From 6260aca7bf54b5406db24ff368b52363a3c9ea28 Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Tue, 18 Dec 2012 14:46:41 -0500 Subject: WIP --- base/deploy/src/pkidestroy | 10 +- base/deploy/src/pkispawn | 58 ++++++--- .../deploy/src/scriptlets/infrastructure_layout.py | 12 +- base/deploy/src/scriptlets/pkiconfig.py | 9 +- base/deploy/src/scriptlets/pkihelper.py | 4 +- base/deploy/src/scriptlets/pkiparser.py | 138 +++++++++++++-------- 6 files changed, 149 insertions(+), 82 deletions(-) (limited to 'base/deploy/src') diff --git a/base/deploy/src/pkidestroy b/base/deploy/src/pkidestroy index 7d30d743a..f9c04b7c3 100755 --- a/base/deploy/src/pkidestroy +++ b/base/deploy/src/pkidestroy @@ -95,7 +95,7 @@ def main(argv): log.PKIDESTROY_EPILOG) parser.mandatory.add_argument('-i', - dest='pki_deployed_instance_name', + dest='pki_instance_name', action='store', nargs=1, required=True, metavar='', help='FORMAT: ${pki_instance_name}') @@ -103,13 +103,13 @@ def main(argv): args = parser.process_command_line_arguments(argv) # -i - config.pki_deployed_instance_name =\ - str(args.pki_deployed_instance_name).strip('[\']') + config.pki_instance_name =\ + str(args.pki_instance_name).strip('[\']') # verify that previously deployed instance exists deployed_pki_instance_path = config.pki_root_prefix +\ config.PKI_DEPLOYMENT_BASE_ROOT + "/" +\ - config.pki_deployed_instance_name + config.pki_instance_name if not os.path.exists(deployed_pki_instance_path): print "ERROR: " + log.PKI_INSTANCE_DOES_NOT_EXIST_1 %\ deployed_pki_instance_path @@ -137,7 +137,7 @@ def main(argv): config.pki_subsystem.lower() + "/" +\ config.USER_DEPLOYMENT_CONFIGURATION - parser.validate() + parser.initialize() # Enable 'pkidestroy' logging. config.pki_log_dir = config.pki_root_prefix +\ diff --git a/base/deploy/src/pkispawn b/base/deploy/src/pkispawn index f64d79575..5b1d871f1 100755 --- a/base/deploy/src/pkispawn +++ b/base/deploy/src/pkispawn @@ -52,6 +52,10 @@ error was: def main(argv): "main entry point" + print "Dogtag 10.0.0 Subsystem Installation" + print "------------------------------------" + print + config.pki_deployment_executable = os.path.basename(argv[0]) # Only run this program as "root". @@ -96,7 +100,7 @@ def main(argv): parser.mandatory.add_argument('-f', dest='user_deployment_cfg', action='store', - nargs=1, required=True, metavar='', + nargs=1, metavar='', help='configuration filename ' '(MUST specify complete path)') @@ -109,12 +113,32 @@ def main(argv): config.default_deployment_cfg = config.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE # -f - config.user_deployment_cfg = str(args.user_deployment_cfg).strip('[\']') + if not args.user_deployment_cfg is None: + config.user_deployment_cfg = str(args.user_deployment_cfg).strip('[\']') # -u config.pki_update_flag = args.pki_update_flag - parser.validate() + if config.user_deployment_cfg is None: + config.pki_subsystem = 'CA' + value = raw_input('Subsystem type [' + config.pki_subsystem + ']: ') + if len(value) > 0: + config.pki_subsystem = value + + parser.initialize() + + if config.user_deployment_cfg is None: + parser.read_text('pki_instance_name', 'Instance name') + parser.read_text('pki_http_port', 'HTTP Port') + parser.read_text('pki_https_port', 'Secure HTTP port') + parser.read_text('pki_admin_uid', config.pki_subsystem + ' admin UID') + parser.read_password('pki_admin_password', config.pki_subsystem + ' admin password') + parser.read_text('pki_security_domain_name', 'Security domain name') + parser.read_text('pki_ds_hostname', 'Directory server hostname') + parser.read_text('pki_ds_ldap_port', 'Directory server port') + parser.read_text('pki_ds_base_dn', 'Directory server base DN') + parser.read_text('pki_ds_bind_dn', 'Directory server bind DN') + parser.read_password('pki_ds_password', 'Directory server password') if not os.path.exists(config.PKI_DEPLOYMENT_SOURCE_ROOT +\ "/" + config.pki_subsystem.lower()): @@ -162,18 +186,18 @@ def main(argv): sys.exit(1) # NEVER print out 'sensitive' name/value pairs!!! - config.pki_log.debug(log.PKI_DICTIONARY_DEFAULT, - extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pkilogging.format(config.pki_default_dict), - extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER, - extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pkilogging.format(config.pki_web_server_dict), - extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(log.PKI_DICTIONARY_SUBSYSTEM, - extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pkilogging.format(config.pki_subsystem_dict), - extra=config.PKI_INDENTATION_LEVEL_0) + #config.pki_log.debug(log.PKI_DICTIONARY_DEFAULT, + # extra=config.PKI_INDENTATION_LEVEL_0) + #config.pki_log.debug(pkilogging.format(config.pki_default_dict), + # extra=config.PKI_INDENTATION_LEVEL_0) + #config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER, + # extra=config.PKI_INDENTATION_LEVEL_0) + #config.pki_log.debug(pkilogging.format(config.pki_web_server_dict), + # extra=config.PKI_INDENTATION_LEVEL_0) + #config.pki_log.debug(log.PKI_DICTIONARY_SUBSYSTEM, + # extra=config.PKI_INDENTATION_LEVEL_0) + #config.pki_log.debug(pkilogging.format(config.pki_subsystem_dict), + # extra=config.PKI_INDENTATION_LEVEL_0) # Read in the PKI slots configuration file. parser.compose_pki_slots_dictionary() @@ -184,6 +208,7 @@ def main(argv): # Combine the various sectional dictionaries into a PKI master dictionary parser.compose_pki_master_dictionary() + if not config.pki_update_flag: config.pki_master_dict['pki_spawn_log'] = config.pki_log_dir + "/" +\ config.pki_log_name @@ -214,6 +239,9 @@ def main(argv): config.pki_log.debug(pkilogging.format(config.pki_master_dict), extra=config.PKI_INDENTATION_LEVEL_0) + print + print "Installation complete." + # PKI Deployment Entry Point if __name__ == "__main__": diff --git a/base/deploy/src/scriptlets/infrastructure_layout.py b/base/deploy/src/scriptlets/infrastructure_layout.py index 947fbcdfe..5d0924f12 100644 --- a/base/deploy/src/scriptlets/infrastructure_layout.py +++ b/base/deploy/src/scriptlets/infrastructure_layout.py @@ -58,8 +58,16 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): util.directory.create(master['pki_subsystem_registry_path']) util.file.copy(master['pki_default_deployment_cfg'], master['pki_default_deployment_cfg_replica']) - util.file.copy(master['pki_user_deployment_cfg'], - master['pki_user_deployment_cfg_replica']) + if master['pki_user_deployment_cfg']: + util.file.copy(master['pki_user_deployment_cfg'], + master['pki_user_deployment_cfg_replica']) + else: + with open(master['pki_user_deployment_cfg_replica'], 'w') as f: + f.write('[' + master['pki_subsystem'] + ']\n') + f.write('pki_instance_name=' + master['pki_instance_name'] + '\n') + f.write('pki_admin_password=' + master['pki_admin_password'] + '\n') + f.write('pki_ds_password=' + master['pki_ds_password'] + '\n') + # establish top-level infrastructure, instance, and subsystem # base directories and create the "registry" symbolic link that # the "pkidestroy" executable relies upon diff --git a/base/deploy/src/scriptlets/pkiconfig.py b/base/deploy/src/scriptlets/pkiconfig.py index 7b20e474a..d85c4f140 100644 --- a/base/deploy/src/scriptlets/pkiconfig.py +++ b/base/deploy/src/scriptlets/pkiconfig.py @@ -125,15 +125,18 @@ pki_deployment_executable = None # PKI Deployment "Mandatory" Command-Line Variables pki_subsystem = None -# 'pkispawn' ONLY default_deployment_cfg = None user_deployment_cfg = None -# 'pkidestroy' ONLY -pki_deployed_instance_name = None +pki_instance_name = None # PKI Deployment "Optional" Command-Line Variables # 'pkispawn' ONLY pki_update_flag = False +pki_http_port = None +pki_https_port = None +pki_admin_user_name = None +pki_admin_password = None +pki_security_domain_name = None # PKI Deployment "Test" Command-Line Variables pki_root_prefix = None diff --git a/base/deploy/src/scriptlets/pkihelper.py b/base/deploy/src/scriptlets/pkihelper.py index 1eb7b51e6..ca0227f7e 100644 --- a/base/deploy/src/scriptlets/pkihelper.py +++ b/base/deploy/src/scriptlets/pkihelper.py @@ -792,11 +792,11 @@ class configuration_file: # Silently verify that the command-line parameters match the values # that are present in the corresponding configuration file if master['pki_deployment_executable'] == 'pkidestroy': - if master['pki_deployed_instance_name'] !=\ + if master['pki_instance_name'] !=\ master['pki_instance_id']: config.pki_log.error( log.PKIHELPER_COMMAND_LINE_PARAMETER_MISMATCH_2, - master['pki_deployed_instance_name'], + master['pki_instance_name'], master['pki_instance_id'], extra=config.PKI_INDENTATION_LEVEL_2) sys.exit(1) diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py index 558873ded..390d19a8c 100644 --- a/base/deploy/src/scriptlets/pkiparser.py +++ b/base/deploy/src/scriptlets/pkiparser.py @@ -22,6 +22,7 @@ # System Imports import ConfigParser import argparse +import getpass import logging import os import random @@ -57,7 +58,7 @@ class PKIConfigParser: self.mandatory.add_argument('-s', dest='pki_subsystem', action='store', nargs=1, choices=config.PKI_SUBSYSTEMS, - required=True, metavar='', + metavar='', help='where is ' 'CA, KRA, OCSP, RA, TKS, or TPS') # Establish 'Optional' command-line options @@ -122,7 +123,7 @@ class PKIConfigParser: return args - def validate(self): + def initialize(self): # Validate command-line options if len(config.pki_root_prefix) > 0: @@ -145,16 +146,45 @@ class PKIConfigParser: self.arg_parser.print_help() self.arg_parser.exit(-1); - # verify user configuration file exists - if not os.path.exists(config.user_deployment_cfg) or\ - not os.path.isfile(config.user_deployment_cfg): - print "ERROR: " +\ - log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 %\ - config.user_deployment_cfg - print - self.arg_parser.print_help() - self.arg_parser.exit(-1); + if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: + default_instance_name = 'pki-tomcat' + default_http_port = '8080' + default_https_port = '8443' + else: + default_instance_name = 'pki-apache' + default_http_port = '80' + default_https_port = '443' + self.pki_config = ConfigParser.SafeConfigParser({ + 'pki_instance_name': default_instance_name, + 'pki_http_port': default_http_port, + 'pki_https_port': default_https_port, + 'pki_dns_domainname': config.pki_dns_domainname, + 'pki_subsystem' : config.pki_subsystem, + 'pki_hostname': config.pki_hostname}) + + # Make keys case-sensitive! + self.pki_config.optionxform = str + with open(config.default_deployment_cfg) as f: + self.pki_config.readfp(f) + + config.pki_master_dict = dict(self.pki_config.items('DEFAULT')) + if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: + config.pki_master_dict.update(dict(self.pki_config.items('Tomcat'))) + else: + config.pki_master_dict.update(dict(self.pki_config.items('Apache'))) + config.pki_master_dict.update(dict(self.pki_config.items(config.pki_subsystem))) + + if config.user_deployment_cfg: + # verify user configuration file exists + if not os.path.exists(config.user_deployment_cfg) or\ + not os.path.isfile(config.user_deployment_cfg): + print "ERROR: " +\ + log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 %\ + config.user_deployment_cfg + print + parser.arg_parser.print_help() + parser.arg_parser.exit(-1); # The following code is based heavily upon # "http://www.decalage.info/en/python/configparser" @@ -179,53 +209,46 @@ class PKIConfigParser: f.close() return values + def read_text(self, property, message): + default = config.pki_master_dict[property] + if default: + message = message + ' [' + default + ']' + value = raw_input(message + ': ') + if len(value) == 0: + value = default + config.pki_master_dict[property] = value + + def read_password(self, property, message): + value = '' + while len(value) == 0: + value = getpass.getpass(prompt=message + ': ') + config.pki_master_dict[property] = value def read_pki_configuration_file(self): "Read configuration file sections into dictionaries" rv = 0 try: - if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: - default_instance_name = 'pki-tomcat' - default_http_port = '8080' - default_https_port = '8443' - else: - default_instance_name = 'pki-apache' - default_http_port = '80' - default_https_port = '443' - - predefined_dict = {'pki_instance_name': default_instance_name, - 'pki_http_port': default_http_port, - 'pki_https_port': default_https_port, - 'pki_dns_domainname': config.pki_dns_domainname, - 'pki_subsystem' : config.pki_subsystem, - 'pki_hostname': config.pki_hostname} + print pkilogging.format(config.pki_master_dict) - self.pki_config = ConfigParser.SafeConfigParser(predefined_dict) + self.pki_config = ConfigParser.SafeConfigParser(config.pki_master_dict) # Make keys case-sensitive! self.pki_config.optionxform = str - self.pki_config.read([ - config.default_deployment_cfg, - config.user_deployment_cfg]) + with open(config.default_deployment_cfg) as f: + self.pki_config.readfp(f) + + if config.user_deployment_cfg: + print 'Reading configuration file ' + config.user_deployment_cfg + '.' + self.pki_config.read([config.user_deployment_cfg]) + config.pki_default_dict = dict(self.pki_config.items('DEFAULT')) - pkilogging.sensitive_parameters = config.pki_default_dict['sensitive_parameters'].split() - if config.pki_subsystem == "CA": - config.pki_web_server_dict = dict(self.pki_config.items('Tomcat')) - config.pki_subsystem_dict = dict(self.pki_config.items('CA')) - elif config.pki_subsystem == "KRA": - config.pki_web_server_dict = dict(self.pki_config.items('Tomcat')) - config.pki_subsystem_dict = dict(self.pki_config.items('KRA')) - elif config.pki_subsystem == "OCSP": - config.pki_web_server_dict = dict(self.pki_config.items('Tomcat')) - config.pki_subsystem_dict = dict(self.pki_config.items('OCSP')) - elif config.pki_subsystem == "RA": - config.pki_web_server_dict = dict(self.pki_config.items('Apache')) - config.pki_subsystem_dict = dict(self.pki_config.items('RA')) - elif config.pki_subsystem == "TKS": - config.pki_web_server_dict = dict(self.pki_config.items('Tomcat')) - config.pki_subsystem_dict = dict(self.pki_config.items('TKS')) - elif config.pki_subsystem == "TPS": - config.pki_web_server_dict = dict(self.pki_config.items('Apache')) - config.pki_subsystem_dict = dict(self.pki_config.items('TPS')) + if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: + if self.pki_config.has_section('Tomcat'): + config.pki_web_server_dict = dict(self.pki_config.items('Tomcat')) + else: + if self.pki_config.has_section('Apache'): + config.pki_web_server_dict = dict(self.pki_config.items('Apache')) + if self.pki_config.has_section(config.pki_subsystem): + config.pki_subsystem_dict = dict(self.pki_config.items(config.pki_subsystem)) # Insert empty record into dictionaries for "pretty print" statements # NEVER print "sensitive" key value pairs!!! config.pki_default_dict[0] = None @@ -240,7 +263,6 @@ class PKIConfigParser: def compose_pki_master_dictionary(self): "Create a single master PKI dictionary from the sectional dictionaries" try: - config.pki_master_dict = dict() # 'pkispawn'/'pkirespawn'/'pkidestroy' name/value pairs config.pki_master_dict['pki_deployment_executable'] =\ config.pki_deployment_executable @@ -253,8 +275,9 @@ class PKIConfigParser: config.pki_jython_log_level config.pki_master_dict['pki_default_deployment_cfg'] = config.default_deployment_cfg config.pki_master_dict['pki_user_deployment_cfg'] = config.user_deployment_cfg - config.pki_master_dict['pki_deployed_instance_name'] =\ - config.pki_deployed_instance_name + if config.pki_instance_name: + config.pki_master_dict['pki_instance_name'] =\ + config.pki_instance_name # Generate random 'pin's for use as security database passwords # and add these to the "sensitive" key value pairs read in from # the configuration file @@ -266,11 +289,16 @@ class PKIConfigParser: random.randint(pin_low, pin_high) # Configuration file name/value pairs # NEVER add "sensitive" key value pairs to the master dictionary!!! - config.pki_master_dict.update(config.pki_default_dict) - config.pki_master_dict.update(config.pki_web_server_dict) - config.pki_master_dict.update(config.pki_subsystem_dict) + if config.pki_default_dict: + config.pki_master_dict.update(config.pki_default_dict) + if config.pki_web_server_dict: + config.pki_master_dict.update(config.pki_web_server_dict) + if config.pki_subsystem_dict: + config.pki_master_dict.update(config.pki_subsystem_dict) config.pki_master_dict.update(__name__="PKI Master Dictionary") + pkilogging.sensitive_parameters = config.pki_master_dict['sensitive_parameters'].split() + # RESTEasy config.pki_master_dict['RESTEASY_LIB'] =\ subprocess.check_output( -- cgit