From 6260aca7bf54b5406db24ff368b52363a3c9ea28 Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Tue, 18 Dec 2012 14:46:41 -0500 Subject: WIP --- .../deploy/src/scriptlets/infrastructure_layout.py | 12 +- base/deploy/src/scriptlets/pkiconfig.py | 9 +- base/deploy/src/scriptlets/pkihelper.py | 4 +- base/deploy/src/scriptlets/pkiparser.py | 138 +++++++++++++-------- 4 files changed, 101 insertions(+), 62 deletions(-) (limited to 'base/deploy/src/scriptlets') diff --git a/base/deploy/src/scriptlets/infrastructure_layout.py b/base/deploy/src/scriptlets/infrastructure_layout.py index 947fbcdfe..5d0924f12 100644 --- a/base/deploy/src/scriptlets/infrastructure_layout.py +++ b/base/deploy/src/scriptlets/infrastructure_layout.py @@ -58,8 +58,16 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): util.directory.create(master['pki_subsystem_registry_path']) util.file.copy(master['pki_default_deployment_cfg'], master['pki_default_deployment_cfg_replica']) - util.file.copy(master['pki_user_deployment_cfg'], - master['pki_user_deployment_cfg_replica']) + if master['pki_user_deployment_cfg']: + util.file.copy(master['pki_user_deployment_cfg'], + master['pki_user_deployment_cfg_replica']) + else: + with open(master['pki_user_deployment_cfg_replica'], 'w') as f: + f.write('[' + master['pki_subsystem'] + ']\n') + f.write('pki_instance_name=' + master['pki_instance_name'] + '\n') + f.write('pki_admin_password=' + master['pki_admin_password'] + '\n') + f.write('pki_ds_password=' + master['pki_ds_password'] + '\n') + # establish top-level infrastructure, instance, and subsystem # base directories and create the "registry" symbolic link that # the "pkidestroy" executable relies upon diff --git a/base/deploy/src/scriptlets/pkiconfig.py b/base/deploy/src/scriptlets/pkiconfig.py index 7b20e474a..d85c4f140 100644 --- a/base/deploy/src/scriptlets/pkiconfig.py +++ b/base/deploy/src/scriptlets/pkiconfig.py @@ -125,15 +125,18 @@ pki_deployment_executable = None # PKI Deployment "Mandatory" Command-Line Variables pki_subsystem = None -# 'pkispawn' ONLY default_deployment_cfg = None user_deployment_cfg = None -# 'pkidestroy' ONLY -pki_deployed_instance_name = None +pki_instance_name = None # PKI Deployment "Optional" Command-Line Variables # 'pkispawn' ONLY pki_update_flag = False +pki_http_port = None +pki_https_port = None +pki_admin_user_name = None +pki_admin_password = None +pki_security_domain_name = None # PKI Deployment "Test" Command-Line Variables pki_root_prefix = None diff --git a/base/deploy/src/scriptlets/pkihelper.py b/base/deploy/src/scriptlets/pkihelper.py index 1eb7b51e6..ca0227f7e 100644 --- a/base/deploy/src/scriptlets/pkihelper.py +++ b/base/deploy/src/scriptlets/pkihelper.py @@ -792,11 +792,11 @@ class configuration_file: # Silently verify that the command-line parameters match the values # that are present in the corresponding configuration file if master['pki_deployment_executable'] == 'pkidestroy': - if master['pki_deployed_instance_name'] !=\ + if master['pki_instance_name'] !=\ master['pki_instance_id']: config.pki_log.error( log.PKIHELPER_COMMAND_LINE_PARAMETER_MISMATCH_2, - master['pki_deployed_instance_name'], + master['pki_instance_name'], master['pki_instance_id'], extra=config.PKI_INDENTATION_LEVEL_2) sys.exit(1) diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py index 558873ded..390d19a8c 100644 --- a/base/deploy/src/scriptlets/pkiparser.py +++ b/base/deploy/src/scriptlets/pkiparser.py @@ -22,6 +22,7 @@ # System Imports import ConfigParser import argparse +import getpass import logging import os import random @@ -57,7 +58,7 @@ class PKIConfigParser: self.mandatory.add_argument('-s', dest='pki_subsystem', action='store', nargs=1, choices=config.PKI_SUBSYSTEMS, - required=True, metavar='', + metavar='', help='where is ' 'CA, KRA, OCSP, RA, TKS, or TPS') # Establish 'Optional' command-line options @@ -122,7 +123,7 @@ class PKIConfigParser: return args - def validate(self): + def initialize(self): # Validate command-line options if len(config.pki_root_prefix) > 0: @@ -145,16 +146,45 @@ class PKIConfigParser: self.arg_parser.print_help() self.arg_parser.exit(-1); - # verify user configuration file exists - if not os.path.exists(config.user_deployment_cfg) or\ - not os.path.isfile(config.user_deployment_cfg): - print "ERROR: " +\ - log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 %\ - config.user_deployment_cfg - print - self.arg_parser.print_help() - self.arg_parser.exit(-1); + if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: + default_instance_name = 'pki-tomcat' + default_http_port = '8080' + default_https_port = '8443' + else: + default_instance_name = 'pki-apache' + default_http_port = '80' + default_https_port = '443' + self.pki_config = ConfigParser.SafeConfigParser({ + 'pki_instance_name': default_instance_name, + 'pki_http_port': default_http_port, + 'pki_https_port': default_https_port, + 'pki_dns_domainname': config.pki_dns_domainname, + 'pki_subsystem' : config.pki_subsystem, + 'pki_hostname': config.pki_hostname}) + + # Make keys case-sensitive! + self.pki_config.optionxform = str + with open(config.default_deployment_cfg) as f: + self.pki_config.readfp(f) + + config.pki_master_dict = dict(self.pki_config.items('DEFAULT')) + if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: + config.pki_master_dict.update(dict(self.pki_config.items('Tomcat'))) + else: + config.pki_master_dict.update(dict(self.pki_config.items('Apache'))) + config.pki_master_dict.update(dict(self.pki_config.items(config.pki_subsystem))) + + if config.user_deployment_cfg: + # verify user configuration file exists + if not os.path.exists(config.user_deployment_cfg) or\ + not os.path.isfile(config.user_deployment_cfg): + print "ERROR: " +\ + log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 %\ + config.user_deployment_cfg + print + parser.arg_parser.print_help() + parser.arg_parser.exit(-1); # The following code is based heavily upon # "http://www.decalage.info/en/python/configparser" @@ -179,53 +209,46 @@ class PKIConfigParser: f.close() return values + def read_text(self, property, message): + default = config.pki_master_dict[property] + if default: + message = message + ' [' + default + ']' + value = raw_input(message + ': ') + if len(value) == 0: + value = default + config.pki_master_dict[property] = value + + def read_password(self, property, message): + value = '' + while len(value) == 0: + value = getpass.getpass(prompt=message + ': ') + config.pki_master_dict[property] = value def read_pki_configuration_file(self): "Read configuration file sections into dictionaries" rv = 0 try: - if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: - default_instance_name = 'pki-tomcat' - default_http_port = '8080' - default_https_port = '8443' - else: - default_instance_name = 'pki-apache' - default_http_port = '80' - default_https_port = '443' - - predefined_dict = {'pki_instance_name': default_instance_name, - 'pki_http_port': default_http_port, - 'pki_https_port': default_https_port, - 'pki_dns_domainname': config.pki_dns_domainname, - 'pki_subsystem' : config.pki_subsystem, - 'pki_hostname': config.pki_hostname} + print pkilogging.format(config.pki_master_dict) - self.pki_config = ConfigParser.SafeConfigParser(predefined_dict) + self.pki_config = ConfigParser.SafeConfigParser(config.pki_master_dict) # Make keys case-sensitive! self.pki_config.optionxform = str - self.pki_config.read([ - config.default_deployment_cfg, - config.user_deployment_cfg]) + with open(config.default_deployment_cfg) as f: + self.pki_config.readfp(f) + + if config.user_deployment_cfg: + print 'Reading configuration file ' + config.user_deployment_cfg + '.' + self.pki_config.read([config.user_deployment_cfg]) + config.pki_default_dict = dict(self.pki_config.items('DEFAULT')) - pkilogging.sensitive_parameters = config.pki_default_dict['sensitive_parameters'].split() - if config.pki_subsystem == "CA": - config.pki_web_server_dict = dict(self.pki_config.items('Tomcat')) - config.pki_subsystem_dict = dict(self.pki_config.items('CA')) - elif config.pki_subsystem == "KRA": - config.pki_web_server_dict = dict(self.pki_config.items('Tomcat')) - config.pki_subsystem_dict = dict(self.pki_config.items('KRA')) - elif config.pki_subsystem == "OCSP": - config.pki_web_server_dict = dict(self.pki_config.items('Tomcat')) - config.pki_subsystem_dict = dict(self.pki_config.items('OCSP')) - elif config.pki_subsystem == "RA": - config.pki_web_server_dict = dict(self.pki_config.items('Apache')) - config.pki_subsystem_dict = dict(self.pki_config.items('RA')) - elif config.pki_subsystem == "TKS": - config.pki_web_server_dict = dict(self.pki_config.items('Tomcat')) - config.pki_subsystem_dict = dict(self.pki_config.items('TKS')) - elif config.pki_subsystem == "TPS": - config.pki_web_server_dict = dict(self.pki_config.items('Apache')) - config.pki_subsystem_dict = dict(self.pki_config.items('TPS')) + if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: + if self.pki_config.has_section('Tomcat'): + config.pki_web_server_dict = dict(self.pki_config.items('Tomcat')) + else: + if self.pki_config.has_section('Apache'): + config.pki_web_server_dict = dict(self.pki_config.items('Apache')) + if self.pki_config.has_section(config.pki_subsystem): + config.pki_subsystem_dict = dict(self.pki_config.items(config.pki_subsystem)) # Insert empty record into dictionaries for "pretty print" statements # NEVER print "sensitive" key value pairs!!! config.pki_default_dict[0] = None @@ -240,7 +263,6 @@ class PKIConfigParser: def compose_pki_master_dictionary(self): "Create a single master PKI dictionary from the sectional dictionaries" try: - config.pki_master_dict = dict() # 'pkispawn'/'pkirespawn'/'pkidestroy' name/value pairs config.pki_master_dict['pki_deployment_executable'] =\ config.pki_deployment_executable @@ -253,8 +275,9 @@ class PKIConfigParser: config.pki_jython_log_level config.pki_master_dict['pki_default_deployment_cfg'] = config.default_deployment_cfg config.pki_master_dict['pki_user_deployment_cfg'] = config.user_deployment_cfg - config.pki_master_dict['pki_deployed_instance_name'] =\ - config.pki_deployed_instance_name + if config.pki_instance_name: + config.pki_master_dict['pki_instance_name'] =\ + config.pki_instance_name # Generate random 'pin's for use as security database passwords # and add these to the "sensitive" key value pairs read in from # the configuration file @@ -266,11 +289,16 @@ class PKIConfigParser: random.randint(pin_low, pin_high) # Configuration file name/value pairs # NEVER add "sensitive" key value pairs to the master dictionary!!! - config.pki_master_dict.update(config.pki_default_dict) - config.pki_master_dict.update(config.pki_web_server_dict) - config.pki_master_dict.update(config.pki_subsystem_dict) + if config.pki_default_dict: + config.pki_master_dict.update(config.pki_default_dict) + if config.pki_web_server_dict: + config.pki_master_dict.update(config.pki_web_server_dict) + if config.pki_subsystem_dict: + config.pki_master_dict.update(config.pki_subsystem_dict) config.pki_master_dict.update(__name__="PKI Master Dictionary") + pkilogging.sensitive_parameters = config.pki_master_dict['sensitive_parameters'].split() + # RESTEasy config.pki_master_dict['RESTEASY_LIB'] =\ subprocess.check_output( -- cgit