From da6634dbae29c63df9ba9041abb712f1a205f993 Mon Sep 17 00:00:00 2001 From: Matthew Harmsen Date: Thu, 28 Aug 2014 19:49:10 -0700 Subject: [PATCH] Remove Apache info from pkispawn and pkidestroy - PKI TRAC Ticket #1077 - Consider removing [Apache] section from 'default.cfg' --- base/server/config/pkislots.cfg | 28 ------- base/server/etc/default.cfg | 33 +------- base/server/man/man5/pki_default.cfg.5 | 2 +- base/server/man/man8/pkidestroy.8 | 2 +- base/server/man/man8/pkispawn.8 | 2 +- .../python/pki/server/deployment/pkiconfig.py | 3 - .../python/pki/server/deployment/pkihelper.py | 88 +--------------------- .../python/pki/server/deployment/pkimessages.py | 7 +- .../python/pki/server/deployment/pkiparser.py | 58 ++------------ .../server/deployment/scriptlets/configuration.py | 27 +------ .../server/deployment/scriptlets/finalization.py | 7 +- .../server/deployment/scriptlets/initialization.py | 2 +- .../deployment/scriptlets/instance_layout.py | 20 +---- .../deployment/scriptlets/security_databases.py | 8 +- .../server/deployment/scriptlets/selinux_setup.py | 6 -- .../deployment/scriptlets/subsystem_layout.py | 2 +- 16 files changed, 24 insertions(+), 271 deletions(-) diff --git a/base/server/config/pkislots.cfg b/base/server/config/pkislots.cfg index ce1ac78..8f7dc78 100644 --- a/base/server/config/pkislots.cfg +++ b/base/server/config/pkislots.cfg @@ -1,31 +1,3 @@ -[Apache] -FORTITUDE_APACHE_SLOT=[FORTITUDE_APACHE] -FORTITUDE_AUTH_MODULES_SLOT=[FORTITUDE_AUTH_MODULES] -FORTITUDE_DIR_SLOT=[FORTITUDE_DIR] -FORTITUDE_LIB_DIR_SLOT=[FORTITUDE_LIB_DIR] -FORTITUDE_MODULE_SLOT=[FORTITUDE_MODULE] -FORTITUDE_NSS_MODULES_SLOT=[FORTITUDE_NSS_MODULES] -HTTPD_CONF_SLOT=[HTTPD_CONF] -LIB_PREFIX_SLOT=[LIB_PREFIX] -NON_CLIENTAUTH_SECURE_PORT_SLOT=[NON_CLIENTAUTH_SECURE_PORT] -NSS_CONF_SLOT=[NSS_CONF] -OBJ_EXT_SLOT=[OBJ_EXT] -PKI_INSTANCE_NAME_SLOT=[PKI_INSTANCE_NAME] -PKI_INSTANCE_INITSCRIPT_SLOT=[PKI_INSTANCE_INITSCRIPT] -PKI_LOCKDIR_SLOT=[PKI_LOCKDIR] -PKI_PIDDIR_SLOT=[PKI_PIDDIR] -PKI_REGISTRY_FILE_SLOT=[PKI_REGISTRY_FILE] -PKI_WEB_SERVER_TYPE_SLOT=[PKI_WEB_SERVER_TYPE] -PORT_SLOT=[PORT] -PROCESS_ID_SLOT=[PROCESS_ID] -REQUIRE_CFG_PL_SLOT=[REQUIRE_CFG_PL] -SECURE_PORT_SLOT=[SECURE_PORT] -SECURITY_LIBRARIES_SLOT=[SECURITY_LIBRARIES] -PKI_HOSTNAME_SLOT=[PKI_HOSTNAME] -SERVER_ROOT_SLOT=[SERVER_ROOT] -SYSTEM_LIBRARIES_SLOT=[SYSTEM_LIBRARIES] -SYSTEM_USER_LIBRARIES_SLOT=[SYSTEM_USER_LIBRARIES] -TMP_DIR_SLOT=[TMP_DIR] [Tomcat] application_version=[APPLICATION_VERSION] INSTALL_TIME_SLOT=[INSTALL_TIME] diff --git a/base/server/etc/default.cfg b/base/server/etc/default.cfg index 7ecbf10..9047e6e 100644 --- a/base/server/etc/default.cfg +++ b/base/server/etc/default.cfg @@ -52,7 +52,7 @@ destroy_scriplets= infrastructure_layout finalization -# By default, the following parameters will be set for Tomcat and Apache instances. +# By default, the following parameters will be set for Tomcat instances. # There is no reason to uncomment these. They are provided for reference in # case someone wants to override them in their config file. # @@ -60,11 +60,6 @@ destroy_scriplets= # pki_instance_name=pki-tomcat # pki_https_port=8443 # pki_http_port=8080 -# -# Apache instances: -# pki_instance_name=pki-apache -# pki_https_port=443 -# pki_http_port=80 pki_admin_cert_file=%(pki_client_dir)s/ca_admin.cert pki_admin_cert_request_type=pkcs10 @@ -164,32 +159,6 @@ pki_subsystem_registry_link=%(pki_subsystem_path)s/registry ############################################################################### -## Apache Configuration: ## -## ## -## Values in this section are common to PKI subsystems that run ## -## as an instance of 'Apache' (RA and TPS subsystems), and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[Apache] - -# Paths -# These are used in the processing of pkispawn and are not supposed -# to be overwritten by user configuration files. -# -pki_systemd_service=/lib/systemd/system/pki-apached@.service -pki_systemd_target=/lib/systemd/system/pki-apached.target -pki_systemd_target_wants=/etc/systemd/system/pki-apached.target.wants -pki_systemd_service_link=%(pki_systemd_target_wants)s/pki-apached@%(pki_instance_name)s.service -pki_cgroup_systemd_service_path=/sys/fs/cgroup/systemd/system/%(pki_systemd_service)s -pki_cgroup_systemd_service=%(pki_cgroup_systemd_service_path)s/%(pki_instance_name)s -pki_cgroup_cpu_systemd_service_path=/sys/fs/cgroup/cpu\,cpuacct/system/%(pki_systemd_service)s -pki_cgroup_cpu_systemd_service=%(pki_cgroup_cpu_systemd_service_path)s/%(pki_systemd_service)s -pki_instance_type=Apache -pki_instance_type_registry_path =%(pki_registry_path)s/apache -pki_instance_registry_path=%(pki_instance_type_registry_path)s/%(pki_instance_name)s -pki_subsystem_registry_path=%(pki_instance_registry_path)s/%(pki_subsystem_type)s - -############################################################################### ## Tomcat Configuration: ## ## ## ## Values in this section are common to PKI subsystems that run ## diff --git a/base/server/man/man5/pki_default.cfg.5 b/base/server/man/man5/pki_default.cfg.5 index c4e1f13..1522cc6 100644 --- a/base/server/man/man5/pki_default.cfg.5 +++ b/base/server/man/man5/pki_default.cfg.5 @@ -44,7 +44,7 @@ Name of the instance. The instance is located at /var/lib/pki/. .TP .B pki_https_port, pki_http_port .IP -Secure and unsecure ports. Defaults to standard Tomcat ports 8443 and 8080, respectively, for Java subsystems, and 443 and 80 for Apache subsystems. +Secure and unsecure ports. Defaults to standard Tomcat ports 8443 and 8080, respectively, for Java subsystems. .TP .B pki_ajp_port, pki_tomcat_server_port .IP diff --git a/base/server/man/man8/pkidestroy.8 b/base/server/man/man8/pkidestroy.8 index 407a915..cbf2051 100644 --- a/base/server/man/man8/pkidestroy.8 +++ b/base/server/man/man8/pkidestroy.8 @@ -25,7 +25,7 @@ Removes a subsystem from an instance of Certificate Server. This utility remove .PP .TP \fBNote:\fP -This utility is only used for Java-based subsystems. The Apache-based Certificate Server subsystems (RA and TPS) are removed using \fBpkiremove\fP. +This utility is only used for Java-based subsystems. .PP An instance can contain multiple subsystems, although it may contain at most one of each type of subsystem. So, for example, an instance could contain CA and KRA subsystems, but not two CA subsystems. If \fBpkidestroy\fP is invoked on the last subsystem in the instance, then that instance is removed. Typically, as subsystems need to contact the CA to update the security domain, the CA instance should be the last instance to be removed. diff --git a/base/server/man/man8/pkispawn.8 b/base/server/man/man8/pkispawn.8 index d09d7d4..0520428 100644 --- a/base/server/man/man8/pkispawn.8 +++ b/base/server/man/man8/pkispawn.8 @@ -28,7 +28,7 @@ A 389 Directory Server instance must be configured and running before this scrip .B setup-ds.pl(8). .TP \fBNote:\fP -This utility creates only Java-based subsystems. The Apache-based Certificate Server subsystems (RA and TPS) are created using \fBpkicreate\fP. +This utility creates only Java-based subsystems. .PP An instance can contain multiple subsystems, although it may contain at most one of each type of subsystem on a single machine. So, for example, an instance could contain CA and KRA subsystems, but not two CA subsystems. To create an instance with a CA and a KRA, simply run pkispawn twice, with values .I -s CA diff --git a/base/server/python/pki/server/deployment/pkiconfig.py b/base/server/python/pki/server/deployment/pkiconfig.py index 67edad1..003d143 100644 --- a/base/server/python/pki/server/deployment/pkiconfig.py +++ b/base/server/python/pki/server/deployment/pkiconfig.py @@ -38,14 +38,12 @@ PKI_DEPLOYMENT_DEFAULT_USER = "pkiuser" PKI_SUBSYSTEMS = ["CA", "KRA", "OCSP", "RA", "TKS", "TPS"] PKI_SIGNED_AUDIT_SUBSYSTEMS = ["CA", "KRA", "OCSP", "TKS", "TPS"] -PKI_APACHE_SUBSYSTEMS = ["RA"] PKI_TOMCAT_SUBSYSTEMS = ["CA", "KRA", "OCSP", "TKS", "TPS"] PKI_BASE_RESERVED_NAMES = ["alias", "bin", "ca", "common", "conf", "kra", "lib", "logs", "ocsp", "temp", "tks", "tps", "webapps", "work"] PKI_CONFIGURATION_RESERVED_NAMES = ["CA", "java", "nssdb", "rpm-gpg", "rsyslog", "tls"] -PKI_APACHE_REGISTRY_RESERVED_NAMES = ["ra"] PKI_TOMCAT_REGISTRY_RESERVED_NAMES = ["ca", "kra", "ocsp", "tks", "tps"] PKI_INDENTATION_LEVEL_0 = {'indent': ''} @@ -71,7 +69,6 @@ PKI_DEPLOYMENT_LOG_ROOT = "/var/log/pki" # the default 'instance' name may be overridden by the value specified # in the configuration file (the value in the default configuration file # should always match the 'default' instance name specified below). -PKI_DEPLOYMENT_DEFAULT_APACHE_INSTANCE_NAME = "pki-apache" PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME = "pki-tomcat" DEFAULT_DEPLOYMENT_CONFIGURATION = "default.cfg" diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index 823a207..9b33d7b 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -424,20 +424,7 @@ class Namespace: log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % ( self.mdict['pki_instance_name'], self.mdict['pki_instance_configuration_path'])) - if self.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: - # Top-Level Apache PKI registry path reserved name collision - if self.mdict['pki_instance_name'] in\ - config.PKI_APACHE_REGISTRY_RESERVED_NAMES: - config.pki_log.error( - log.PKIHELPER_NAMESPACE_RESERVED_NAME_2, - self.mdict['pki_instance_name'], - self.mdict['pki_instance_registry_path'], - extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception( - log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % ( - self.mdict['pki_instance_name'], - self.mdict['pki_instance_registry_path'])) - elif self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + if self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: # Top-Level Tomcat PKI registry path reserved name collision if self.mdict['pki_instance_name'] in\ config.PKI_TOMCAT_REGISTRY_RESERVED_NAMES: @@ -868,53 +855,6 @@ class Instance: def __init__(self, deployer): self.mdict = deployer.mdict - def apache_instance_subsystems(self): - rv = 0 - try: - # count number of PKI subsystems present - # within the specified Apache instance - for subsystem in config.PKI_APACHE_SUBSYSTEMS: - path = self.mdict['pki_instance_path'] + "/" + subsystem.lower() - if os.path.exists(path) and os.path.isdir(path): - rv += 1 - config.pki_log.debug(log.PKIHELPER_APACHE_INSTANCE_SUBSYSTEMS_2, - self.mdict['pki_instance_path'], - rv, extra=config.PKI_INDENTATION_LEVEL_2) - except OSError as exc: - config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) - raise - return rv - - def apache_instances(self): - rv = 0 - try: - # Since ALL directories under the top-level PKI 'apache' registry - # directory SHOULD represent PKI Apache instances, and there - # shouldn't be any stray files or symbolic links at this level, - # simply count the number of PKI 'apache' instances (directories) - # present within the PKI 'apache' registry directory - for instance in\ - os.listdir(self.mdict['pki_instance_type_registry_path']): - if os.path.isdir( - os.path.join( - self.mdict['pki_instance_type_registry_path'], - instance)) and not\ - os.path.islink( - os.path.join( - self.mdict['pki_instance_type_registry_path'], - instance)): - rv += 1 - config.pki_log.debug(log.PKIHELPER_APACHE_INSTANCES_2, - self.mdict['pki_instance_type_registry_path'], - rv, - extra=config.PKI_INDENTATION_LEVEL_2) - except OSError as exc: - config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) - raise - return rv - def pki_instance_subsystems(self): rv = 0 try: @@ -2047,10 +1987,6 @@ class Password: with open(path, "w") as fd: if pin_sans_token: fd.write(str(pin)) - elif self.mdict['pki_subsystem'] in \ - config.PKI_APACHE_SUBSYSTEMS: - fd.write(self.mdict['pki_self_signed_token'] + - ":" + str(pin)) else: fd.write(self.mdict['pki_self_signed_token'] + "=" + str(pin)) @@ -2061,10 +1997,6 @@ class Password: with open(path, "w") as fd: if pin_sans_token: fd.write(str(pin)) - elif self.mdict['pki_subsystem'] in\ - config.PKI_APACHE_SUBSYSTEMS: - fd.write(self.mdict['pki_self_signed_token'] + - ":" + str(pin)) else: fd.write(self.mdict['pki_self_signed_token'] + "=" + str(pin)) @@ -3269,11 +3201,7 @@ class Systemd(object): if reload_daemon: self.daemon_reload(critical_failure) # Compose this "systemd" execution management command - if self.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: - service = "pki-apached" + "@" +\ - self.mdict['pki_instance_name'] + "." +\ - "service" - elif self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + if self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: service = "pki-tomcatd" + "@" +\ self.mdict['pki_instance_name'] + "." +\ "service" @@ -3324,11 +3252,7 @@ class Systemd(object): try: service = None # Compose this "systemd" execution management command - if self.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: - service = "pki-apached" + "@" +\ - self.mdict['pki_instance_name'] + "." +\ - "service" - elif self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + if self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: service = "pki-tomcatd" + "@" +\ self.mdict['pki_instance_name'] + "." +\ "service" @@ -3383,11 +3307,7 @@ class Systemd(object): # Execute the "systemd daemon-reload" management lifecycle command if reload_daemon: self.daemon_reload(critical_failure) - if self.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: - service = "pki-apached" + "@" +\ - self.mdict['pki_instance_name'] + "." +\ - "service" - elif self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + if self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: service = "pki-tomcatd" + "@" +\ self.mdict['pki_instance_name'] + "." +\ "service" diff --git a/base/server/python/pki/server/deployment/pkimessages.py b/base/server/python/pki/server/deployment/pkimessages.py index 8b5ce3f..3601b89 100644 --- a/base/server/python/pki/server/deployment/pkimessages.py +++ b/base/server/python/pki/server/deployment/pkimessages.py @@ -137,11 +137,10 @@ PKISPAWN_END_MESSAGE_2 = \ PKISPAWN_EPILOG = """ REMINDER: - If two or more Apache or Tomcat PKI 'instances' are specified via + If two or more Tomcat PKI 'instances' are specified via separate configuration files, remember that the following parameters MUST differ between PKI 'instances': - Apache: 'pki_instance_name', 'pki_http_port', and 'pki_https_port' Tomcat: 'pki_instance_name', 'pki_http_port', 'pki_https_port', 'pki_ajp_port', and 'pki_tomcat_server_port' @@ -151,10 +150,6 @@ REMINDER: # PKI Deployment "Helper" Messages -PKIHELPER_APACHE_INSTANCE_SUBSYSTEMS_2 = \ - "instance '%s' contains '%d' Apache PKI subsystems" -PKIHELPER_APACHE_INSTANCES_2 = \ - "PKI Apache registry '%s' contains '%d' Apache PKI instances" PKIHELPER_APPLY_SLOT_SUBSTITUTION_1 = \ "applying in-place slot substitutions on '%s'" PKIHELPER_CERTUTIL_GENERATE_CSR_1 = "executing '%s'" diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py index 3b2a99c..6ea967a 100644 --- a/base/server/python/pki/server/deployment/pkiparser.py +++ b/base/server/python/pki/server/deployment/pkiparser.py @@ -182,10 +182,6 @@ class PKIConfigParser: default_instance_name = 'pki-tomcat' default_http_port = '8080' default_https_port = '8443' - else: - default_instance_name = 'pki-apache' - default_http_port = '80' - default_https_port = '443' application_version = str(pki.upgrade.Version( pki.implementation_version())) @@ -386,9 +382,6 @@ class PKIConfigParser: if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: if self.pki_config.has_section('Tomcat'): web_server_dict = dict(self.pki_config.items('Tomcat')) - else: - if self.pki_config.has_section('Apache'): - web_server_dict = dict(self.pki_config.items('Apache')) if web_server_dict: web_server_dict[0] = None @@ -750,37 +743,7 @@ class PKIConfigParser: self.mdict['PKI_REGISTRY_FILE_SLOT'] = \ os.path.join(self.mdict['pki_subsystem_registry_path'], self.mdict['pki_instance_name']) - if self.mdict['pki_subsystem'] in\ - config.PKI_APACHE_SUBSYSTEMS: - self.mdict['FORTITUDE_APACHE_SLOT'] = None - self.mdict['FORTITUDE_AUTH_MODULES_SLOT'] = None - self.mdict['FORTITUDE_DIR_SLOT'] = None - self.mdict['FORTITUDE_LIB_DIR_SLOT'] = None - self.mdict['FORTITUDE_MODULE_SLOT'] = None - self.mdict['FORTITUDE_NSS_MODULES_SLOT'] = None - self.mdict['HTTPD_CONF_SLOT'] = None - self.mdict['LIB_PREFIX_SLOT'] = None - self.mdict['NON_CLIENTAUTH_SECURE_PORT_SLOT'] = None - self.mdict['NSS_CONF_SLOT'] = None - self.mdict['OBJ_EXT_SLOT'] = None - self.mdict['PKI_LOCKDIR_SLOT'] = \ - os.path.join("/var/lock/pki", - "apache") - self.mdict['PKI_PIDDIR_SLOT'] = \ - os.path.join("/var/run/pki", - "apache") - self.mdict['PKI_WEB_SERVER_TYPE_SLOT'] = "apache" - self.mdict['PORT_SLOT'] = None - self.mdict['PROCESS_ID_SLOT'] = None - self.mdict['REQUIRE_CFG_PL_SLOT'] = None - self.mdict['SECURE_PORT_SLOT'] = None - self.mdict['SECURITY_LIBRARIES_SLOT'] = None - self.mdict['PKI_HOSTNAME_SLOT'] = None - self.mdict['SERVER_ROOT_SLOT'] = None - self.mdict['SYSTEM_LIBRARIES_SLOT'] = None - self.mdict['SYSTEM_USER_LIBRARIES_SLOT'] = None - self.mdict['TMP_DIR_SLOT'] = None - elif self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + if self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: self.mdict['INSTALL_TIME_SLOT'] = \ self.mdict['pki_install_time'] self.mdict['PKI_ADMIN_SECURE_PORT_SLOT'] = \ @@ -1006,7 +969,7 @@ class PKIConfigParser: if self.mdict['pki_subsystem'] == "CA": self.mdict['PKI_ENABLE_RANDOM_SERIAL_NUMBERS'] = \ self.mdict['pki_random_serial_numbers_enable'].lower() - # Shared Apache/Tomcat NSS security database name/value pairs + # Tomcat NSS security database name/value pairs self.mdict['pki_shared_pfile'] = \ os.path.join( self.mdict['pki_instance_configuration_path'], @@ -1041,7 +1004,7 @@ class PKIConfigParser: self.mdict['pki_subsystem_configuration_path'], "noise") self.mdict['pki_self_signed_noise_bytes'] = 1024 - # Shared Apache/Tomcat NSS security database convenience + # Tomcat NSS security database convenience # symbolic links self.mdict['pki_subsystem_configuration_password_conf_link'] = \ os.path.join( @@ -1058,7 +1021,6 @@ class PKIConfigParser: # 'Subsystem Name' Configuration name/value pairs # 'Token' Configuration name/value pairs # - # Apache - [RA] # Tomcat - [CA], [KRA], [OCSP], [TKS], [TPS] # - [CA Clone], [KRA Clone], [OCSP Clone], [TKS Clone], # [TPS Clone] @@ -1148,7 +1110,6 @@ class PKIConfigParser: # 'Backup' Configuration name/value pairs # - # Apache - [RA] # Tomcat - [CA], [KRA], [OCSP], [TKS], [TPS] # - [External CA] # - [Subordinate CA] @@ -1210,14 +1171,7 @@ class PKIConfigParser: "spawn" + "_" + "manifest" + "." + \ self.mdict['pki_timestamp'] # Compose this "systemd" execution management command - if self.mdict['pki_subsystem'] in\ - config.PKI_APACHE_SUBSYSTEMS: - self.mdict['pki_registry_initscript_command'] = \ - "systemctl" + " " + \ - "restart" + " " + \ - "pki-apached" + "@" + \ - self.mdict['pki_instance_name'] + "." + "service" - elif self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + if self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: self.mdict['pki_registry_initscript_command'] = \ "systemctl" + " " + \ "restart" + " " + \ @@ -1249,9 +1203,7 @@ class PKIConfigParser: parser.optionxform = str parser.read(config.PKI_DEPLOYMENT_SLOTS_CONFIGURATION_FILE) # Slots configuration file name/value pairs - if config.pki_subsystem in config.PKI_APACHE_SUBSYSTEMS: - self.slots_dict = dict(parser.items('Apache')) - elif config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: + if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: self.slots_dict = dict(parser.items('Tomcat')) except ConfigParser.ParsingError, err: rv = err diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py index 78ec9ba..4644736 100644 --- a/base/server/python/pki/server/deployment/scriptlets/configuration.py +++ b/base/server/python/pki/server/deployment/scriptlets/configuration.py @@ -80,15 +80,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): deployer.mdict['pki_client_secmod_database'], password_file=deployer.mdict['pki_client_password_conf']) - # Start/Restart this Apache/Tomcat PKI Process - if deployer.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: - apache_instance_subsystems = \ - deployer.instance.apache_instance_subsystems() - if apache_instance_subsystems == 1: - deployer.systemd.start() - elif apache_instance_subsystems > 1: - deployer.systemd.restart() - elif deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: + # Start/Restart this Tomcat PKI Process + if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: # Optionally prepare to enable a java debugger # (e. g. - 'eclipse'): if config.str2bool(deployer.mdict['pki_enable_java_debugger']): @@ -115,14 +108,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # Construct PKI Subsystem Configuration Data data = None - if deployer.mdict['pki_instance_type'] == "Apache": - if deployer.mdict['pki_subsystem'] == "RA": - config.pki_log.info( - log.PKI_CONFIG_NOT_YET_IMPLEMENTED_1, - deployer.mdict['pki_subsystem'], - extra=config.PKI_INDENTATION_LEVEL_2) - return self.rv - elif deployer.mdict['pki_instance_type'] == "Tomcat": + if deployer.mdict['pki_instance_type'] == "Tomcat": # CA, KRA, OCSP, TKS, or TPS data = deployer.config_client.construct_pki_configuration_data() @@ -136,12 +122,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): config.pki_log.info(log.CONFIGURATION_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - if deployer.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ - deployer.instance.apache_instance_subsystems() == 1: - if deployer.directory.exists(deployer.mdict['pki_client_dir']): - deployer.directory.delete(deployer.mdict['pki_client_dir']) - deployer.symlink.delete(deployer.mdict['pki_systemd_service_link']) - elif deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS \ + if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS \ and len(deployer.instance.tomcat_instance_subsystems()) == 1: if deployer.directory.exists(deployer.mdict['pki_client_dir']): deployer.directory.delete(deployer.mdict['pki_client_dir']) diff --git a/base/server/python/pki/server/deployment/scriptlets/finalization.py b/base/server/python/pki/server/deployment/scriptlets/finalization.py index c545642..7d38a52 100644 --- a/base/server/python/pki/server/deployment/scriptlets/finalization.py +++ b/base/server/python/pki/server/deployment/scriptlets/finalization.py @@ -84,11 +84,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): config.pki_log.info(log.FINALIZATION_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) deployer.file.modify(deployer.mdict['pki_destroy_log'], silent=True) - # Start this Apache/Tomcat PKI Process - if deployer.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ - deployer.instance.apache_instance_subsystems() >= 1: - deployer.systemd.start() - elif deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS \ + # Start this Tomcat PKI Process + if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS \ and len(deployer.instance.tomcat_instance_subsystems()) >= 1: deployer.systemd.start() config.pki_log.info(log.PKIDESTROY_END_MESSAGE_2, diff --git a/base/server/python/pki/server/deployment/scriptlets/initialization.py b/base/server/python/pki/server/deployment/scriptlets/initialization.py index a555a89..632e21d 100644 --- a/base/server/python/pki/server/deployment/scriptlets/initialization.py +++ b/base/server/python/pki/server/deployment/scriptlets/initialization.py @@ -113,6 +113,6 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # tightly-coupled shared instance. # deployer.security_domain.deregister(token) - # ALWAYS Stop this Apache/Tomcat PKI Process + # ALWAYS Stop this Tomcat PKI Process deployer.systemd.stop() return self.rv diff --git a/base/server/python/pki/server/deployment/scriptlets/instance_layout.py b/base/server/python/pki/server/deployment/scriptlets/instance_layout.py index b5ec19e..9cdecb4 100644 --- a/base/server/python/pki/server/deployment/scriptlets/instance_layout.py +++ b/base/server/python/pki/server/deployment/scriptlets/instance_layout.py @@ -288,25 +288,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): if deployer.mdict['pki_subsystem'] == 'TKS': deployer.symlink.delete(deployer.mdict['pki_symkey_jar_link']) - if deployer.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ - deployer.instance.apache_instance_subsystems() == 0: - # remove Apache instance base - deployer.directory.delete(deployer.mdict['pki_instance_path']) - # remove Apache instance logs - # remove shared NSS security database path for this instance - deployer.directory.delete(deployer.mdict['pki_database_path']) - # remove Apache instance configuration - deployer.directory.delete( - deployer.mdict['pki_instance_configuration_path']) - # remove Apache instance registry - deployer.directory.delete( - deployer.mdict['pki_instance_registry_path']) - # remove Apache PKI registry (if empty) - if deployer.instance.apache_instances() == 0: - deployer.directory.delete( - deployer.mdict['pki_instance_type_registry_path']) - - elif deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS \ + if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS \ and len(deployer.instance.tomcat_instance_subsystems()) == 0: # remove Tomcat instance base deployer.directory.delete(deployer.mdict['pki_instance_path']) diff --git a/base/server/python/pki/server/deployment/scriptlets/security_databases.py b/base/server/python/pki/server/deployment/scriptlets/security_databases.py index dc175cd..8adb3c4 100644 --- a/base/server/python/pki/server/deployment/scriptlets/security_databases.py +++ b/base/server/python/pki/server/deployment/scriptlets/security_databases.py @@ -103,13 +103,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): config.pki_log.info(log.SECURITY_DATABASES_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - if deployer.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS \ - and deployer.instance.apache_instance_subsystems() == 0: - deployer.file.delete(deployer.mdict['pki_cert_database']) - deployer.file.delete(deployer.mdict['pki_key_database']) - deployer.file.delete(deployer.mdict['pki_secmod_database']) - deployer.file.delete(deployer.mdict['pki_shared_password_conf']) - elif deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS \ + if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS \ and len(deployer.instance.tomcat_instance_subsystems()) == 0: deployer.file.delete(deployer.mdict['pki_cert_database']) deployer.file.delete(deployer.mdict['pki_key_database']) diff --git a/base/server/python/pki/server/deployment/scriptlets/selinux_setup.py b/base/server/python/pki/server/deployment/scriptlets/selinux_setup.py index daf4142..dce5648 100644 --- a/base/server/python/pki/server/deployment/scriptlets/selinux_setup.py +++ b/base/server/python/pki/server/deployment/scriptlets/selinux_setup.py @@ -69,9 +69,6 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # add SELinux contexts when adding the first subsystem if deployer.mdict['pki_subsystem'] in \ - config.PKI_APACHE_SUBSYSTEMS and \ - deployer.instance.apache_instance_subsystems() == 1 \ - or deployer.mdict['pki_subsystem'] in \ config.PKI_TOMCAT_SUBSYSTEMS and \ len(deployer.instance.tomcat_instance_subsystems()) == 1: @@ -167,9 +164,6 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): try: # remove SELinux contexts when removing the last subsystem if (deployer.mdict['pki_subsystem'] in - config.PKI_APACHE_SUBSYSTEMS and - deployer.instance.apache_instance_subsystems() == 0 or - deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and len(deployer.instance.tomcat_instance_subsystems()) == 0): diff --git a/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py b/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py index 432fba9..324acca 100644 --- a/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py +++ b/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py @@ -51,7 +51,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # deployer.directory.copy( # deployer.mdict['pki_source_conf_path'], # deployer.mdict['pki_subsystem_configuration_path']) - # establish instance-based Apache/Tomcat specific subsystems + # establish instance-based Tomcat specific subsystems if deployer.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: # establish instance-based Tomcat PKI subsystem base if deployer.mdict['pki_subsystem'] == "CA": -- 1.9.3