#!/usr/bin/python -t # Authors: # Matthew Harmsen # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; version 2 of the License. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License along # with this program; if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # # Copyright (C) 2012 Red Hat, Inc. # All rights reserved. # # System Imports import ConfigParser import argparse import logging import os # PKI Deployment Imports import pkiconfig as config import pkimessages as log # PKI Deployment Helper Functions def process_command_line_arguments(argv): "Read and process command-line options" description = None if os.path.basename(argv[0]) == 'pkispawn': description = 'PKI Instance Installation and Configuration' elif os.path.basename(argv[0]) == 'pkidestroy': description = 'PKI Instance Removal' parser = argparse.ArgumentParser( description=description, add_help=False, formatter_class=argparse.RawDescriptionHelpFormatter, epilog=log.PKI_VERBOSITY) mandatory = parser.add_argument_group('mandatory arguments') mandatory.add_argument('-s', dest='pki_subsystem', action='store', nargs=1, choices=config.PKI_SUBSYSTEMS, required=True, metavar='', help='where is ' 'CA, KRA, OCSP, RA, TKS, or TPS') optional = parser.add_argument_group('optional arguments') optional.add_argument('--dry_run', dest='pki_dry_run_flag', action='store_true', help='do not actually perform any actions') optional.add_argument('-f', dest='pkideployment_cfg', action='store', nargs=1, metavar='', help='overrides default configuration filename') optional.add_argument('-h', '--help', dest='help', action='help', help='show this help message and exit') optional.add_argument('-p', dest='pki_root_prefix', action='store', nargs=1, metavar='', help='directory prefix to specify local directory') if os.path.basename(argv[0]) == 'pkispawn': optional.add_argument('-u', dest='pki_update_flag', action='store_true', help='update instance of specified subsystem') optional.add_argument('-v', dest='pki_verbosity', action='count', help='display verbose information (details below)') custom = parser.add_argument_group('custom arguments ' '(OVERRIDES configuration file values)') custom.add_argument('-i', dest='pki_instance_name', action='store', nargs=1, metavar='', help='PKI instance name (MUST specify REQUIRED ports)') custom.add_argument('--http_port', dest='pki_http_port', action='store', nargs=1, metavar='', help='HTTP port (CA, KRA, OCSP, RA, TKS, TPS)') custom.add_argument('--https_port', dest='pki_https_port', action='store', nargs=1, metavar='', help='HTTPS port (CA, KRA, OCSP, RA, TKS, TPS)') custom.add_argument('--ajp_port', dest='pki_ajp_port', action='store', nargs=1, metavar='', help='AJP port (CA, KRA, OCSP, TKS)') args = parser.parse_args() config.pki_subsystem = str(args.pki_subsystem).strip('[\']') if args.pki_dry_run_flag: config.pki_dry_run_flag = args.pki_dry_run_flag if not args.pki_root_prefix is None: config.pki_root_prefix = str(args.pki_root_prefix).strip('[\']') if config.pki_root_prefix is None or\ len(config.pki_root_prefix) == 0: config.pki_root_prefix = "" elif not os.path.exists(config.pki_root_prefix) or\ not os.path.isdir(config.pki_root_prefix): print "ERROR: " +\ log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 %\ config.pki_root_prefix print parser.print_help() parser.exit(-1); if os.path.basename(argv[0]) == 'pkispawn': if args.pki_update_flag: config.pki_update_flag = args.pki_update_flag if args.pki_verbosity == 1: config.pki_console_log_level = logging.INFO config.pki_log_level = logging.INFO elif args.pki_verbosity == 2: config.pki_console_log_level = logging.INFO config.pki_log_level = logging.DEBUG elif args.pki_verbosity == 3: config.pki_console_log_level = logging.DEBUG config.pki_log_level = logging.DEBUG elif args.pki_verbosity > 3: print "ERROR: " + log.PKI_VERBOSITY_LEVELS_MESSAGE print parser.print_help() parser.exit(-1); if not args.pki_instance_name is None: config.pki_instance_name = str(args.pki_instance_name).strip('[\']') if not args.pki_http_port is None: config.pki_http_port = str(args.pki_http_port).strip('[\']') if not args.pki_https_port is None: config.pki_https_port = str(args.pki_https_port).strip('[\']') if not args.pki_ajp_port is None: if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: config.pki_ajp_port = str(args.pki_ajp_port).strip('[\']') else: print "ERROR: " +\ log.PKI_CUSTOM_TOMCAT_AJP_PORT_1 %\ config.pki_subsystem print parser.print_help() parser.exit(-1); if not args.pki_instance_name is None or\ not args.pki_http_port is None or\ not args.pki_https_port is None or\ not args.pki_ajp_port is None: if config.pki_subsystem in config.PKI_APACHE_SUBSYSTEMS: if args.pki_instance_name is None or\ args.pki_http_port is None or\ args.pki_https_port is None: print "ERROR: " + log.PKI_CUSTOM_APACHE_INSTANCE_1 %\ config.pki_subsystem print parser.print_help() parser.exit(-1); elif config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: if args.pki_instance_name is None or\ args.pki_http_port is None or\ args.pki_https_port is None or\ args.pki_ajp_port is None: print "ERROR: " + log.PKI_CUSTOM_TOMCAT_INSTANCE_1 %\ config.pki_subsystem print parser.print_help() parser.exit(-1); if not args.pkideployment_cfg is None: config.pkideployment_cfg = str(args.pkideployment_cfg).strip('[\']') elif os.path.basename(argv[0]) == 'pkidestroy': # NOTE: When performing 'pkidestroy', a configuration file must be # explicitly specified if it does not use the default location # and/or default configuration file name. config.pkideployment_cfg = config.pki_root_prefix +\ config.PKI_DEPLOYMENT_REGISTRY_ROOT + "/" +\ config.PKI_DEPLOYMENT_DEFAULT_INSTANCE_NAME + "/" +\ config.pki_subsystem.lower() +"/" +\ config.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE if not os.path.exists(config.pkideployment_cfg) or\ not os.path.isfile(config.pkideployment_cfg): print "ERROR: " +\ log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 %\ config.pkideployment_cfg print parser.print_help() parser.exit(-1); return def read_pki_configuration_file(): "Read configuration file sections into dictionaries" rv = 0 try: parser = ConfigParser.ConfigParser() parser.read(config.pkideployment_cfg) config.pki_common_dict = dict(parser._sections['Common']) if config.pki_subsystem == "CA": config.pki_web_server_dict = dict(parser._sections['Tomcat']) config.pki_subsystem_dict = dict(parser._sections['CA']) elif config.pki_subsystem == "KRA": config.pki_web_server_dict = dict(parser._sections['Tomcat']) config.pki_subsystem_dict = dict(parser._sections['KRA']) elif config.pki_subsystem == "OCSP": config.pki_web_server_dict = dict(parser._sections['Tomcat']) config.pki_subsystem_dict = dict(parser._sections['OCSP']) elif config.pki_subsystem == "RA": config.pki_web_server_dict = dict(parser._sections['Apache']) config.pki_subsystem_dict = dict(parser._sections['RA']) elif config.pki_subsystem == "TKS": config.pki_web_server_dict = dict(parser._sections['Tomcat']) config.pki_subsystem_dict = dict(parser._sections['TKS']) elif config.pki_subsystem == "TPS": config.pki_web_server_dict = dict(parser._sections['Apache']) config.pki_subsystem_dict = dict(parser._sections['TPS']) # Insert empty record into dictionaries for "pretty print" statements config.pki_common_dict[0] = None config.pki_web_server_dict[0] = None config.pki_subsystem_dict[0] = None except ConfigParser.ParsingError, err: rv = err return rv def compose_pki_master_dictionary(): "Create a single master PKI dictionary from the sectional dictionaries" config.pki_master_dict = dict() # 'pkispawn'/'pkirespawn'/'pkidestroy' name/value pairs config.pki_master_dict['pki_timestamp'] = config.pki_timestamp # Configuration file name/value pairs config.pki_master_dict.update(config.pki_common_dict) config.pki_master_dict.update(config.pki_web_server_dict) config.pki_master_dict.update(config.pki_subsystem_dict) config.pki_master_dict.update(__name__="PKI Master Dictionary") config.pki_master_dict['pki_source_conf'] =\ config.pki_master_dict['pki_source_root'] + "/" +\ config.pki_master_dict['pki_subsystem'].lower() + "/" + "conf" if config.pki_master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: config.pki_master_dict['pki_war'] =\ config.pki_master_dict['pki_source_root'] + "/" +\ config.pki_master_dict['pki_subsystem'].lower() + "/" +\ "war" + "/" + config.pki_master_dict['pki_war_name'] config.pki_master_dict['pki_tomcat_bin_path'] =\ config.pki_master_dict['pki_tomcat_root'] + "/" + "bin" config.pki_master_dict['pki_tomcat_lib_path'] =\ config.pki_master_dict['pki_tomcat_root'] + "/" + "lib" if config.pki_master_dict['pki_subsystem'] == "CA": config.pki_master_dict['pki_source_emails'] =\ config.pki_master_dict['pki_source_root'] + "/" +\ "ca" + "/" + "emails" config.pki_master_dict['pki_source_profiles'] =\ config.pki_master_dict['pki_source_root'] + "/" +\ "ca" + "/" + "profiles" # Instance layout base name/value pairs config.pki_master_dict['pki_root_prefix'] = config.pki_root_prefix config.pki_master_dict['pki_path'] =\ config.pki_master_dict['pki_root_prefix'] +\ config.pki_master_dict['pki_instance_root'] config.pki_master_dict['pki_instance_path'] =\ config.pki_master_dict['pki_path'] + "/" +\ config.pki_master_dict['pki_instance_name'] config.pki_master_dict['pki_instance_database_link'] =\ config.pki_master_dict['pki_instance_path'] + "/" + "alias" # Instance layout log name/value pairs config.pki_master_dict['pki_log_path'] =\ config.pki_master_dict['pki_root_prefix'] +\ config.pki_master_dict['pki_instance_log_root'] config.pki_master_dict['pki_instance_log_path'] =\ config.pki_master_dict['pki_log_path'] + "/" +\ config.pki_master_dict['pki_instance_name'] # Instance layout configuration name/value pairs config.pki_master_dict['pki_configuration_path'] =\ config.pki_master_dict['pki_root_prefix'] +\ config.pki_master_dict['pki_instance_configuration_root'] config.pki_master_dict['pki_instance_configuration_path'] =\ config.pki_master_dict['pki_configuration_path'] + "/" +\ config.pki_master_dict['pki_instance_name'] # Instance layout registry name/value pairs config.pki_master_dict['pki_registry_path'] =\ config.pki_master_dict['pki_root_prefix'] +\ config.PKI_DEPLOYMENT_REGISTRY_ROOT config.pki_master_dict['pki_instance_registry_path'] =\ config.pki_master_dict['pki_registry_path'] + "/" +\ config.pki_master_dict['pki_instance_name'] # Instance-based webserver Apache base name/value pairs if config.pki_master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: config.pki_master_dict['pki_apache_path'] =\ config.pki_master_dict['pki_instance_path'] + "/apache" # Instance-based webserver Tomcat base name/value pairs if config.pki_master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: config.pki_master_dict['pki_tomcat_path'] =\ config.pki_master_dict['pki_instance_path'] + "/" + "tomcat" config.pki_master_dict['pki_tomcat_bin_link'] =\ config.pki_master_dict['pki_tomcat_path'] + "/" + "bin" config.pki_master_dict['pki_common_path'] =\ config.pki_master_dict['pki_tomcat_path'] + "/" + "common" config.pki_master_dict['pki_common_lib_path'] =\ config.pki_master_dict['pki_common_path'] + "/" + "lib" config.pki_master_dict['pki_conf_path'] =\ config.pki_master_dict['pki_tomcat_path'] + "/" + "conf" config.pki_master_dict['pki_tomcat_lib_link'] =\ config.pki_master_dict['pki_tomcat_path'] + "/" + "lib" config.pki_master_dict['pki_tomcat_logs_link'] =\ config.pki_master_dict['pki_tomcat_path'] + "/" + "logs" config.pki_master_dict['pki_webapps_path'] =\ config.pki_master_dict['pki_tomcat_path'] + "/" + "webapps" config.pki_master_dict['pki_webapps_root_path'] =\ config.pki_master_dict['pki_webapps_path'] + "/" + "ROOT" config.pki_master_dict['pki_webapps_root_webinf_path'] =\ config.pki_master_dict['pki_webapps_root_path'] + "/" + "WEB-INF" config.pki_master_dict['pki_webapps_webinf_path'] =\ config.pki_master_dict['pki_webapps_path'] + "/" + "WEB-INF" config.pki_master_dict['pki_webapps_webinf_classes_path'] =\ config.pki_master_dict['pki_webapps_webinf_path'] + "/" + "classes" config.pki_master_dict['pki_webapps_webinf_lib_path'] =\ config.pki_master_dict['pki_webapps_webinf_path'] + "/" + "lib" config.pki_master_dict['pki_webapps_subsystem_path'] =\ config.pki_master_dict['pki_webapps_path'] + "/" +\ config.pki_master_dict['pki_subsystem'].lower() config.pki_master_dict['pki_webapps_subsystem_webinf_classes_link'] =\ config.pki_master_dict['pki_webapps_subsystem_path'] + "/" +\ "WEB-INF" + "/" + "classes" config.pki_master_dict['pki_webapps_subsystem_webinf_lib_link'] =\ config.pki_master_dict['pki_webapps_subsystem_path'] + "/" +\ "WEB-INF" + "/" + "lib" # Instance-based webserver Apache/Tomcat configuration name/value pairs config.pki_master_dict['pki_database_path'] =\ config.pki_master_dict['pki_instance_configuration_path'] + "/" +\ "alias" # Instance-based subsystem base name/value pairs config.pki_master_dict['pki_subsystem_path'] =\ config.pki_master_dict['pki_instance_path'] + "/" +\ config.pki_master_dict['pki_subsystem'].lower() config.pki_master_dict['pki_subsystem_database_link'] =\ config.pki_master_dict['pki_subsystem_path'] + "/" + "alias" config.pki_master_dict['pki_subsystem_configuration_link'] =\ config.pki_master_dict['pki_subsystem_path'] + "/" + "conf" config.pki_master_dict['pki_subsystem_logs_link'] =\ config.pki_master_dict['pki_subsystem_path'] + "/" + "logs" if config.pki_master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: if config.pki_master_dict['pki_subsystem'] == "CA": config.pki_master_dict['pki_subsystem_emails_path'] =\ config.pki_master_dict['pki_subsystem_path'] + "/" + "emails" config.pki_master_dict['pki_subsystem_profiles_path'] =\ config.pki_master_dict['pki_subsystem_path'] + "/" + "profiles" config.pki_master_dict['pki_subsystem_webapps_link'] =\ config.pki_master_dict['pki_subsystem_path'] + "/" + "webapps" # Instance-based subsystem log name/value pairs config.pki_master_dict['pki_subsystem_log_path'] =\ config.pki_master_dict['pki_instance_log_path'] + "/" +\ config.pki_master_dict['pki_subsystem'].lower() config.pki_master_dict['pki_subsystem_signed_audit_log_path'] =\ config.pki_master_dict['pki_subsystem_log_path'] + "/" +\ "signedAudit" # Instance-based subsystem configuration name/value pairs config.pki_master_dict['pki_subsystem_configuration_path'] =\ config.pki_master_dict['pki_instance_configuration_path'] + "/" +\ config.pki_master_dict['pki_subsystem'].lower() # Instance-based subsystem registry name/value pairs config.pki_master_dict['pki_subsystem_registry_path'] =\ config.pki_master_dict['pki_instance_registry_path'] + "/" +\ config.pki_master_dict['pki_subsystem'].lower() return