def _configureJbossXml(): editFile = None backupFile = None try: #1. Backup standalone xml file backupFile = "%s.%s.%i" % (basedefs.FILE_JBOSS_STANDALONE, "BACKUP", random.randint(1000000,9999999)) editFile = "%s.%s.%i" % (basedefs.FILE_JBOSS_STANDALONE, "EDIT", random.randint(1000000,9999999)) logging.debug("Backing up %s into %s", basedefs.FILE_JBOSS_STANDALONE, backupFile) utils.copyFile(basedefs.FILE_JBOSS_STANDALONE, backupFile) utils.copyFile(basedefs.FILE_JBOSS_STANDALONE, editFile) #2. Configure the xml file logging.debug("loading xml file handler to configure Jboss configuration file") xmlObj = utils.XMLConfigFileHandler(editFile) xmlObj.open() logging.debug("Configuring ajp connector") xmlObj.registerNs('web', 'urn:jboss:domain:web:1.1') ajpConnectorStr='<connector name="ajp" protocol="AJP/1.3" scheme="http" socket-binding="ajp"/>' xmlObj.removeNodes("//web:subsystem/web:connector[@name='ajp']") xmlObj.addNodes("//web:subsystem", ajpConnectorStr) logging.debug("Configuring ajp socket") xmlObj.registerNs('domain', 'urn:jboss:domain:1.1') ajpSocketStr='<socket-binding name="ajp" port="8009"/>' xmlObj.removeNodes("//domain:socket-binding-group/domain:socket-binding[@name='ajp']") xmlObj.addNodes("//domain:socket-binding-group", ajpSocketStr) xmlObj.close() shutil.move(editFile, basedefs.FILE_JBOSS_STANDALONE) os.chown(basedefs.FILE_JBOSS_STANDALONE, utils.getUsernameId("jboss-as"), utils.getGroupId("jboss-as")) logging.debug("Jboss configuration has been saved") except: logging.error("ERROR Editing jboss's configuration file") logging.error(traceback.format_exc()) raise output_messages.ERR_EXP_FAILED_CONFIG_JBOSS
def prepare(self): if os.path.exists(self.JKSKEYSTORE): logging.debug("PKI: convert JKS to PKCS#12") cmd = [ basedefs.EXEC_KEYTOOL, "-importkeystore", "-noprompt", "-srckeystore", self.JKSKEYSTORE, "-srcstoretype", "JKS", "-srcstorepass", basedefs.CONST_KEY_PASS, "-srcalias", "engine", "-srckeypass", basedefs.CONST_KEY_PASS, "-destkeystore", basedefs.FILE_ENGINE_KEYSTORE, "-deststoretype", "PKCS12", "-deststorepass", basedefs.CONST_KEY_PASS, "-destalias", "1", "-destkeypass", basedefs.CONST_KEY_PASS ] output, rc = utils. execCmd(cmdList=cmd, failOnError=True, msg=MSG_ERROR_FAILED_CONVERT_ENGINE_KEY) utils.chownToEngine(basedefs.FILE_ENGINE_KEYSTORE) os.chmod(basedefs.FILE_ENGINE_KEYSTORE, 0640) for src, dst in ( (basedefs.FILE_ENGINE_KEYSTORE, basedefs.FILE_APACHE_KEYSTORE), (basedefs.FILE_ENGINE_CERT, basedefs.FILE_APACHE_CERT), (basedefs.FILE_SSH_PRIVATE_KEY, basedefs.FILE_APACHE_PRIVATE_KEY) ): logging.debug("PKI: dup cert for apache") try: utils.copyFile( src, dst, utils.getUsernameId("apache"), utils.getGroupId("apache"), 0640 ) except OSError: logging.error("PKI: Cannot dup cert for apache") raise if not os.path.exists(basedefs.FILE_APACHE_CA_CRT_SRC): logging.debug("PKI: dup ca for apache") try: os.symlink( os.path.basename(basedefs.FILE_CA_CRT_SRC), basedefs.FILE_APACHE_CA_CRT_SRC ) except OSError: logging.error("PKI: Cannot dup ca for apache") raise shutil.copyfile( basedefs.FILE_HTTPD_SSL_CONFIG, self.TMPAPACHECONF ) handler = utils.TextConfigFileHandler(self.TMPAPACHECONF, " ") handler.open() if handler.getParam("SSLCertificateFile") == '/etc/pki/ovirt-engine/certs/engine.cer': handler.editParam("SSLCertificateFile", basedefs.FILE_APACHE_CERT) if handler.getParam("SSLCertificateKeyFile") == '/etc/pki/ovirt-engine/keys/engine_id_rsa': handler.editParam("SSLCertificateKeyFile", basedefs.FILE_APACHE_PRIVATE_KEY) if handler.getParam("SSLCertificateChainFile") == '/etc/pki/ovirt-engine/ca.pem': handler.editParam("SSLCertificateChainFile", basedefs.FILE_APACHE_CA_CRT_SRC) handler.close() utils.updateVDCOption("keystoreUrl", basedefs.FILE_ENGINE_KEYSTORE, (), "text") utils.updateVDCOption("TruststoreUrl", basedefs.FILE_TRUSTSTORE, (), "text") utils.updateVDCOption("CertAlias", "1", (), "text")
def prepare(self): if os.path.exists(self.JKSKEYSTORE): logging.debug("PKI: convert JKS to PKCS#12") cmd = [ basedefs.EXEC_KEYTOOL, "-importkeystore", "-noprompt", "-srckeystore", self.JKSKEYSTORE, "-srcstoretype", "JKS", "-srcstorepass", basedefs.CONST_KEY_PASS, "-srcalias", "engine", "-srckeypass", basedefs.CONST_KEY_PASS, "-destkeystore", basedefs.FILE_ENGINE_KEYSTORE, "-deststoretype", "PKCS12", "-deststorepass", basedefs.CONST_KEY_PASS, "-destalias", "1", "-destkeypass", basedefs.CONST_KEY_PASS ] output, rc = utils.execCmd(cmdList=cmd, failOnError=True, msg=MSG_ERROR_FAILED_CONVERT_ENGINE_KEY) utils.chownToEngine(basedefs.FILE_ENGINE_KEYSTORE) os.chmod(basedefs.FILE_ENGINE_KEYSTORE, 0640) for src, dst in ((basedefs.FILE_ENGINE_KEYSTORE, basedefs.FILE_APACHE_KEYSTORE), (basedefs.FILE_ENGINE_CERT, basedefs.FILE_APACHE_CERT), (basedefs.FILE_SSH_PRIVATE_KEY, basedefs.FILE_APACHE_PRIVATE_KEY)): logging.debug("PKI: dup cert for apache") try: utils.copyFile(src, dst, utils.getUsernameId("apache"), utils.getGroupId("apache"), 0640) except OSError: logging.error("PKI: Cannot dup cert for apache") raise if not os.path.exists(basedefs.FILE_APACHE_CA_CRT_SRC): logging.debug("PKI: dup ca for apache") try: os.symlink(os.path.basename(basedefs.FILE_CA_CRT_SRC), basedefs.FILE_APACHE_CA_CRT_SRC) except OSError: logging.error("PKI: Cannot dup ca for apache") raise shutil.copyfile(basedefs.FILE_HTTPD_SSL_CONFIG, self.TMPAPACHECONF) handler = utils.TextConfigFileHandler(self.TMPAPACHECONF, " ") handler.open() if handler.getParam("SSLCertificateFile" ) == '/etc/pki/ovirt-engine/certs/engine.cer': handler.editParam("SSLCertificateFile", basedefs.FILE_APACHE_CERT) if handler.getParam("SSLCertificateKeyFile" ) == '/etc/pki/ovirt-engine/keys/engine_id_rsa': handler.editParam("SSLCertificateKeyFile", basedefs.FILE_APACHE_PRIVATE_KEY) if handler.getParam( "SSLCertificateChainFile") == '/etc/pki/ovirt-engine/ca.pem': handler.editParam("SSLCertificateChainFile", basedefs.FILE_APACHE_CA_CRT_SRC) handler.close() utils.updateVDCOption("keystoreUrl", basedefs.FILE_ENGINE_KEYSTORE, (), "text") utils.updateVDCOption("TruststoreUrl", basedefs.FILE_TRUSTSTORE, (), "text") utils.updateVDCOption("CertAlias", "1", (), "text")