configuration_path'] + self.suffix, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) fcon.add(master['pki_instance_configuration_path'] + self.suffix, - config.PKI_CFG_SELINUX_CONTEXT, "", "s0", "") + PKIConfig.PKI_CFG_SELINUX_CONTEXT, "", "s0", "") config.pki_log.info("adding selinux fcontext \"%s\"", master['pki_database_path'] + self.suffix, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) fcon.add(master['pki_database_path'] + self.suffix, - config.PKI_CERTDB_SELINUX_CONTEXT, "", "s0", "") + PKIConfig.PKI_CERTDB_SELINUX_CONTEXT, "", "s0", "") portRecords = seobject.portRecords() for port in ports: config.pki_log.info("adding selinux port %s", port, - extra=config.PKI_INDENTATION_LEVEL_2) - portRecords.add(port, "tcp", "s0", config.PKI_PORT_SELINUX_CONTEXT) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) + portRecords.add(port, "tcp", "s0", PKIConfig.PKI_PORT_SELINUX_CONTEXT) trans.finish() @@ -103,52 +104,52 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def destroy(self): config.pki_log.info(log.SELINUX_DESTROY_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) + extra=PKIConfig.PKI_INDENTATION_LEVEL_1) # check first if any transactions are required if len(ports) == 0 and master['pki_instance_name'] == \ - config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: + PKIConfig.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: return self.rv # remove SELinux contexts when removing the last subsystem - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ + if master['pki_subsystem'] in PKIConfig.PKI_APACHE_SUBSYSTEMS and\ util.instance.apache_instance_subsystems() == 0 or\ - master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ + master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS and\ util.instance.tomcat_instance_subsystems() == 0: trans = seobject.semanageRecords("targeted") trans.start() if master['pki_instance_name'] != \ - config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: + PKIConfig.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: fcon = seobject.fcontextRecords() config.pki_log.info("deleting selinux fcontext \"%s\"", master['pki_instance_path'] + self.suffix, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) fcon.delete(master['pki_instance_path'] + self.suffix , "") config.pki_log.info("deleting selinux fcontext \"%s\"", master['pki_instance_log_path'] + self.suffix, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) fcon.delete(master['pki_instance_log_path'] + self.suffix, "") config.pki_log.info("deleting selinux fcontext \"%s\"", master['pki_instance_configuration_path'] + self.suffix, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) fcon.delete(master['pki_instance_configuration_path'] + \ self.suffix, "") config.pki_log.info("deleting selinux fcontext \"%s\"", master['pki_database_path'] + self.suffix, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) fcon.delete(master['pki_database_path'] + self.suffix , "") portRecords = seobject.portRecords() for port in ports: config.pki_log.info("deleting selinux port %s", port, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) portRecords.delete(port, "tcp") trans.finish() diff --git a/base/deploy/src/scriptlets/slot_substitution.py b/base/deploy/src/scriptlets/slot_substitution.py index 8e566e266..d80ccf0e8 100644 --- a/base/deploy/src/scriptlets/slot_substitution.py +++ b/base/deploy/src/scriptlets/slot_substitution.py @@ -21,6 +21,7 @@ # PKI Deployment Imports import pkiconfig as config +from pkiconfig import PKIConfig from pkiconfig import pki_master_dict as master from pkiconfig import pki_slots_dict as slots import pkihelper as util @@ -35,16 +36,16 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def spawn(self): if config.str2bool(master['pki_skip_installation']): config.pki_log.info(log.SKIP_SLOT_ASSIGNMENT_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) + extra=PKIConfig.PKI_INDENTATION_LEVEL_1) return self.rv config.pki_log.info(log.SLOT_ASSIGNMENT_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) + extra=PKIConfig.PKI_INDENTATION_LEVEL_1) util.file.copy_with_slot_substitution(master['pki_source_cs_cfg'], master['pki_target_cs_cfg']) util.file.copy_with_slot_substitution(master['pki_source_registry'], master['pki_target_registry'], uid=0, gid=0, overwrite_flag=True) - if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + if master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: util.file.copy_with_slot_substitution( master['pki_source_catalina_properties'], master['pki_target_catalina_properties'], @@ -94,7 +95,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def destroy(self): config.pki_log.info(log.SLOT_ASSIGNMENT_DESTROY_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) + extra=PKIConfig.PKI_INDENTATION_LEVEL_1) config.pki_log.info("NOTHING NEEDS TO BE IMPLEMENTED", - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) return self.rv diff --git a/base/deploy/src/scriptlets/subsystem_layout.py b/base/deploy/src/scriptlets/subsystem_layout.py index f340ead49..87ccef888 100644 --- a/base/deploy/src/scriptlets/subsystem_layout.py +++ b/base/deploy/src/scriptlets/subsystem_layout.py @@ -21,6 +21,7 @@ # PKI Deployment Imports import pkiconfig as config +from pkiconfig import PKIConfig from pkiconfig import pki_master_dict as master import pkihelper as util import pkimessages as log @@ -34,21 +35,21 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def spawn(self): if config.str2bool(master['pki_skip_installation']): config.pki_log.info(log.SKIP_SUBSYSTEM_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) + extra=PKIConfig.PKI_INDENTATION_LEVEL_1) return self.rv config.pki_log.info(log.SUBSYSTEM_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) + extra=PKIConfig.PKI_INDENTATION_LEVEL_1) # establish instance-based subsystem logs util.directory.create(master['pki_subsystem_log_path']) util.directory.create(master['pki_subsystem_archive_log_path']) - if master['pki_subsystem'] in config.PKI_SIGNED_AUDIT_SUBSYSTEMS: + if master['pki_subsystem'] in PKIConfig.PKI_SIGNED_AUDIT_SUBSYSTEMS: util.directory.create(master['pki_subsystem_signed_audit_log_path']) # establish instance-based subsystem configuration util.directory.create(master['pki_subsystem_configuration_path']) # util.directory.copy(master['pki_source_conf_path'], # master['pki_subsystem_configuration_path']) # establish instance-based Apache/Tomcat specific subsystems - if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + if master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: # establish instance-based Tomcat PKI subsystem base if master['pki_subsystem'] == "CA": util.directory.copy(master['pki_source_emails'], @@ -103,14 +104,14 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def destroy(self): config.pki_log.info(log.SUBSYSTEM_DESTROY_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) + extra=PKIConfig.PKI_INDENTATION_LEVEL_1) # remove instance-based subsystem base if master['pki_subsystem'] == "CA": util.directory.delete(master['pki_subsystem_emails_path']) util.directory.delete(master['pki_subsystem_profiles_path']) util.directory.delete(master['pki_subsystem_path']) # remove instance-based subsystem logs - if master['pki_subsystem'] in config.PKI_SIGNED_AUDIT_SUBSYSTEMS: + if master['pki_subsystem'] in PKIConfig.PKI_SIGNED_AUDIT_SUBSYSTEMS: util.directory.delete(master['pki_subsystem_signed_audit_log_path']) util.directory.delete(master['pki_subsystem_archive_log_path']) util.directory.delete(master['pki_subsystem_log_path']) diff --git a/base/deploy/src/scriptlets/webapp_deployment.py b/base/deploy/src/scriptlets/webapp_deployment.py index 4597b57bd..6c7672a22 100644 --- a/base/deploy/src/scriptlets/webapp_deployment.py +++ b/base/deploy/src/scriptlets/webapp_deployment.py @@ -25,6 +25,7 @@ import os # PKI Deployment Imports import pkiconfig as config +from pkiconfig import PKIConfig from pkiconfig import pki_master_dict as master import pkihelper as util import pkimessages as log @@ -36,21 +37,21 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 def spawn(self): - if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + if master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: if config.str2bool(master['pki_skip_installation']): config.pki_log.info(log.SKIP_WEBAPP_DEPLOYMENT_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) + extra=PKIConfig.PKI_INDENTATION_LEVEL_1) return self.rv config.pki_log.info(log.WEBAPP_DEPLOYMENT_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) + extra=PKIConfig.PKI_INDENTATION_LEVEL_1) # Copy /usr/share/pki/server/webapps/ROOT # to /webapps/ROOT util.directory.create(master['pki_tomcat_webapps_root_path']) util.directory.copy( os.path.join( - config.PKI_DEPLOYMENT_SOURCE_ROOT, + PKIConfig.PKI_DEPLOYMENT_SOURCE_ROOT, "server", "webapps", "ROOT"), @@ -62,7 +63,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): util.directory.create(master['pki_tomcat_webapps_common_path']) util.directory.copy( os.path.join( - config.PKI_DEPLOYMENT_SOURCE_ROOT, + PKIConfig.PKI_DEPLOYMENT_SOURCE_ROOT, "common-ui"), master['pki_tomcat_webapps_common_path'], overwrite_flag=True) @@ -72,7 +73,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): util.directory.create(master['pki_tomcat_webapps_subsystem_path']) util.directory.copy( os.path.join( - config.PKI_DEPLOYMENT_SOURCE_ROOT, + PKIConfig.PKI_DEPLOYMENT_SOURCE_ROOT, "server", "webapps", "pki", @@ -88,7 +89,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): util.directory.create(master['pki_tomcat_webapps_subsystem_path']) util.directory.copy( os.path.join( - config.PKI_DEPLOYMENT_SOURCE_ROOT, + PKIConfig.PKI_DEPLOYMENT_SOURCE_ROOT, "server", "webapps", "pki", @@ -102,7 +103,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # to /webapps/ util.directory.copy( os.path.join( - config.PKI_DEPLOYMENT_SOURCE_ROOT, + PKIConfig.PKI_DEPLOYMENT_SOURCE_ROOT, master['pki_subsystem'].lower(), "webapps", master['pki_subsystem'].lower()), @@ -143,8 +144,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): return self.rv def destroy(self): - if master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + if master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: config.pki_log.info(log.WEBAPP_DEPLOYMENT_DESTROY_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) + extra=PKIConfig.PKI_INDENTATION_LEVEL_1) util.directory.delete(master['pki_tomcat_webapps_subsystem_path']) return self.rv -- cgit