From 318716f3425a1d818e0633453a1d27a68d2f7f5f Mon Sep 17 00:00:00 2001 From: Ade Lee Date: Fri, 9 Nov 2012 12:31:40 -0500 Subject: removed dry_run from pkispawn Ticket 411 --- base/deploy/src/scriptlets/configuration.py | 176 ++++++++++------------------ 1 file changed, 62 insertions(+), 114 deletions(-) (limited to 'base/deploy/src/scriptlets/configuration.py') diff --git a/base/deploy/src/scriptlets/configuration.py b/base/deploy/src/scriptlets/configuration.py index f2d3ab1b1..c9454d951 100644 --- a/base/deploy/src/scriptlets/configuration.py +++ b/base/deploy/src/scriptlets/configuration.py @@ -39,98 +39,59 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): return self.rv config.pki_log.info(log.CONFIGURATION_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - if not config.pki_dry_run_flag: - # Place "slightly" less restrictive permissions on - # the top-level client directory ONLY - util.directory.create(master['pki_client_dir'], - uid=0, gid=0, - perms=config.PKI_DEPLOYMENT_DEFAULT_CLIENT_DIR_PERMISSIONS) - # Since 'certutil' does NOT strip the 'token=' portion of - # the 'token=password' entries, create a client password file - # which ONLY contains the 'password' for the purposes of - # allowing 'certutil' to generate the security databases - util.password.create_password_conf( - master['pki_client_password_conf'], - sensitive['pki_client_database_password'], pin_sans_token=True) - util.file.modify(master['pki_client_password_conf'], - uid=0, gid=0) - # Similarly, create a simple password file containing the - # PKCS #12 password used when exporting the "Admin Certificate" - # into a PKCS #12 file - util.password.create_client_pkcs12_password_conf( - master['pki_client_pkcs12_password_conf']) - util.file.modify(master['pki_client_pkcs12_password_conf']) - util.directory.create(master['pki_client_database_dir'], - uid=0, gid=0) - util.certutil.create_security_databases( - master['pki_client_database_dir'], - master['pki_client_cert_database'], - master['pki_client_key_database'], - master['pki_client_secmod_database'], - password_file=master['pki_client_password_conf']) - util.symlink.create(master['pki_systemd_service'], - master['pki_systemd_service_link']) - else: - # Since 'certutil' does NOT strip the 'token=' portion of - # the 'token=password' entries, create a client password file - # which ONLY contains the 'password' for the purposes of - # allowing 'certutil' to generate the security databases - util.password.create_password_conf( - master['pki_client_password_conf'], - sensitive['pki_client_database_password'], pin_sans_token=True) - # Similarly, create a simple password file containing the - # PKCS #12 password used when exporting the "Admin Certificate" - # into a PKCS #12 file - util.password.create_client_pkcs12_password_conf( - master['pki_client_pkcs12_password_conf']) - util.certutil.create_security_databases( - master['pki_client_database_dir'], - master['pki_client_cert_database'], - master['pki_client_key_database'], - master['pki_client_secmod_database'], - password_file=master['pki_client_password_conf']) + + # Place "slightly" less restrictive permissions on + # the top-level client directory ONLY + util.directory.create(master['pki_client_dir'], + uid=0, gid=0, + perms=config.PKI_DEPLOYMENT_DEFAULT_CLIENT_DIR_PERMISSIONS) + # Since 'certutil' does NOT strip the 'token=' portion of + # the 'token=password' entries, create a client password file + # which ONLY contains the 'password' for the purposes of + # allowing 'certutil' to generate the security databases + util.password.create_password_conf( + master['pki_client_password_conf'], + sensitive['pki_client_database_password'], pin_sans_token=True) + util.file.modify(master['pki_client_password_conf'], + uid=0, gid=0) + # Similarly, create a simple password file containing the + # PKCS #12 password used when exporting the "Admin Certificate" + # into a PKCS #12 file + util.password.create_client_pkcs12_password_conf( + master['pki_client_pkcs12_password_conf']) + util.file.modify(master['pki_client_pkcs12_password_conf']) + util.directory.create(master['pki_client_database_dir'], + uid=0, gid=0) + util.certutil.create_security_databases( + master['pki_client_database_dir'], + master['pki_client_cert_database'], + master['pki_client_key_database'], + master['pki_client_secmod_database'], + password_file=master['pki_client_password_conf']) + util.symlink.create(master['pki_systemd_service'], + master['pki_systemd_service_link']) + # Start/Restart this Apache/Tomcat PKI Process - if not config.pki_dry_run_flag: - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: - apache_instance_subsystems =\ - util.instance.apache_instance_subsystems() - if apache_instance_subsystems == 1: - util.systemd.start() - elif apache_instance_subsystems > 1: - util.systemd.restart() - elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: - # Optionally prepare to enable a java debugger - # (e. g. - 'eclipse'): - if config.str2bool(master['pki_enable_java_debugger']): - config.prepare_for_an_external_java_debugger( - master['pki_target_tomcat_conf_instance_id']) - tomcat_instance_subsystems =\ - util.instance.tomcat_instance_subsystems() - if tomcat_instance_subsystems == 1: - util.systemd.start() - elif tomcat_instance_subsystems > 1: - util.systemd.restart() - else: - # ALWAYS display correct information (even during dry_run) - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: - apache_instance_subsystems =\ - util.instance.apache_instance_subsystems() - if apache_instance_subsystems == 0: - util.systemd.start() - elif apache_instance_subsystems > 0: - util.systemd.restart() - elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: - # Optionally prepare to enable a java debugger - # (e. g. - 'eclipse'): - if config.str2bool(master['pki_enable_java_debugger']): - config.prepare_for_an_external_java_debugger( - master['pki_target_tomcat_conf_instance_id']) - tomcat_instance_subsystems =\ - util.instance.tomcat_instance_subsystems() - if tomcat_instance_subsystems == 0: - util.systemd.start() - elif tomcat_instance_subsystems > 0: - util.systemd.restart() + if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: + apache_instance_subsystems =\ + util.instance.apache_instance_subsystems() + if apache_instance_subsystems == 1: + util.systemd.start() + elif apache_instance_subsystems > 1: + util.systemd.restart() + elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + # Optionally prepare to enable a java debugger + # (e. g. - 'eclipse'): + if config.str2bool(master['pki_enable_java_debugger']): + config.prepare_for_an_external_java_debugger( + master['pki_target_tomcat_conf_instance_id']) + tomcat_instance_subsystems =\ + util.instance.tomcat_instance_subsystems() + if tomcat_instance_subsystems == 1: + util.systemd.start() + elif tomcat_instance_subsystems > 1: + util.systemd.restart() + # Pass control to the Java servlet via Jython 2.2 'configuration.jy' util.jython.invoke(master['pki_jython_configuration_scriptlet']) return self.rv @@ -143,27 +104,14 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def destroy(self): config.pki_log.info(log.CONFIGURATION_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - if not config.pki_dry_run_flag: - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ - util.instance.apache_instance_subsystems() == 1: - if util.directory.exists(master['pki_client_dir']): - util.directory.delete(master['pki_client_dir']) - util.symlink.delete(master['pki_systemd_service_link']) - elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ - util.instance.tomcat_instance_subsystems() == 1: - if util.directory.exists(master['pki_client_dir']): - util.directory.delete(master['pki_client_dir']) - util.symlink.delete(master['pki_systemd_service_link']) - else: - # ALWAYS display correct information (even during dry_run) - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ - util.instance.apache_instance_subsystems() == 0: - if util.directory.exists(master['pki_client_dir']): - util.directory.delete(master['pki_client_dir']) - util.symlink.delete(master['pki_systemd_service_link']) - elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ - util.instance.tomcat_instance_subsystems() == 0: - if util.directory.exists(master['pki_client_dir']): - util.directory.delete(master['pki_client_dir']) - util.symlink.delete(master['pki_systemd_service_link']) + if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ + util.instance.apache_instance_subsystems() == 1: + if util.directory.exists(master['pki_client_dir']): + util.directory.delete(master['pki_client_dir']) + util.symlink.delete(master['pki_systemd_service_link']) + elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ + util.instance.tomcat_instance_subsystems() == 1: + if util.directory.exists(master['pki_client_dir']): + util.directory.delete(master['pki_client_dir']) + util.symlink.delete(master['pki_systemd_service_link']) return self.rv -- cgit