From 65e082ca5dac6e23c4e26462223c30560bc585c5 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Sun, 12 Oct 2014 00:16:55 -0400 Subject: [PATCH] Moved web application deployment locations. Currently web applications are deployed into Host's appBase (i.e. /webapps). To allow better control of individual subsystem deployments, the web applications have to be moved out of the appBase so that the autoDeploy can work properly later. This patch moves the common web applications to / common/webapps and subsystem web applications to / /webapps. An upgrade script has been added to update existing deployments. https://fedorahosted.org/pki/ticket/1183 --- base/server/etc/default.cfg | 5 +- .../python/pki/server/deployment/pkihelper.py | 19 ++++ .../deployment/scriptlets/instance_layout.py | 32 +++++- .../deployment/scriptlets/subsystem_layout.py | 4 - .../deployment/scriptlets/webapp_deployment.py | 49 +++++---- base/server/scripts/operations | 25 ++--- base/server/upgrade/10.2.0/.gitignore | 4 - .../01-MoveWebApplicationDeploymentLocations | 119 +++++++++++++++++++++ 8 files changed, 203 insertions(+), 54 deletions(-) delete mode 100644 base/server/upgrade/10.2.0/.gitignore create mode 100755 base/server/upgrade/10.2.0/01-MoveWebApplicationDeploymentLocations diff --git a/base/server/etc/default.cfg b/base/server/etc/default.cfg index ecf436d9f15729ed27e09975ab1f1151e504fe94..98a3628572e78f71525a95cedd0e473be8a14d9d 100644 --- a/base/server/etc/default.cfg +++ b/base/server/etc/default.cfg @@ -217,6 +217,7 @@ pki_tomcat_common_path=%(pki_instance_path)s/common pki_tomcat_common_lib_path=%(pki_tomcat_common_path)s/lib pki_tomcat_tmpdir_path=%(pki_instance_path)s/temp pki_tomcat_webapps_path=%(pki_instance_path)s/webapps +pki_tomcat_common_webapps_path=%(pki_instance_path)s/common/webapps pki_tomcat_work_path=%(pki_instance_path)s/work pki_tomcat_work_catalina_path=%(pki_tomcat_work_path)s/Catalina pki_tomcat_work_catalina_host_path=%(pki_tomcat_work_catalina_path)s/localhost @@ -231,8 +232,8 @@ pki_instance_lib=%(pki_instance_path)s/lib pki_instance_lib_log4j_properties=%(pki_instance_lib)s/log4j.properties pki_instance_systemd_link=%(pki_instance_path)s/%(pki_instance_name)s pki_subsystem_signed_audit_log_path=%(pki_subsystem_log_path)s/signedAudit -pki_subsystem_tomcat_webapps_link=%(pki_subsystem_path)s/webapps -pki_tomcat_webapps_subsystem_path=%(pki_tomcat_webapps_path)s/%(pki_subsystem_type)s +pki_tomcat_subsystem_webapps_path=%(pki_subsystem_path)s/webapps +pki_tomcat_webapps_subsystem_path=%(pki_tomcat_subsystem_webapps_path)s/%(pki_subsystem_type)s pki_tomcat_webapps_subsystem_webinf_classes_path=%(pki_tomcat_webapps_subsystem_path)s/WEB-INF/classes pki_tomcat_webapps_subsystem_webinf_lib_path=%(pki_tomcat_webapps_subsystem_path)s/WEB-INF/lib pki_certsrv_jar_link=%(pki_tomcat_webapps_subsystem_webinf_lib_path)s/pki-certsrv.jar diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index 96048bdecafe404225ceedf3c17f6c262f64d093..009e01004e4e2074a313502ab74e04caaa48572d 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -40,6 +40,7 @@ from grp import getgrnam from pwd import getpwnam from pwd import getpwuid import xml.etree.ElementTree as ET +from lxml import etree import zipfile import selinux if selinux.is_selinux_enabled(): @@ -4171,4 +4172,22 @@ class PKIDeployer: self.tps_connector = TPSConnector(self) self.config_client = ConfigClient(self) + def deploy_webapp(self, name, doc_base, descriptor): + new_descriptor = os.path.join( + self.mdict['pki_instance_configuration_path'], + "Catalina", + "localhost", + name + ".xml") + + parser = etree.XMLParser(remove_blank_text=True) + document = etree.parse(descriptor, parser) + + context = document.getroot() + context.set('docBase', doc_base) + + with open(new_descriptor, 'w') as f: + f.write(etree.tostring(document, pretty_print=True)) + + os.chown(new_descriptor, self.mdict['pki_uid'], self.mdict['pki_gid']) + os.chmod(new_descriptor, config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS) diff --git a/base/server/python/pki/server/deployment/scriptlets/instance_layout.py b/base/server/python/pki/server/deployment/scriptlets/instance_layout.py index 9cdecb4f29ccccfe7afdfe11a649e1c2d72a69ba..5079891f92ac498f078cd401f34287fab03e0fd6 100644 --- a/base/server/python/pki/server/deployment/scriptlets/instance_layout.py +++ b/base/server/python/pki/server/deployment/scriptlets/instance_layout.py @@ -55,6 +55,30 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): deployer.mdict['pki_source_server_path'], deployer.mdict['pki_instance_configuration_path']) + # Deploy ROOT web application + deployer.deploy_webapp( + "ROOT", + os.path.join( + deployer.mdict['pki_tomcat_common_webapps_path'], + "ROOT"), + os.path.join( + deployer.mdict['pki_source_server_path'], + "Catalina", + "localhost", + "ROOT.xml")) + + # Deploy pki web application + deployer.deploy_webapp( + "pki", + os.path.join( + deployer.mdict['pki_tomcat_common_webapps_path'], + "pki"), + os.path.join( + deployer.mdict['pki_source_server_path'], + "Catalina", + "localhost", + "pki.xml")) + # establish Tomcat instance base deployer.directory.create(deployer.mdict['pki_tomcat_common_path']) deployer.directory.create( @@ -74,23 +98,23 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): deployer.mdict['pki_instance_lib_log4j_properties']) deployer.directory.create(deployer.mdict['pki_tomcat_tmpdir_path']) - # Copy /usr/share/pki/server/webapps to /webapps + # Copy /usr/share/pki/server/webapps to /common/webapps deployer.directory.copy( os.path.join( config.PKI_DEPLOYMENT_SOURCE_ROOT, "server", "webapps"), - deployer.mdict['pki_tomcat_webapps_path']) + deployer.mdict['pki_tomcat_common_webapps_path']) # If desired and available, # copy selected server theme - # to /webapps/pki + # to /common/webapps/pki if config.str2bool(deployer.mdict['pki_theme_enable']) and\ os.path.exists(deployer.mdict['pki_theme_server_dir']): deployer.directory.copy( deployer.mdict['pki_theme_server_dir'], os.path.join( - deployer.mdict['pki_tomcat_webapps_path'], + deployer.mdict['pki_tomcat_common_webapps_path'], "pki"), overwrite_flag=True) diff --git a/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py b/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py index 324accad0d6a9230ac15cebd2c67b0eeb1ec756b..34656cf5eb8d90e0f64a5af6f5cb4e2d4a1faf7d 100644 --- a/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py +++ b/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py @@ -105,10 +105,6 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): deployer.mdict['pki_target_transportcert_profile']) # establish instance-based Tomcat PKI subsystem registry # establish instance-based Tomcat PKI subsystem convenience - # symbolic links - deployer.symlink.create( - deployer.mdict['pki_tomcat_webapps_path'], - deployer.mdict['pki_subsystem_tomcat_webapps_link']) # establish instance-based subsystem convenience symbolic links deployer.symlink.create( deployer.mdict['pki_instance_database_link'], diff --git a/base/server/python/pki/server/deployment/scriptlets/webapp_deployment.py b/base/server/python/pki/server/deployment/scriptlets/webapp_deployment.py index 962de724fcfc034ce0fb389a056928102122679e..dce327ff871f58fb5a954fe76c7ded31867c2af3 100644 --- a/base/server/python/pki/server/deployment/scriptlets/webapp_deployment.py +++ b/base/server/python/pki/server/deployment/scriptlets/webapp_deployment.py @@ -44,29 +44,38 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): config.pki_log.info(log.WEBAPP_DEPLOYMENT_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) + # Create subsystem webapps folder to store custom webapps: + # //webapps. + deployer.directory.create( + deployer.mdict['pki_tomcat_subsystem_webapps_path']) + + # set ownerships, permissions, and acls + deployer.directory.set_mode( + deployer.mdict['pki_tomcat_subsystem_webapps_path']) + # For TPS, deploy web application directly from /usr/share/pki. if deployer.mdict['pki_subsystem'] == "TPS": - deployer.file.copy( + deployer.deploy_webapp( + "tps", + os.path.join( + config.PKI_DEPLOYMENT_SOURCE_ROOT, + "tps", + "webapps", + "tps"), os.path.join( config.PKI_DEPLOYMENT_SOURCE_ROOT, "tps", "conf", "Catalina", "localhost", - "tps.xml"), - os.path.join( - deployer.mdict['pki_instance_configuration_path'], - "Catalina", - "localhost", "tps.xml")) + return self.rv - # For other subsystems, deploy web application into Tomcat instance. - deployer.directory.create( - deployer.mdict['pki_tomcat_webapps_subsystem_path']) + # For other subsystems, deploy as custom web application. # Copy /usr/share/pki//webapps/ - # to /webapps/ + # to //webapps/ deployer.directory.copy( os.path.join( config.PKI_DEPLOYMENT_SOURCE_ROOT, @@ -77,7 +86,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): overwrite_flag=True) # Copy /usr/share/pki/server/webapps/pki/admin - # to /webapps//admin + # to //webapps//admin # TODO: common templates should be deployed in common webapp deployer.directory.copy( os.path.join( @@ -131,26 +140,16 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): deployer.mdict['pki_tks_jar'], deployer.mdict['pki_tks_jar_link']) - # set ownerships, permissions, and acls - deployer.directory.set_mode( - deployer.mdict['pki_tomcat_webapps_subsystem_path']) - - # Copy web application context file - # from /usr/share/pki//conf/Catalina/localhost/ - # .xml - # to /conf/Catalina/localhost/.xml - deployer.file.copy( + # Deploy subsystem web application. + deployer.deploy_webapp( + deployer.mdict['pki_subsystem'].lower(), + deployer.mdict['pki_tomcat_webapps_subsystem_path'], os.path.join( config.PKI_DEPLOYMENT_SOURCE_ROOT, deployer.mdict['pki_subsystem'].lower(), "conf", "Catalina", "localhost", - deployer.mdict['pki_subsystem'].lower() + ".xml"), - os.path.join( - deployer.mdict['pki_instance_configuration_path'], - "Catalina", - "localhost", deployer.mdict['pki_subsystem'].lower() + ".xml")) return self.rv diff --git a/base/server/scripts/operations b/base/server/scripts/operations index 37094c037f4a76cfc414a421839c018fdbc4571f..3cd313c6275d69df5ed95f6b5e2e1c2fd9db19e9 100644 --- a/base/server/scripts/operations +++ b/base/server/scripts/operations @@ -1108,11 +1108,11 @@ verify_symlinks() pki_registry_dir="/etc/sysconfig/pki/${PKI_WEB_SERVER_TYPE}/${PKI_INSTANCE_NAME}" pki_systemd_dir="/etc/systemd/system/pki-tomcatd.target.wants" pki_systemd_link="pki-${PKI_WEB_SERVER_TYPE}d@${PKI_INSTANCE_NAME}.service" - pki_ca_jar_dir="${PKI_INSTANCE_PATH}/webapps/ca/WEB-INF/lib" - pki_kra_jar_dir="${PKI_INSTANCE_PATH}/webapps/kra/WEB-INF/lib" - pki_ocsp_jar_dir="${PKI_INSTANCE_PATH}/webapps/ocsp/WEB-INF/lib" - pki_tks_jar_dir="${PKI_INSTANCE_PATH}/webapps/tks/WEB-INF/lib" - pki_tps_jar_dir="${PKI_INSTANCE_PATH}/webapps/tps/WEB-INF/lib" + pki_ca_jar_dir="${PKI_INSTANCE_PATH}/ca/webapps/ca/WEB-INF/lib" + pki_kra_jar_dir="${PKI_INSTANCE_PATH}/kra/webapps/kra/WEB-INF/lib" + pki_ocsp_jar_dir="${PKI_INSTANCE_PATH}/ocsp/webapps/ocsp/WEB-INF/lib" + pki_tks_jar_dir="${PKI_INSTANCE_PATH}/tks/webapps/tks/WEB-INF/lib" + pki_tps_jar_dir="${PKI_INSTANCE_PATH}/tps/webapps/tps/WEB-INF/lib" # '${PKI_INSTANCE_PATH}' symlinks base_symlinks=( @@ -1126,8 +1126,7 @@ verify_symlinks() [alias]=${PKI_INSTANCE_PATH}/alias [conf]=/etc/pki/${PKI_INSTANCE_NAME}/ca [logs]=/var/log/pki/${PKI_INSTANCE_NAME}/ca - [registry]=${pki_registry_dir} - [webapps]=${PKI_INSTANCE_PATH}/webapps) + [registry]=${pki_registry_dir}) # '${pki_ca_jar_dir}' symlinks ca_jar_symlinks=( @@ -1144,8 +1143,7 @@ verify_symlinks() [alias]=${PKI_INSTANCE_PATH}/alias [conf]=/etc/pki/${PKI_INSTANCE_NAME}/kra [logs]=/var/log/pki/${PKI_INSTANCE_NAME}/kra - [registry]=${pki_registry_dir} - [webapps]=${PKI_INSTANCE_PATH}/webapps) + [registry]=${pki_registry_dir}) # '${pki_kra_jar_dir}' symlinks kra_jar_symlinks=( @@ -1162,8 +1160,7 @@ verify_symlinks() [alias]=${PKI_INSTANCE_PATH}/alias [conf]=/etc/pki/${PKI_INSTANCE_NAME}/ocsp [logs]=/var/log/pki/${PKI_INSTANCE_NAME}/ocsp - [registry]=${pki_registry_dir} - [webapps]=${PKI_INSTANCE_PATH}/webapps) + [registry]=${pki_registry_dir}) # '${pki_ocsp_jar_dir}' symlinks ocsp_jar_symlinks=( @@ -1180,8 +1177,7 @@ verify_symlinks() [alias]=${PKI_INSTANCE_PATH}/alias [conf]=/etc/pki/${PKI_INSTANCE_NAME}/tks [logs]=/var/log/pki/${PKI_INSTANCE_NAME}/tks - [registry]=${pki_registry_dir} - [webapps]=${PKI_INSTANCE_PATH}/webapps) + [registry]=${pki_registry_dir}) # '${pki_tks_jar_dir}' symlinks tks_jar_symlinks=( @@ -1198,8 +1194,7 @@ verify_symlinks() [alias]=${PKI_INSTANCE_PATH}/alias [conf]=/etc/pki/${PKI_INSTANCE_NAME}/tps [logs]=/var/log/pki/${PKI_INSTANCE_NAME}/tps - [registry]=${pki_registry_dir} - [webapps]=${PKI_INSTANCE_PATH}/webapps) + [registry]=${pki_registry_dir}) # '${pki_tps_jar_dir}' symlinks tps_jar_symlinks=( diff --git a/base/server/upgrade/10.2.0/.gitignore b/base/server/upgrade/10.2.0/.gitignore deleted file mode 100644 index 5e7d2734cfc60289debf74293817c0a8f572ff32..0000000000000000000000000000000000000000 --- a/base/server/upgrade/10.2.0/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -# Ignore everything in this directory -* -# Except this file -!.gitignore diff --git a/base/server/upgrade/10.2.0/01-MoveWebApplicationDeploymentLocations b/base/server/upgrade/10.2.0/01-MoveWebApplicationDeploymentLocations new file mode 100755 index 0000000000000000000000000000000000000000..20f35e837d2dbce7bfee01187b9763d4ff592d40 --- /dev/null +++ b/base/server/upgrade/10.2.0/01-MoveWebApplicationDeploymentLocations @@ -0,0 +1,119 @@ +#!/usr/bin/python +# Authors: +# Endi S. Dewata +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2014 Red Hat, Inc. +# All rights reserved. +# + +import grp +import os +import pwd +import shutil +import signal +import sys +from lxml import etree + +import pki +import pki.server.upgrade + + +class MoveWebApplicationDeploymentLocations(pki.server.upgrade.PKIServerUpgradeScriptlet): + + def __init__(self): + + self.message = 'Move Web application deployment locations' + + self.parser = etree.XMLParser(remove_blank_text=True) + + def upgrade_subsystem(self, instance, subsystem): + + subsystem_webapps = os.path.join(instance.base_dir, subsystem.name, 'webapps') + self.backup(subsystem_webapps) + + # remove old subsystem webapps symlink + if os.path.islink(subsystem_webapps): + os.unlink(subsystem_webapps) + + # create new subsytem webapps folder + if not os.path.exists(subsystem_webapps): + os.mkdir(subsystem_webapps) + + uid = pwd.getpwnam('pkiuser').pw_uid + gid = grp.getgrnam('pkiuser').gr_gid + + os.chown(subsystem_webapps, uid, gid) + os.chmod(subsystem_webapps, 0770) + + # move subsystem webapp + subsystem_old_webapp = os.path.join(instance.base_dir, 'webapps', subsystem.name) + subsystem_new_webapp = os.path.join(subsystem_webapps, subsystem.name) + subsystem_context_xml = os.path.join(instance.conf_dir, 'Catalina', 'localhost', subsystem.name + '.xml') + + self.move_webapp(subsystem_old_webapp, subsystem_new_webapp, subsystem_context_xml) + + def upgrade_instance(self, instance): + + common_webapps = os.path.join(instance.base_dir, 'common', 'webapps') + self.backup(common_webapps) + + # create new common webapps folder + if not os.path.exists(common_webapps): + os.mkdir(common_webapps) + + uid = pwd.getpwnam('pkiuser').pw_uid + gid = grp.getgrnam('pkiuser').gr_gid + + os.chown(common_webapps, uid, gid) + os.chmod(common_webapps, 0770) + + # move ROOT webapp + root_old_webapp = os.path.join(instance.base_dir, 'webapps', 'ROOT') + root_new_webapp = os.path.join(common_webapps, 'ROOT') + root_context_xml = os.path.join(instance.conf_dir, 'Catalina', 'localhost', 'ROOT.xml') + + self.move_webapp(root_old_webapp, root_new_webapp, root_context_xml) + + # move pki webapp + pki_old_webapp = os.path.join(instance.base_dir, 'webapps', 'pki') + pki_new_webapp = os.path.join(common_webapps, 'pki') + pki_context_xml = os.path.join(instance.conf_dir, 'Catalina', 'localhost', 'pki.xml') + + self.move_webapp(pki_old_webapp, pki_new_webapp, pki_context_xml) + + def move_webapp(self, old_webapp, new_webapp, context_xml): + + if not os.path.exists(old_webapp): + return + + # move old webapp to the new webapp + self.backup(old_webapp) + self.backup(new_webapp) + + shutil.move(old_webapp, new_webapp) + + # update docBase in context.xml + self.backup(context_xml) + + document = etree.parse(context_xml, self.parser) + + context = document.getroot() + doc_base = context.get('docBase') + + context.set('docBase', new_webapp) + + with open(context_xml, 'w') as f: + f.write(etree.tostring(document, pretty_print=True)) -- 1.8.4.2