diff --git a/.github/workflows/acme-separate-test.yml b/.github/workflows/acme-separate-test.yml index 158965008c7..3570b31622c 100644 --- a/.github/workflows/acme-separate-test.yml +++ b/.github/workflows/acme-separate-test.yml @@ -99,11 +99,6 @@ jobs: --network-alias=acme.example.com \ acme - - name: Create PKI server for ACME - run: | - docker exec acme pki-server create - docker exec acme pki-server nss-create --password Secret.123 - - name: Set up ACME database run: | docker exec acme ldapmodify \ @@ -147,13 +142,13 @@ jobs: drwxrwx--- pkiuser pkiuser acme lrwxrwxrwx pkiuser pkiuser alias -> /var/lib/pki/pki-tomcat/conf/alias lrwxrwxrwx pkiuser pkiuser bin -> /usr/share/tomcat/bin - drwxr-x--- pkiuser pkiuser common + drwxrwx--- pkiuser pkiuser common lrwxrwxrwx pkiuser pkiuser conf -> /etc/pki/pki-tomcat lrwxrwxrwx pkiuser pkiuser lib -> /usr/share/pki/server/lib lrwxrwxrwx pkiuser pkiuser logs -> /var/log/pki/pki-tomcat - drwxr-x--- pkiuser pkiuser temp - drwxr-x--- pkiuser pkiuser webapps - drwxr-x--- pkiuser pkiuser work + drwxrwx--- pkiuser pkiuser temp + drwxr-xr-x pkiuser pkiuser webapps + drwxrwx--- pkiuser pkiuser work EOF diff expected output @@ -170,12 +165,12 @@ jobs: # TODO: review permissions cat > expected << EOF - drwxr-x--- pkiuser pkiuser Catalina + drwxrwx--- pkiuser pkiuser Catalina drwxrwx--- pkiuser pkiuser acme drwxrwx--- pkiuser pkiuser alias - -rw-rw---- pkiuser pkiuser catalina.policy + -rw-r--r-- pkiuser pkiuser catalina.policy lrwxrwxrwx pkiuser pkiuser catalina.properties -> /usr/share/pki/server/conf/catalina.properties - drwxr-x--- pkiuser pkiuser certs + drwxrwx--- pkiuser pkiuser certs lrwxrwxrwx pkiuser pkiuser context.xml -> /etc/tomcat/context.xml lrwxrwxrwx pkiuser pkiuser logging.properties -> /usr/share/pki/server/conf/logging.properties -rw-rw---- pkiuser pkiuser password.conf @@ -733,6 +728,7 @@ jobs: run: docker exec ca pkidestroy -s CA -v - name: Check ACME server base dir after removal + if: always() run: | # check file types, owners, and permissions docker exec acme ls -l /var/lib/pki/pki-tomcat \ @@ -750,6 +746,7 @@ jobs: diff expected output - name: Check ACME server conf dir after removal + if: always() run: | # check file types, owners, and permissions docker exec acme ls -l /etc/pki/pki-tomcat \ @@ -760,12 +757,12 @@ jobs: # TODO: review permissions cat > expected << EOF - drwxr-x--- pkiuser pkiuser Catalina + drwxrwx--- pkiuser pkiuser Catalina drwxrwx--- pkiuser pkiuser acme drwxrwx--- pkiuser pkiuser alias - -rw-rw---- pkiuser pkiuser catalina.policy + -rw-r--r-- pkiuser pkiuser catalina.policy lrwxrwxrwx pkiuser pkiuser catalina.properties -> /usr/share/pki/server/conf/catalina.properties - drwxr-x--- pkiuser pkiuser certs + drwxrwx--- pkiuser pkiuser certs lrwxrwxrwx pkiuser pkiuser context.xml -> /etc/tomcat/context.xml lrwxrwxrwx pkiuser pkiuser logging.properties -> /usr/share/pki/server/conf/logging.properties -rw-rw---- pkiuser pkiuser password.conf @@ -777,6 +774,7 @@ jobs: diff expected output - name: Check ACME server logs dir after removal + if: always() run: | # check file types, owners, and permissions docker exec acme ls -l /var/log/pki/pki-tomcat \ diff --git a/base/server/etc/default.cfg b/base/server/etc/default.cfg index aa7bb480fe0..29e77aa2e7e 100644 --- a/base/server/etc/default.cfg +++ b/base/server/etc/default.cfg @@ -625,7 +625,7 @@ pki_registry_enable=True [ACME] pki_ds_setup=False pki_security_domain_setup=False -pki_registry_enable=False +pki_registry_enable=True # Database params: # - acme_database_type diff --git a/base/server/python/pki/server/deployment/__init__.py b/base/server/python/pki/server/deployment/__init__.py index 953485d51b7..01e6905433e 100644 --- a/base/server/python/pki/server/deployment/__init__.py +++ b/base/server/python/pki/server/deployment/__init__.py @@ -5184,9 +5184,10 @@ def create_acme_subsystem(self): logger.info('Creating ACME subsystem') subsystem = pki.server.subsystem.ACMESubsystem(self.instance) - subsystem.create() - subsystem.create_conf() - subsystem.create_logs() + subsystem.create(exist_ok=True) + subsystem.create_conf(exist_ok=True) + subsystem.create_logs(exist_ok=True) + subsystem.create_registry(exist_ok=True) return subsystem @@ -5489,6 +5490,8 @@ def remove_acme_subsystem(self, subsystem): logger.info('Removing ACME subsystem') + subsystem.remove_registry(force=self.force) + if self.remove_logs: subsystem.remove_logs(force=self.force) diff --git a/base/server/python/pki/server/subsystem.py b/base/server/python/pki/server/subsystem.py index bcf547ebd6c..113ce4f346d 100644 --- a/base/server/python/pki/server/subsystem.py +++ b/base/server/python/pki/server/subsystem.py @@ -287,17 +287,20 @@ def load(self): def remove_registry(self, force=False): - # Remove /etc/sysconfig/pki/tomcat///default.cfg + if os.path.exists(self.default_cfg): - default_cfg = os.path.join(self.registry_dir, 'default.cfg') - logger.info('Removing %s', default_cfg) - pki.util.remove(default_cfg, force=force) + # Remove /etc/sysconfig/pki/tomcat///default.cfg - # Remove subsystem registry folder at - # /etc/sysconfig/pki/tomcat// + logger.info('Removing %s', self.default_cfg) + pki.util.remove(self.default_cfg, force=force) + + if os.path.exists(self.registry_dir): + + # Remove subsystem registry folder at + # /etc/sysconfig/pki/tomcat// - logger.info('Removing %s', self.registry_dir) - pki.util.rmtree(self.registry_dir, force=force) + logger.info('Removing %s', self.registry_dir) + pki.util.rmtree(self.registry_dir, force=force) def remove_logs(self, force=False):