From dd566ed3c64a69801a9edf3b27f11077aa40ecef Mon Sep 17 00:00:00 2001
From: Matthew Harmsen <mharmsen@redhat.com>
Date: Mon, 23 Apr 2012 13:39:04 -0700
Subject: PKI Deployment Scriptlets

* Completed the following six 'scriptlets':
  * Dogtag 10: Python 'initialization.py' Installation Scriptlet
    (https://fedorahosted.org/pki/ticket/147)
  * Dogtag 10: Python 'instance_layout.py' Installation Scriptlet
    (https://fedorahosted.org/pki/ticket/75)
  * Dogtag 10: Python 'webserver_layout.py' Installation Scriptlet
    (https://fedorahosted.org/pki/ticket/140)
  * Dogtag 10: Python 'subsystem_layout.py' Installation Scriptlet
    (https://fedorahosted.org/pki/ticket/141)
  * Dogtag 10: Python 'war_explosion.py' Installation Scriptlet
    (https://fedorahosted.org/pki/ticket/76)
  * Dogtag 10: Python 'finalization.py' Installation Scriptlet
    (https://fedorahosted.org/pki/ticket/148)
* Created numerous PKI deployment helper utilities.
* Augmented logging to provide indentation.
* Generated logic for installation 'manifest'.
* Tested logic using '--dry_run' option and '-p' prefix options.
* Per initial review, removed numerous "constants" and consolidated
  logic into "master" dictionary.
* Corrected the following ticket:
  * Dogtag 10: Fix 'build_dogtag_pki' script to account for 'pki-deploy' RPM
    (https://fedorahosted.org/pki/ticket/138)
    Resolves Bugzilla Bug #810047 - build_dogtag_pki fails with requirements
    for pki-deploy
    (https://bugzilla.redhat.com/show_bug.cgi?id=810047)
* Created the following three 'scriptlets' as 'NOT YET IMPLEMENTED'
  place-holders:
  * Dogtag 10: Python 'security_databases.py' Installation Scriptlet
    (https://fedorahosted.org/pki/ticket/136)
  * Dogtag 10: Python 'slot_assignment.py' Installation Scriptlet
    (https://fedorahosted.org/pki/ticket/146)
  * Dogtag 10: Python 'configuration.py' Configuration Scriptlet
    (https://fedorahosted.org/pki/ticket/137)
---
 base/deploy/src/scriptlets/pkiparser.py | 362 ++++++++++++++++++++++++++++++++
 1 file changed, 362 insertions(+)
 create mode 100644 base/deploy/src/scriptlets/pkiparser.py

(limited to 'base/deploy/src/scriptlets/pkiparser.py')

diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py
new file mode 100644
index 000000000..bff405955
--- /dev/null
+++ b/base/deploy/src/scriptlets/pkiparser.py
@@ -0,0 +1,362 @@
+#!/usr/bin/python -t
+# Authors:
+#     Matthew Harmsen <mharmsen@redhat.com>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2012 Red Hat, Inc.
+# All rights reserved.
+#
+
+# System Imports
+import ConfigParser
+import argparse
+import logging
+import os
+
+
+# PKI Deployment Imports
+import pkiconfig as config
+import pkimessages as log
+
+
+# PKI Deployment Helper Functions
+def process_command_line_arguments(argv):
+    "Read and process command-line options"
+    description = None
+    if os.path.basename(argv[0]) == 'pkispawn':
+        description = 'PKI Instance Installation and Configuration'
+    elif os.path.basename(argv[0]) == 'pkidestroy':
+        description = 'PKI Instance Removal'
+    parser = argparse.ArgumentParser(
+                 description=description,
+                 add_help=False,
+                 formatter_class=argparse.RawDescriptionHelpFormatter,
+                 epilog=log.PKI_VERBOSITY)
+    mandatory = parser.add_argument_group('mandatory arguments')
+    mandatory.add_argument('-s',
+                           dest='pki_subsystem', action='store',
+                           nargs=1, choices=config.PKI_SUBSYSTEMS,
+                           required=True, metavar='<subsystem>',
+                           help='where <subsystem> is '
+                                'CA, KRA, OCSP, RA, TKS, or TPS')
+    optional = parser.add_argument_group('optional arguments')
+    optional.add_argument('--dry_run',
+                          dest='pki_dry_run_flag', action='store_true',
+                          help='do not actually perform any actions')
+    optional.add_argument('-f',
+                          dest='pkideployment_cfg', action='store',
+                          nargs=1, metavar='<file>',
+                          help='overrides default configuration filename')
+    optional.add_argument('-h', '--help',
+                          dest='help', action='help',
+                          help='show this help message and exit')
+    optional.add_argument('-p',
+                          dest='pki_root_prefix', action='store',
+                          nargs=1, metavar='<prefix>',
+                          help='directory prefix to specify local directory')
+    if os.path.basename(argv[0]) == 'pkispawn':
+        optional.add_argument('-u',
+                              dest='pki_update_flag', action='store_true',
+                              help='update instance of specified subsystem')
+    optional.add_argument('-v',
+                          dest='pki_verbosity', action='count',
+                          help='display verbose information (details below)')
+    custom = parser.add_argument_group('custom arguments '
+                                       '(OVERRIDES configuration file values)')
+    custom.add_argument('-i',
+                        dest='pki_instance_name', action='store',
+                        nargs=1, metavar='<instance>',
+                        help='PKI instance name (MUST specify REQUIRED ports)')
+    custom.add_argument('--http_port',
+                        dest='pki_http_port', action='store',
+                        nargs=1, metavar='<port>',
+                        help='HTTP port (CA, KRA, OCSP, RA, TKS, TPS)')
+    custom.add_argument('--https_port',
+                        dest='pki_https_port', action='store',
+                        nargs=1, metavar='<port>',
+                        help='HTTPS port (CA, KRA, OCSP, RA, TKS, TPS)')
+    custom.add_argument('--ajp_port',
+                        dest='pki_ajp_port', action='store',
+                        nargs=1, metavar='<port>',
+                        help='AJP port (CA, KRA, OCSP, TKS)')
+    args = parser.parse_args()
+
+    config.pki_subsystem = str(args.pki_subsystem).strip('[\']')
+    if args.pki_dry_run_flag:
+        config.pki_dry_run_flag = args.pki_dry_run_flag
+    if not args.pki_root_prefix is None:
+        config.pki_root_prefix = str(args.pki_root_prefix).strip('[\']')
+    if config.pki_root_prefix is None or\
+       len(config.pki_root_prefix) == 0:
+        config.pki_root_prefix = ""
+    elif not os.path.exists(config.pki_root_prefix) or\
+         not os.path.isdir(config.pki_root_prefix):
+        print "ERROR:  " +\
+              log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 %\
+              config.pki_root_prefix
+        print
+        parser.print_help()
+        parser.exit(-1);
+    if os.path.basename(argv[0]) == 'pkispawn':
+        if args.pki_update_flag:
+            config.pki_update_flag = args.pki_update_flag
+    if args.pki_verbosity == 1:
+        config.pki_console_log_level = logging.INFO
+        config.pki_log_level = logging.INFO
+    elif args.pki_verbosity == 2:
+        config.pki_console_log_level = logging.INFO
+        config.pki_log_level = logging.DEBUG
+    elif args.pki_verbosity == 3:
+        config.pki_console_log_level = logging.DEBUG
+        config.pki_log_level = logging.DEBUG
+    elif args.pki_verbosity > 3:
+        print "ERROR:  " + log.PKI_VERBOSITY_LEVELS_MESSAGE
+        print
+        parser.print_help()
+        parser.exit(-1);
+    if not args.pki_instance_name is None:
+        config.pki_instance_name = str(args.pki_instance_name).strip('[\']')
+    if not args.pki_http_port is None:
+        config.pki_http_port = str(args.pki_http_port).strip('[\']')
+    if not args.pki_https_port is None:
+        config.pki_https_port = str(args.pki_https_port).strip('[\']')
+    if not args.pki_ajp_port is None:
+        if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
+            config.pki_ajp_port = str(args.pki_ajp_port).strip('[\']')
+        else:
+            print "ERROR:  " +\
+                  log.PKI_CUSTOM_TOMCAT_AJP_PORT_1 %\
+                  config.pki_subsystem
+            print
+            parser.print_help()
+            parser.exit(-1);
+    if not args.pki_instance_name is None or\
+       not args.pki_http_port is None or\
+       not args.pki_https_port is None or\
+       not args.pki_ajp_port is None:
+        if config.pki_subsystem in config.PKI_APACHE_SUBSYSTEMS:
+            if args.pki_instance_name is None or\
+               args.pki_http_port is None or\
+               args.pki_https_port is None:
+                print "ERROR:  " + log.PKI_CUSTOM_APACHE_INSTANCE_1 %\
+                      config.pki_subsystem
+                print
+                parser.print_help()
+                parser.exit(-1);
+        elif config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
+            if args.pki_instance_name is None or\
+               args.pki_http_port is None or\
+               args.pki_https_port is None or\
+               args.pki_ajp_port is None:
+                print "ERROR:  " + log.PKI_CUSTOM_TOMCAT_INSTANCE_1 %\
+                      config.pki_subsystem
+                print
+                parser.print_help()
+                parser.exit(-1);
+    if not args.pkideployment_cfg is None:
+        config.pkideployment_cfg = str(args.pkideployment_cfg).strip('[\']')
+    elif os.path.basename(argv[0]) == 'pkidestroy':
+        # NOTE:  When performing 'pkidestroy', a configuration file must be
+        #        explicitly specified if it does not use the default location
+        #        and/or default configuration file name.
+        config.pkideployment_cfg = config.pki_root_prefix +\
+            config.PKI_DEPLOYMENT_REGISTRY_ROOT + "/" +\
+            config.PKI_DEPLOYMENT_DEFAULT_INSTANCE_NAME + "/" +\
+            config.pki_subsystem.lower() +"/" +\
+            config.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE
+    if not os.path.exists(config.pkideployment_cfg) or\
+       not os.path.isfile(config.pkideployment_cfg):
+        print "ERROR:  " +\
+              log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 %\
+              config.pkideployment_cfg
+        print
+        parser.print_help()
+        parser.exit(-1);
+    return
+
+
+def read_pki_configuration_file():
+    "Read configuration file sections into dictionaries"
+    rv = 0
+    try:
+        parser = ConfigParser.ConfigParser()
+        parser.read(config.pkideployment_cfg)
+        config.pki_common_dict = dict(parser._sections['Common'])
+        if config.pki_subsystem == "CA":
+            config.pki_web_server_dict = dict(parser._sections['Tomcat'])
+            config.pki_subsystem_dict = dict(parser._sections['CA'])
+        elif config.pki_subsystem == "KRA":
+            config.pki_web_server_dict = dict(parser._sections['Tomcat'])
+            config.pki_subsystem_dict = dict(parser._sections['KRA'])
+        elif config.pki_subsystem == "OCSP":
+            config.pki_web_server_dict = dict(parser._sections['Tomcat'])
+            config.pki_subsystem_dict = dict(parser._sections['OCSP'])
+        elif config.pki_subsystem == "RA":
+            config.pki_web_server_dict = dict(parser._sections['Apache'])
+            config.pki_subsystem_dict = dict(parser._sections['RA'])
+        elif config.pki_subsystem == "TKS":
+            config.pki_web_server_dict = dict(parser._sections['Tomcat'])
+            config.pki_subsystem_dict = dict(parser._sections['TKS'])
+        elif config.pki_subsystem == "TPS":
+            config.pki_web_server_dict = dict(parser._sections['Apache'])
+            config.pki_subsystem_dict = dict(parser._sections['TPS'])
+        # Insert empty record into dictionaries for "pretty print" statements
+        config.pki_common_dict[0] = None
+        config.pki_web_server_dict[0] = None
+        config.pki_subsystem_dict[0] = None
+    except ConfigParser.ParsingError, err:
+        rv = err
+    return rv
+
+
+def compose_pki_master_dictionary():
+    "Create a single master PKI dictionary from the sectional dictionaries"
+    config.pki_master_dict = dict()
+    # 'pkispawn'/'pkirespawn'/'pkidestroy' name/value pairs
+    config.pki_master_dict['pki_timestamp'] = config.pki_timestamp
+    # Configuration file name/value pairs
+    config.pki_master_dict.update(config.pki_common_dict)
+    config.pki_master_dict.update(config.pki_web_server_dict)
+    config.pki_master_dict.update(config.pki_subsystem_dict)
+    config.pki_master_dict.update(__name__="PKI Master Dictionary")
+    config.pki_master_dict['pki_source_conf'] =\
+        config.pki_master_dict['pki_source_root'] + "/" +\
+        config.pki_master_dict['pki_subsystem'].lower() + "/" + "conf"
+    if config.pki_master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
+        config.pki_master_dict['pki_war'] =\
+            config.pki_master_dict['pki_source_root'] + "/" +\
+            config.pki_master_dict['pki_subsystem'].lower() + "/" +\
+            "war" + "/" + config.pki_master_dict['pki_war_name']
+        config.pki_master_dict['pki_tomcat_bin_path'] =\
+            config.pki_master_dict['pki_tomcat_root'] + "/" + "bin"
+        config.pki_master_dict['pki_tomcat_lib_path'] =\
+            config.pki_master_dict['pki_tomcat_root'] + "/" + "lib"
+        if config.pki_master_dict['pki_subsystem'] == "CA":
+            config.pki_master_dict['pki_source_emails'] =\
+                config.pki_master_dict['pki_source_root'] + "/" +\
+                "ca" + "/" + "emails"
+            config.pki_master_dict['pki_source_profiles'] =\
+                config.pki_master_dict['pki_source_root'] + "/" +\
+                "ca" + "/" + "profiles"
+    # Instance layout base name/value pairs
+    config.pki_master_dict['pki_root_prefix'] = config.pki_root_prefix
+    config.pki_master_dict['pki_path'] =\
+        config.pki_master_dict['pki_root_prefix'] +\
+        config.pki_master_dict['pki_instance_root']
+    config.pki_master_dict['pki_instance_path'] =\
+        config.pki_master_dict['pki_path'] + "/" +\
+        config.pki_master_dict['pki_instance_name']
+    config.pki_master_dict['pki_instance_database_link'] =\
+        config.pki_master_dict['pki_instance_path'] + "/" + "alias"
+    # Instance layout log name/value pairs
+    config.pki_master_dict['pki_log_path'] =\
+        config.pki_master_dict['pki_root_prefix'] +\
+        config.pki_master_dict['pki_instance_log_root']
+    config.pki_master_dict['pki_instance_log_path'] =\
+        config.pki_master_dict['pki_log_path'] + "/" +\
+        config.pki_master_dict['pki_instance_name']
+    # Instance layout configuration name/value pairs
+    config.pki_master_dict['pki_configuration_path'] =\
+        config.pki_master_dict['pki_root_prefix'] +\
+        config.pki_master_dict['pki_instance_configuration_root']
+    config.pki_master_dict['pki_instance_configuration_path'] =\
+        config.pki_master_dict['pki_configuration_path'] + "/" +\
+        config.pki_master_dict['pki_instance_name']
+    # Instance layout registry name/value pairs
+    config.pki_master_dict['pki_registry_path'] =\
+        config.pki_master_dict['pki_root_prefix'] +\
+        config.PKI_DEPLOYMENT_REGISTRY_ROOT
+    config.pki_master_dict['pki_instance_registry_path'] =\
+        config.pki_master_dict['pki_registry_path'] + "/" +\
+        config.pki_master_dict['pki_instance_name']
+    # Instance-based webserver Apache base name/value pairs
+    if config.pki_master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS:
+        config.pki_master_dict['pki_apache_path'] =\
+            config.pki_master_dict['pki_instance_path'] + "/apache"
+    # Instance-based webserver Tomcat base name/value pairs
+    if config.pki_master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
+        config.pki_master_dict['pki_tomcat_path'] =\
+            config.pki_master_dict['pki_instance_path'] + "/" + "tomcat"
+        config.pki_master_dict['pki_tomcat_bin_link'] =\
+            config.pki_master_dict['pki_tomcat_path'] + "/" + "bin"
+        config.pki_master_dict['pki_common_path'] =\
+            config.pki_master_dict['pki_tomcat_path'] + "/" + "common"
+        config.pki_master_dict['pki_common_lib_path'] =\
+            config.pki_master_dict['pki_common_path'] + "/" + "lib"
+        config.pki_master_dict['pki_conf_path'] =\
+            config.pki_master_dict['pki_tomcat_path'] + "/" + "conf"
+        config.pki_master_dict['pki_tomcat_lib_link'] =\
+            config.pki_master_dict['pki_tomcat_path'] + "/" + "lib"
+        config.pki_master_dict['pki_tomcat_logs_link'] =\
+            config.pki_master_dict['pki_tomcat_path'] + "/" + "logs"
+        config.pki_master_dict['pki_webapps_path'] =\
+            config.pki_master_dict['pki_tomcat_path'] + "/" + "webapps"
+        config.pki_master_dict['pki_webapps_root_path'] =\
+            config.pki_master_dict['pki_webapps_path'] + "/" + "ROOT"
+        config.pki_master_dict['pki_webapps_root_webinf_path'] =\
+            config.pki_master_dict['pki_webapps_root_path'] + "/" + "WEB-INF"
+        config.pki_master_dict['pki_webapps_webinf_path'] =\
+            config.pki_master_dict['pki_webapps_path'] + "/" + "WEB-INF"
+        config.pki_master_dict['pki_webapps_webinf_classes_path'] =\
+            config.pki_master_dict['pki_webapps_webinf_path'] + "/" + "classes"
+        config.pki_master_dict['pki_webapps_webinf_lib_path'] =\
+            config.pki_master_dict['pki_webapps_webinf_path'] + "/" + "lib"
+        config.pki_master_dict['pki_webapps_subsystem_path'] =\
+            config.pki_master_dict['pki_webapps_path'] + "/" +\
+            config.pki_master_dict['pki_subsystem'].lower()
+        config.pki_master_dict['pki_webapps_subsystem_webinf_classes_link'] =\
+            config.pki_master_dict['pki_webapps_subsystem_path'] + "/" +\
+            "WEB-INF" + "/" + "classes"
+        config.pki_master_dict['pki_webapps_subsystem_webinf_lib_link'] =\
+            config.pki_master_dict['pki_webapps_subsystem_path'] + "/" +\
+            "WEB-INF" + "/" + "lib"
+    # Instance-based webserver Apache/Tomcat configuration name/value pairs
+    config.pki_master_dict['pki_database_path'] =\
+        config.pki_master_dict['pki_instance_configuration_path'] + "/" +\
+        "alias"
+    # Instance-based subsystem base name/value pairs
+    config.pki_master_dict['pki_subsystem_path'] =\
+        config.pki_master_dict['pki_instance_path'] + "/" +\
+        config.pki_master_dict['pki_subsystem'].lower()
+    config.pki_master_dict['pki_subsystem_database_link'] =\
+        config.pki_master_dict['pki_subsystem_path'] + "/" + "alias"
+    config.pki_master_dict['pki_subsystem_configuration_link'] =\
+        config.pki_master_dict['pki_subsystem_path'] + "/" + "conf"
+    config.pki_master_dict['pki_subsystem_logs_link'] =\
+        config.pki_master_dict['pki_subsystem_path'] + "/" + "logs"
+    if config.pki_master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
+        if config.pki_master_dict['pki_subsystem'] == "CA":
+            config.pki_master_dict['pki_subsystem_emails_path'] =\
+                config.pki_master_dict['pki_subsystem_path'] + "/" + "emails"
+            config.pki_master_dict['pki_subsystem_profiles_path'] =\
+                config.pki_master_dict['pki_subsystem_path'] + "/" + "profiles"
+        config.pki_master_dict['pki_subsystem_webapps_link'] =\
+            config.pki_master_dict['pki_subsystem_path'] + "/" + "webapps"
+    # Instance-based subsystem log name/value pairs
+    config.pki_master_dict['pki_subsystem_log_path'] =\
+        config.pki_master_dict['pki_instance_log_path'] + "/" +\
+        config.pki_master_dict['pki_subsystem'].lower()
+    config.pki_master_dict['pki_subsystem_signed_audit_log_path'] =\
+        config.pki_master_dict['pki_subsystem_log_path'] + "/" +\
+        "signedAudit"
+    # Instance-based subsystem configuration name/value pairs
+    config.pki_master_dict['pki_subsystem_configuration_path'] =\
+        config.pki_master_dict['pki_instance_configuration_path'] + "/" +\
+        config.pki_master_dict['pki_subsystem'].lower()
+    # Instance-based subsystem registry name/value pairs
+    config.pki_master_dict['pki_subsystem_registry_path'] =\
+        config.pki_master_dict['pki_instance_registry_path'] + "/" +\
+        config.pki_master_dict['pki_subsystem'].lower()
+    return
-- 
cgit