[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Pki-devel] [PATCH] Lack of Interactive Installation Support (Cloning, Subordinates, Externals, HSMs, ECC)



Please review the following patch for:

Thanks,
-- Matt

From dad71120460dfb0464b210c6f56d6780513e4a0f Mon Sep 17 00:00:00 2001
From: Matthew Harmsen <mharmsen pki usersys redhat com>
Date: Thu, 2 Jul 2015 01:00:52 -0600
Subject: [PATCH] Limited Interactive Installation Support

- PKI TRAC Ticket #1441 - Lack of Interactive Installation Support
(Cloning, Subordinates, Externals, HSMs, ECC)
---
 .../python/pki/server/deployment/pkimessages.py    | 19 ++++++
 base/server/sbin/pkispawn                          | 68 ++++++++++++----------
 2 files changed, 55 insertions(+), 32 deletions(-)

diff --git a/base/server/python/pki/server/deployment/pkimessages.py b/base/server/python/pki/server/deployment/pkimessages.py
index 6528407..ff3d370 100644
--- a/base/server/python/pki/server/deployment/pkimessages.py
+++ b/base/server/python/pki/server/deployment/pkimessages.py
@@ -146,6 +146,25 @@ REMINDER:
     Finally, if an optional '-p <prefix>' is defined, this value WILL NOT
     be prepended in front of the mandatory '-f <configuration_file>'.
 """ + PKI_VERBOSITY
+PKISPAWN_INTERACTIVE_INSTALLATION='''
+IMPORTANT:
+
+    Interactive installation currently only exists for very basic deployments!
+
+    For example, deployments intent upon using advanced features such as:
+
+        * Cloning,
+        * Elliptic Curve Cryptography (ECC),
+        * External CA,
+        * Hardware Security Module (HSM),
+        * Subordinate CA,
+        * etc.,
+
+    must provide the necessary override parameters in a separate
+    configuration file.
+
+    Run 'man pkispawn' for details.
+'''
 
 
 # PKI Deployment "Helper" Messages
diff --git a/base/server/sbin/pkispawn b/base/server/sbin/pkispawn
index 893a22a..47ae301 100755
--- a/base/server/sbin/pkispawn
+++ b/base/server/sbin/pkispawn
@@ -126,6 +126,10 @@ def main(argv):
     interactive = False
 
     while True:
+        if config.user_deployment_cfg is None:
+            interactive = True
+            parser.indent = 0
+            print log.PKISPAWN_INTERACTIVE_INSTALLATION
 
         # -s <subsystem>
         if args.pki_subsystem is None:
@@ -215,38 +219,38 @@ def main(argv):
                              config.pki_subsystem,
                              'pki_client_admin_cert')
 
-            if parser.mdict['pki_hsm_enable'] == 'True':
-                use_hsm = 'Y'
-            else:
-                use_hsm = 'N'
-
-            use_hsm = parser.read_text(
-                'Using hardware security module (HSM) (Yes/No)',
-                default=use_hsm, options=['Yes', 'Y', 'No', 'N'],
-                sign='?', case_sensitive=False).lower()
-
-            if use_hsm == 'y' or use_hsm == 'yes':
-                # XXX:  Suppress interactive HSM installation
-                print "Interactive HSM installation is currently unsupported."
-                sys.exit(0)
-
-                # TBD:  Interactive HSM installation
-                # parser.set_property(config.pki_subsystem,
-                #                     'pki_hsm_enable',
-                #                     'True')
-                # modulename = parser.read_text(
-                #     'HSM Module Name (e. g. - nethsm)', allow_empty=False)
-                # parser.set_property(config.pki_subsystem,
-                #                     'pki_hsm_modulename',
-                #                     modulename)
-                # libfile = parser.read_text(
-                #     'HSM Lib File ' +
-                #     '(e. g. - /opt/nfast/toolkits/pkcs11/libcknfast.so)',
-                #     allow_empty=False)
-                # parser.set_property(config.pki_subsystem,
-                #                     'pki_hsm_libfile',
-                #                     libfile)
-            print
+            # if parser.mdict['pki_hsm_enable'] == 'True':
+            #     use_hsm = 'Y'
+            # else:
+            #     use_hsm = 'N'
+
+            # use_hsm = parser.read_text(
+            #     'Using hardware security module (HSM) (Yes/No)',
+            #     default=use_hsm, options=['Yes', 'Y', 'No', 'N'],
+            #     sign='?', case_sensitive=False).lower()
+
+            # if use_hsm == 'y' or use_hsm == 'yes':
+            #     # XXX:  Suppress interactive HSM installation
+            #     print "Interactive HSM installation is currently unsupported."
+            #     sys.exit(0)
+
+                  # TBD:  Interactive HSM installation
+                  # parser.set_property(config.pki_subsystem,
+                  #                     'pki_hsm_enable',
+                  #                     'True')
+                  # modulename = parser.read_text(
+                  #     'HSM Module Name (e. g. - nethsm)', allow_empty=False)
+                  # parser.set_property(config.pki_subsystem,
+                  #                     'pki_hsm_modulename',
+                  #                     modulename)
+                  # libfile = parser.read_text(
+                  #     'HSM Lib File ' +
+                  #     '(e. g. - /opt/nfast/toolkits/pkcs11/libcknfast.so)',
+                  #     allow_empty=False)
+                  # parser.set_property(config.pki_subsystem,
+                  #                     'pki_hsm_libfile',
+                  #                     libfile)
+            # print
 
             print "Directory Server:"
             while True:
-- 
2.1.0


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]