dogtagpki · edewata · Dec 6, 2023 · Nov 17, 2023
diff --git a/.github/workflows/ca-existing-ds-test.yml b/.github/workflows/ca-existing-ds-test.yml
@@ -168,56 +168,9 @@ jobs:
           docker exec pki pki-server ca-db-info
 
       # https://github.com/dogtagpki/pki/wiki/Setting-up-CA-Database
-      - name: Configure DS database
-        run: |
-          docker exec ds ldapadd \
-              -H ldap://ds.example.com:3389 \
-              -D "cn=Directory Manager" \
-              -w Secret.123 \
-              -f $SHARED/base/server/database/ds/config.ldif
-
-      - name: Add PKI schema
-        run: |
-          docker exec ds ldapmodify \
-              -H ldap://ds.example.com:3389 \
-              -D "cn=Directory Manager" \
-              -w Secret.123 \
-              -f $SHARED/base/server/database/ds/schema.ldif
-
-      - name: Add CA base entry
-        run: |
-          docker exec -i ds ldapadd \
-              -H ldap://ds.example.com:3389 \
-              -D "cn=Directory Manager" \
-              -w Secret.123 << EOF
-          dn: dc=ca,dc=pki,dc=example,dc=com
-          objectClass: dcObject
-          dc: ca
-          EOF
-
-      - name: Add CA database entries
-        run: |
-          sed \
-              -e 's/{rootSuffix}/dc=ca,dc=pki,dc=example,dc=com/g' \
-              base/ca/database/ds/create.ldif \
-              | tee create.ldif
-          docker exec ds ldapadd \
-              -H ldap://ds.example.com:3389 \
-              -D "cn=Directory Manager" \
-              -w Secret.123 \
-              -f $SHARED/create.ldif
-
-      - name: Add CA ACL resources
-        run: |
-          sed \
-              -e 's/{rootSuffix}/dc=ca,dc=pki,dc=example,dc=com/g' \
-              base/ca/database/ds/acl.ldif \
-              | tee acl.ldif
-          docker exec ds ldapadd \
-              -H ldap://ds.example.com:3389 \
-              -D "cn=Directory Manager" \
-              -w Secret.123 \
-              -f $SHARED/acl.ldif
+      - name: Initialize CA database
+        run: |
+          docker exec pki pki-server ca-db-init -v
 
       - name: Add CA search indexes
         run: |

diff --git a/base/server/python/pki/server/cli/db.py b/base/server/python/pki/server/cli/db.py
@@ -213,6 +213,7 @@ def __init__(self, parent):
         self.parent = parent
         self.add_module(SubsystemDBConfigCLI(self))
         self.add_module(SubsystemDBInfoCLI(self))
+        self.add_module(SubsystemDBInitCLI(self))
         self.add_module(SubsystemDBEmptyCLI(self))
         self.add_module(SubsystemDBRemoveCLI(self))
         self.add_module(SubsystemDBUpgradeCLI(self))
@@ -613,6 +614,114 @@ def execute(self, argv):
         subsystem.run(cmd, as_current_user=as_current_user)
 
 
+class SubsystemDBInitCLI(pki.cli.CLI):
+    '''
+    Initialize {subsystem} database
+    '''
+
+    help = '''\
+        Usage: pki-server {subsystem}-db-init [OPTIONS]
+
+          -i, --instance <instance ID>       Instance ID (default: pki-tomcat)
+              --skip-config                  Skip DS server configuration.
+              --skip-schema                  Skip DS schema setup.
+              --create-backend               Create DS backend.
+              --skip-base                    Skip base entry setup.
+              --skip-containers              Skip container entries setup.
+          -v, --verbose                      Run in verbose mode.
+              --debug                        Run in debug mode.
+              --help                         Show help message.
+    '''
+
+    def __init__(self, parent):
+        super().__init__(
+            'init',
+            inspect.cleandoc(self.__class__.__doc__).format(
+                subsystem=parent.parent.name.upper()))
+
+        self.parent = parent
+
+    def print_help(self):
+        print(textwrap.dedent(self.__class__.help).format(
+            subsystem=self.parent.parent.name))
+
+    def execute(self, argv):
+        try:
+            opts, _ = getopt.gnu_getopt(argv, 'i:v', [
+                'instance=', 'skip-config', 'skip-schema',
+                'create-backend', 'skip-base', 'skip-containers',
+                'verbose', 'debug', 'help'])
+
+        except getopt.GetoptError as e:
+            logger.error(e)
+            self.print_help()
+            sys.exit(1)
+
+        instance_name = 'pki-tomcat'
+        subsystem_name = self.parent.parent.name
+
+        skip_config = False
+        skip_schema = False
+        create_backend = False
+        skip_base = False
+        skip_containers = False
+
+        for o, a in opts:
+            if o in ('-i', '--instance'):
+                instance_name = a
+
+            elif o == '--skip-config':
+                skip_config = True
+
+            elif o == '--skip-schema':
+                skip_schema = True
+
+            elif o == '--create-backend':
+                create_backend = True
+
+            elif o == '--skip-base':
+                skip_base = True
+
+            elif o == '--skip-containers':
+                skip_containers = True
+
+            elif o in ('-v', '--verbose'):
+                logging.getLogger().setLevel(logging.INFO)
+
+            elif o == '--debug':
+                logging.getLogger().setLevel(logging.DEBUG)
+
+            elif o == '--help':
+                self.print_help()
+                sys.exit()
+
+            else:
+                logger.error('Invalid option: %s', o)
+                self.print_help()
+                sys.exit(1)
+
+        instance = pki.server.instance.PKIServerFactory.create(instance_name)
+        if not instance.exists():
+            logger.error('Invalid instance: %s', instance_name)
+            sys.exit(1)
+
+        instance.load()
+
+        subsystem = instance.get_subsystem(subsystem_name)
+
+        if not subsystem:
+            logger.error('No %s subsystem in instance %s',
+                         subsystem_name.upper(), instance_name)
+            sys.exit(1)
+
+        subsystem.init_database(
+            skip_config=skip_config,
+            skip_schema=skip_schema,
+            create_backend=create_backend,
+            skip_base=skip_base,
+            skip_containers=skip_containers)
+
+
 class SubsystemDBEmptyCLI(pki.cli.CLI):
 
     def __init__(self, parent):

diff --git a/base/server/python/pki/server/deployment/__init__.py b/base/server/python/pki/server/deployment/__init__.py
@@ -1532,27 +1532,27 @@ def setup_database(self, subsystem, master_config):
         # then we are assuming that replication is already taken care of,
         # and schema has already been replicated.
 
-        setup_schema = not config.str2bool(self.mdict['pki_clone']) or \
-            not config.str2bool(self.mdict['pki_clone_setup_replication']) or \
-            not config.str2bool(self.mdict['pki_clone_replicate_schema'])
+        skip_schema = config.str2bool(self.mdict['pki_clone']) and \
+            config.str2bool(self.mdict['pki_clone_setup_replication']) and \
+            config.str2bool(self.mdict['pki_clone_replicate_schema'])
 
-        create_database = config.str2bool(self.mdict['pki_ds_create_new_db'])
+        create_backend = config.str2bool(self.mdict['pki_ds_create_new_db'])
 
         # When cloning a subsystem without setting up the replication agreements,
         # the database is a subtree of an existing tree and is already replicated,
         # so there is no need to set up the base entry.
 
-        create_base = config.str2bool(self.mdict['pki_ds_create_new_db']) or \
-            not config.str2bool(self.mdict['pki_clone']) or \
-            config.str2bool(self.mdict['pki_clone_setup_replication'])
+        skip_base = not config.str2bool(self.mdict['pki_ds_create_new_db']) and \
+            config.str2bool(self.mdict['pki_clone']) and \
+            not config.str2bool(self.mdict['pki_clone_setup_replication'])
 
-        create_containers = not config.str2bool(self.mdict['pki_clone'])
+        skip_containers = config.str2bool(self.mdict['pki_clone'])
 
         subsystem.init_database(
-            setup_schema=setup_schema,
-            create_database=create_database,
-            create_base=create_base,
-            create_containers=create_containers)
+            skip_schema=skip_schema,
+            create_backend=create_backend,
+            skip_base=skip_base,
+            skip_containers=skip_containers)
 
         # always create indexes
         subsystem.add_indexes()

diff --git a/base/server/python/pki/server/subsystem.py b/base/server/python/pki/server/subsystem.py
@@ -1154,25 +1154,29 @@ def import_ldif(self, bind_dn, bind_password, filename):
 
     def init_database(
             self,
-            setup_schema=False,
-            create_database=False,
-            create_base=False,
-            create_containers=False,
+            skip_config=False,
+            skip_schema=False,
+            create_backend=False,
+            skip_base=False,
+            skip_containers=False,
             as_current_user=False):
 
         cmd = [self.name + '-db-init']
 
-        if setup_schema:
-            cmd.append('--setup-schema')
+        if skip_config:
+            cmd.append('--skip-config')
 
-        if create_database:
-            cmd.append('--create-database')
+        if skip_schema:
+            cmd.append('--skip-schema')
 
-        if create_base:
-            cmd.append('--create-base')
+        if create_backend:
+            cmd.append('--create-backend')
 
-        if create_containers:
-            cmd.append('--create-containers')
+        if skip_base:
+            cmd.append('--skip-base')
+
+        if skip_containers:
+            cmd.append('--skip-containers')
 
         if logger.isEnabledFor(logging.DEBUG):
             cmd.append('--debug')

diff --git a/base/server/src/main/java/com/netscape/cms/servlet/csadmin/LDAPConfigurator.java b/base/server/src/main/java/com/netscape/cms/servlet/csadmin/LDAPConfigurator.java
@@ -89,8 +89,8 @@ public Map<String, String> getParams() throws Exception {
         return params;
     }
 
-    public void initDatabase() throws Exception {
-        logger.info("Initialize database");
+    public void configureServer() throws Exception {
+        logger.info("Configuring DS server");
         importLDIF("/usr/share/pki/server/database/ds/config.ldif", true);
     }
 
@@ -333,7 +333,7 @@ public void waitForTask(String dn) throws Exception {
         logger.info("Task " + dn + " complete");
     }
 
-    public void createDatabaseEntry(String databaseDN, String database, String baseDN) throws Exception {
+    public void createBackendEntry(String databaseDN, String database, String baseDN) throws Exception {
 
         logger.info("Adding " + databaseDN);
 

diff --git a/base/server/src/main/java/org/dogtagpki/server/cli/SubsystemDBInitCLI.java b/base/server/src/main/java/org/dogtagpki/server/cli/SubsystemDBInitCLI.java
@@ -46,10 +46,11 @@ public void createOptions() {
         option.setArgName("password config");
         options.addOption(option);
 
-        options.addOption(null, "setup-schema", false, "Set up schema");
-        options.addOption(null, "create-database", false, "Create database");
-        options.addOption(null, "create-base", false, "Create base entry");
-        options.addOption(null, "create-containers", false, "Create container entries");
+        options.addOption(null, "skip-config", false, "Skip DS server configuration");
+        options.addOption(null, "skip-schema", false, "Skip DS schema setup");
+        options.addOption(null, "create-backend", false, "Create DS backend");
+        options.addOption(null, "skip-base", false, "Skip base entry setup");
+        options.addOption(null, "skip-containers", false, "Skip container entries setup");
 
         options.addOption("v", "verbose", false, "Run in verbose mode.");
         options.addOption(null, "debug", false, "Run in debug mode.");
@@ -91,25 +92,27 @@ public void execute(CommandLine cmd) throws Exception {
         LDAPConfigurator ldapConfigurator = new LDAPConfigurator(conn, ldapConfig);
 
         try {
-            ldapConfigurator.initDatabase();
+            if (!cmd.hasOption("skip-config")) {
+                ldapConfigurator.configureServer();
+            }
 
-            if (cmd.hasOption("setup-schema")) {
+            if (!cmd.hasOption("skip-schema")) {
                 ldapConfigurator.setupSchema();
             }
 
-            if (cmd.hasOption("create-database")) {
+            if (cmd.hasOption("create-backend")) {
                 String databaseDN = "cn=" + LDAPUtil.escapeRDNValue(database) + ",cn=ldbm database, cn=plugins, cn=config";
-                ldapConfigurator.createDatabaseEntry(databaseDN, database, baseDN);
+                ldapConfigurator.createBackendEntry(databaseDN, database, baseDN);
 
                 String mappingDN = "cn=\"" + baseDN + "\",cn=mapping tree, cn=config";
                 ldapConfigurator.createMappingEntry(mappingDN, database, baseDN);
             }
 
-            if (cmd.hasOption("create-base")) {
+            if (!cmd.hasOption("skip-base")) {
                 ldapConfigurator.createBaseEntry(baseDN);
             }
 
-            if (cmd.hasOption("create-containers")) {
+            if (!cmd.hasOption("skip-containers")) {
                 ldapConfigurator.createContainers(subsystem);
                 ldapConfigurator.setupACL(subsystem);
             }