Skip to content

Commit

Permalink
Remove PKIDeployer.tomcat_instance_subsystems()
Browse files Browse the repository at this point in the history 
The PKIDeployer.tomcat_instance_subsystems() has been replaced
with PKIServer.get_subsystems().
  • Loading branch information
@edewata
edewata committed Jul 18, 2023
1 parent eebce74 commit 2158706
Show file tree
Hide file tree
Showing 4 changed files with 21 additions and 31 deletions.
20 changes: 3 additions & 17 deletions base/server/python/pki/server/deployment/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -417,20 +417,6 @@ def get_key_params(self, cert_id):

return (key_type, key_size, curve, hash_alg)

def tomcat_instance_subsystems(self):

# Return list of PKI subsystems in the specified tomcat instance

rv = []

for subsystem in config.PKI_SUBSYSTEMS:

path = os.path.join(self.mdict['pki_instance_path'], subsystem.lower())
if os.path.exists(path) and os.path.isdir(path):
rv.append(subsystem)

return rv

def verify_subsystem_exists(self, instance):

subsystem_path = os.path.join(
Expand Down Expand Up @@ -2241,7 +2227,7 @@ def setup_system_certs(self, nssdb, subsystem):
system_certs = {}

clone = self.configuration_file.clone
tomcat_instance_subsystems = len(self.tomcat_instance_subsystems())
num_subsystems = len(subsystem.instance.get_subsystems())

external = config.str2bool(self.mdict['pki_external']) or \
config.str2bool(self.mdict['pki_existing']) or \
Expand All @@ -2260,11 +2246,11 @@ def setup_system_certs(self, nssdb, subsystem):
logger.info('%s cert is already set up', tag)
continue

if tag == 'sslserver' and tomcat_instance_subsystems > 1:
if tag == 'sslserver' and num_subsystems > 1:
logger.info('sslserver cert is already set up')
continue

if tag == 'subsystem' and tomcat_instance_subsystems > 1:
if tag == 'subsystem' and num_subsystems > 1:
logger.info('subsystem cert is already set up')
continue

Expand Down
8 changes: 4 additions & 4 deletions base/server/python/pki/server/deployment/scriptlets/instance_layout.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ def spawn(self, deployer):
instance.store_passwords()

# if this is not the first subsystem, skip
if len(deployer.tomcat_instance_subsystems()) > 0:
if instance.get_subsystems():
logger.info('Installing %s instance', deployer.mdict['pki_instance_name'])
return

Expand Down Expand Up @@ -278,12 +278,12 @@ def spawn(self, deployer):

def destroy(self, deployer):

instance = self.instance

# if this is not the last subsystem, skip
if len(deployer.tomcat_instance_subsystems()) > 0:
if instance.get_subsystems():
return

instance = self.instance

logger.info('Removing %s instance', deployer.mdict['pki_instance_name'])

logger.info('Removing %s', deployer.systemd.systemd_link)
Expand Down
8 changes: 4 additions & 4 deletions base/server/python/pki/server/deployment/scriptlets/security_databases.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -229,7 +229,7 @@ def spawn(self, deployer):
# installing a non-CA subsystem on a fresh system.
instance.copyfile(ca_cert_path, destination)

if len(deployer.tomcat_instance_subsystems()) < 2:
if len(instance.get_subsystems()) == 1:

# Check to see if a secure connection is being used for the DS
if deployer.ds_url.scheme == 'ldaps':
Expand Down Expand Up @@ -535,12 +535,12 @@ def update_external_certs_conf(self, external_path, deployer):

def destroy(self, deployer):

instance = self.instance

# if this is not the last subsystem, skip
if len(deployer.tomcat_instance_subsystems()) > 0:
if instance.get_subsystems():
return

instance = self.instance

if deployer.directory.exists(deployer.mdict['pki_client_dir']):
logger.info('Removing %s', deployer.mdict['pki_client_dir'])
pki.util.rmtree(deployer.mdict['pki_client_dir'],
Expand Down
16 changes: 10 additions & 6 deletions base/server/python/pki/server/deployment/scriptlets/selinux_setup.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,8 @@ def spawn(self, deployer):
logger.info('SELinux disabled')
return

instance = self.instance

logger.info('Creating SELinux contexts')

# A maximum of 10 tries to create the SELinux contexts
Expand All @@ -65,16 +67,16 @@ def spawn(self, deployer):
# check first if any transactions are required
if len(ports) == 0 and deployer.mdict['pki_instance_name'] == \
config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME:
deployer.restore_selinux_contexts(self.instance)
deployer.restore_selinux_contexts(instance)
return

# add SELinux contexts when adding the first subsystem
if len(deployer.tomcat_instance_subsystems()) == 1:
if len(instance.get_subsystems()) == 1:
if deployer.mdict['pki_instance_name'] != \
config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME:
deployer.create_selinux_contexts(self.instance)
deployer.create_selinux_contexts(instance)

deployer.restore_selinux_contexts(self.instance)
deployer.restore_selinux_contexts(instance)
break

except ValueError as e:
Expand All @@ -101,17 +103,19 @@ def destroy(self, deployer):
config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME):
return

instance = self.instance

logger.info('Removing SELinux contexts')

# A maximum of 10 tries to delete the SELinux contexts
max_tries = 10
for counter in range(1, max_tries):
try:
# remove SELinux contexts when removing the last subsystem
if len(deployer.tomcat_instance_subsystems()) == 0:
if not instance.get_subsystems():
if deployer.mdict['pki_instance_name'] != \
config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME:
deployer.remove_selinux_contexts(self.instance)
deployer.remove_selinux_contexts(instance)
break

except ValueError as e:
Expand Down

0 comments on commit 2158706

Please sign in to comment.