summaryrefslogtreecommitdiffstats
path: root/base/deploy/src/scriptlets/initialization.py
blob: ba678cc277c60ad73eb58319e6ae930a0f57e827 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
#!/usr/bin/python -t
# Authors:
#     Matthew Harmsen <mharmsen@redhat.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; version 2 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Copyright (C) 2012 Red Hat, Inc.
# All rights reserved.
#

# PKI Deployment Imports
import pkiconfig as config
from pkiconfig import pki_master_dict as master
import pkihelper as util
import pkimessages as log
import pkiscriptlet


# PKI Deployment Initialization Scriptlet
class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
    rv = 0

    def spawn(self):
        # begin official logging
        config.pki_log.info(log.PKISPAWN_BEGIN_MESSAGE_2,
                            master['pki_subsystem'],
                            master['pki_instance_id'],
                            extra=config.PKI_INDENTATION_LEVEL_0)
        if config.str2bool(master['pki_skip_installation']):
            config.pki_log.info(log.SKIP_INITIALIZATION_SPAWN_1, __name__,
                                extra=config.PKI_INDENTATION_LEVEL_1)
            return self.rv
        else:
            config.pki_log.info(log.INITIALIZATION_SPAWN_1, __name__,
                                extra=config.PKI_INDENTATION_LEVEL_1)
            if master['pki_subsystem'] == "CA" and\
               config.str2bool(master['pki_external_step_two']):
                # verify that this type of "subsystem" currently EXISTS
                # for this "instance" (External CA Step 2)
                util.instance.verify_subsystem_exists()
                master['pki_skip_installation'] = "True";
            else:
                # verify that this type of "subsystem" does NOT yet
                # exist for this "instance"
                util.instance.verify_subsystem_does_not_exist()
                # detect and avoid any namespace collisions
                util.namespace.collision_detection()
        # initialize 'uid' and 'gid'
        util.identity.add_uid_and_gid(master['pki_user'], master['pki_group'])
        # establish 'uid' and 'gid'
        util.identity.set_uid(master['pki_user'])
        util.identity.set_gid(master['pki_group'])
        # verify existence of SENSITIVE configuration file data
        util.configuration_file.verify_sensitive_data()
        # verify existence of MUTUALLY EXCLUSIVE configuration file data
        util.configuration_file.verify_mutually_exclusive_data()
        # verify existence of PREDEFINED configuration file data
        util.configuration_file.verify_predefined_configuration_file_data()
        # verify selinux context of selected ports
        util.configuration_file.populate_non_default_ports()
        util.configuration_file.verify_selinux_ports()
        return self.rv

    def respawn(self):
        # begin official logging
        config.pki_log.info(log.PKIRESPAWN_BEGIN_MESSAGE_2,
                            master['pki_subsystem'],
                            master['pki_instance_id'],
                            extra=config.PKI_INDENTATION_LEVEL_0)
        config.pki_log.info(log.INITIALIZATION_RESPAWN_1, __name__,
                            extra=config.PKI_INDENTATION_LEVEL_1)
        # verify that this type of "subsystem" currently EXISTS
        # for this "instance"
        util.instance.verify_subsystem_exists()
        return self.rv

    def destroy(self):
        # begin official logging
        config.pki_log.info(log.PKIDESTROY_BEGIN_MESSAGE_2,
                            master['pki_subsystem'],
                            master['pki_instance_id'],
                            extra=config.PKI_INDENTATION_LEVEL_0)
        config.pki_log.info(log.INITIALIZATION_DESTROY_1, __name__,
                            extra=config.PKI_INDENTATION_LEVEL_1)
        # verify that this type of "subsystem" currently EXISTS
        # for this "instance"
        util.instance.verify_subsystem_exists()
        # verify that the command-line parameters match the values
        # that are present in the corresponding configuration file
        util.configuration_file.verify_command_matches_configuration_file()
        # establish 'uid' and 'gid'
        util.identity.set_uid(master['pki_user'])
        util.identity.set_gid(master['pki_group'])
        # get ports to remove selinux context
        util.configuration_file.populate_non_default_ports()
        # de-register instance from its Security Domain
        #
        #     NOTE:  Since the security domain of an instance must be up
        #            and running in order to be de-registered, this step
        #            must be done PRIOR to instance shutdown because this
        #            instance's security domain may be a part of a
        #            tightly-coupled shared instance.
        #
        util.security_domain.deregister()
        # ALWAYS Stop this Apache/Tomcat PKI Process
        util.systemd.stop()
        return self.rv