Attached are patches to add deployment parameters for serial, request,
and replica number ranges.
https://fedorahosted.org/pki/ticket/2278
--
Endi S. Dewata
>From 13b60b88ae13c84129dc0e8b6db9eda7388e880e Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edew...@redhat.com>
Date: Fri, 6 May 2016 19:28:01 +0200
Subject: [PATCH] Renamed CS.cfg.in to CS.cfg.
The CS.cfg.in have been renamed to CS.cfg to clean up the CMake
scripts and for consistency. This change does not affect the actual
files shipped in the RPM packages.
https://fedorahosted.org/pki/ticket/2278
---
base/ca/CMakeLists.txt | 2 --
base/ca/shared/conf/CMakeLists.txt | 2 +-
base/ca/shared/conf/{CS.cfg.in => CS.cfg} | 0
base/kra/CMakeLists.txt | 2 --
base/kra/shared/conf/CMakeLists.txt | 2 +-
base/kra/shared/conf/{CS.cfg.in => CS.cfg} | 0
base/ocsp/CMakeLists.txt | 2 --
base/ocsp/shared/conf/CMakeLists.txt | 2 +-
base/ocsp/shared/conf/{CS.cfg.in => CS.cfg} | 0
base/tks/CMakeLists.txt | 2 --
base/tks/shared/conf/CMakeLists.txt | 2 +-
base/tks/shared/conf/{CS.cfg.in => CS.cfg} | 0
base/tps-client/doc/CMakeLists.txt | 2 +-
base/tps-client/doc/{CS.cfg.in => CS.cfg} | 0
base/tps/CMakeLists.txt | 2 --
base/tps/shared/conf/CMakeLists.txt | 2 +-
base/tps/shared/conf/{CS.cfg.in => CS.cfg} | 0
17 files changed, 6 insertions(+), 16 deletions(-)
rename base/ca/shared/conf/{CS.cfg.in => CS.cfg} (100%)
rename base/kra/shared/conf/{CS.cfg.in => CS.cfg} (100%)
rename base/ocsp/shared/conf/{CS.cfg.in => CS.cfg} (100%)
rename base/tks/shared/conf/{CS.cfg.in => CS.cfg} (100%)
rename base/tps-client/doc/{CS.cfg.in => CS.cfg} (100%)
rename base/tps/shared/conf/{CS.cfg.in => CS.cfg} (100%)
diff --git a/base/ca/CMakeLists.txt b/base/ca/CMakeLists.txt
index 63e77195a5ba21251b0039407ccc180873f48828..1492d5a10609483799092756196d9537bee89c00 100644
--- a/base/ca/CMakeLists.txt
+++ b/base/ca/CMakeLists.txt
@@ -20,8 +20,6 @@ install(
${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}
PATTERN
"CMakeLists.txt" EXCLUDE
- PATTERN
- "conf/CS.cfg.in" EXCLUDE
)
# install empty directories
diff --git a/base/ca/shared/conf/CMakeLists.txt b/base/ca/shared/conf/CMakeLists.txt
index 419289d03e616384bc2397d3e9bab41472bae26a..874a21a8d4770e4716d2cccd2a55aadff080ce26 100644
--- a/base/ca/shared/conf/CMakeLists.txt
+++ b/base/ca/shared/conf/CMakeLists.txt
@@ -1,4 +1,4 @@
-configure_file(${CMAKE_CURRENT_SOURCE_DIR}/CS.cfg.in ${CMAKE_CURRENT_BINARY_DIR}/CS.cfg @ONLY)
+configure_file(${CMAKE_CURRENT_SOURCE_DIR}/CS.cfg ${CMAKE_CURRENT_BINARY_DIR}/CS.cfg @ONLY)
install(
FILES
diff --git a/base/ca/shared/conf/CS.cfg.in b/base/ca/shared/conf/CS.cfg
similarity index 100%
rename from base/ca/shared/conf/CS.cfg.in
rename to base/ca/shared/conf/CS.cfg
diff --git a/base/kra/CMakeLists.txt b/base/kra/CMakeLists.txt
index 0197075ba5f0bef2c7159537f275e78abf225eac..2c3b4697c658eca23590458627581b78ee36ea3e 100644
--- a/base/kra/CMakeLists.txt
+++ b/base/kra/CMakeLists.txt
@@ -20,8 +20,6 @@ install(
${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}
PATTERN
"CMakeLists.txt" EXCLUDE
- PATTERN
- "conf/CS.cfg.in" EXCLUDE
)
# install empty directories
diff --git a/base/kra/shared/conf/CMakeLists.txt b/base/kra/shared/conf/CMakeLists.txt
index 419289d03e616384bc2397d3e9bab41472bae26a..874a21a8d4770e4716d2cccd2a55aadff080ce26 100644
--- a/base/kra/shared/conf/CMakeLists.txt
+++ b/base/kra/shared/conf/CMakeLists.txt
@@ -1,4 +1,4 @@
-configure_file(${CMAKE_CURRENT_SOURCE_DIR}/CS.cfg.in ${CMAKE_CURRENT_BINARY_DIR}/CS.cfg @ONLY)
+configure_file(${CMAKE_CURRENT_SOURCE_DIR}/CS.cfg ${CMAKE_CURRENT_BINARY_DIR}/CS.cfg @ONLY)
install(
FILES
diff --git a/base/kra/shared/conf/CS.cfg.in b/base/kra/shared/conf/CS.cfg
similarity index 100%
rename from base/kra/shared/conf/CS.cfg.in
rename to base/kra/shared/conf/CS.cfg
diff --git a/base/ocsp/CMakeLists.txt b/base/ocsp/CMakeLists.txt
index de781f8c3687ed3f5dd948858d128043a16c7534..8ffa9d76c6700c72f1374bdcda5727de15ce16cd 100644
--- a/base/ocsp/CMakeLists.txt
+++ b/base/ocsp/CMakeLists.txt
@@ -20,8 +20,6 @@ install(
${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}
PATTERN
"CMakeLists.txt" EXCLUDE
- PATTERN
- "CS.cfg.in" EXCLUDE
)
# install empty directories
diff --git a/base/ocsp/shared/conf/CMakeLists.txt b/base/ocsp/shared/conf/CMakeLists.txt
index 419289d03e616384bc2397d3e9bab41472bae26a..874a21a8d4770e4716d2cccd2a55aadff080ce26 100644
--- a/base/ocsp/shared/conf/CMakeLists.txt
+++ b/base/ocsp/shared/conf/CMakeLists.txt
@@ -1,4 +1,4 @@
-configure_file(${CMAKE_CURRENT_SOURCE_DIR}/CS.cfg.in ${CMAKE_CURRENT_BINARY_DIR}/CS.cfg @ONLY)
+configure_file(${CMAKE_CURRENT_SOURCE_DIR}/CS.cfg ${CMAKE_CURRENT_BINARY_DIR}/CS.cfg @ONLY)
install(
FILES
diff --git a/base/ocsp/shared/conf/CS.cfg.in b/base/ocsp/shared/conf/CS.cfg
similarity index 100%
rename from base/ocsp/shared/conf/CS.cfg.in
rename to base/ocsp/shared/conf/CS.cfg
diff --git a/base/tks/CMakeLists.txt b/base/tks/CMakeLists.txt
index 8bdf2258e9b6016ea0e4df99e91d5cbc4f29c3da..7fa9f2210c3d13f0b21b2421ac43eb5d05b82fc3 100644
--- a/base/tks/CMakeLists.txt
+++ b/base/tks/CMakeLists.txt
@@ -20,8 +20,6 @@ install(
${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}
PATTERN
"CMakeLists.txt" EXCLUDE
- PATTERN
- "CS.cfg.in" EXCLUDE
)
# install empty directories
diff --git a/base/tks/shared/conf/CMakeLists.txt b/base/tks/shared/conf/CMakeLists.txt
index 419289d03e616384bc2397d3e9bab41472bae26a..874a21a8d4770e4716d2cccd2a55aadff080ce26 100644
--- a/base/tks/shared/conf/CMakeLists.txt
+++ b/base/tks/shared/conf/CMakeLists.txt
@@ -1,4 +1,4 @@
-configure_file(${CMAKE_CURRENT_SOURCE_DIR}/CS.cfg.in ${CMAKE_CURRENT_BINARY_DIR}/CS.cfg @ONLY)
+configure_file(${CMAKE_CURRENT_SOURCE_DIR}/CS.cfg ${CMAKE_CURRENT_BINARY_DIR}/CS.cfg @ONLY)
install(
FILES
diff --git a/base/tks/shared/conf/CS.cfg.in b/base/tks/shared/conf/CS.cfg
similarity index 100%
rename from base/tks/shared/conf/CS.cfg.in
rename to base/tks/shared/conf/CS.cfg
diff --git a/base/tps-client/doc/CMakeLists.txt b/base/tps-client/doc/CMakeLists.txt
index 419289d03e616384bc2397d3e9bab41472bae26a..874a21a8d4770e4716d2cccd2a55aadff080ce26 100644
--- a/base/tps-client/doc/CMakeLists.txt
+++ b/base/tps-client/doc/CMakeLists.txt
@@ -1,4 +1,4 @@
-configure_file(${CMAKE_CURRENT_SOURCE_DIR}/CS.cfg.in ${CMAKE_CURRENT_BINARY_DIR}/CS.cfg @ONLY)
+configure_file(${CMAKE_CURRENT_SOURCE_DIR}/CS.cfg ${CMAKE_CURRENT_BINARY_DIR}/CS.cfg @ONLY)
install(
FILES
diff --git a/base/tps-client/doc/CS.cfg.in b/base/tps-client/doc/CS.cfg
similarity index 100%
rename from base/tps-client/doc/CS.cfg.in
rename to base/tps-client/doc/CS.cfg
diff --git a/base/tps/CMakeLists.txt b/base/tps/CMakeLists.txt
index 516d4264024a7b9b9a34cc33efa3f8eeaf590704..964a254bdc9af69309d5c563b349596d58759d8b 100644
--- a/base/tps/CMakeLists.txt
+++ b/base/tps/CMakeLists.txt
@@ -34,8 +34,6 @@ install(
${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}
PATTERN
"CMakeLists.txt" EXCLUDE
- PATTERN
- "conf/CS.cfg.in" EXCLUDE
)
# install empty directories
diff --git a/base/tps/shared/conf/CMakeLists.txt b/base/tps/shared/conf/CMakeLists.txt
index 419289d03e616384bc2397d3e9bab41472bae26a..874a21a8d4770e4716d2cccd2a55aadff080ce26 100644
--- a/base/tps/shared/conf/CMakeLists.txt
+++ b/base/tps/shared/conf/CMakeLists.txt
@@ -1,4 +1,4 @@
-configure_file(${CMAKE_CURRENT_SOURCE_DIR}/CS.cfg.in ${CMAKE_CURRENT_BINARY_DIR}/CS.cfg @ONLY)
+configure_file(${CMAKE_CURRENT_SOURCE_DIR}/CS.cfg ${CMAKE_CURRENT_BINARY_DIR}/CS.cfg @ONLY)
install(
FILES
diff --git a/base/tps/shared/conf/CS.cfg.in b/base/tps/shared/conf/CS.cfg
similarity index 100%
rename from base/tps/shared/conf/CS.cfg.in
rename to base/tps/shared/conf/CS.cfg
--
2.5.5
>From 4c8ad1ba95f6791ab3089ca4c5235f35933ffed3 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edew...@redhat.com>
Date: Fri, 6 May 2016 23:56:31 +0200
Subject: [PATCH] Simplified slot substitution.
Previously a deployment parameter has to be added to pkislots.cfg
before it can be used in copy_with_slot_substitution(). The method
has been modified to support substitutions using the deployment
parameters directly, which simplifies the development.
https://fedorahosted.org/pki/ticket/2278
---
.../python/pki/server/deployment/pkihelper.py | 54 ++++++++++++++++++++++
1 file changed, 54 insertions(+)
diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py
index 2898d7fe072883ca37bda0ffdbe5965c680ceb36..4fc8afdd5e28f83e6be676a9b1eb9228ce481538 100644
--- a/base/server/python/pki/server/deployment/pkihelper.py
+++ b/base/server/python/pki/server/deployment/pkihelper.py
@@ -1780,6 +1780,52 @@ class File:
raise
return
+ def substitute_deployment_params(self, line):
+ """
+ Replace all occurrences of [param] in the line with the value of the deployment parameter.
+ """
+
+ # find the first parameter in the line
+ begin = line.find('[')
+
+ # repeat while there are parameters in the line
+ while begin >= 0:
+
+ # find the end of the parameter
+ end = line.find(']', begin + 1)
+
+ # if the end not is found not found, don't do anything
+ if end < 0:
+ return line
+
+ # get parameter name
+ name = line[begin + 1:end]
+
+ try:
+ # get parameter value as string
+ value = str(self.mdict[name])
+
+ config.pki_log.debug(
+ log.PKIHELPER_SLOT_SUBSTITUTION_2,
+ line[begin:end + 1], value,
+ extra=config.PKI_INDENTATION_LEVEL_3)
+
+ # replace parameter with value
+ line = line[0:begin] + value + line[end + 1]
+
+ # calculate the new end position
+ end = begin + len(value) + 1
+
+ except KeyError:
+ # undefined parameter, skip
+ pass
+
+ # find the next parameter in the remainder of the line
+ begin = line.find('[', end + 1)
+
+ # return modified line
+ return line
+
def copy_with_slot_substitution(
self, old_name, new_name, uid=None, gid=None,
perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
@@ -1805,8 +1851,11 @@ class File:
config.pki_log.info(log.PKIHELPER_COPY_WITH_SLOT_SUBSTITUTION_2,
old_name, new_name,
extra=config.PKI_INDENTATION_LEVEL_2)
+
with open(new_name, "w") as FILE:
for line in fileinput.FileInput(old_name):
+
+ # substitute registered slots
for slot in self.slots:
if slot != '__name__' and self.slots[slot] in line:
config.pki_log.debug(
@@ -1816,7 +1865,12 @@ class File:
line = line.replace(
self.slots[slot],
self.mdict[slot])
+
+ # substitute deployment parameters
+ line = self.substitute_deployment_params(line)
+
FILE.write(line)
+
if uid is None:
uid = self.identity.get_uid()
if gid is None:
--
2.5.5
>From adfa1b0ed1b6448ee7d64d19fc3a644c7250aeba Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edew...@redhat.com>
Date: Sat, 7 May 2016 00:07:53 +0200
Subject: [PATCH] Added deployment parameters for number ranges.
New deployment parameters have been added to customize the serial
number range, request number range, and replica number range in
CS.cfg during installation.
The code that generates the CS.cfg has been moved closer to the
code that generates the subsystem configuration folder.
https://fedorahosted.org/pki/ticket/2278
---
base/ca/shared/conf/CS.cfg | 12 ++++++------
base/server/etc/default.cfg | 7 ++++++-
.../pki/server/deployment/scriptlets/slot_substitution.py | 3 ---
.../pki/server/deployment/scriptlets/subsystem_layout.py | 10 +++++++++-
4 files changed, 21 insertions(+), 11 deletions(-)
diff --git a/base/ca/shared/conf/CS.cfg b/base/ca/shared/conf/CS.cfg
index 1a1f653417f0c9c26b0bbabaf91ac1a61f0a227a..989a3221f256a010f9f6225d5caf3eaed0d0385c 100644
--- a/base/ca/shared/conf/CS.cfg
+++ b/base/ca/shared/conf/CS.cfg
@@ -775,22 +775,22 @@ http.port=8080
dbs.enableSerialManagement=[PKI_ENABLE_RANDOM_SERIAL_NUMBERS]
dbs.enableRandomSerialNumbers=[PKI_ENABLE_RANDOM_SERIAL_NUMBERS]
dbs.randomSerialNumberCounter=0
-dbs.beginRequestNumber=1
-dbs.endRequestNumber=10000000
+dbs.beginRequestNumber=[pki_request_number_range_start]
+dbs.endRequestNumber=[pki_request_number_range_end]
dbs.requestIncrement=10000000
dbs.requestLowWaterMark=2000000
dbs.requestCloneTransferNumber=10000
dbs.requestDN=ou=ca, ou=requests
dbs.requestRangeDN=ou=requests, ou=ranges
-dbs.beginSerialNumber=1
-dbs.endSerialNumber=10000000
+dbs.beginSerialNumber=[pki_serial_number_range_start]
+dbs.endSerialNumber=[pki_serial_number_range_end]
dbs.serialIncrement=10000000
dbs.serialLowWaterMark=2000000
dbs.serialCloneTransferNumber=10000
dbs.serialDN=ou=certificateRepository, ou=ca
dbs.serialRangeDN=ou=certificateRepository, ou=ranges
-dbs.beginReplicaNumber=1
-dbs.endReplicaNumber=100
+dbs.beginReplicaNumber=[pki_replica_number_range_start]
+dbs.endReplicaNumber=[pki_replica_number_range_end]
dbs.replicaIncrement=100
dbs.replicaLowWaterMark=20
dbs.replicaCloneTransferNumber=5
diff --git a/base/server/etc/default.cfg b/base/server/etc/default.cfg
index dc30468df7808b9962d2ad82f94f88be4c6be897..b2a24900023cb6af7972756624812bee0de751e4 100644
--- a/base/server/etc/default.cfg
+++ b/base/server/etc/default.cfg
@@ -432,7 +432,12 @@ pki_source_subsystemcert_profile=%(pki_source_conf_path)s/subsystemCert.profile
pki_subsystem_emails_path=%(pki_subsystem_path)s/emails
pki_subsystem_profiles_path=%(pki_subsystem_path)s/profiles
-
+pki_serial_number_range_start=1
+pki_serial_number_range_end=10000000
+pki_request_number_range_start=1
+pki_request_number_range_end=10000000
+pki_replica_number_range_start=1
+pki_replica_number_range_end=100
###############################################################################
diff --git a/base/server/python/pki/server/deployment/scriptlets/slot_substitution.py b/base/server/python/pki/server/deployment/scriptlets/slot_substitution.py
index 5a56f6cbbd89b7cdc9316da045a59b5195a35825..1e85e44da28bb49a656ed4bf37abc87838eb2591 100644
--- a/base/server/python/pki/server/deployment/scriptlets/slot_substitution.py
+++ b/base/server/python/pki/server/deployment/scriptlets/slot_substitution.py
@@ -39,9 +39,6 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
config.pki_log.info(log.SLOT_ASSIGNMENT_SPAWN_1, __name__,
extra=config.PKI_INDENTATION_LEVEL_1)
deployer.file.copy_with_slot_substitution(
- deployer.mdict['pki_source_cs_cfg'],
- deployer.mdict['pki_target_cs_cfg'])
- deployer.file.copy_with_slot_substitution(
deployer.mdict['pki_source_registry'],
deployer.mdict['pki_target_registry'],
overwrite_flag=True)
diff --git a/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py b/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py
index 2b2246a728c97514c4394bdc06fea23e6f76f692..6cc08cf961d256c5b92e051971ca24326f883dfc 100644
--- a/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py
+++ b/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py
@@ -46,12 +46,20 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
config.PKI_SIGNED_AUDIT_SUBSYSTEMS:
deployer.directory.create(
deployer.mdict['pki_subsystem_signed_audit_log_path'])
- # establish instance-based subsystem configuration
+
+ # create /var/lib/pki/<instance>/<subsystem>/conf
deployer.directory.create(
deployer.mdict['pki_subsystem_configuration_path'])
+
# deployer.directory.copy(
# deployer.mdict['pki_source_conf_path'],
# deployer.mdict['pki_subsystem_configuration_path'])
+
+ # create /var/lib/pki/<instance>/<subsystem>/conf/CS.cfg
+ deployer.file.copy_with_slot_substitution(
+ deployer.mdict['pki_source_cs_cfg'],
+ deployer.mdict['pki_target_cs_cfg'])
+
# establish instance-based Tomcat specific subsystems
# establish instance-based Tomcat PKI subsystem base
--
2.5.5
_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
