From 126911eac9bc32f167b0f67e9801528b762af51e Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Tue, 13 Nov 2012 22:31:37 -0500 Subject: Refactored constants in pkiconfig.py. --- base/deploy/src/scriptlets/pkiconfig.py | 189 ++++++++++++++++---------------- 1 file changed, 96 insertions(+), 93 deletions(-) (limited to 'base/deploy/src/scriptlets/pkiconfig.py') diff --git a/base/deploy/src/scriptlets/pkiconfig.py b/base/deploy/src/scriptlets/pkiconfig.py index e8e65970e..3dfab0643 100644 --- a/base/deploy/src/scriptlets/pkiconfig.py +++ b/base/deploy/src/scriptlets/pkiconfig.py @@ -19,93 +19,101 @@ # All rights reserved. # -# PKI Deployment Constants -PKI_DEPLOYMENT_DEFAULT_CLIENT_DIR_PERMISSIONS = 00755 -PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS = 00770 -PKI_DEPLOYMENT_DEFAULT_EXE_PERMISSIONS = 00770 -PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS = 00660 -PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS = 00600 -PKI_DEPLOYMENT_DEFAULT_SGID_DIR_PERMISSIONS = 02770 -PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS = 00777 -PKI_DEPLOYMENT_DEFAULT_UMASK = 00002 - -PKI_DEPLOYMENT_DEFAULT_COMMENT = "'Certificate System'" -PKI_DEPLOYMENT_DEFAULT_GID = 17 -PKI_DEPLOYMENT_DEFAULT_GROUP = "pkiuser" -PKI_DEPLOYMENT_DEFAULT_SHELL = "/sbin/nologin" -PKI_DEPLOYMENT_DEFAULT_UID = 17 -PKI_DEPLOYMENT_DEFAULT_USER = "pkiuser" - -PKI_SUBSYSTEMS = ["CA","KRA","OCSP","RA","TKS","TPS"] -PKI_SIGNED_AUDIT_SUBSYSTEMS = ["CA","KRA","OCSP","TKS","TPS"] -PKI_APACHE_SUBSYSTEMS = ["RA","TPS"] -PKI_TOMCAT_SUBSYSTEMS = ["CA","KRA","OCSP","TKS"] -PKI_BASE_RESERVED_NAMES = ["alias", "bin", "ca", "common", "conf", "kra", - "lib", "logs", "ocsp", "temp", "tks", "webapps", - "work"] -PKI_CONFIGURATION_RESERVED_NAMES = ["CA", "java", "nssdb", "rpm-gpg", - "rsyslog", "tls"] -PKI_APACHE_REGISTRY_RESERVED_NAMES = ["ra", "tps"] -PKI_TOMCAT_REGISTRY_RESERVED_NAMES = ["ca", "kra", "ocsp", "tks"] - -PKI_INDENTATION_LEVEL_0 = {'indent' : ''} -PKI_INDENTATION_LEVEL_1 = {'indent' : '... '} -PKI_INDENTATION_LEVEL_2 = {'indent' : '....... '} -PKI_INDENTATION_LEVEL_3 = {'indent' : '........... '} -PKI_INDENTATION_LEVEL_4 = {'indent' : '............... '} - -PKI_DEPLOYMENT_INTERRUPT_BANNER = "-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+"\ - "-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-" -PKI_DEPLOYMENT_JAR_SOURCE_ROOT = "/usr/share/java" -PKI_DEPLOYMENT_HTTPCOMPONENTS_JAR_SOURCE_ROOT = "/usr/share/java/httpcomponents" -PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT = "/usr/share/java/pki" -PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT = "/usr/share/java/resteasy" -PKI_DEPLOYMENT_SOURCE_ROOT = "/usr/share/pki" -PKI_DEPLOYMENT_SYSTEMD_ROOT = "/lib/systemd/system" -PKI_DEPLOYMENT_SYSTEMD_CONFIGURATION_ROOT = "/etc/systemd/system" -PKI_DEPLOYMENT_TOMCAT_ROOT = "/usr/share/tomcat" -PKI_DEPLOYMENT_TOMCAT_SYSTEMD = "/usr/sbin/tomcat-sysd" -PKI_DEPLOYMENT_BASE_ROOT = "/var/lib/pki" -# NOTE: Top-level "/etc/pki" is owned by the "filesystem" package! -PKI_DEPLOYMENT_CONFIGURATION_ROOT = "/etc/pki" -PKI_DEPLOYMENT_LOG_ROOT = "/var/log/pki" -# NOTE: Well-known 'registry root', default 'instance', and default -# 'configuration file' names MUST be created in order to potentially -# obtain an instance-specific configuration file -# (presuming one has not been specified during command-line parsing) -# because command-line parsing happens prior to reading any -# configuration files. Although the 'registry root' MUST remain fixed, -# the default 'instance' name may be overridden by the value specified -# in the configuration file (the value in the default configuration file -# should always match the 'default' instance name specified below). -PKI_DEPLOYMENT_REGISTRY_ROOT = "/etc/sysconfig/pki" -PKI_DEPLOYMENT_DEFAULT_ADMIN_DOMAIN_NAME = None -PKI_DEPLOYMENT_DEFAULT_APACHE_SERVICE_NAME = "apache" -PKI_DEPLOYMENT_DEFAULT_TOMCAT_SERVICE_NAME = "tomcat" -PKI_DEPLOYMENT_DEFAULT_APACHE_INSTANCE_NAME = "pki-apache" -PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME = "pki-tomcat" -PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE = "pkideployment.cfg" -PKI_DEPLOYMENT_SLOTS_CONFIGURATION_FILE =\ - "/usr/share/pki/deployment/config/pkislots.cfg" - -# subtypes of PKI subsystems -PKI_DEPLOYMENT_CLONED_PKI_SUBSYSTEM = "Cloned" -PKI_DEPLOYMENT_EXTERNAL_CA = "External" -PKI_DEPLOYMENT_SUBORDINATE_CA = "Subordinate" - -# default ports (for defined selinux policy) -PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTP_PORT = 8080 -PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTPS_PORT = 8443 -PKI_DEPLOYMENT_DEFAULT_TOMCAT_SERVER_PORT = 8005 -PKI_DEPLOYMENT_DEFAULT_TOMCAT_AJP_PORT = 8009 - -# PKI Deployment Jython 2.2 Constants -PKI_JYTHON_CRITICAL_LOG_LEVEL = 1 -PKI_JYTHON_ERROR_LOG_LEVEL = 2 -PKI_JYTHON_WARNING_LOG_LEVEL = 3 -PKI_JYTHON_INFO_LOG_LEVEL = 4 -PKI_JYTHON_DEBUG_LOG_LEVEL = 5 - +class PKIConfig: + + # PKI Deployment Constants + PKI_DEPLOYMENT_DEFAULT_CLIENT_DIR_PERMISSIONS = 00755 + PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS = 00770 + PKI_DEPLOYMENT_DEFAULT_EXE_PERMISSIONS = 00770 + PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS = 00660 + PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS = 00600 + PKI_DEPLOYMENT_DEFAULT_SGID_DIR_PERMISSIONS = 02770 + PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS = 00777 + PKI_DEPLOYMENT_DEFAULT_UMASK = 00002 + + PKI_DEPLOYMENT_DEFAULT_COMMENT = "'Certificate System'" + PKI_DEPLOYMENT_DEFAULT_GID = 17 + PKI_DEPLOYMENT_DEFAULT_GROUP = "pkiuser" + PKI_DEPLOYMENT_DEFAULT_SHELL = "/sbin/nologin" + PKI_DEPLOYMENT_DEFAULT_UID = 17 + PKI_DEPLOYMENT_DEFAULT_USER = "pkiuser" + + PKI_SUBSYSTEMS = ["CA","KRA","OCSP","RA","TKS","TPS"] + PKI_SIGNED_AUDIT_SUBSYSTEMS = ["CA","KRA","OCSP","TKS","TPS"] + PKI_APACHE_SUBSYSTEMS = ["RA","TPS"] + PKI_TOMCAT_SUBSYSTEMS = ["CA","KRA","OCSP","TKS"] + PKI_BASE_RESERVED_NAMES = ["alias", "bin", "ca", "common", "conf", "kra", + "lib", "logs", "ocsp", "temp", "tks", "webapps", + "work"] + PKI_CONFIGURATION_RESERVED_NAMES = ["CA", "java", "nssdb", "rpm-gpg", + "rsyslog", "tls"] + PKI_APACHE_REGISTRY_RESERVED_NAMES = ["ra", "tps"] + PKI_TOMCAT_REGISTRY_RESERVED_NAMES = ["ca", "kra", "ocsp", "tks"] + + PKI_INDENTATION_LEVEL_0 = {'indent' : ''} + PKI_INDENTATION_LEVEL_1 = {'indent' : '... '} + PKI_INDENTATION_LEVEL_2 = {'indent' : '....... '} + PKI_INDENTATION_LEVEL_3 = {'indent' : '........... '} + PKI_INDENTATION_LEVEL_4 = {'indent' : '............... '} + + PKI_DEPLOYMENT_INTERRUPT_BANNER = "-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+"\ + "-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-" + PKI_DEPLOYMENT_JAR_SOURCE_ROOT = "/usr/share/java" + PKI_DEPLOYMENT_HTTPCOMPONENTS_JAR_SOURCE_ROOT = "/usr/share/java/httpcomponents" + PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT = "/usr/share/java/pki" + PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT = "/usr/share/java/resteasy" + PKI_DEPLOYMENT_SOURCE_ROOT = "/usr/share/pki" + PKI_DEPLOYMENT_SYSTEMD_ROOT = "/lib/systemd/system" + PKI_DEPLOYMENT_SYSTEMD_CONFIGURATION_ROOT = "/etc/systemd/system" + PKI_DEPLOYMENT_TOMCAT_ROOT = "/usr/share/tomcat" + PKI_DEPLOYMENT_TOMCAT_SYSTEMD = "/usr/sbin/tomcat-sysd" + PKI_DEPLOYMENT_BASE_ROOT = "/var/lib/pki" + # NOTE: Top-level "/etc/pki" is owned by the "filesystem" package! + PKI_DEPLOYMENT_CONFIGURATION_ROOT = "/etc/pki" + PKI_DEPLOYMENT_LOG_ROOT = "/var/log/pki" + # NOTE: Well-known 'registry root', default 'instance', and default + # 'configuration file' names MUST be created in order to potentially + # obtain an instance-specific configuration file + # (presuming one has not been specified during command-line parsing) + # because command-line parsing happens prior to reading any + # configuration files. Although the 'registry root' MUST remain fixed, + # the default 'instance' name may be overridden by the value specified + # in the configuration file (the value in the default configuration file + # should always match the 'default' instance name specified below). + PKI_DEPLOYMENT_REGISTRY_ROOT = "/etc/sysconfig/pki" + PKI_DEPLOYMENT_DEFAULT_ADMIN_DOMAIN_NAME = None + PKI_DEPLOYMENT_DEFAULT_APACHE_SERVICE_NAME = "apache" + PKI_DEPLOYMENT_DEFAULT_TOMCAT_SERVICE_NAME = "tomcat" + PKI_DEPLOYMENT_DEFAULT_APACHE_INSTANCE_NAME = "pki-apache" + PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME = "pki-tomcat" + PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE = "pkideployment.cfg" + PKI_DEPLOYMENT_SLOTS_CONFIGURATION_FILE =\ + "/usr/share/pki/deployment/config/pkislots.cfg" + + # subtypes of PKI subsystems + PKI_DEPLOYMENT_CLONED_PKI_SUBSYSTEM = "Cloned" + PKI_DEPLOYMENT_EXTERNAL_CA = "External" + PKI_DEPLOYMENT_SUBORDINATE_CA = "Subordinate" + + # default ports (for defined selinux policy) + PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTP_PORT = 8080 + PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTPS_PORT = 8443 + PKI_DEPLOYMENT_DEFAULT_TOMCAT_SERVER_PORT = 8005 + PKI_DEPLOYMENT_DEFAULT_TOMCAT_AJP_PORT = 8009 + + # PKI Deployment Jython 2.2 Constants + PKI_JYTHON_CRITICAL_LOG_LEVEL = 1 + PKI_JYTHON_ERROR_LOG_LEVEL = 2 + PKI_JYTHON_WARNING_LOG_LEVEL = 3 + PKI_JYTHON_INFO_LOG_LEVEL = 4 + PKI_JYTHON_DEBUG_LOG_LEVEL = 5 + + # PKI Selinux Constants + PKI_INSTANCE_SELINUX_CONTEXT = "pki_tomcat_var_lib_t" + PKI_LOG_SELINUX_CONTEXT = "pki_tomcat_log_t" + PKI_CFG_SELINUX_CONTEXT = "pki_tomcat_etc_rw_t" + PKI_CERTDB_SELINUX_CONTEXT = "pki_tomcat_cert_t" + PKI_PORT_SELINUX_CONTEXT = "http_port_t" # PKI Deployment Global Variables pki_install_time = None @@ -192,10 +200,5 @@ pki_master_dict = None pki_slots_dict = None pki_master_jython_dict = None -# PKI Selinux Constants and parameters -PKI_INSTANCE_SELINUX_CONTEXT = "pki_tomcat_var_lib_t" -PKI_LOG_SELINUX_CONTEXT = "pki_tomcat_log_t" -PKI_CFG_SELINUX_CONTEXT = "pki_tomcat_etc_rw_t" -PKI_CERTDB_SELINUX_CONTEXT = "pki_tomcat_cert_t" -PKI_PORT_SELINUX_CONTEXT = "http_port_t" +# PKI Selinux parameters pki_selinux_config_ports = [] -- cgit