From 18b24a990ff9b97cf58aa630af0084975fe4c130 Mon Sep 17 00:00:00 2001 From: Matthew Harmsen Date: Mon, 13 Apr 2015 14:59:29 -0600 Subject: pki-tomcatd fails to start on system boot - PKI TRAC Ticket #1315 - pki-tomcatd fails to start on system boot - PKI TRAC Ticket #1340 - pkidestroy should not remove /var/lib/pki --- .../python/pki/server/deployment/pkihelper.py | 102 +++++++++++++++++++++ .../python/pki/server/deployment/pkimessages.py | 24 ++--- .../server/deployment/scriptlets/finalization.py | 11 +++ .../deployment/scriptlets/infrastructure_layout.py | 10 +- 4 files changed, 133 insertions(+), 14 deletions(-) (limited to 'base/server/python/pki/server/deployment') diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index 665922c64..d11badf5c 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -3248,6 +3248,108 @@ class Systemd(object): raise return + def disable(self, critical_failure=True): + # Legacy SysVinit shutdown (kill) script on system shutdown values: + # + # /etc/rc3.d/K13 --> /etc/init.d/ + # /etc/rc3.d/K14 --> /etc/init.d/ + # /etc/rc3.d/K16 --> /etc/init.d/ + # /etc/rc3.d/K17 --> /etc/init.d/ + # /etc/rc3.d/K18 --> /etc/init.d/ + # /etc/rc3.d/K19 --> /etc/init.d/ + # + """PKI Deployment execution management 'disable' method. + + Executes a 'systemd disable pki-tomcatd.target' system command, or + an 'rm /etc/rc3.d/*' system command on Debian systems. + + Args: + critical_failure (boolean, optional): Raise exception on failures; + defaults to 'True'. + + Attributes: + + Returns: + + Raises: + subprocess.CalledProcessError: If 'critical_failure' is 'True'. + + Examples: + + """ + try: + if pki.system.SYSTEM_TYPE == "debian": + command = ["rm", "/etc/rc3.d/*" + + self.mdict['pki_instance_name']] + else: + command = ["systemctl", "disable", "pki-tomcatd.target"] + + # Display this "systemd" execution managment command + config.pki_log.info( + log.PKIHELPER_SYSTEMD_COMMAND_1, ' '.join(command), + extra=config.PKI_INDENTATION_LEVEL_2) + # Execute this "systemd" execution management command + subprocess.check_call(command) + except subprocess.CalledProcessError as exc: + config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, + extra=config.PKI_INDENTATION_LEVEL_2) + if critical_failure: + raise + return + + def enable(self, critical_failure=True): + # Legacy SysVinit startup script on system boot values: + # + # /etc/rc3.d/S81 --> /etc/init.d/ + # /etc/rc3.d/S82 --> /etc/init.d/ + # /etc/rc3.d/S83 --> /etc/init.d/ + # /etc/rc3.d/S84 --> /etc/init.d/ + # /etc/rc3.d/S86 --> /etc/init.d/ + # /etc/rc3.d/S87 --> /etc/init.d/ + # + """PKI Deployment execution management 'enable' method. + + Executes a 'systemd enable pki-tomcatd.target' system command, or + an 'ln -s /etc/init.d/pki-tomcatd /etc/rc3.d/S89' + system command on Debian systems. + + Args: + critical_failure (boolean, optional): Raise exception on failures; + defaults to 'True'. + + Attributes: + + Returns: + + Raises: + subprocess.CalledProcessError: If 'critical_failure' is 'True'. + + Examples: + + """ + try: + if pki.system.SYSTEM_TYPE == "debian": + command = ["ln", "-s", "/etc/init.d/pki-tomcatd", + "/etc/rc3.d/S89" + self.mdict['pki_instance_name']] + else: + command = ["systemctl", "enable", "pki-tomcatd.target"] + + # Display this "systemd" execution managment command + config.pki_log.info( + log.PKIHELPER_SYSTEMD_COMMAND_1, ' '.join(command), + extra=config.PKI_INDENTATION_LEVEL_2) + # Execute this "systemd" execution management command + subprocess.check_call(command) + except subprocess.CalledProcessError as exc: + if pki.system.SYSTEM_TYPE == "debian": + if exc.returncode == 6: + return + config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, + extra=config.PKI_INDENTATION_LEVEL_2) + if critical_failure: + raise + return + def start(self, critical_failure=True, reload_daemon=True): """PKI Deployment execution management 'start' method. diff --git a/base/server/python/pki/server/deployment/pkimessages.py b/base/server/python/pki/server/deployment/pkimessages.py index 57752ff9f..e63bc582a 100644 --- a/base/server/python/pki/server/deployment/pkimessages.py +++ b/base/server/python/pki/server/deployment/pkimessages.py @@ -63,8 +63,7 @@ VERBOSITY FLAGS CONSOLE MESSAGE LEVEL LOG MESSAGE LEVEL PKI_BADZIPFILE_ERROR_1 = "zipfile.BadZipFile: %s!" PKI_CONFIGURATION_STANDALONE_1 = ''' Please obtain the necessary certificates for this stand-alone %s, - and re-run the configuration for step two. -''' + and re-run the configuration for step two.''' PKI_DIRECTORY_ALREADY_EXISTS_1 = "Directory '%s' already exists!" PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1 = \ "Directory '%s' already exists BUT it is NOT a directory!" @@ -351,15 +350,16 @@ PKI_CONFIG_RESPONSE_STATUS = "status:" PKI_CONFIG_NOT_YET_IMPLEMENTED_1 = " %s NOT YET IMPLEMENTED" PKI_CHECK_STATUS_MESSAGE = ''' To check the status of the subsystem: - systemctl status pki-tomcatd@%s.service -''' -PKI_ACCESS_URL = " The URL for the subsystem is: \n"\ - " https://%s:%s/%s/services" -PKI_ACCESS_TPS_URL = " The URL for the subsystem is: \n"\ - " https://%s:%s/%s" -PKI_INSTANCE_RESTART_MESSAGE = \ - " To restart the subsystem: \n"\ - " systemctl restart pki-tomcatd@%s.service" + systemctl status pki-tomcatd@%s.service''' +PKI_ACCESS_URL = ''' + The URL for the subsystem is: + https://%s:%s/%s/services''' +PKI_ACCESS_TPS_URL = ''' + The URL for the subsystem is: + https://%s:%s/%s''' +PKI_INSTANCE_RESTART_MESSAGE = ''' + To restart the subsystem: + systemctl restart pki-tomcatd@%s.service''' PKI_SPAWN_INFORMATION_HEADER = ''' @@ -371,6 +371,8 @@ PKI_SPAWN_INFORMATION_HEADER = ''' PKI_SPAWN_INFORMATION_FOOTER = ''' ========================================================================== ''' +PKI_SYSTEM_BOOT_STATUS_MESSAGE = ''' + PKI instances will be %s upon system boot''' # PKI Deployment "Scriptlet" Messages diff --git a/base/server/python/pki/server/deployment/scriptlets/finalization.py b/base/server/python/pki/server/deployment/scriptlets/finalization.py index 7d38a5228..c8b54097a 100644 --- a/base/server/python/pki/server/deployment/scriptlets/finalization.py +++ b/base/server/python/pki/server/deployment/scriptlets/finalization.py @@ -56,6 +56,12 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): deployer.file.copy( deployer.mdict['pki_manifest'], deployer.mdict['pki_manifest_spawn_archive']) + # Optionally, programmatically 'enable' the configured PKI instance + # to be started upon system boot (default is True) + if not config.str2bool(deployer.mdict['pki_enable_on_system_boot']): + deployer.systemd.disable() + else: + deployer.systemd.enable() # Optionally, programmatically 'restart' the configured PKI instance if config.str2bool(deployer.mdict['pki_restart_configured_instance']): deployer.systemd.restart() @@ -84,6 +90,11 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): config.pki_log.info(log.FINALIZATION_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) deployer.file.modify(deployer.mdict['pki_destroy_log'], silent=True) + # If this is the last remaining PKI instance, ALWAYS remove the + # link to start configured PKI instances upon system reboot + if deployer.mdict['pki_subsystem'] in config.PKI_SUBSYSTEMS and\ + deployer.instance.pki_instance_subsystems() == 0: + deployer.systemd.disable() # Start this Tomcat PKI Process if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS \ and len(deployer.instance.tomcat_instance_subsystems()) >= 1: diff --git a/base/server/python/pki/server/deployment/scriptlets/infrastructure_layout.py b/base/server/python/pki/server/deployment/scriptlets/infrastructure_layout.py index 60ce60167..fcd9fa63e 100644 --- a/base/server/python/pki/server/deployment/scriptlets/infrastructure_layout.py +++ b/base/server/python/pki/server/deployment/scriptlets/infrastructure_layout.py @@ -76,7 +76,9 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # establish top-level infrastructure, instance, and subsystem # base directories and create the "registry" symbolic link that # the "pkidestroy" executable relies upon - deployer.directory.create(deployer.mdict['pki_path']) + if deployer.mdict['pki_path'] != "/var/lib/pki": + # create relocated top-level infrastructure base + deployer.directory.create(deployer.mdict['pki_path']) deployer.directory.create(deployer.mdict['pki_instance_path']) deployer.directory.create(deployer.mdict['pki_subsystem_path']) deployer.symlink.create( @@ -104,8 +106,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # remove top-level infrastructure base if deployer.mdict['pki_subsystem'] in config.PKI_SUBSYSTEMS and\ deployer.instance.pki_instance_subsystems() == 0: - # remove top-level infrastructure base - deployer.directory.delete(deployer.mdict['pki_path']) + + if deployer.mdict['pki_path'] != "/var/lib/pki": + # remove relocated top-level infrastructure base + deployer.directory.delete(deployer.mdict['pki_path']) # do NOT remove top-level infrastructure logs # since it now stores 'pkispawn'/'pkidestroy' logs # deployer.directory.delete(deployer.mdict['pki_log_path']) -- cgit