From 621d9e5c413e561293d7484b93882d985b3fe15f Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Sat, 24 Mar 2012 02:27:47 -0500 Subject: Removed unnecessary pki folder. Previously the source code was located inside a pki folder. This folder was created during svn migration and is no longer needed. This folder has now been removed and the contents have been moved up one level. Ticket #131 --- base/deploy/src/scriptlets/instance.py | 105 +++++++++++ base/deploy/src/scriptlets/pkiconfig.py | 96 ++++++++++ base/deploy/src/scriptlets/pkihelper.py | 222 +++++++++++++++++++++++ base/deploy/src/scriptlets/pkilogging.py | 46 +++++ base/deploy/src/scriptlets/pkimessages.py | 86 +++++++++ base/deploy/src/scriptlets/pkiscriptlet.py | 47 +++++ base/deploy/src/scriptlets/security_databases.py | 78 ++++++++ 7 files changed, 680 insertions(+) create mode 100644 base/deploy/src/scriptlets/instance.py create mode 100644 base/deploy/src/scriptlets/pkiconfig.py create mode 100644 base/deploy/src/scriptlets/pkihelper.py create mode 100644 base/deploy/src/scriptlets/pkilogging.py create mode 100644 base/deploy/src/scriptlets/pkimessages.py create mode 100644 base/deploy/src/scriptlets/pkiscriptlet.py create mode 100644 base/deploy/src/scriptlets/security_databases.py (limited to 'base/deploy/src/scriptlets') diff --git a/base/deploy/src/scriptlets/instance.py b/base/deploy/src/scriptlets/instance.py new file mode 100644 index 000000000..a7ca35c69 --- /dev/null +++ b/base/deploy/src/scriptlets/instance.py @@ -0,0 +1,105 @@ +#!/usr/bin/python -t +# Authors: +# Matthew Harmsen +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2011 Red Hat, Inc. +# All rights reserved. +# + +# System Imports +import os +import grp +import pwd + +# PKI Deployment Imports +import pkiconfig as config +import pkimessages as log +import pkiscriptlet + + +# PKI Deployment Instance Population Classes +class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): + rv = 0 + pki_path = config.pki_root_prefix +\ + config.pki_master_dict['pki_instance_root'] + pki_instance_path = pki_path + "/" +\ + config.pki_master_dict['pki_instance_name'] + pki_subsystem_path = pki_instance_path + "/" +\ + config.pki_master_dict['pki_subsystem'].lower() + + def spawn(self): + if not os.path.exists(self.pki_subsystem_path): + config.pki_log.info(log.INSTANCE_SPAWN_1, __name__) + config.pki_log.info(log.INSTANCE_SPAWN_MKDIR_1, + self.pki_subsystem_path) + if not config.pki_dry_run_flag: + try: + pki_gid = grp.getgrnam( + config.pki_master_dict['pki_group'])[2] + pki_uid = pwd.getpwnam( + config.pki_master_dict['pki_user'])[2] + os.mkdir(self.pki_path, + config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS) + os.chown(self.pki_path, + pki_uid, + pki_gid) + os.mkdir(self.pki_instance_path, + config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS) + os.chown(self.pki_instance_path, + pki_uid, + pki_gid) + os.mkdir(self.pki_subsystem_path, + config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS) + os.chown(self.pki_subsystem_path, + pki_uid, + pki_gid) + except KeyError: + self.rv = KeyError + except OSError: + self.rv = OSError + elif not os.path.isdir(self.pki_subsystem_path): + config.pki_log.error( + log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1, + self.pki_subsystem_path) + self.rv = -1 + else: + config.pki_log.error(log.PKI_DIRECTORY_ALREADY_EXISTS_1, + self.pki_subsystem_path) + self.rv = -1 + return self.rv + + def respawn(self): + if not os.path.exists(self.pki_subsystem_path) or\ + not os.path.isdir(self.pki_subsystem_path): + config.pki_log.error( + log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, + self.pki_subsystem_path) + self.rv = -1 + else: + config.pki_log.info(log.INSTANCE_RESPAWN_1, __name__) + return self.rv + + def destroy(self): + if not os.path.exists(self.pki_subsystem_path) or\ + not os.path.isdir(self.pki_subsystem_path): + config.pki_log.error( + log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, + self.pki_subsystem_path) + self.rv = -1 + else: + config.pki_log.info(log.INSTANCE_DESTROY_1, __name__) + return self.rv + diff --git a/base/deploy/src/scriptlets/pkiconfig.py b/base/deploy/src/scriptlets/pkiconfig.py new file mode 100644 index 000000000..7d676c00d --- /dev/null +++ b/base/deploy/src/scriptlets/pkiconfig.py @@ -0,0 +1,96 @@ +#!/usr/bin/python -t +# Authors: +# Matthew Harmsen +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2011 Red Hat, Inc. +# All rights reserved. +# + +# System Imports +import logging + + +# PKI Deployment Constants +PKI_DEPLOYMENT_PATH = "/usr/share/pki/deployment" +PKI_DEPLOYMENT_CONFIG_PATH = PKI_DEPLOYMENT_PATH + "/" + "config" +PKI_DEPLOYMENT_SCRIPTLETS_MODULE = "pki.deployment" +PKI_DEPLOYMENT_VERBOSITY=\ +"VERBOSITY FLAGS CONSOLE MESSAGE LEVEL LOG MESSAGE LEVEL\n"\ +"=======================================================================\n"\ +" NONE error|warning error|warning|info\n"\ +" -v error|warning|info error|warning|info\n"\ +" -vv error|warning|info error|warning|info|debug\n"\ +" -vvv error|warning|info|debug error|warning|info|debug\n"\ +" " +PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS = 00770 +PKI_DEPLOYMENT_DEFAULT_EXE_PERMISSIONS = 00770 +PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS = 00660 +PKI_DEPLOYMENT_DEFAULT_UMASK = 00002 + +PKIDESTROY_PATH = PKI_DEPLOYMENT_PATH + "/" + "destroy" +PKIDESTROY_LOG_PATH = "/var/log" +PKIDESTROY_LOG_PREFIX = "pki-" +PKIDESTROY_LOG_SUFFIX = "-destroy.log" +PKIDESTROY_LOGGER = "pkidestroy" + +PKIRESPAWN_PATH = PKI_DEPLOYMENT_PATH + "/" + "spawn" +PKIRESPAWN_LOG_PATH = "/var/log" +PKIRESPAWN_LOG_PREFIX = "pki-" +PKIRESPAWN_LOG_SUFFIX = "-respawn.log" +PKIRESPAWN_LOGGER = "pkirespawn" + +PKISPAWN_PATH = PKI_DEPLOYMENT_PATH + "/" + "spawn" +PKISPAWN_LOG_PATH = "/var/log" +PKISPAWN_LOG_PREFIX = "pki-" +PKISPAWN_LOG_SUFFIX = "-spawn.log" +PKISPAWN_LOGGER = "pkispawn" + +PKI_SECURITY_DATABASE_DIR = "alias" +PKI_SUBSYSTEMS = ["CA","KRA","OCSP","RA","TKS","TPS"] +PKI_APACHE_SUBSYSTEMS = ["RA","TPS"] +PKI_TOMCAT_SUBSYSTEMS = ["CA","KRA","OCSP","TKS"] + + +# PKI Deployment "Mandatory" Command-Line Variables +pki_subsystem = None + +# PKI Deployment "Optional" Command-Line Variables +pkideployment_cfg = PKI_DEPLOYMENT_CONFIG_PATH + "/" + "pkideployment.cfg" +pki_dry_run_flag = False +pki_root_prefix = None +pki_update_flag = False + +# PKI Deployment "Custom" Command-Line Variables +pki_instance_name = None +pki_http_port = None +pki_https_port = None +pki_ajp_port = None + + +# PKI Deployment Logger Variables +pki_log = None +pki_log_dir = None +pki_log_name = None +pki_log_level = logging.INFO +pki_console_log_level = logging.WARNING + + +# PKI Deployment Global Dictionaries +pki_common_dict = None +pki_web_server_dict = None +pki_subsystem_dict = None +pki_master_dict = None + diff --git a/base/deploy/src/scriptlets/pkihelper.py b/base/deploy/src/scriptlets/pkihelper.py new file mode 100644 index 000000000..ee2bdd249 --- /dev/null +++ b/base/deploy/src/scriptlets/pkihelper.py @@ -0,0 +1,222 @@ +#!/usr/bin/python -t +# Authors: +# Matthew Harmsen +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2011 Red Hat, Inc. +# All rights reserved. +# + +# System Imports +import ConfigParser +import argparse +import logging +import os + + +# PKI Deployment Imports +import pkiconfig as config +import pkimessages as log + + +# PKI Deployment Helper Functions +def process_command_line_arguments(argv): + "Read and process command-line options" + description = None + if os.path.basename(argv[0]) == 'pkispawn': + description = 'PKI Instance Installation and Configuration' + elif os.path.basename(argv[0]) == 'pkidestroy': + description = 'PKI Instance Removal' + parser = argparse.ArgumentParser( + description=description, + add_help=False, + formatter_class=argparse.RawDescriptionHelpFormatter, + epilog=config.PKI_DEPLOYMENT_VERBOSITY) + mandatory = parser.add_argument_group('mandatory arguments') + mandatory.add_argument('-s', + dest='pki_subsystem', action='store', + nargs=1, choices=config.PKI_SUBSYSTEMS, + required=True, metavar='', + help='where is ' + 'CA, KRA, OCSP, RA, TKS, or TPS') + optional = parser.add_argument_group('optional arguments') + optional.add_argument('--dry_run', + dest='pki_dry_run_flag', action='store_true', + help='do not actually perform any actions') + optional.add_argument('-f', + dest='pkideployment_cfg', action='store', + nargs=1, metavar='', + help='overrides default configuration filename') + optional.add_argument('-h', '--help', + dest='help', action='help', + help='show this help message and exit') + optional.add_argument('-p', + dest='pki_root_prefix', action='store', + nargs=1, metavar='', + help='directory prefix to specify local directory') + if os.path.basename(argv[0]) == 'pkispawn': + optional.add_argument('-u', + dest='pki_update_flag', action='store_true', + help='update instance of specified subsystem') + optional.add_argument('-v', + dest='pki_verbosity', action='count', + help='display verbose information (details below)') + custom = parser.add_argument_group('custom arguments ' + '(OVERRIDES configuration file values)') + custom.add_argument('-i', + dest='pki_instance_name', action='store', + nargs=1, metavar='', + help='PKI instance name (MUST specify REQUIRED ports)') + custom.add_argument('--http_port', + dest='pki_http_port', action='store', + nargs=1, metavar='', + help='HTTP port (CA, KRA, OCSP, RA, TKS, TPS)') + custom.add_argument('--https_port', + dest='pki_https_port', action='store', + nargs=1, metavar='', + help='HTTPS port (CA, KRA, OCSP, RA, TKS, TPS)') + custom.add_argument('--ajp_port', + dest='pki_ajp_port', action='store', + nargs=1, metavar='', + help='AJP port (CA, KRA, OCSP, TKS)') + args = parser.parse_args() + + config.pki_subsystem = str(args.pki_subsystem).strip('[\']') + if args.pki_dry_run_flag: + config.pki_dry_run_flag = args.pki_dry_run_flag + if not args.pkideployment_cfg is None: + config.pkideployment_cfg = str(args.pkideployment_cfg).strip('[\']') + if not os.path.exists(config.pkideployment_cfg) or\ + not os.path.isfile(config.pkideployment_cfg): + print "ERROR: " +\ + log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 %\ + config.pkideployment_cfg + print + parser.print_help() + parser.exit(-1); + if not args.pki_root_prefix is None: + config.pki_root_prefix = str(args.pki_root_prefix).strip('[\']') + if config.pki_root_prefix is None or\ + len(config.pki_root_prefix) == 0: + config.pki_root_prefix = "" + elif not os.path.exists(config.pki_root_prefix) or\ + not os.path.isdir(config.pki_root_prefix): + print "ERROR: " +\ + log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 %\ + config.pki_root_prefix + print + parser.print_help() + parser.exit(-1); + if os.path.basename(argv[0]) == 'pkispawn': + if args.pki_update_flag: + config.pki_update_flag = args.pki_update_flag + if args.pki_verbosity == 1: + config.pki_console_log_level = logging.INFO + config.pki_log_level = logging.INFO + elif args.pki_verbosity == 2: + config.pki_console_log_level = logging.INFO + config.pki_log_level = logging.DEBUG + elif args.pki_verbosity == 3: + config.pki_console_log_level = logging.DEBUG + config.pki_log_level = logging.DEBUG + elif args.pki_verbosity > 3: + print "ERROR: " + log.PKI_VERBOSITY_LEVELS_MESSAGE + print + parser.print_help() + parser.exit(-1); + if not args.pki_instance_name is None: + config.pki_instance_name = str(args.pki_instance_name).strip('[\']') + if not args.pki_http_port is None: + config.pki_http_port = str(args.pki_http_port).strip('[\']') + if not args.pki_https_port is None: + config.pki_https_port = str(args.pki_https_port).strip('[\']') + if not args.pki_ajp_port is None: + if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: + config.pki_ajp_port = str(args.pki_ajp_port).strip('[\']') + else: + print "ERROR: " +\ + log.PKI_CUSTOM_TOMCAT_AJP_PORT_1 %\ + config.pki_subsystem + print + parser.print_help() + parser.exit(-1); + if not args.pki_instance_name is None or\ + not args.pki_http_port is None or\ + not args.pki_https_port is None or\ + not args.pki_ajp_port is None: + if config.pki_subsystem in config.PKI_APACHE_SUBSYSTEMS: + if args.pki_instance_name is None or\ + args.pki_http_port is None or\ + args.pki_https_port is None: + print "ERROR: " + log.PKI_CUSTOM_APACHE_INSTANCE_1 %\ + config.pki_subsystem + print + parser.print_help() + parser.exit(-1); + elif config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: + if args.pki_instance_name is None or\ + args.pki_http_port is None or\ + args.pki_https_port is None or\ + args.pki_ajp_port is None: + print "ERROR: " + log.PKI_CUSTOM_TOMCAT_INSTANCE_1 %\ + config.pki_subsystem + print + parser.print_help() + parser.exit(-1); + + +def read_pki_configuration_file(): + "Read configuration file sections into dictionaries" + rv = 0 + try: + parser = ConfigParser.ConfigParser() + parser.read(config.pkideployment_cfg) + config.pki_common_dict = dict(parser._sections['Common']) + if config.pki_subsystem == "CA": + config.pki_web_server_dict = dict(parser._sections['Tomcat']) + config.pki_subsystem_dict = dict(parser._sections['CA']) + elif config.pki_subsystem == "KRA": + config.pki_web_server_dict = dict(parser._sections['Tomcat']) + config.pki_subsystem_dict = dict(parser._sections['KRA']) + elif config.pki_subsystem == "OCSP": + config.pki_web_server_dict = dict(parser._sections['Tomcat']) + config.pki_subsystem_dict = dict(parser._sections['OCSP']) + elif config.pki_subsystem == "RA": + config.pki_web_server_dict = dict(parser._sections['Apache']) + config.pki_subsystem_dict = dict(parser._sections['RA']) + elif config.pki_subsystem == "TKS": + config.pki_web_server_dict = dict(parser._sections['Tomcat']) + config.pki_subsystem_dict = dict(parser._sections['TKS']) + elif config.pki_subsystem == "TPS": + config.pki_web_server_dict = dict(parser._sections['Apache']) + config.pki_subsystem_dict = dict(parser._sections['TPS']) + # Insert empty record into dictionaries for "pretty print" statements + config.pki_common_dict[0] = None + config.pki_web_server_dict[0] = None + config.pki_subsystem_dict[0] = None + except ConfigParser.ParsingError, err: + rv = err + return rv + + +def create_pki_master_dictionary(): + "Create a single master PKI dictionary from the sectional dictionaries" + config.pki_master_dict = dict() + config.pki_master_dict.update(config.pki_common_dict) + config.pki_master_dict.update(config.pki_web_server_dict) + config.pki_master_dict.update(config.pki_subsystem_dict) + config.pki_master_dict.update(__name__="PKI Master Dictionary") + return + diff --git a/base/deploy/src/scriptlets/pkilogging.py b/base/deploy/src/scriptlets/pkilogging.py new file mode 100644 index 000000000..776677cfd --- /dev/null +++ b/base/deploy/src/scriptlets/pkilogging.py @@ -0,0 +1,46 @@ +#!/usr/bin/python -t +# Authors: +# Matthew Harmsen +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2011 Red Hat, Inc. +# All rights reserved. +# + +# System Imports +import logging +import os + + +# PKI Deployment Logging Functions +def enable_pki_logger(log_dir, log_name, log_level, console_log_level, logger): + if not os.path.isdir(log_dir): + try: + os.makedirs(log_dir) + except OSError: + return OSError + logging.basicConfig(level=log_level, + format='%(asctime)s %(name)-12s ' +\ + '%(levelname)-8s %(message)s', + datefmt='%Y-%m-%d %H:%M:%S', + filename=log_dir + "/" + log_name, + filemode='w') + console = logging.StreamHandler() + console.setLevel(console_log_level) + formatter = logging.Formatter('%(name)-12s: %(levelname)-8s %(message)s') + console.setFormatter(formatter) + logging.getLogger('').addHandler(console) + return logging.getLogger(logger) + diff --git a/base/deploy/src/scriptlets/pkimessages.py b/base/deploy/src/scriptlets/pkimessages.py new file mode 100644 index 000000000..e6a9f95aa --- /dev/null +++ b/base/deploy/src/scriptlets/pkimessages.py @@ -0,0 +1,86 @@ +#!/usr/bin/python -t +# Authors: +# Matthew Harmsen +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2011 Red Hat, Inc. +# All rights reserved. +# + +# PKI Deployment Engine Messages +PKI_CUSTOM_APACHE_INSTANCE_1 = "When a custom '%s' subsystem is being "\ + "deployed, the 'instance', 'http_port', and "\ + "'https_port' must ALL be specified!" +PKI_CUSTOM_TOMCAT_INSTANCE_1 = "When a custom '%s' subsystem is being "\ + "deployed, the 'instance', 'http_port', "\ + "'https_port', and 'ajp_port' must ALL be "\ + "specified!" +PKI_CUSTOM_TOMCAT_AJP_PORT_1 = "When a custom '%s' subsystem is being "\ + "deployed, ONLY the 'instance', "\ + "'http_port', and 'https_port' MUST be "\ + "specified; NO 'ajp_port' should be requested!" +PKI_DICTIONARY_COMMON ="\n"\ +"=====================================================\n"\ +" DISPLAY CONTENTS OF PKI COMMON DICTIONARY\n"\ +"=====================================================" +PKI_DICTIONARY_MASTER="\n"\ +"=====================================================\n"\ +" DISPLAY CONTENTS OF PKI MASTER DICTIONARY\n"\ +"=====================================================" +PKI_DICTIONARY_SUBSYSTEM="\n"\ +"=====================================================\n"\ +" DISPLAY CONTENTS OF PKI SUBSYSTEM DICTIONARY\n"\ +"=====================================================" +PKI_DICTIONARY_WEB_SERVER="\n"\ +"=====================================================\n"\ +" DISPLAY CONTENTS OF PKI WEB SERVER DICTIONARY\n"\ +"=====================================================" +PKI_DIRECTORY_ALREADY_EXISTS_1 = "Directory '%s' already exists!" +PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1 = "Directory '%s' already "\ + "exists BUT it is NOT a "\ + "directory!" +PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 = "Directory '%s' is either "\ + "missing or is NOT a directory!" +PKI_FILE_MISSING_OR_NOT_A_FILE_1 = "File '%s' is either missing "\ + "or is NOT a regular file!" +PKI_UNABLE_TO_PARSE_1 = "'Could not parse: '%s'" +PKI_UNABLE_TO_CREATE_LOG_DIRECTORY_1 = "Could not create log directory '%s'!" +PKI_VERBOSITY_LEVELS_MESSAGE = "Only up to 3 levels of verbosity are supported!" + + +# PKI Deployment 'pkispawn' and 'pkidestroy' Messages +PKIDESTROY_BEGIN_MESSAGE_2 = "BEGIN destroying subsystem '%s' of "\ + "instance '%s' . . ." +PKIDESTROY_END_MESSAGE_2 = "END destroying subsystem '%s' of "\ + "instance '%s'." +PKIRESPAWN_BEGIN_MESSAGE_2 = "BEGIN respawning subsystem '%s' of "\ + "instance '%s' . . ." +PKIRESPAWN_END_MESSAGE_2 = "END respawning subsystem '%s' of "\ + "instance '%s'." +PKISPAWN_BEGIN_MESSAGE_2 = "BEGIN spawning subsystem '%s' of "\ + "instance '%s' . . ." +PKISPAWN_END_MESSAGE_2 = "END spawning subsystem '%s' of "\ + "instance '%s'." + + +# PKI Deployment "Scriptlet" Messages +INSTANCE_DESTROY_1 = " depopulating '%s'" +INSTANCE_RESPAWN_1 = " repopulating '%s'" +INSTANCE_SPAWN_1 = " populating '%s'" +INSTANCE_SPAWN_MKDIR_1 = " mkdir '%s'" +SECURITY_DATABASES_DESTROY_1 = " removing '%s'" +SECURITY_DATABASES_RESPAWN_1 = " regenerating '%s'" +SECURITY_DATABASES_SPAWN_1 = " generating '%s'" + diff --git a/base/deploy/src/scriptlets/pkiscriptlet.py b/base/deploy/src/scriptlets/pkiscriptlet.py new file mode 100644 index 000000000..5befd993a --- /dev/null +++ b/base/deploy/src/scriptlets/pkiscriptlet.py @@ -0,0 +1,47 @@ +#!/usr/bin/python -t +# Authors: +# Matthew Harmsen +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2011 Red Hat, Inc. +# All rights reserved. +# + +# System Imports +import abc + + +# PKI Deployment Classes +class AbstractBasePkiScriptlet(object): + __metaclass__ = abc.ABCMeta + + @abc.abstractmethod + def spawn(self): + """Retrieve data from the specified PKI dictionary and + use it to install a new PKI instance.""" + return + + @abc.abstractmethod + def respawn(self): + """Retrieve data from the specified PKI dictionary and + use it to update an existing PKI instance.""" + return + + @abc.abstractmethod + def destroy(self): + """Retrieve data from the specified PKI dictionary and + use it to destroy an existing PKI instance.""" + return + diff --git a/base/deploy/src/scriptlets/security_databases.py b/base/deploy/src/scriptlets/security_databases.py new file mode 100644 index 000000000..af47cbd5d --- /dev/null +++ b/base/deploy/src/scriptlets/security_databases.py @@ -0,0 +1,78 @@ +#!/usr/bin/python -t +# Authors: +# Matthew Harmsen +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2011 Red Hat, Inc. +# All rights reserved. +# + +# System Imports +import os + +# PKI Deployment Imports +import pkiconfig as config +import pkimessages as log +import pkiscriptlet + + +# PKI Deployment Security Database Classes +class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): + rv = 0 + pki_path = config.pki_root_prefix +\ + config.pki_master_dict['pki_instance_root'] + pki_instance_path = pki_path + "/" +\ + config.pki_master_dict['pki_instance_name'] + pki_subsystem_path = pki_instance_path + "/" +\ + config.pki_master_dict['pki_subsystem'].lower() + pki_database_path = pki_subsystem_path + "/" +\ + config.PKI_SECURITY_DATABASE_DIR + + def spawn(self): + if not os.path.exists(self.pki_database_path): + config.pki_log.info(log.SECURITY_DATABASES_SPAWN_1, __name__) + elif not os.path.isdir(self.pki_database_path): + config.pki_log.error( + log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1, + self.pki_database_path) + self.rv = -1 + else: + config.pki_log.error(log.PKI_DIRECTORY_ALREADY_EXISTS_1, + self.pki_database_path) + self.rv = -1 + return self.rv + + def respawn(self): + if not os.path.exists(self.pki_database_path) or\ + not os.path.isdir(self.pki_database_path): + config.pki_log.error( + log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, + self.pki_database_path) + self.rv = -1 + else: + config.pki_log.info(log.SECURITY_DATABASES_RESPAWN_1, __name__) + return self.rv + + def destroy(self): + if not os.path.exists(self.pki_database_path) or\ + not os.path.isdir(self.pki_database_path): + config.pki_log.error( + log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, + self.pki_database_path) + self.rv = -1 + else: + config.pki_log.info(log.SECURITY_DATABASES_DESTROY_1, __name__) + return self.rv + -- cgit