From 16a231feddb6c719d5cd2eb4a5e02053e0ce5d1c Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Tue, 1 Aug 2023 17:04:25 -0500 Subject: [PATCH] Clean up PKIDeployer.import_master_config() The code in PKIDeployer.import_master_config() that checks the pki_clone param has been moved out of the method. --- .../python/pki/server/deployment/__init__.py | 98 +++++++++---------- .../deployment/scriptlets/configuration.py | 7 +- 2 files changed, 52 insertions(+), 53 deletions(-) diff --git a/base/server/python/pki/server/deployment/__init__.py b/base/server/python/pki/server/deployment/__init__.py index e34169c7274..bd98b275319 100644 --- a/base/server/python/pki/server/deployment/__init__.py +++ b/base/server/python/pki/server/deployment/__init__.py @@ -1372,77 +1372,71 @@ def configure_subsystem(self, subsystem): def import_master_config(self, subsystem): - if config.str2bool(self.mdict['pki_clone']): + master_url = self.mdict['pki_clone_uri'] - master_url = self.mdict['pki_clone_uri'] - - if subsystem.type in ['CA', 'KRA']: - - logger.info('Requesting ranges from %s master', subsystem.type) - subsystem.request_ranges(master_url, session_id=self.install_token.token) - - logger.info('Retrieving config params from %s master', subsystem.type) + if subsystem.type in ['CA', 'KRA']: - names = [ - 'internaldb.ldapauth.password', - 'internaldb.replication.password' - ] + logger.info('Requesting ranges from %s master', subsystem.type) + subsystem.request_ranges(master_url, session_id=self.install_token.token) - substores = [ - 'internaldb', - 'internaldb.ldapauth', - 'internaldb.ldapconn' - ] + logger.info('Retrieving config params from %s master', subsystem.type) - tags = subsystem.config['preop.cert.list'].split(',') - for tag in tags: - if tag == 'sslserver': - continue + names = [ + 'internaldb.ldapauth.password', + 'internaldb.replication.password' + ] - # check CSR in CS.cfg - param = '%s.%s.certreq' % (subsystem.name, tag) - csr = subsystem.config.get(param) + substores = [ + 'internaldb', + 'internaldb.ldapauth', + 'internaldb.ldapconn' + ] - if csr: - # CSR already exists - continue + tags = subsystem.config['preop.cert.list'].split(',') + for tag in tags: + if tag == 'sslserver': + continue - # CSR doesn't exist, import from master - names.append(param) + # check CSR in CS.cfg + param = '%s.%s.certreq' % (subsystem.name, tag) + csr = subsystem.config.get(param) - if subsystem.name == 'ca': - substores.append('ca.connector.KRA') - else: - names.append('cloning.ca.type') + if csr: + # CSR already exists + continue - master_config = subsystem.retrieve_config( - master_url, - names, - substores, - session_id=self.install_token.token) + # CSR doesn't exist, import from master + names.append(param) - logger.info('Validating %s master config params', subsystem.type) + if subsystem.name == 'ca': + substores.append('ca.connector.KRA') + else: + names.append('cloning.ca.type') - master_properties = master_config['Properties'] + master_config = subsystem.retrieve_config( + master_url, + names, + substores, + session_id=self.install_token.token) - master_hostname = master_properties['internaldb.ldapconn.host'] - master_port = master_properties['internaldb.ldapconn.port'] + logger.info('Validating %s master config params', subsystem.type) - replica_hostname = subsystem.config['internaldb.ldapconn.host'] - replica_port = subsystem.config['internaldb.ldapconn.port'] + master_properties = master_config['Properties'] - if master_hostname == replica_hostname and master_port == replica_port: - raise Exception('Master and replica must not share LDAP database') + master_hostname = master_properties['internaldb.ldapconn.host'] + master_port = master_properties['internaldb.ldapconn.port'] - logger.info('Importing %s master config params', subsystem.type) + replica_hostname = subsystem.config['internaldb.ldapconn.host'] + replica_port = subsystem.config['internaldb.ldapconn.port'] - subsystem.import_master_config(master_properties) + if master_hostname == replica_hostname and master_port == replica_port: + raise Exception('Master and replica must not share LDAP database') - return master_config + logger.info('Importing %s master config params', subsystem.type) - else: + subsystem.import_master_config(master_properties) - return None + return master_config def setup_database(self, subsystem, master_config): diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py index fc00df71257..1b6033f9aff 100644 --- a/base/server/python/pki/server/deployment/scriptlets/configuration.py +++ b/base/server/python/pki/server/deployment/scriptlets/configuration.py @@ -186,7 +186,12 @@ def spawn(self, deployer): subsystem.save() if config.str2bool(deployer.mdict['pki_ds_setup']): - master_config = deployer.import_master_config(subsystem) + + if clone: + master_config = deployer.import_master_config(subsystem) + else: + master_config = None + deployer.setup_database(subsystem, master_config) subsystem.load()