diff --git a/.github/workflows/ca-existing-ds-test.yml b/.github/workflows/ca-existing-ds-test.yml index cd2957dae76..b8f8486e7e7 100644 --- a/.github/workflows/ca-existing-ds-test.yml +++ b/.github/workflows/ca-existing-ds-test.yml @@ -168,56 +168,9 @@ jobs: docker exec pki pki-server ca-db-info # https://github.com/dogtagpki/pki/wiki/Setting-up-CA-Database - - name: Configure DS database - run: | - docker exec ds ldapadd \ - -H ldap://ds.example.com:3389 \ - -D "cn=Directory Manager" \ - -w Secret.123 \ - -f $SHARED/base/server/database/ds/config.ldif - - - name: Add PKI schema - run: | - docker exec ds ldapmodify \ - -H ldap://ds.example.com:3389 \ - -D "cn=Directory Manager" \ - -w Secret.123 \ - -f $SHARED/base/server/database/ds/schema.ldif - - - name: Add CA base entry - run: | - docker exec -i ds ldapadd \ - -H ldap://ds.example.com:3389 \ - -D "cn=Directory Manager" \ - -w Secret.123 << EOF - dn: dc=ca,dc=pki,dc=example,dc=com - objectClass: dcObject - dc: ca - EOF - - - name: Add CA database entries - run: | - sed \ - -e 's/{rootSuffix}/dc=ca,dc=pki,dc=example,dc=com/g' \ - base/ca/database/ds/create.ldif \ - | tee create.ldif - docker exec ds ldapadd \ - -H ldap://ds.example.com:3389 \ - -D "cn=Directory Manager" \ - -w Secret.123 \ - -f $SHARED/create.ldif - - - name: Add CA ACL resources - run: | - sed \ - -e 's/{rootSuffix}/dc=ca,dc=pki,dc=example,dc=com/g' \ - base/ca/database/ds/acl.ldif \ - | tee acl.ldif - docker exec ds ldapadd \ - -H ldap://ds.example.com:3389 \ - -D "cn=Directory Manager" \ - -w Secret.123 \ - -f $SHARED/acl.ldif + - name: Initialize CA database + run: | + docker exec pki pki-server ca-db-init -v - name: Add CA search indexes run: | diff --git a/base/server/python/pki/server/cli/db.py b/base/server/python/pki/server/cli/db.py index 046c2155e31..f7f961591db 100644 --- a/base/server/python/pki/server/cli/db.py +++ b/base/server/python/pki/server/cli/db.py @@ -213,6 +213,7 @@ def __init__(self, parent): self.parent = parent self.add_module(SubsystemDBConfigCLI(self)) self.add_module(SubsystemDBInfoCLI(self)) + self.add_module(SubsystemDBInitCLI(self)) self.add_module(SubsystemDBEmptyCLI(self)) self.add_module(SubsystemDBRemoveCLI(self)) self.add_module(SubsystemDBUpgradeCLI(self)) @@ -613,6 +614,114 @@ def execute(self, argv): subsystem.run(cmd, as_current_user=as_current_user) +class SubsystemDBInitCLI(pki.cli.CLI): + ''' + Initialize {subsystem} database + ''' + + help = '''\ + Usage: pki-server {subsystem}-db-init [OPTIONS] + + -i, --instance Instance ID (default: pki-tomcat) + --skip-config Skip DS server configuration. + --skip-schema Skip DS schema setup. + --create-backend Create DS backend. + --skip-base Skip base entry setup. + --skip-containers Skip container entries setup. + -v, --verbose Run in verbose mode. + --debug Run in debug mode. + --help Show help message. + ''' + + def __init__(self, parent): + super().__init__( + 'init', + inspect.cleandoc(self.__class__.__doc__).format( + subsystem=parent.parent.name.upper())) + + self.parent = parent + + def print_help(self): + print(textwrap.dedent(self.__class__.help).format( + subsystem=self.parent.parent.name)) + + def execute(self, argv): + try: + opts, _ = getopt.gnu_getopt(argv, 'i:v', [ + 'instance=', 'skip-config', 'skip-schema', + 'create-backend', 'skip-base', 'skip-containers', + 'verbose', 'debug', 'help']) + + except getopt.GetoptError as e: + logger.error(e) + self.print_help() + sys.exit(1) + + instance_name = 'pki-tomcat' + subsystem_name = self.parent.parent.name + + skip_config = False + skip_schema = False + create_backend = False + skip_base = False + skip_containers = False + + for o, a in opts: + if o in ('-i', '--instance'): + instance_name = a + + elif o == '--skip-config': + skip_config = True + + elif o == '--skip-schema': + skip_schema = True + + elif o == '--create-backend': + create_backend = True + + elif o == '--skip-base': + skip_base = True + + elif o == '--skip-containers': + skip_containers = True + + elif o in ('-v', '--verbose'): + logging.getLogger().setLevel(logging.INFO) + + elif o == '--debug': + logging.getLogger().setLevel(logging.DEBUG) + + elif o == '--help': + self.print_help() + sys.exit() + + else: + logger.error('Invalid option: %s', o) + self.print_help() + sys.exit(1) + + instance = pki.server.instance.PKIServerFactory.create(instance_name) + if not instance.exists(): + logger.error('Invalid instance: %s', instance_name) + sys.exit(1) + + instance.load() + + subsystem = instance.get_subsystem(subsystem_name) + + if not subsystem: + logger.error('No %s subsystem in instance %s', + subsystem_name.upper(), instance_name) + sys.exit(1) + + subsystem.init_database( + skip_config=skip_config, + skip_schema=skip_schema, + create_backend=create_backend, + skip_base=skip_base, + skip_containers=skip_containers) + + class SubsystemDBEmptyCLI(pki.cli.CLI): def __init__(self, parent): diff --git a/base/server/python/pki/server/deployment/__init__.py b/base/server/python/pki/server/deployment/__init__.py index 4a3949fe1b7..e90a82c631e 100644 --- a/base/server/python/pki/server/deployment/__init__.py +++ b/base/server/python/pki/server/deployment/__init__.py @@ -1532,27 +1532,27 @@ def setup_database(self, subsystem, master_config): # then we are assuming that replication is already taken care of, # and schema has already been replicated. - setup_schema = not config.str2bool(self.mdict['pki_clone']) or \ - not config.str2bool(self.mdict['pki_clone_setup_replication']) or \ - not config.str2bool(self.mdict['pki_clone_replicate_schema']) + skip_schema = config.str2bool(self.mdict['pki_clone']) and \ + config.str2bool(self.mdict['pki_clone_setup_replication']) and \ + config.str2bool(self.mdict['pki_clone_replicate_schema']) - create_database = config.str2bool(self.mdict['pki_ds_create_new_db']) + create_backend = config.str2bool(self.mdict['pki_ds_create_new_db']) # When cloning a subsystem without setting up the replication agreements, # the database is a subtree of an existing tree and is already replicated, # so there is no need to set up the base entry. - create_base = config.str2bool(self.mdict['pki_ds_create_new_db']) or \ - not config.str2bool(self.mdict['pki_clone']) or \ - config.str2bool(self.mdict['pki_clone_setup_replication']) + skip_base = not config.str2bool(self.mdict['pki_ds_create_new_db']) and \ + config.str2bool(self.mdict['pki_clone']) and \ + not config.str2bool(self.mdict['pki_clone_setup_replication']) - create_containers = not config.str2bool(self.mdict['pki_clone']) + skip_containers = config.str2bool(self.mdict['pki_clone']) subsystem.init_database( - setup_schema=setup_schema, - create_database=create_database, - create_base=create_base, - create_containers=create_containers) + skip_schema=skip_schema, + create_backend=create_backend, + skip_base=skip_base, + skip_containers=skip_containers) # always create indexes subsystem.add_indexes() diff --git a/base/server/python/pki/server/subsystem.py b/base/server/python/pki/server/subsystem.py index 048638b0faf..8a6e5df7a6e 100644 --- a/base/server/python/pki/server/subsystem.py +++ b/base/server/python/pki/server/subsystem.py @@ -1154,25 +1154,29 @@ def import_ldif(self, bind_dn, bind_password, filename): def init_database( self, - setup_schema=False, - create_database=False, - create_base=False, - create_containers=False, + skip_config=False, + skip_schema=False, + create_backend=False, + skip_base=False, + skip_containers=False, as_current_user=False): cmd = [self.name + '-db-init'] - if setup_schema: - cmd.append('--setup-schema') + if skip_config: + cmd.append('--skip-config') - if create_database: - cmd.append('--create-database') + if skip_schema: + cmd.append('--skip-schema') - if create_base: - cmd.append('--create-base') + if create_backend: + cmd.append('--create-backend') - if create_containers: - cmd.append('--create-containers') + if skip_base: + cmd.append('--skip-base') + + if skip_containers: + cmd.append('--skip-containers') if logger.isEnabledFor(logging.DEBUG): cmd.append('--debug') diff --git a/base/server/src/main/java/com/netscape/cms/servlet/csadmin/LDAPConfigurator.java b/base/server/src/main/java/com/netscape/cms/servlet/csadmin/LDAPConfigurator.java index e6c55eafdfd..943669b3825 100644 --- a/base/server/src/main/java/com/netscape/cms/servlet/csadmin/LDAPConfigurator.java +++ b/base/server/src/main/java/com/netscape/cms/servlet/csadmin/LDAPConfigurator.java @@ -89,8 +89,8 @@ public Map getParams() throws Exception { return params; } - public void initDatabase() throws Exception { - logger.info("Initialize database"); + public void configureServer() throws Exception { + logger.info("Configuring DS server"); importLDIF("/usr/share/pki/server/database/ds/config.ldif", true); } @@ -333,7 +333,7 @@ public void waitForTask(String dn) throws Exception { logger.info("Task " + dn + " complete"); } - public void createDatabaseEntry(String databaseDN, String database, String baseDN) throws Exception { + public void createBackendEntry(String databaseDN, String database, String baseDN) throws Exception { logger.info("Adding " + databaseDN); diff --git a/base/server/src/main/java/org/dogtagpki/server/cli/SubsystemDBInitCLI.java b/base/server/src/main/java/org/dogtagpki/server/cli/SubsystemDBInitCLI.java index f98009bc2d2..c5a20161a2a 100644 --- a/base/server/src/main/java/org/dogtagpki/server/cli/SubsystemDBInitCLI.java +++ b/base/server/src/main/java/org/dogtagpki/server/cli/SubsystemDBInitCLI.java @@ -46,10 +46,11 @@ public void createOptions() { option.setArgName("password config"); options.addOption(option); - options.addOption(null, "setup-schema", false, "Set up schema"); - options.addOption(null, "create-database", false, "Create database"); - options.addOption(null, "create-base", false, "Create base entry"); - options.addOption(null, "create-containers", false, "Create container entries"); + options.addOption(null, "skip-config", false, "Skip DS server configuration"); + options.addOption(null, "skip-schema", false, "Skip DS schema setup"); + options.addOption(null, "create-backend", false, "Create DS backend"); + options.addOption(null, "skip-base", false, "Skip base entry setup"); + options.addOption(null, "skip-containers", false, "Skip container entries setup"); options.addOption("v", "verbose", false, "Run in verbose mode."); options.addOption(null, "debug", false, "Run in debug mode."); @@ -91,25 +92,27 @@ public void execute(CommandLine cmd) throws Exception { LDAPConfigurator ldapConfigurator = new LDAPConfigurator(conn, ldapConfig); try { - ldapConfigurator.initDatabase(); + if (!cmd.hasOption("skip-config")) { + ldapConfigurator.configureServer(); + } - if (cmd.hasOption("setup-schema")) { + if (!cmd.hasOption("skip-schema")) { ldapConfigurator.setupSchema(); } - if (cmd.hasOption("create-database")) { + if (cmd.hasOption("create-backend")) { String databaseDN = "cn=" + LDAPUtil.escapeRDNValue(database) + ",cn=ldbm database, cn=plugins, cn=config"; - ldapConfigurator.createDatabaseEntry(databaseDN, database, baseDN); + ldapConfigurator.createBackendEntry(databaseDN, database, baseDN); String mappingDN = "cn=\"" + baseDN + "\",cn=mapping tree, cn=config"; ldapConfigurator.createMappingEntry(mappingDN, database, baseDN); } - if (cmd.hasOption("create-base")) { + if (!cmd.hasOption("skip-base")) { ldapConfigurator.createBaseEntry(baseDN); } - if (cmd.hasOption("create-containers")) { + if (!cmd.hasOption("skip-containers")) { ldapConfigurator.createContainers(subsystem); ldapConfigurator.setupACL(subsystem); }