>From 50e25d36da7ce337e5818d1e67b9ab9a3d9da0b2 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Sun, 12 Oct 2014 00:16:55 -0400 Subject: [PATCH] Moved web application deployment locations. Currently web applications are deployed into Host's appBase (i.e. /webapps). To allow better control of individual subsystem deployments, the web applications have to be moved out of the appBase so that the autoDeploy can work properly later. This patch moves the common web applications to / common/webapps and subsystem web applications to / /webapps. An upgrade script has been added to update existing deployments. https://fedorahosted.org/pki/ticket/1183 --- base/common/upgrade/10.2.1/.gitignore | 4 + base/common/upgrade/10.2.2/.gitignore | 4 + base/server/etc/default.cfg | 5 +- .../python/pki/server/deployment/pkihelper.py | 35 ++++++ .../deployment/scriptlets/instance_layout.py | 34 +++++- .../deployment/scriptlets/subsystem_layout.py | 6 -- .../deployment/scriptlets/webapp_deployment.py | 49 +++++---- base/server/scripts/operations | 25 ++--- .../01-MoveWebApplicationDeploymentLocations | 119 +++++++++++++++++++++ specs/pki-core.spec | 1 + 10 files changed, 229 insertions(+), 53 deletions(-) create mode 100644 base/common/upgrade/10.2.1/.gitignore create mode 100644 base/common/upgrade/10.2.2/.gitignore create mode 100755 base/server/upgrade/10.2.2/01-MoveWebApplicationDeploymentLocations diff --git a/base/common/upgrade/10.2.1/.gitignore b/base/common/upgrade/10.2.1/.gitignore new file mode 100644 index 0000000000000000000000000000000000000000..5e7d2734cfc60289debf74293817c0a8f572ff32 --- /dev/null +++ b/base/common/upgrade/10.2.1/.gitignore @@ -0,0 +1,4 @@ +# Ignore everything in this directory +* +# Except this file +!.gitignore diff --git a/base/common/upgrade/10.2.2/.gitignore b/base/common/upgrade/10.2.2/.gitignore new file mode 100644 index 0000000000000000000000000000000000000000..5e7d2734cfc60289debf74293817c0a8f572ff32 --- /dev/null +++ b/base/common/upgrade/10.2.2/.gitignore @@ -0,0 +1,4 @@ +# Ignore everything in this directory +* +# Except this file +!.gitignore diff --git a/base/server/etc/default.cfg b/base/server/etc/default.cfg index ecf436d9f15729ed27e09975ab1f1151e504fe94..98a3628572e78f71525a95cedd0e473be8a14d9d 100644 --- a/base/server/etc/default.cfg +++ b/base/server/etc/default.cfg @@ -217,6 +217,7 @@ pki_tomcat_common_path=%(pki_instance_path)s/common pki_tomcat_common_lib_path=%(pki_tomcat_common_path)s/lib pki_tomcat_tmpdir_path=%(pki_instance_path)s/temp pki_tomcat_webapps_path=%(pki_instance_path)s/webapps +pki_tomcat_common_webapps_path=%(pki_instance_path)s/common/webapps pki_tomcat_work_path=%(pki_instance_path)s/work pki_tomcat_work_catalina_path=%(pki_tomcat_work_path)s/Catalina pki_tomcat_work_catalina_host_path=%(pki_tomcat_work_catalina_path)s/localhost @@ -231,8 +232,8 @@ pki_instance_lib=%(pki_instance_path)s/lib pki_instance_lib_log4j_properties=%(pki_instance_lib)s/log4j.properties pki_instance_systemd_link=%(pki_instance_path)s/%(pki_instance_name)s pki_subsystem_signed_audit_log_path=%(pki_subsystem_log_path)s/signedAudit -pki_subsystem_tomcat_webapps_link=%(pki_subsystem_path)s/webapps -pki_tomcat_webapps_subsystem_path=%(pki_tomcat_webapps_path)s/%(pki_subsystem_type)s +pki_tomcat_subsystem_webapps_path=%(pki_subsystem_path)s/webapps +pki_tomcat_webapps_subsystem_path=%(pki_tomcat_subsystem_webapps_path)s/%(pki_subsystem_type)s pki_tomcat_webapps_subsystem_webinf_classes_path=%(pki_tomcat_webapps_subsystem_path)s/WEB-INF/classes pki_tomcat_webapps_subsystem_webinf_lib_path=%(pki_tomcat_webapps_subsystem_path)s/WEB-INF/lib pki_certsrv_jar_link=%(pki_tomcat_webapps_subsystem_webinf_lib_path)s/pki-certsrv.jar diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index 9d2469dec064f8422e649e8fc1be6597e7a04fee..02a2c9e32bdb27b65e59183eeab8ec5e5ecdd4ac 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -40,6 +40,7 @@ from grp import getgrnam from pwd import getpwnam from pwd import getpwuid import xml.etree.ElementTree as ET +from lxml import etree import zipfile import selinux if selinux.is_selinux_enabled(): @@ -4173,4 +4174,38 @@ class PKIDeployer: self.tps_connector = TPSConnector(self) self.config_client = ConfigClient(self) + def deploy_webapp(self, name, doc_base, descriptor): + """ + Deploy a web application into a Tomcat instance. + This method will copy the specified deployment descriptor into + /conf/Catalina/localhost/.xml and point the docBase + to the specified location. The web application will become available + under "/" URL path. + + See also: http://tomcat.apache.org/tomcat-7.0-doc/config/context.html + + :param name: Web application name. + :type name: str + :param doc_base: Path to web application content. + :type doc_base: str + :param descriptor: Path to deployment descriptor (context.xml). + :type descriptor: str + """ + new_descriptor = os.path.join( + self.mdict['pki_instance_configuration_path'], + "Catalina", + "localhost", + name + ".xml") + + parser = etree.XMLParser(remove_blank_text=True) + document = etree.parse(descriptor, parser) + + context = document.getroot() + context.set('docBase', doc_base) + + with open(new_descriptor, 'w') as f: + f.write(etree.tostring(document, pretty_print=True)) + + os.chown(new_descriptor, self.mdict['pki_uid'], self.mdict['pki_gid']) + os.chmod(new_descriptor, config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS) diff --git a/base/server/python/pki/server/deployment/scriptlets/instance_layout.py b/base/server/python/pki/server/deployment/scriptlets/instance_layout.py index 16c3a7f7631aee94eefb37c1dda42c905007e49c..7d4ff3054de382ee65d4f912f0f1875b59af85b1 100644 --- a/base/server/python/pki/server/deployment/scriptlets/instance_layout.py +++ b/base/server/python/pki/server/deployment/scriptlets/instance_layout.py @@ -56,6 +56,30 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): deployer.mdict['pki_instance_configuration_path'], ignore_cb=file_ignore_callback_src_server) + # Deploy ROOT web application + deployer.deploy_webapp( + "ROOT", + os.path.join( + deployer.mdict['pki_tomcat_common_webapps_path'], + "ROOT"), + os.path.join( + deployer.mdict['pki_source_server_path'], + "Catalina", + "localhost", + "ROOT.xml")) + + # Deploy pki web application + deployer.deploy_webapp( + "pki", + os.path.join( + deployer.mdict['pki_tomcat_common_webapps_path'], + "pki"), + os.path.join( + deployer.mdict['pki_source_server_path'], + "Catalina", + "localhost", + "pki.xml")) + # establish Tomcat instance base deployer.directory.create(deployer.mdict['pki_tomcat_common_path']) deployer.directory.create( @@ -75,23 +99,23 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): deployer.mdict['pki_instance_lib_log4j_properties']) deployer.directory.create(deployer.mdict['pki_tomcat_tmpdir_path']) - # Copy /usr/share/pki/server/webapps to /webapps + # Copy /usr/share/pki/server/webapps to /common/webapps deployer.directory.copy( os.path.join( config.PKI_DEPLOYMENT_SOURCE_ROOT, "server", "webapps"), - deployer.mdict['pki_tomcat_webapps_path']) + deployer.mdict['pki_tomcat_common_webapps_path']) # If desired and available, # copy selected server theme - # to /webapps/pki - if config.str2bool(deployer.mdict['pki_theme_enable']) and \ + # to /common/webapps/pki + if config.str2bool(deployer.mdict['pki_theme_enable']) and\ os.path.exists(deployer.mdict['pki_theme_server_dir']): deployer.directory.copy( deployer.mdict['pki_theme_server_dir'], os.path.join( - deployer.mdict['pki_tomcat_webapps_path'], + deployer.mdict['pki_tomcat_common_webapps_path'], "pki"), overwrite_flag=True) diff --git a/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py b/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py index 324accad0d6a9230ac15cebd2c67b0eeb1ec756b..c3d06c0796a00d6c5973780706bde7e9e2838bf3 100644 --- a/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py +++ b/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py @@ -103,12 +103,6 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): deployer.file.copy( deployer.mdict['pki_source_transportcert_profile'], deployer.mdict['pki_target_transportcert_profile']) - # establish instance-based Tomcat PKI subsystem registry - # establish instance-based Tomcat PKI subsystem convenience - # symbolic links - deployer.symlink.create( - deployer.mdict['pki_tomcat_webapps_path'], - deployer.mdict['pki_subsystem_tomcat_webapps_link']) # establish instance-based subsystem convenience symbolic links deployer.symlink.create( deployer.mdict['pki_instance_database_link'], diff --git a/base/server/python/pki/server/deployment/scriptlets/webapp_deployment.py b/base/server/python/pki/server/deployment/scriptlets/webapp_deployment.py index 962de724fcfc034ce0fb389a056928102122679e..dce327ff871f58fb5a954fe76c7ded31867c2af3 100644 --- a/base/server/python/pki/server/deployment/scriptlets/webapp_deployment.py +++ b/base/server/python/pki/server/deployment/scriptlets/webapp_deployment.py @@ -44,29 +44,38 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): config.pki_log.info(log.WEBAPP_DEPLOYMENT_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) + # Create subsystem webapps folder to store custom webapps: + # //webapps. + deployer.directory.create( + deployer.mdict['pki_tomcat_subsystem_webapps_path']) + + # set ownerships, permissions, and acls + deployer.directory.set_mode( + deployer.mdict['pki_tomcat_subsystem_webapps_path']) + # For TPS, deploy web application directly from /usr/share/pki. if deployer.mdict['pki_subsystem'] == "TPS": - deployer.file.copy( + deployer.deploy_webapp( + "tps", + os.path.join( + config.PKI_DEPLOYMENT_SOURCE_ROOT, + "tps", + "webapps", + "tps"), os.path.join( config.PKI_DEPLOYMENT_SOURCE_ROOT, "tps", "conf", "Catalina", "localhost", - "tps.xml"), - os.path.join( - deployer.mdict['pki_instance_configuration_path'], - "Catalina", - "localhost", "tps.xml")) + return self.rv - # For other subsystems, deploy web application into Tomcat instance. - deployer.directory.create( - deployer.mdict['pki_tomcat_webapps_subsystem_path']) + # For other subsystems, deploy as custom web application. # Copy /usr/share/pki//webapps/ - # to /webapps/ + # to //webapps/ deployer.directory.copy( os.path.join( config.PKI_DEPLOYMENT_SOURCE_ROOT, @@ -77,7 +86,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): overwrite_flag=True) # Copy /usr/share/pki/server/webapps/pki/admin - # to /webapps//admin + # to //webapps//admin # TODO: common templates should be deployed in common webapp deployer.directory.copy( os.path.join( @@ -131,26 +140,16 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): deployer.mdict['pki_tks_jar'], deployer.mdict['pki_tks_jar_link']) - # set ownerships, permissions, and acls - deployer.directory.set_mode( - deployer.mdict['pki_tomcat_webapps_subsystem_path']) - - # Copy web application context file - # from /usr/share/pki//conf/Catalina/localhost/ - # .xml - # to /conf/Catalina/localhost/.xml - deployer.file.copy( + # Deploy subsystem web application. + deployer.deploy_webapp( + deployer.mdict['pki_subsystem'].lower(), + deployer.mdict['pki_tomcat_webapps_subsystem_path'], os.path.join( config.PKI_DEPLOYMENT_SOURCE_ROOT, deployer.mdict['pki_subsystem'].lower(), "conf", "Catalina", "localhost", - deployer.mdict['pki_subsystem'].lower() + ".xml"), - os.path.join( - deployer.mdict['pki_instance_configuration_path'], - "Catalina", - "localhost", deployer.mdict['pki_subsystem'].lower() + ".xml")) return self.rv diff --git a/base/server/scripts/operations b/base/server/scripts/operations index f524a55764a1bf99b75fb9a52da7750c9b61e435..84511588f1e09017301f8615769e746374a3abee 100644 --- a/base/server/scripts/operations +++ b/base/server/scripts/operations @@ -1108,11 +1108,11 @@ verify_symlinks() pki_registry_dir="/etc/sysconfig/pki/${PKI_WEB_SERVER_TYPE}/${PKI_INSTANCE_NAME}" pki_systemd_dir="/etc/systemd/system/pki-tomcatd.target.wants" pki_systemd_link="pki-${PKI_WEB_SERVER_TYPE}d@${PKI_INSTANCE_NAME}.service" - pki_ca_jar_dir="${PKI_INSTANCE_PATH}/webapps/ca/WEB-INF/lib" - pki_kra_jar_dir="${PKI_INSTANCE_PATH}/webapps/kra/WEB-INF/lib" - pki_ocsp_jar_dir="${PKI_INSTANCE_PATH}/webapps/ocsp/WEB-INF/lib" - pki_tks_jar_dir="${PKI_INSTANCE_PATH}/webapps/tks/WEB-INF/lib" - pki_tps_jar_dir="${PKI_INSTANCE_PATH}/webapps/tps/WEB-INF/lib" + pki_ca_jar_dir="${PKI_INSTANCE_PATH}/ca/webapps/ca/WEB-INF/lib" + pki_kra_jar_dir="${PKI_INSTANCE_PATH}/kra/webapps/kra/WEB-INF/lib" + pki_ocsp_jar_dir="${PKI_INSTANCE_PATH}/ocsp/webapps/ocsp/WEB-INF/lib" + pki_tks_jar_dir="${PKI_INSTANCE_PATH}/tks/webapps/tks/WEB-INF/lib" + pki_tps_jar_dir="${PKI_INSTANCE_PATH}/tps/webapps/tps/WEB-INF/lib" # '${PKI_INSTANCE_PATH}' symlinks base_symlinks=( @@ -1126,8 +1126,7 @@ verify_symlinks() [alias]=${PKI_INSTANCE_PATH}/alias [conf]=/etc/pki/${PKI_INSTANCE_NAME}/ca [logs]=/var/log/pki/${PKI_INSTANCE_NAME}/ca - [registry]=${pki_registry_dir} - [webapps]=${PKI_INSTANCE_PATH}/webapps) + [registry]=${pki_registry_dir}) # '${pki_ca_jar_dir}' symlinks ca_jar_symlinks=( @@ -1144,8 +1143,7 @@ verify_symlinks() [alias]=${PKI_INSTANCE_PATH}/alias [conf]=/etc/pki/${PKI_INSTANCE_NAME}/kra [logs]=/var/log/pki/${PKI_INSTANCE_NAME}/kra - [registry]=${pki_registry_dir} - [webapps]=${PKI_INSTANCE_PATH}/webapps) + [registry]=${pki_registry_dir}) # '${pki_kra_jar_dir}' symlinks kra_jar_symlinks=( @@ -1162,8 +1160,7 @@ verify_symlinks() [alias]=${PKI_INSTANCE_PATH}/alias [conf]=/etc/pki/${PKI_INSTANCE_NAME}/ocsp [logs]=/var/log/pki/${PKI_INSTANCE_NAME}/ocsp - [registry]=${pki_registry_dir} - [webapps]=${PKI_INSTANCE_PATH}/webapps) + [registry]=${pki_registry_dir}) # '${pki_ocsp_jar_dir}' symlinks ocsp_jar_symlinks=( @@ -1180,8 +1177,7 @@ verify_symlinks() [alias]=${PKI_INSTANCE_PATH}/alias [conf]=/etc/pki/${PKI_INSTANCE_NAME}/tks [logs]=/var/log/pki/${PKI_INSTANCE_NAME}/tks - [registry]=${pki_registry_dir} - [webapps]=${PKI_INSTANCE_PATH}/webapps) + [registry]=${pki_registry_dir}) # '${pki_tks_jar_dir}' symlinks tks_jar_symlinks=( @@ -1198,8 +1194,7 @@ verify_symlinks() [alias]=${PKI_INSTANCE_PATH}/alias [conf]=/etc/pki/${PKI_INSTANCE_NAME}/tps [logs]=/var/log/pki/${PKI_INSTANCE_NAME}/tps - [registry]=${pki_registry_dir} - [webapps]=${PKI_INSTANCE_PATH}/webapps) + [registry]=${pki_registry_dir}) # '${pki_tps_jar_dir}' symlinks tps_jar_symlinks=( diff --git a/base/server/upgrade/10.2.2/01-MoveWebApplicationDeploymentLocations b/base/server/upgrade/10.2.2/01-MoveWebApplicationDeploymentLocations new file mode 100755 index 0000000000000000000000000000000000000000..20f35e837d2dbce7bfee01187b9763d4ff592d40 --- /dev/null +++ b/base/server/upgrade/10.2.2/01-MoveWebApplicationDeploymentLocations @@ -0,0 +1,119 @@ +#!/usr/bin/python +# Authors: +# Endi S. Dewata +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2014 Red Hat, Inc. +# All rights reserved. +# + +import grp +import os +import pwd +import shutil +import signal +import sys +from lxml import etree + +import pki +import pki.server.upgrade + + +class MoveWebApplicationDeploymentLocations(pki.server.upgrade.PKIServerUpgradeScriptlet): + + def __init__(self): + + self.message = 'Move Web application deployment locations' + + self.parser = etree.XMLParser(remove_blank_text=True) + + def upgrade_subsystem(self, instance, subsystem): + + subsystem_webapps = os.path.join(instance.base_dir, subsystem.name, 'webapps') + self.backup(subsystem_webapps) + + # remove old subsystem webapps symlink + if os.path.islink(subsystem_webapps): + os.unlink(subsystem_webapps) + + # create new subsytem webapps folder + if not os.path.exists(subsystem_webapps): + os.mkdir(subsystem_webapps) + + uid = pwd.getpwnam('pkiuser').pw_uid + gid = grp.getgrnam('pkiuser').gr_gid + + os.chown(subsystem_webapps, uid, gid) + os.chmod(subsystem_webapps, 0770) + + # move subsystem webapp + subsystem_old_webapp = os.path.join(instance.base_dir, 'webapps', subsystem.name) + subsystem_new_webapp = os.path.join(subsystem_webapps, subsystem.name) + subsystem_context_xml = os.path.join(instance.conf_dir, 'Catalina', 'localhost', subsystem.name + '.xml') + + self.move_webapp(subsystem_old_webapp, subsystem_new_webapp, subsystem_context_xml) + + def upgrade_instance(self, instance): + + common_webapps = os.path.join(instance.base_dir, 'common', 'webapps') + self.backup(common_webapps) + + # create new common webapps folder + if not os.path.exists(common_webapps): + os.mkdir(common_webapps) + + uid = pwd.getpwnam('pkiuser').pw_uid + gid = grp.getgrnam('pkiuser').gr_gid + + os.chown(common_webapps, uid, gid) + os.chmod(common_webapps, 0770) + + # move ROOT webapp + root_old_webapp = os.path.join(instance.base_dir, 'webapps', 'ROOT') + root_new_webapp = os.path.join(common_webapps, 'ROOT') + root_context_xml = os.path.join(instance.conf_dir, 'Catalina', 'localhost', 'ROOT.xml') + + self.move_webapp(root_old_webapp, root_new_webapp, root_context_xml) + + # move pki webapp + pki_old_webapp = os.path.join(instance.base_dir, 'webapps', 'pki') + pki_new_webapp = os.path.join(common_webapps, 'pki') + pki_context_xml = os.path.join(instance.conf_dir, 'Catalina', 'localhost', 'pki.xml') + + self.move_webapp(pki_old_webapp, pki_new_webapp, pki_context_xml) + + def move_webapp(self, old_webapp, new_webapp, context_xml): + + if not os.path.exists(old_webapp): + return + + # move old webapp to the new webapp + self.backup(old_webapp) + self.backup(new_webapp) + + shutil.move(old_webapp, new_webapp) + + # update docBase in context.xml + self.backup(context_xml) + + document = etree.parse(context_xml, self.parser) + + context = document.getroot() + doc_base = context.get('docBase') + + context.set('docBase', new_webapp) + + with open(context_xml, 'w') as f: + f.write(etree.tostring(document, pretty_print=True)) diff --git a/specs/pki-core.spec b/specs/pki-core.spec index 237f97407d140558b3e41bc58c104e5994c467bf..bac0083f8d1c6f4e62c9653144003fda774b39b8 100644 --- a/specs/pki-core.spec +++ b/specs/pki-core.spec @@ -885,6 +885,7 @@ echo >> /var/log/pki/pki-server-upgrade-%{version}.log 2>&1 %changelog * Thu Jan 8 2015 Dogtag Team 10.2.2-0.1 - Updated version number to 10.2.2-0.1 +- Moved web application deployment locations. * Thu Jan 8 2015 Dogtag Team 10.2.1-1 - Update release number for release build -- 1.8.4.2