Start splitting BPKI initialization into separate ServerCA and

ResourceHolderCA chunks, so that we can call the former during package
installation while leaving the latter for the operator.  Not complete
yet because I haven't yet sorted out what to do with rootd.  See #466.

svn path=/trunk/; revision=5206

2 files changed, 81 insertions, 10 deletions

diff --git a/rpkid/rpki/irdb/zookeeper.py b/rpkid/rpki/irdb/zookeeper.py
index b9d44c57..ff05ae2d 100644
--- a/rpkid/rpki/irdb/zookeeper.py
+++ b/rpkid/rpki/irdb/zookeeper.py
@@ -269,16 +269,13 @@ class Zookeeper(object):
 
 
   @django.db.transaction.commit_on_success
-  def initialize(self):
+  def initialize_server_bpki(self):
     """
-    Initialize an RPKI installation.  Reads the configuration file,
-    creates the BPKI and EntityDB directories, generates the initial
-    BPKI certificates, and creates an XML file describing the
-    resource-holding aspect of this RPKI installation.
+    Initialize server BPKI portion of an RPKI installation.  Reads the
+    configuration file and generates the initial BPKI server
+    certificates needed to start daemons.
     """
 
-    resource_ca, created = rpki.irdb.ResourceHolderCA.objects.get_or_certify(handle = self.handle)
-
     if self.run_rpkid or self.run_pubd:
       server_ca, created = rpki.irdb.ServerCA.objects.get_or_certify()
       rpki.irdb.ServerEE.objects.get_or_certify(issuer = server_ca, purpose = "irbe")
@@ -290,9 +287,35 @@ class Zookeeper(object):
     if self.run_pubd:
       rpki.irdb.ServerEE.objects.get_or_certify(issuer = server_ca, purpose = "pubd")
 
+
+  @django.db.transaction.commit_on_success
+  def initialize_resource_bpki(self):
+    """
+    Initialize the resource-holding BPKI for an RPKI installation.
+    Returns XML describing the resource holder.
+
+    This method is present primarily for backwards compatibility with
+    the old combined initialize() method which initialized both the
+    server BPKI and the default resource-holding BPKI in a single
+    method call.  In the long run we want to replace this with
+    something that takes a handle as argument and creates the
+    resource-holding BPKI idenity if needed.
+    """
+
+    resource_ca, created = rpki.irdb.ResourceHolderCA.objects.get_or_certify(handle = self.handle)
     return self.generate_identity()
 
 
+  def initialize(self):
+    """
+    Backwards compatibility wrapper: calls initialize_server_bpki()
+    and initialize_resource_bpki(), returns latter's result.
+    """
+
+    self.initialize_server_bpki()
+    return self.initialize_resource_bpki()
+
+
   def generate_identity(self):
     """
     Generate identity XML.  Broken out of .initialize() because it's
diff --git a/rpkid/rpki/rpkic.py b/rpkid/rpki/rpkic.py
index 28d248c2..79c2e556 100644
--- a/rpkid/rpki/rpkic.py
+++ b/rpkid/rpki/rpkic.py
@@ -168,6 +168,7 @@ class main(rpki.cli.Cmd):
   def irdb_handle_complete(self, manager, text, line, begidx, endidx):
     return [obj.handle for obj in manager.all() if obj.handle and obj.handle.startswith(text)]
 
+
   def do_select_identity(self, arg):
     """
     Select an identity handle for use with later commands.
@@ -193,11 +194,13 @@ class main(rpki.cli.Cmd):
     if arg:
       raise BadCommandSyntax, "This command takes no arguments"
 
+    rootd_case = self.zoo.run_rootd and self.zoo.handle == self.zoo.cfg.get("handle")
+
     r = self.zoo.initialize()
     r.save("%s.identity.xml" % self.zoo.handle,
-           None if self.zoo.run_pubd else sys.stdout)
+           None if rootd_case else sys.stdout)
 
-    if self.zoo.run_rootd and self.zoo.handle == self.zoo.cfg.get("handle"):
+    if rootd_case:
       r = self.zoo.configure_rootd()
       if r is not None:
         r.save("%s.%s.repository-request.xml" % (self.zoo.handle, self.zoo.handle), sys.stdout)
@@ -205,6 +208,50 @@ class main(rpki.cli.Cmd):
     self.zoo.write_bpki_files()
 
 
+  # These aren't quite ready for prime time yet.  See https://trac.rpki.net/ticket/466
+
+  if False:
+
+    def do_create_identity(self, arg):
+      """
+      Create a new resource-holding entity.  Argument is the handle of
+      the entity to create.  Returns XML file describing the new
+      resource holder.
+
+      This command is idempotent: calling it for a resource holder which
+      already exists returns the existing identity.
+      """
+
+      argv = arg.split()
+      if len(argv) != 1:
+        raise BadCommandSyntax("This command expexcts one argument, not %r" % arg)
+
+      self.zoo.reset_identity(argv[0])
+
+      rootd_case = self.zoo.run_rootd and self.zoo.handle == self.zoo.cfg.get("handle")
+
+      r = self.zoo.initialize_resource_bpki()
+      r.save("%s.identity.xml" % self.zoo.handle,
+             None if rootd_case else sys.stdout)
+
+      if rootd_case:
+        r = self.zoo.configure_rootd()
+        if r is not None:
+          r.save("%s.%s.repository-request.xml" % (self.zoo.handle, self.zoo.handle), sys.stdout)
+
+    def do_initialize_server_bpki(self, arg):
+      """
+      Initialize server BPKI portion of an RPKI installation.  Reads
+      server configuration from configuration file and creates the
+      server BPKI objects needed to start daemons.
+      """
+
+      if arg:
+        raise BadCommandSyntax, "This command takes no arguments"
+      self.zoo.initialize_server_bpki()
+      self.zoo.write_bpki_files()
+
+
   def do_update_bpki(self, arg):
     """
     Update BPKI certificates.  Assumes an existing RPKI installation.
@@ -218,9 +265,10 @@ class main(rpki.cli.Cmd):
     Most likely this should be run under cron.
     """
 
+    if arg:
+      raise BadCommandSyntax, "This command takes no arguments"
     self.zoo.update_bpki()
     self.zoo.write_bpki_files()
-    self.zoo.synchronize()
 
 
   def do_configure_child(self, arg):