From f20225af9b168fb62de91d0a76baf76642ad4b5a Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Tue, 20 Jan 2015 22:11:50 -0500 Subject: [PATCH] Added server management CLI. A new pki-server CLI has been added to manage the instances and subsystems using the server management library. This CLI manages the system files directly, so it can only be run locally on the server by the system administrator. The autoDeploy setting in server.xml has been enabled by default. An upgrade script has been added to enable the autoDeploy setting in existing instances. https://fedorahosted.org/pki/ticket/1183 --- base/common/python/pki/cli.py | 145 ++++++++++ base/server/python/pki/server/cli/__init__.py | 0 base/server/python/pki/server/cli/instance.py | 252 +++++++++++++++++ base/server/python/pki/server/cli/subsystem.py | 310 +++++++++++++++++++++ base/server/sbin/pki-server | 84 ++++++ base/server/share/conf/server.xml | 2 +- .../10.2.2/02-EnableWebApplicationAutoDeploy | 56 ++++ pylint-build-scan.sh | 8 +- specs/pki-core.spec | 1 + 9 files changed, 856 insertions(+), 2 deletions(-) create mode 100644 base/common/python/pki/cli.py create mode 100644 base/server/python/pki/server/cli/__init__.py create mode 100644 base/server/python/pki/server/cli/instance.py create mode 100644 base/server/python/pki/server/cli/subsystem.py create mode 100644 base/server/sbin/pki-server create mode 100755 base/server/upgrade/10.2.2/02-EnableWebApplicationAutoDeploy diff --git a/base/common/python/pki/cli.py b/base/common/python/pki/cli.py new file mode 100644 index 0000000000000000000000000000000000000000..d44875fcb42bddd0cad4f4e6314c84890965e3d4 --- /dev/null +++ b/base/common/python/pki/cli.py @@ -0,0 +1,145 @@ +#!/usr/bin/python +# Authors: +# Endi S. Dewata +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2015 Red Hat, Inc. +# All rights reserved. +# + +import sys +import collections + + +class CLI(object): + + def __init__(self, name, description): + + self.name = name + self.description = description + self.parent = None + + self.verbose = False + self.modules = collections.OrderedDict() + + def set_verbose(self, verbose): + self.verbose = verbose + if self.parent: + self.parent.set_verbose(verbose) + + def get_full_name(self): + if self.parent: + return self.parent.get_full_module_name(self.name) + return self.name + + def get_full_module_name(self, module_name): + return self.get_full_name() + '-' + module_name + + def add_module(self, module): + self.modules[module.name] = module + module.parent = self + + def get_module(self, name): + return self.modules.get(name) + + def print_message(self, message): + print '-' * len(message) + print message + print '-' * len(message) + + def print_help(self): + + print 'Commands:' + + for module in self.modules.itervalues(): + full_name = module.get_full_name() + print ' {:30}{:30}'.format(full_name, module.description) + + def init(self): + pass + + def execute(self, args): + + if len(args) == 0: + self.print_help() + sys.exit() + + # A command consists of parts joined by dashes: --...-. + # For example: cert-request-find + command = args[0] + + # The command will be split into module name and sub command, for example: + # - module name: cert + # - sub command: request-find + module_name = None + sub_command = None + + # Search the module by incrementally adding parts into module name. + # Repeat until it finds the module or until there is no more parts to add. + module = None + position = 0 + + while True: + + # Find the next dash. + i = command.find('-', position) + if i >= 0: + # Dash found. Split command into module name and sub command. + module_name = command[0:i] + sub_command = command[i+1:] + else: + # Dash not found. Use the whole command. + module_name = command + sub_command = None + + if self.verbose: + print 'Module: %s' % module_name + + m = self.get_module(module_name) + if m: + # Module found. Check sub command. + if not sub_command: + # No sub command. Use this module. + module = m + break + + # There is a sub command. It must be processed by module's children. + if len(m.modules) > 0: + # Module has children. Use this module. + module = m + break + + # Module doesn't have children. Keep looking. + + # If there's no more dashes, stop. + if i<0: + break + + position = i + 1 + + if not module: + raise Exception('Invalid module "%s".' % self.get_full_module_name(module_name)) + + # Prepare module arguments. + if sub_command: + # If module command exists, include it as arguments: ... + module_args = [sub_command] + args[1:] + + else: + # Otherwise, pass the original arguments: ... + module_args = args[1:] + + module.init() + module.execute(module_args) diff --git a/base/server/python/pki/server/cli/__init__.py b/base/server/python/pki/server/cli/__init__.py new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/base/server/python/pki/server/cli/instance.py b/base/server/python/pki/server/cli/instance.py new file mode 100644 index 0000000000000000000000000000000000000000..c1ec9ddd728950d2b39384249b25335d25820c6a --- /dev/null +++ b/base/server/python/pki/server/cli/instance.py @@ -0,0 +1,252 @@ +#!/usr/bin/python +# Authors: +# Endi S. Dewata +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2015 Red Hat, Inc. +# All rights reserved. +# + +import getopt +import os +import sys + +import pki.cli +import pki.server + + +class InstanceCLI(pki.cli.CLI): + + def __init__(self): + super(InstanceCLI, self).__init__('instance', 'Instance management commands') + + self.add_module(InstanceFindCLI()) + self.add_module(InstanceShowCLI()) + self.add_module(InstanceStartCLI()) + self.add_module(InstanceStopCLI()) + + @staticmethod + def print_instance(instance): + print ' Instance ID: %s' % instance.name + print ' Active: %s' % instance.is_active() + + +class InstanceFindCLI(pki.cli.CLI): + + def __init__(self): + super(InstanceFindCLI, self).__init__('find', 'Find instances') + + def print_help(self): + print 'Usage: pki-server instance-find [OPTIONS]' + print + print ' -v, --verbose Run in verbose mode.' + print ' --help Show help message.' + print + + def execute(self, argv): + + try: + opts, _ = getopt.getopt(argv, 'i:v', [ + 'verbose', 'help']) + + except getopt.GetoptError as e: + print 'ERROR: ' + str(e) + self.print_help() + sys.exit(1) + + for o, _ in opts: + if o in ('-v', '--verbose'): + self.set_verbose(True) + + elif o == '--help': + self.print_help() + sys.exit() + + else: + print 'ERROR: unknown option ' + o + self.print_help() + sys.exit(1) + + results = [] + if os.path.exists(pki.server.INSTANCE_BASE_DIR): + for f in os.listdir(pki.server.INSTANCE_BASE_DIR): + + if not os.path.isdir: + continue + + results.append(f) + + self.print_message('%s entries matched' % len(results)) + + first = True + for instance_name in results: + if first: + first = False + else: + print + + instance = pki.server.PKIInstance(instance_name) + instance.load() + + InstanceCLI.print_instance(instance) + + +class InstanceShowCLI(pki.cli.CLI): + + def __init__(self): + super(InstanceShowCLI, self).__init__('show', 'Show instance') + + def print_help(self): + print 'Usage: pki-server instance-show [OPTIONS] ' + print + print ' -v, --verbose Run in verbose mode.' + print ' --help Show help message.' + print + + def execute(self, argv): + + try: + opts, args = getopt.getopt(argv, 'i:v', [ + 'verbose', 'help']) + + except getopt.GetoptError as e: + print 'ERROR: ' + str(e) + self.print_help() + sys.exit(1) + + if len(args) != 1: + print 'ERROR: missing instance ID' + self.print_help() + sys.exit(1) + + instance_name = args[0] + + for o, _ in opts: + if o in ('-v', '--verbose'): + self.set_verbose(True) + + elif o == '--help': + self.print_help() + sys.exit() + + else: + print 'ERROR: unknown option ' + o + self.print_help() + sys.exit(1) + + instance = pki.server.PKIInstance(instance_name) + instance.load() + + InstanceCLI.print_instance(instance) + + +class InstanceStartCLI(pki.cli.CLI): + + def __init__(self): + super(InstanceStartCLI, self).__init__('start', 'Start instance') + + def print_help(self): + print 'Usage: pki-server instance-start [OPTIONS] ' + print + print ' -v, --verbose Run in verbose mode.' + print ' --help Show help message.' + print + + def execute(self, argv): + + try: + opts, args = getopt.getopt(argv, 'i:v', [ + 'verbose', 'help']) + + except getopt.GetoptError as e: + print 'ERROR: ' + str(e) + self.print_help() + sys.exit(1) + + if len(args) != 1: + print 'ERROR: missing instance ID' + self.print_help() + sys.exit(1) + + instance_name = args[0] + + for o, _ in opts: + if o in ('-v', '--verbose'): + self.set_verbose(True) + + elif o == '--help': + self.print_help() + sys.exit() + + else: + print 'ERROR: unknown option ' + o + self.print_help() + sys.exit(1) + + instance = pki.server.PKIInstance(instance_name) + instance.load() + instance.start() + + self.print_message('%s instance started' % instance_name) + + +class InstanceStopCLI(pki.cli.CLI): + + def __init__(self): + super(InstanceStopCLI, self).__init__('stop', 'Stop instance') + + def print_help(self): + print 'Usage: pki-server instance-stop [OPTIONS] ' + print + print ' -v, --verbose Run in verbose mode.' + print ' --help Show help message.' + print + + def execute(self, argv): + + try: + opts, args = getopt.getopt(argv, 'i:v', [ + 'verbose', 'help']) + + except getopt.GetoptError as e: + print 'ERROR: ' + str(e) + self.print_help() + sys.exit(1) + + if len(args) != 1: + print 'ERROR: missing instance ID' + self.print_help() + sys.exit(1) + + instance_name = args[0] + + for o, _ in opts: + if o in ('-v', '--verbose'): + self.set_verbose(True) + + elif o == '--help': + self.print_help() + sys.exit() + + else: + print 'ERROR: unknown option ' + o + self.print_help() + sys.exit(1) + + instance = pki.server.PKIInstance(instance_name) + instance.load() + instance.stop() + + self.print_message('%s instance stopped' % instance_name) diff --git a/base/server/python/pki/server/cli/subsystem.py b/base/server/python/pki/server/cli/subsystem.py new file mode 100644 index 0000000000000000000000000000000000000000..7e487ebee9c82ba193166a91f7bf2c4074d0f7a6 --- /dev/null +++ b/base/server/python/pki/server/cli/subsystem.py @@ -0,0 +1,310 @@ +#!/usr/bin/python +# Authors: +# Endi S. Dewata +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2015 Red Hat, Inc. +# All rights reserved. +# + +import getopt +import os +import sys + +import pki.cli +import pki.server + + +class SubsystemCLI(pki.cli.CLI): + + def __init__(self): + super(SubsystemCLI, self).__init__('subsystem', 'Subsystem management commands') + + self.add_module(SubsystemDisableCLI()) + self.add_module(SubsystemEnableCLI()) + self.add_module(SubsystemFindCLI()) + self.add_module(SubsystemShowCLI()) + + @staticmethod + def print_subsystem(subsystem): + print ' Subsystem ID: %s' % subsystem.name + print ' Instance ID: %s' % subsystem.instance.name + print ' Enabled: %s' % subsystem.is_enabled() + + +class SubsystemFindCLI(pki.cli.CLI): + + def __init__(self): + super(SubsystemFindCLI, self).__init__('find', 'Find subsystems') + + def usage(self): + print 'Usage: pki-server subsystem-find [OPTIONS]' + print + print ' -i, --instance Instance ID.' + print ' -v, --verbose Run in verbose mode.' + print ' --help Show help message.' + print + + def execute(self, args): + + try: + opts, _ = getopt.getopt(args, 'i:v', [ + 'instance=', + 'verbose', 'help']) + + except getopt.GetoptError as e: + print 'ERROR: ' + str(e) + self.usage() + sys.exit(1) + + instance_name = None + + for o, a in opts: + if o in ('-i', '--instance'): + instance_name = a + + elif o in ('-v', '--verbose'): + self.set_verbose(True) + + elif o == '--help': + self.print_help() + sys.exit() + + else: + print 'ERROR: unknown option ' + o + self.usage() + sys.exit(1) + + if not instance_name: + print 'ERROR: missing instance ID' + self.usage() + sys.exit(1) + + instance = pki.server.PKIInstance(instance_name) + instance.load() + + results = [] + + for name in os.listdir(instance.base_dir): + + subsystem = pki.server.PKISubsystem(instance, name) + if not subsystem.is_valid(): + continue + + results.append(subsystem) + + self.print_message('%s entries matched' % len(results)) + + first = True + for subsystem in results: + if first: + first = False + else: + print + + SubsystemCLI.print_subsystem(subsystem) + + +class SubsystemShowCLI(pki.cli.CLI): + + def __init__(self): + super(SubsystemShowCLI, self).__init__('show', 'Show subsystem') + + def usage(self): + print 'Usage: pki-server subsystem-show [OPTIONS] ' + print + print ' -i, --instance Instance ID.' + print ' -v, --verbose Run in verbose mode.' + print ' --help Show help message.' + print + + def execute(self, argv): + + try: + opts, args = getopt.getopt(argv, 'i:v', [ + 'instance=', + 'verbose', 'help']) + + except getopt.GetoptError as e: + print 'ERROR: ' + str(e) + self.usage() + sys.exit(1) + + if len(args) != 1: + print 'ERROR: missing subsystem ID' + self.usage() + sys.exit(1) + + subsystem_name = args[0] + instance_name = None + + for o, a in opts: + if o in ('-i', '--instance'): + instance_name = a + + elif o in ('-v', '--verbose'): + self.set_verbose(True) + + elif o == '--help': + self.print_help() + sys.exit() + + else: + print 'ERROR: unknown option ' + o + self.usage() + sys.exit(1) + + if not instance_name: + print 'ERROR: missing instance ID' + self.usage() + sys.exit(1) + + instance = pki.server.PKIInstance(instance_name) + instance.load() + + subsystem = pki.server.PKISubsystem(instance, subsystem_name) + + SubsystemCLI.print_subsystem(subsystem) + + +class SubsystemEnableCLI(pki.cli.CLI): + + def __init__(self): + super(SubsystemEnableCLI, self).__init__('enable', 'Enable subsystem') + + def usage(self): + print 'Usage: pki-server subsystem-enable [OPTIONS] ' + print + print ' -i, --instance Instance ID.' + print ' -v, --verbose Run in verbose mode.' + print ' --help Show help message.' + print + + def execute(self, argv): + + try: + opts, args = getopt.getopt(argv, 'i:v', [ + 'instance=', + 'verbose', 'help']) + + except getopt.GetoptError as e: + print 'ERROR: ' + str(e) + self.usage() + sys.exit(1) + + if len(args) != 1: + print 'ERROR: missing subsystem ID' + self.usage() + sys.exit(1) + + subsystem_name = args[0] + instance_name = None + + for o, a in opts: + if o in ('-i', '--instance'): + instance_name = a + + elif o in ('-v', '--verbose'): + self.set_verbose(True) + + elif o == '--help': + self.print_help() + sys.exit() + + else: + print 'ERROR: unknown option ' + o + self.usage() + sys.exit(1) + + if not instance_name: + print 'ERROR: missing instance ID' + self.usage() + sys.exit(1) + + instance = pki.server.PKIInstance(instance_name) + instance.load() + + subsystem = pki.server.PKISubsystem(instance, subsystem_name) + subsystem.enable() + + self.print_message('Enabled "%s" subsystem' % subsystem_name) + + SubsystemCLI.print_subsystem(subsystem) + + +class SubsystemDisableCLI(pki.cli.CLI): + + def __init__(self): + super(SubsystemDisableCLI, self).__init__('disable', 'Disable subsystem') + + def usage(self): + print 'Usage: pki-server subsystem-disable [OPTIONS] ' + print + print ' -i, --instance Instance ID.' + print ' -v, --verbose Run in verbose mode.' + print ' --help Show help message.' + print + + def execute(self, argv): + + try: + opts, args = getopt.getopt(argv, 'i:v', [ + 'instance=', + 'verbose', 'help']) + + except getopt.GetoptError as e: + print 'ERROR: ' + str(e) + self.usage() + sys.exit(1) + + if len(args) != 1: + print 'ERROR: missing subsystem ID' + self.usage() + sys.exit(1) + + subsystem_name = args[0] + instance_name = None + + for o, a in opts: + print 'option: %s %s' % (o, a) + if o in ('-i', '--instance'): + instance_name = a + + elif o in ('-v', '--verbose'): + self.set_verbose(True) + + elif o == '--help': + self.print_help() + sys.exit() + + else: + print 'ERROR: unknown option ' + o + self.usage() + sys.exit(1) + + if not instance_name: + print 'ERROR: missing instance ID' + self.usage() + sys.exit(1) + + instance = pki.server.PKIInstance(instance_name) + instance.load() + + subsystem = pki.server.PKISubsystem(instance, subsystem_name) + subsystem.disable() + + self.print_message('Disabled "%s" subsystem' % subsystem_name) + + SubsystemCLI.print_subsystem(subsystem) diff --git a/base/server/sbin/pki-server b/base/server/sbin/pki-server new file mode 100644 index 0000000000000000000000000000000000000000..c730ebd20feef9ef6d853b4a186422af7c3e3a71 --- /dev/null +++ b/base/server/sbin/pki-server @@ -0,0 +1,84 @@ +#!/usr/bin/python +# Authors: +# Endi S. Dewata +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2015 Red Hat, Inc. +# All rights reserved. +# + +import getopt +import sys + +import pki.cli +import pki.server.cli.instance +import pki.server.cli.subsystem + +class PKIServerCLI(pki.cli.CLI): + + def __init__(self): + + super(PKIServerCLI, self).__init__('pki-server', 'PKI server command-line interface') + + self.add_module(pki.server.cli.instance.InstanceCLI()) + self.add_module(pki.server.cli.subsystem.SubsystemCLI()) + + def get_full_module_name(self, module_name): + return module_name + + def print_help(self): + + print 'Usage: pki-server [OPTIONS]' + print + print ' -v, --verbose Run in verbose mode.' + print ' --help Show help message.' + print + + super(PKIServerCLI, self).print_help() + + def execute(self, argv): + + try: + opts, args = getopt.getopt(argv[1:], 'v', [ + 'verbose', 'help']) + + except getopt.GetoptError as e: + print 'ERROR: ' + str(e) + self.print_help() + sys.exit(1) + + for o, _ in opts: + if o in ('-v', '--verbose'): + self.verbose = True + + elif o == '--help': + self.print_help() + sys.exit() + + else: + print 'ERROR: unknown option ' + o + self.print_help() + sys.exit(1) + + if self.verbose: + print 'Command: %s' % ' '.join(args) + + super(PKIServerCLI, self).execute(args) + + +if __name__ == '__main__': + cli = PKIServerCLI() + cli.init() + cli.execute(sys.argv) diff --git a/base/server/share/conf/server.xml b/base/server/share/conf/server.xml index 306ebf25b9a2ac83f90e0e79e4530211ef7fc7ea..b9e8860b2179e1432ebef7d06ff9f2c70985c1b5 100644 --- a/base/server/share/conf/server.xml +++ b/base/server/share/conf/server.xml @@ -253,7 +253,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) -->