From f589cc1e267d6d7b67a6463b4495b7a9c982669f Mon Sep 17 00:00:00 2001 From: Matthew Harmsen Date: Sat, 28 Jul 2012 18:59:30 -0700 Subject: PKI Deployment Scriptlets * TRAC Ticket #263 - Dogtag 10: Fix 'pkidestroy' problem of sporadically "not" removing "/etc/sysconfig/{pki_instance_id}" . . . * TRAC Ticket #264 - Dogtag 10: Enable various other subsystems for configuration . . . * TRAC Ticket #261 - Dogtag 10: Revisit command-line options of 'pkispawn' and 'pkidestroy' . . . * TRAC Ticket #268 - Dogtag 10: Create a parameter for optional restart of configured PKI instance . . . * TRAC Ticket #270 - Dogtag 10: Add missing parameters to 'pkideployment.cfg' . . . * TRAC Ticket #265 - Dogtag 10: Provide configurable options for PKI client information . . . * TRAC Ticket #275 - Dogtag 10: Add debug information (comments) to Tomcat 7 "logging.properties" * TRAC Ticket #276 - Dogtag 10: Relocate all 'pin' data to the 'sensitive' dictionary * TRAC Ticket #277 - Dogtag 10: Create an 'archive' for 'manifest' and 'pkideployment.cfg' files * TRAC Ticket #278 - Dogtag 10: Fix Miscellaneous PKI Deployment Scriptlet Issues . . . --- base/deploy/src/scriptlets/finalization.py | 82 ++++++++++++++++++++---------- 1 file changed, 56 insertions(+), 26 deletions(-) (limited to 'base/deploy/src/scriptlets/finalization.py') diff --git a/base/deploy/src/scriptlets/finalization.py b/base/deploy/src/scriptlets/finalization.py index bceec67e0..ab66cd74a 100644 --- a/base/deploy/src/scriptlets/finalization.py +++ b/base/deploy/src/scriptlets/finalization.py @@ -35,23 +35,36 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def spawn(self): config.pki_log.info(log.FINALIZATION_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - # Save a copy of the configuration file used by this process - # (which may be used later by 'pkidestroy') - util.file.copy(config.pkideployment_cfg, - master['pki_subsystem_registry_path'] +\ - "/" + config.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE) - # Save a timestamped copy of the installation manifest file - filename = master['pki_subsystem_registry_path'] + "/" +\ - "spawn" + "_" + "manifest" + "." +\ - master['pki_timestamp'] + "." + "csv" - config.pki_log.info(log.PKI_MANIFEST_MESSAGE_1, filename, + # For debugging/auditing purposes, save a timestamped copy of + # this configuration file in the subsystem archive + util.file.copy(master['pki_deployment_cfg_replica'], + master['pki_deployment_cfg_spawn_archive']) + # Save a copy of the installation manifest file + config.pki_log.info(log.PKI_MANIFEST_MESSAGE_1, master['pki_manifest'], extra=config.PKI_INDENTATION_LEVEL_2) # for record in manifest.database: # print tuple(record) if not config.pki_dry_run_flag: - manifest.file.register(filename) + manifest.file.register(master['pki_manifest']) manifest.file.write() - util.file.modify(filename, silent=True) + util.file.modify(master['pki_manifest'], silent=True) + # Also, for debugging/auditing purposes, save a timestamped copy of + # this installation manifest file + util.file.copy(master['pki_manifest'], + master['pki_manifest_spawn_archive']) + # Optionally, programmatically 'restart' the configured PKI instance + if config.str2bool(master['pki_restart_configured_instance']): + util.systemd.restart() + # Optionally, 'purge' the entire temporary client infrastructure + # including the client NSS security databases and password files + # + # WARNING: If the PKCS #12 file containing the Admin Cert was + # placed under this infrastructure, it may accidentally + # be deleted! + # + if config.str2bool(master['pki_client_database_purge']): + if util.directory.exists(master['pki_client_dir']): + util.directory.delete(master['pki_client_dir']) # Log final process messages config.pki_log.info(log.PKISPAWN_END_MESSAGE_2, master['pki_subsystem'], @@ -66,22 +79,39 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): extra=config.PKI_INDENTATION_LEVEL_1) # Save a copy of the configuration file used by this process # (which may be used later by 'pkidestroy') - util.file.copy(config.pkideployment_cfg, - master['pki_subsystem_registry_path'] +\ - "/" + config.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE, + util.file.copy(master['pki_deployment_cfg'], + master['pki_deployment_cfg_replica'], overwrite_flag=True) - # Save a timestamped copy of the updated manifest file - filename = master['pki_subsystem_registry_path'] + "/" +\ - "respawn" + "_" + "manifest" + "." +\ - master['pki_timestamp'] + "." + "csv" - config.pki_log.info(log.PKI_MANIFEST_MESSAGE_1, filename, + # Also, for debugging/auditing purposes, save a timestamped copy of + # this configuration file in the subsystem archive + util.file.copy(master['pki_deployment_cfg_replica'], + master['pki_deployment_cfg_respawn_archive']) + # Save a copy of the updated manifest file + config.pki_log.info(log.PKI_MANIFEST_MESSAGE_1, master['pki_manifest'], extra=config.PKI_INDENTATION_LEVEL_2) # for record in manifest.database: # print tuple(record) if not config.pki_dry_run_flag: - manifest.file.register(filename) + manifest.file.register(master['pki_manifest']) manifest.file.write() - util.file.modify(filename, silent=True) + util.file.modify(master['pki_manifest'], silent=True) + # Also, for debugging/auditing purposes, save a timestamped copy of + # this installation manifest file + util.file.copy(master['pki_manifest'], + master['pki_manifest_respawn_archive']) + # Optionally, programmatically 'restart' the configured PKI instance + if config.str2bool(master['pki_restart_configured_instance']): + util.systemd.restart() + # Optionally, 'purge' the entire temporary client infrastructure + # including the client NSS security databases and password files + # + # WARNING: If the PKCS #12 file containing the Admin Cert was + # placed under this infrastructure, it may accidentally + # be deleted! + # + if config.str2bool(master['pki_client_database_purge']): + if util.directory.exists(master['pki_client_dir']): + util.directory.delete(master['pki_client_dir']) # Log final process messages config.pki_log.info(log.PKIRESPAWN_END_MESSAGE_2, master['pki_subsystem'], @@ -94,10 +124,6 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def destroy(self): config.pki_log.info(log.FINALIZATION_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - config.pki_log.info(log.PKIDESTROY_END_MESSAGE_2, - master['pki_subsystem'], - master['pki_instance_id'], - extra=config.PKI_INDENTATION_LEVEL_0) if not config.pki_dry_run_flag: util.file.modify(master['pki_destroy_log'], silent=True) # Start this Apache/Tomcat PKI Process @@ -116,4 +142,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ util.instance.tomcat_instances() >= 0: util.systemd.start() + config.pki_log.info(log.PKIDESTROY_END_MESSAGE_2, + master['pki_subsystem'], + master['pki_instance_id'], + extra=config.PKI_INDENTATION_LEVEL_0) return self.rv -- cgit