Example #1
0
def _configureJbossXml():
    editFile = None
    backupFile = None
    try:
        #1. Backup standalone xml file
        backupFile = "%s.%s.%i" % (basedefs.FILE_JBOSS_STANDALONE, "BACKUP", random.randint(1000000,9999999))
        editFile = "%s.%s.%i" % (basedefs.FILE_JBOSS_STANDALONE, "EDIT", random.randint(1000000,9999999))
        logging.debug("Backing up %s into %s", basedefs.FILE_JBOSS_STANDALONE, backupFile)
        utils.copyFile(basedefs.FILE_JBOSS_STANDALONE, backupFile)
        utils.copyFile(basedefs.FILE_JBOSS_STANDALONE, editFile)

        #2. Configure the xml file
        logging.debug("loading xml file handler to configure Jboss configuration file")
        xmlObj = utils.XMLConfigFileHandler(editFile)
        xmlObj.open()

        logging.debug("Configuring ajp connector")
	xmlObj.registerNs('web', 'urn:jboss:domain:web:1.1')
        ajpConnectorStr='<connector name="ajp" protocol="AJP/1.3" scheme="http" socket-binding="ajp"/>'
        xmlObj.removeNodes("//web:subsystem/web:connector[@name='ajp']")
        xmlObj.addNodes("//web:subsystem", ajpConnectorStr)

        logging.debug("Configuring ajp socket")
        xmlObj.registerNs('domain', 'urn:jboss:domain:1.1')
        ajpSocketStr='<socket-binding name="ajp" port="8009"/>'
        xmlObj.removeNodes("//domain:socket-binding-group/domain:socket-binding[@name='ajp']")
        xmlObj.addNodes("//domain:socket-binding-group", ajpSocketStr)

        xmlObj.close()

        shutil.move(editFile, basedefs.FILE_JBOSS_STANDALONE)
        os.chown(basedefs.FILE_JBOSS_STANDALONE, utils.getUsernameId("jboss-as"), utils.getGroupId("jboss-as"))
        logging.debug("Jboss configuration has been saved")

    except:
        logging.error("ERROR Editing jboss's configuration file")
        logging.error(traceback.format_exc())
        raise output_messages.ERR_EXP_FAILED_CONFIG_JBOSS
Example #2
0
    def prepare(self):
        if os.path.exists(self.JKSKEYSTORE):
            logging.debug("PKI: convert JKS to PKCS#12")
            cmd = [
                basedefs.EXEC_KEYTOOL,
                "-importkeystore",
                "-noprompt",
                "-srckeystore", self.JKSKEYSTORE,
                "-srcstoretype", "JKS",
                "-srcstorepass", basedefs.CONST_KEY_PASS,
                "-srcalias", "engine",
                "-srckeypass", basedefs.CONST_KEY_PASS,
                "-destkeystore", basedefs.FILE_ENGINE_KEYSTORE,
                "-deststoretype", "PKCS12",
                "-deststorepass", basedefs.CONST_KEY_PASS,
                "-destalias", "1",
                "-destkeypass", basedefs.CONST_KEY_PASS
            ]
            output, rc = utils. execCmd(cmdList=cmd, failOnError=True, msg=MSG_ERROR_FAILED_CONVERT_ENGINE_KEY)
            utils.chownToEngine(basedefs.FILE_ENGINE_KEYSTORE)
            os.chmod(basedefs.FILE_ENGINE_KEYSTORE, 0640)

        for src, dst in (
            (basedefs.FILE_ENGINE_KEYSTORE, basedefs.FILE_APACHE_KEYSTORE),
            (basedefs.FILE_ENGINE_CERT, basedefs.FILE_APACHE_CERT),
            (basedefs.FILE_SSH_PRIVATE_KEY, basedefs.FILE_APACHE_PRIVATE_KEY)
        ):
            logging.debug("PKI: dup cert for apache")
            try:
                utils.copyFile(
                    src,
                    dst,
                    utils.getUsernameId("apache"),
                    utils.getGroupId("apache"),
                    0640
                )
            except OSError:
                logging.error("PKI: Cannot dup cert for apache")
                raise

        if not os.path.exists(basedefs.FILE_APACHE_CA_CRT_SRC):
            logging.debug("PKI: dup ca for apache")
            try:
                os.symlink(
                    os.path.basename(basedefs.FILE_CA_CRT_SRC),
                    basedefs.FILE_APACHE_CA_CRT_SRC
                )
            except OSError:
                logging.error("PKI: Cannot dup ca for apache")
                raise

        shutil.copyfile(
            basedefs.FILE_HTTPD_SSL_CONFIG,
            self.TMPAPACHECONF
        )
        handler = utils.TextConfigFileHandler(self.TMPAPACHECONF, " ")
        handler.open()
        if handler.getParam("SSLCertificateFile") == '/etc/pki/ovirt-engine/certs/engine.cer':
            handler.editParam("SSLCertificateFile", basedefs.FILE_APACHE_CERT)
        if handler.getParam("SSLCertificateKeyFile") == '/etc/pki/ovirt-engine/keys/engine_id_rsa':
            handler.editParam("SSLCertificateKeyFile", basedefs.FILE_APACHE_PRIVATE_KEY)

        if handler.getParam("SSLCertificateChainFile") == '/etc/pki/ovirt-engine/ca.pem':
            handler.editParam("SSLCertificateChainFile", basedefs.FILE_APACHE_CA_CRT_SRC)
        handler.close()

        utils.updateVDCOption("keystoreUrl", basedefs.FILE_ENGINE_KEYSTORE, (), "text")
        utils.updateVDCOption("TruststoreUrl", basedefs.FILE_TRUSTSTORE, (), "text")
        utils.updateVDCOption("CertAlias", "1", (), "text")
    def prepare(self):
        if os.path.exists(self.JKSKEYSTORE):
            logging.debug("PKI: convert JKS to PKCS#12")
            cmd = [
                basedefs.EXEC_KEYTOOL, "-importkeystore", "-noprompt",
                "-srckeystore", self.JKSKEYSTORE, "-srcstoretype", "JKS",
                "-srcstorepass", basedefs.CONST_KEY_PASS, "-srcalias",
                "engine", "-srckeypass", basedefs.CONST_KEY_PASS,
                "-destkeystore", basedefs.FILE_ENGINE_KEYSTORE,
                "-deststoretype", "PKCS12", "-deststorepass",
                basedefs.CONST_KEY_PASS, "-destalias", "1", "-destkeypass",
                basedefs.CONST_KEY_PASS
            ]
            output, rc = utils.execCmd(cmdList=cmd,
                                       failOnError=True,
                                       msg=MSG_ERROR_FAILED_CONVERT_ENGINE_KEY)
            utils.chownToEngine(basedefs.FILE_ENGINE_KEYSTORE)
            os.chmod(basedefs.FILE_ENGINE_KEYSTORE, 0640)

        for src, dst in ((basedefs.FILE_ENGINE_KEYSTORE,
                          basedefs.FILE_APACHE_KEYSTORE),
                         (basedefs.FILE_ENGINE_CERT,
                          basedefs.FILE_APACHE_CERT),
                         (basedefs.FILE_SSH_PRIVATE_KEY,
                          basedefs.FILE_APACHE_PRIVATE_KEY)):
            logging.debug("PKI: dup cert for apache")
            try:
                utils.copyFile(src, dst, utils.getUsernameId("apache"),
                               utils.getGroupId("apache"), 0640)
            except OSError:
                logging.error("PKI: Cannot dup cert for apache")
                raise

        if not os.path.exists(basedefs.FILE_APACHE_CA_CRT_SRC):
            logging.debug("PKI: dup ca for apache")
            try:
                os.symlink(os.path.basename(basedefs.FILE_CA_CRT_SRC),
                           basedefs.FILE_APACHE_CA_CRT_SRC)
            except OSError:
                logging.error("PKI: Cannot dup ca for apache")
                raise

        shutil.copyfile(basedefs.FILE_HTTPD_SSL_CONFIG, self.TMPAPACHECONF)
        handler = utils.TextConfigFileHandler(self.TMPAPACHECONF, " ")
        handler.open()
        if handler.getParam("SSLCertificateFile"
                            ) == '/etc/pki/ovirt-engine/certs/engine.cer':
            handler.editParam("SSLCertificateFile", basedefs.FILE_APACHE_CERT)
        if handler.getParam("SSLCertificateKeyFile"
                            ) == '/etc/pki/ovirt-engine/keys/engine_id_rsa':
            handler.editParam("SSLCertificateKeyFile",
                              basedefs.FILE_APACHE_PRIVATE_KEY)

        if handler.getParam(
                "SSLCertificateChainFile") == '/etc/pki/ovirt-engine/ca.pem':
            handler.editParam("SSLCertificateChainFile",
                              basedefs.FILE_APACHE_CA_CRT_SRC)
        handler.close()

        utils.updateVDCOption("keystoreUrl", basedefs.FILE_ENGINE_KEYSTORE, (),
                              "text")
        utils.updateVDCOption("TruststoreUrl", basedefs.FILE_TRUSTSTORE, (),
                              "text")
        utils.updateVDCOption("CertAlias", "1", (), "text")