On 5/13/2016 12:06 AM, Fraser Tweedale wrote:
The patch itself is fine.
I'm just struggling with where this script should exist.
pki-server ca-cert-db-upgrade seems like an awfully generic description
for this operation - which basically provides a very specific db
migration. For that matter, why not ca-db-upgrade?
My thinking was that, in the future, whatever DB upgrades are needed
for a subsystem could be added to the command.
So on that, I take your point re "ca-db-upgrade" and will cut a new
patch with that command name.
New patch attached.
ACK. As discussed with alee I've renamed the command to "db-upgrade" in
the attached patch. This will be the primary command to do database
upgrade. Later if we have more upgrade scripts we can refactor the
command to execute multiple scripts, but the primary command name stays
the same. I also added some log messages so we can see the upgrade
progress. I pushed both patches to master.
We're also planning to implement a proper database upgrade framework in
10.3.1: https://fedorahosted.org/pki/ticket/710
--
Endi S. Dewata
>From 45a72ca1eec151bca89efa713d93c9a9e65d6607 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <[email protected]>
Date: Fri, 13 May 2016 22:32:10 +0200
Subject: [PATCH] Renamed pki-server ca-db-upgrade to db-upgrade.
The pki-server ca-db-upgrade command has been renamed to db-upgrade
to be more general. In the future the command can be refactored to
handle additional upgrade scripts. Additional log messages have
been added to show the upgrade activities in verbose mode.
https://fedorahosted.org/pki/ticket/1667
---
base/server/python/pki/server/cli/ca.py | 81 --------------------
base/server/python/pki/server/cli/db.py | 131 ++++++++++++++++++++++++++++++++
base/server/sbin/pki-server | 2 +
3 files changed, 133 insertions(+), 81 deletions(-)
create mode 100644 base/server/python/pki/server/cli/db.py
diff --git a/base/server/python/pki/server/cli/ca.py b/base/server/python/pki/server/cli/ca.py
index 428345db4c1c4e7fccbdd01510bde5a5aeae8db6..dbf8239f4f548714beb0c68d7bca2c84f6c0fb74 100644
--- a/base/server/python/pki/server/cli/ca.py
+++ b/base/server/python/pki/server/cli/ca.py
@@ -22,8 +22,6 @@ from __future__ import absolute_import
from __future__ import print_function
import getopt
import io
-import ldap
-import nss.nss as nss
import os
import shutil
import sys
@@ -40,7 +38,6 @@ class CACLI(pki.cli.CLI):
self.add_module(CACertCLI())
self.add_module(CACloneCLI())
- self.add_module(CADBUpgrade())
class CACertCLI(pki.cli.CLI):
@@ -410,81 +407,3 @@ class CAClonePrepareCLI(pki.cli.CLI):
finally:
shutil.rmtree(tmpdir)
-
-
-class CADBUpgrade(pki.cli.CLI):
- def __init__(self):
- super(CADBUpgrade, self).__init__(
- 'db-upgrade', 'Upgrade certificate records')
-
- def usage(self):
- print('Usage: pki-server ca-db-upgrade [OPTIONS]')
- print()
- print(' -i, --instance <instance ID> Instance ID (default: pki-tomcat).')
- print(' -v, --verbose Run in verbose mode.')
- print(' --help Show help message.')
- print()
-
- def execute(self, args):
- try:
- opts, _ = getopt.gnu_getopt(
- args, 'i:v', ['instance=', 'verbose', 'help'])
-
- except getopt.GetoptError as e:
- print('ERROR: ' + str(e))
- self.usage()
- sys.exit(1)
-
- instance_name = 'pki-tomcat'
-
- for o, a in opts:
- if o in ('-i', '--instance'):
- instance_name = a
-
- elif o in ('-v', '--verbose'):
- self.set_verbose(True)
-
- elif o == '--help':
- self.print_help()
- sys.exit()
-
- else:
- print('ERROR: unknown option ' + o)
- self.usage()
- sys.exit(1)
-
- nss.nss_init_nodb()
-
- instance = pki.server.PKIInstance(instance_name)
- instance.load()
-
- subsystem = instance.get_subsystem('ca')
- base_dn = subsystem.config['internaldb.basedn']
- conn = subsystem.open_database()
- try:
- entries = conn.ldap.search_s(
- 'ou=certificateRepository,ou=ca,%s' % base_dn,
- ldap.SCOPE_ONELEVEL,
- '(&(objectclass=certificateRecord)(!(issuerName=*)))',
- None)
- for entry in entries:
_______________________________________________
Pki-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/pki-devel
