Skip to content

Commit

Permalink
Add pki-server <subsystem>-db-init
Browse files Browse the repository at this point in the history
The pki-server <subsystem>-db-init has been added to initialize
the subsystem database in a single step. By default this will
include configuring DS server, setting up the schema, creating
the base entry, and creating the container entries. The command
provides options to skip these steps if needed. The command also
provides an option to create a new DS backend.

The PKISubsystem.init_database() and SubsystemDBInitCLI.java have
been modified to match options in the CLI.
  • Loading branch information
edewata committed Dec 6, 2023
1 parent 30ec75d commit dc473f5
Show file tree
Hide file tree
Showing 6 changed files with 156 additions and 87 deletions.
53 changes: 3 additions & 50 deletions .github/workflows/ca-existing-ds-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -168,56 +168,9 @@ jobs:
docker exec pki pki-server ca-db-info
# https://github.com/dogtagpki/pki/wiki/Setting-up-CA-Database
- name: Configure DS database
run: |
docker exec ds ldapadd \
-H ldap://ds.example.com:3389 \
-D "cn=Directory Manager" \
-w Secret.123 \
-f $SHARED/base/server/database/ds/config.ldif
- name: Add PKI schema
run: |
docker exec ds ldapmodify \
-H ldap://ds.example.com:3389 \
-D "cn=Directory Manager" \
-w Secret.123 \
-f $SHARED/base/server/database/ds/schema.ldif
- name: Add CA base entry
run: |
docker exec -i ds ldapadd \
-H ldap://ds.example.com:3389 \
-D "cn=Directory Manager" \
-w Secret.123 << EOF
dn: dc=ca,dc=pki,dc=example,dc=com
objectClass: dcObject
dc: ca
EOF
- name: Add CA database entries
run: |
sed \
-e 's/{rootSuffix}/dc=ca,dc=pki,dc=example,dc=com/g' \
base/ca/database/ds/create.ldif \
| tee create.ldif
docker exec ds ldapadd \
-H ldap://ds.example.com:3389 \
-D "cn=Directory Manager" \
-w Secret.123 \
-f $SHARED/create.ldif
- name: Add CA ACL resources
run: |
sed \
-e 's/{rootSuffix}/dc=ca,dc=pki,dc=example,dc=com/g' \
base/ca/database/ds/acl.ldif \
| tee acl.ldif
docker exec ds ldapadd \
-H ldap://ds.example.com:3389 \
-D "cn=Directory Manager" \
-w Secret.123 \
-f $SHARED/acl.ldif
- name: Initialize CA database
run: |
docker exec pki pki-server ca-db-init -v
- name: Add CA search indexes
run: |
Expand Down
109 changes: 109 additions & 0 deletions base/server/python/pki/server/cli/db.py
Original file line number Diff line number Diff line change
Expand Up @@ -213,6 +213,7 @@ def __init__(self, parent):
self.parent = parent
self.add_module(SubsystemDBConfigCLI(self))
self.add_module(SubsystemDBInfoCLI(self))
self.add_module(SubsystemDBInitCLI(self))
self.add_module(SubsystemDBEmptyCLI(self))
self.add_module(SubsystemDBRemoveCLI(self))
self.add_module(SubsystemDBUpgradeCLI(self))
Expand Down Expand Up @@ -613,6 +614,114 @@ def execute(self, argv):
subsystem.run(cmd, as_current_user=as_current_user)


class SubsystemDBInitCLI(pki.cli.CLI):
'''
Initialize {subsystem} database
'''

help = '''\
Usage: pki-server {subsystem}-db-init [OPTIONS]
-i, --instance <instance ID> Instance ID (default: pki-tomcat)
--skip-config Skip DS server configuration.
--skip-schema Skip DS schema setup.
--create-backend Create DS backend.
--skip-base Skip base entry setup.
--skip-containers Skip container entries setup.
-v, --verbose Run in verbose mode.
--debug Run in debug mode.
--help Show help message.
'''

def __init__(self, parent):
super().__init__(
'init',
inspect.cleandoc(self.__class__.__doc__).format(
subsystem=parent.parent.name.upper()))

self.parent = parent

def print_help(self):
print(textwrap.dedent(self.__class__.help).format(
subsystem=self.parent.parent.name))

def execute(self, argv):
try:
opts, _ = getopt.gnu_getopt(argv, 'i:v', [
'instance=', 'skip-config', 'skip-schema',
'create-backend', 'skip-base', 'skip-containers',
'verbose', 'debug', 'help'])

except getopt.GetoptError as e:
logger.error(e)
self.print_help()
sys.exit(1)

instance_name = 'pki-tomcat'
subsystem_name = self.parent.parent.name

skip_config = False
skip_schema = False
create_backend = False
skip_base = False
skip_containers = False

for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a

elif o == '--skip-config':
skip_config = True

elif o == '--skip-schema':
skip_schema = True

elif o == '--create-backend':
create_backend = True

elif o == '--skip-base':
skip_base = True

elif o == '--skip-containers':
skip_containers = True

elif o in ('-v', '--verbose'):
logging.getLogger().setLevel(logging.INFO)

elif o == '--debug':
logging.getLogger().setLevel(logging.DEBUG)

elif o == '--help':
self.print_help()
sys.exit()

else:
logger.error('Invalid option: %s', o)
self.print_help()
sys.exit(1)

instance = pki.server.instance.PKIServerFactory.create(instance_name)
if not instance.exists():
logger.error('Invalid instance: %s', instance_name)
sys.exit(1)

instance.load()

subsystem = instance.get_subsystem(subsystem_name)

if not subsystem:
logger.error('No %s subsystem in instance %s',
subsystem_name.upper(), instance_name)
sys.exit(1)

subsystem.init_database(
skip_config=skip_config,
skip_schema=skip_schema,
create_backend=create_backend,
skip_base=skip_base,
skip_containers=skip_containers)


class SubsystemDBEmptyCLI(pki.cli.CLI):

def __init__(self, parent):
Expand Down
24 changes: 12 additions & 12 deletions base/server/python/pki/server/deployment/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -1532,27 +1532,27 @@ def setup_database(self, subsystem, master_config):
# then we are assuming that replication is already taken care of,
# and schema has already been replicated.

setup_schema = not config.str2bool(self.mdict['pki_clone']) or \
not config.str2bool(self.mdict['pki_clone_setup_replication']) or \
not config.str2bool(self.mdict['pki_clone_replicate_schema'])
skip_schema = config.str2bool(self.mdict['pki_clone']) and \
config.str2bool(self.mdict['pki_clone_setup_replication']) and \
config.str2bool(self.mdict['pki_clone_replicate_schema'])

create_database = config.str2bool(self.mdict['pki_ds_create_new_db'])
create_backend = config.str2bool(self.mdict['pki_ds_create_new_db'])

# When cloning a subsystem without setting up the replication agreements,
# the database is a subtree of an existing tree and is already replicated,
# so there is no need to set up the base entry.

create_base = config.str2bool(self.mdict['pki_ds_create_new_db']) or \
not config.str2bool(self.mdict['pki_clone']) or \
config.str2bool(self.mdict['pki_clone_setup_replication'])
skip_base = not config.str2bool(self.mdict['pki_ds_create_new_db']) and \
config.str2bool(self.mdict['pki_clone']) and \
not config.str2bool(self.mdict['pki_clone_setup_replication'])

create_containers = not config.str2bool(self.mdict['pki_clone'])
skip_containers = config.str2bool(self.mdict['pki_clone'])

subsystem.init_database(
setup_schema=setup_schema,
create_database=create_database,
create_base=create_base,
create_containers=create_containers)
skip_schema=skip_schema,
create_backend=create_backend,
skip_base=skip_base,
skip_containers=skip_containers)

# always create indexes
subsystem.add_indexes()
Expand Down
28 changes: 16 additions & 12 deletions base/server/python/pki/server/subsystem.py
Original file line number Diff line number Diff line change
Expand Up @@ -1154,25 +1154,29 @@ def import_ldif(self, bind_dn, bind_password, filename):

def init_database(
self,
setup_schema=False,
create_database=False,
create_base=False,
create_containers=False,
skip_config=False,
skip_schema=False,
create_backend=False,
skip_base=False,
skip_containers=False,
as_current_user=False):

cmd = [self.name + '-db-init']

if setup_schema:
cmd.append('--setup-schema')
if skip_config:
cmd.append('--skip-config')

if create_database:
cmd.append('--create-database')
if skip_schema:
cmd.append('--skip-schema')

if create_base:
cmd.append('--create-base')
if create_backend:
cmd.append('--create-backend')

if create_containers:
cmd.append('--create-containers')
if skip_base:
cmd.append('--skip-base')

if skip_containers:
cmd.append('--skip-containers')

if logger.isEnabledFor(logging.DEBUG):
cmd.append('--debug')
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -89,8 +89,8 @@ public Map<String, String> getParams() throws Exception {
return params;
}

public void initDatabase() throws Exception {
logger.info("Initialize database");
public void configureServer() throws Exception {
logger.info("Configuring DS server");
importLDIF("/usr/share/pki/server/database/ds/config.ldif", true);
}

Expand Down Expand Up @@ -333,7 +333,7 @@ public void waitForTask(String dn) throws Exception {
logger.info("Task " + dn + " complete");
}

public void createDatabaseEntry(String databaseDN, String database, String baseDN) throws Exception {
public void createBackendEntry(String databaseDN, String database, String baseDN) throws Exception {

logger.info("Adding " + databaseDN);

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -46,10 +46,11 @@ public void createOptions() {
option.setArgName("password config");
options.addOption(option);

options.addOption(null, "setup-schema", false, "Set up schema");
options.addOption(null, "create-database", false, "Create database");
options.addOption(null, "create-base", false, "Create base entry");
options.addOption(null, "create-containers", false, "Create container entries");
options.addOption(null, "skip-config", false, "Skip DS server configuration");
options.addOption(null, "skip-schema", false, "Skip DS schema setup");
options.addOption(null, "create-backend", false, "Create DS backend");
options.addOption(null, "skip-base", false, "Skip base entry setup");
options.addOption(null, "skip-containers", false, "Skip container entries setup");

options.addOption("v", "verbose", false, "Run in verbose mode.");
options.addOption(null, "debug", false, "Run in debug mode.");
Expand Down Expand Up @@ -91,25 +92,27 @@ public void execute(CommandLine cmd) throws Exception {
LDAPConfigurator ldapConfigurator = new LDAPConfigurator(conn, ldapConfig);

try {
ldapConfigurator.initDatabase();
if (!cmd.hasOption("skip-config")) {
ldapConfigurator.configureServer();
}

if (cmd.hasOption("setup-schema")) {
if (!cmd.hasOption("skip-schema")) {
ldapConfigurator.setupSchema();
}

if (cmd.hasOption("create-database")) {
if (cmd.hasOption("create-backend")) {
String databaseDN = "cn=" + LDAPUtil.escapeRDNValue(database) + ",cn=ldbm database, cn=plugins, cn=config";
ldapConfigurator.createDatabaseEntry(databaseDN, database, baseDN);
ldapConfigurator.createBackendEntry(databaseDN, database, baseDN);

String mappingDN = "cn=\"" + baseDN + "\",cn=mapping tree, cn=config";
ldapConfigurator.createMappingEntry(mappingDN, database, baseDN);
}

if (cmd.hasOption("create-base")) {
if (!cmd.hasOption("skip-base")) {
ldapConfigurator.createBaseEntry(baseDN);
}

if (cmd.hasOption("create-containers")) {
if (!cmd.hasOption("skip-containers")) {
ldapConfigurator.createContainers(subsystem);
ldapConfigurator.setupACL(subsystem);
}
Expand Down

0 comments on commit dc473f5

Please sign in to comment.