diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2013-05-30 17:44:18 -0400 |
---|---|---|
committer | Endi Sukma Dewata <edewata@redhat.com> | 2013-05-30 17:44:18 -0400 |
commit | b8418ed021f7ecea8642b10b15be2c42280dd163 (patch) | |
tree | d97dd400c3e12fde4ec740e923ff1b671a1dbd48 /scripts | |
parent | b570cb0b51dbce1e252858e4d66459f2f127925c (diff) | |
download | pki-dev-b8418ed021f7ecea8642b10b15be2c42280dd163.tar.gz pki-dev-b8418ed021f7ecea8642b10b15be2c42280dd163.tar.xz pki-dev-b8418ed021f7ecea8642b10b15be2c42280dd163.zip |
Updated merged configuration.
Diffstat (limited to 'scripts')
-rwxr-xr-x | scripts/ca-merged-create.sh | 2 | ||||
-rw-r--r-- | scripts/ca-merged.cfg | 236 | ||||
-rw-r--r-- | scripts/ca.cfg | 1 | ||||
-rwxr-xr-x | scripts/core-remove.sh | 20 | ||||
-rwxr-xr-x | scripts/core-update.sh | 6 | ||||
-rwxr-xr-x | scripts/kra-merged-create.sh | 2 | ||||
-rw-r--r-- | scripts/kra-merged.cfg | 268 | ||||
-rwxr-xr-x | scripts/tps-format.sh | 2 |
8 files changed, 72 insertions, 465 deletions
diff --git a/scripts/ca-merged-create.sh b/scripts/ca-merged-create.sh index b44538e..0f6aee7 100755 --- a/scripts/ca-merged-create.sh +++ b/scripts/ca-merged-create.sh @@ -1,3 +1,3 @@ #!/bin/sh -x -pkispawn -f merged.cfg -s CA -v 2>&1 | tee build/ca-merged-create.log +pkispawn -v -f ca-merged.cfg -s CA -v 2>&1 | tee build/ca-merged-create.log diff --git a/scripts/ca-merged.cfg b/scripts/ca-merged.cfg index 8d6bd9b..717bcc6 100644 --- a/scripts/ca-merged.cfg +++ b/scripts/ca-merged.cfg @@ -1,233 +1,21 @@ -############################################################################### -## 'Sensitive' Data: ## -## ## -## Values in this section pertain to various PKI subsystems, and contain ## -## required 'sensitive' information which MUST ALWAYS be provided by users. ## -## ## -## IMPORTANT: Sensitive data values must NEVER be displayed to the ## -## console NOR stored in log files!!! ## -############################################################################### -[Sensitive] -pki_admin_password=Secret123 -pki_backup_password=Secret123 -pki_client_database_password=Secret123 -pki_client_pkcs12_password=Secret123 -pki_clone_pkcs12_password=Secret123 -pki_ds_password=Secret123 -pki_security_domain_password=Secret123 -pki_token_password=Secret123 -############################################################################### -## 'Common' Data: ## -## ## -## Values in this section are common to more than one PKI subsystem, and ## -## contain required information which MAY be overridden by users as ## -## necessary. ## -## ## -## NOTE: Default values will be generated for any and all required ## -## 'common' data values which are left undefined. ## -############################################################################### -[Common] -pki_admin_cert_request_type=crmf -pki_admin_domain_name= -pki_admin_dualkey=False +[DEFAULT] +pki_instance_name=pki-tomcat +#pki_skip_configuration=True + +[CA] pki_admin_email=caadmin@example.com -pki_admin_keysize=2048 pki_admin_name=caadmin pki_admin_nickname=caadmin -pki_admin_subject_dn= +pki_admin_password=Secret123 pki_admin_uid=caadmin -pki_audit_group=pkiaudit -pki_audit_signing_key_algorithm=SHA256withRSA -pki_audit_signing_key_size=2048 -pki_audit_signing_key_type=rsa -pki_audit_signing_nickname= -pki_audit_signing_signing_algorithm=SHA256withRSA -pki_audit_signing_subject_dn= -pki_audit_signing_token= -pki_backup_keys=False -pki_client_database_dir= +pki_backup_password=Secret123 +pki_client_database_password=Secret123 pki_client_database_purge=False -pki_client_dir= +pki_client_pkcs12_password=Secret123 +pki_clone_pkcs12_password=Secret123 pki_ds_base_dn=dc=ca,dc=example,dc=com pki_ds_bind_dn=cn=Directory Manager pki_ds_database=ca -pki_ds_hostname= -pki_ds_ldap_port=389 -pki_ds_ldaps_port=636 -pki_ds_remove_data=True -pki_ds_secure_connection=False -pki_group=pkiuser -pki_issuing_ca= -pki_restart_configured_instance=True -pki_security_domain_hostname= -pki_security_domain_https_port=8443 +pki_ds_password=Secret123 pki_security_domain_name=EXAMPLE -pki_security_domain_user=caadmin -pki_skip_configuration=False -pki_skip_installation=False -pki_ssl_server_key_algorithm=SHA256withRSA -pki_ssl_server_key_size=2048 -pki_ssl_server_key_type=rsa -pki_ssl_server_nickname= -pki_ssl_server_subject_dn= -pki_ssl_server_token= -pki_subsystem_key_algorithm=SHA256withRSA -pki_subsystem_key_size=2048 -pki_subsystem_key_type=rsa -pki_subsystem_nickname= -pki_subsystem_subject_dn= -pki_subsystem_token= -pki_token_name=internal -pki_user=pkiuser -############################################################################### -## 'Apache' Data: ## -## ## -## Values in this section are common to PKI subsystems that run ## -## as an instance of 'Apache' (RA and TPS subsystems), and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[Apache] -pki_instance_name=pki-apache -pki_http_port=80 -pki_https_port=443 -############################################################################### -## 'Tomcat' Data: ## -## ## -## Values in this section are common to PKI subsystems that run ## -## as an instance of 'Tomcat' (CA, KRA, OCSP, and TKS subsystems ## -## including 'Clones', 'Subordinate CAs', and 'External CAs'), and contain ## -## required information which MAY be overridden by users as necessary. ## -## ## -## PKI CLONES: To specify a 'CA Clone', a 'KRA Clone', an 'OCSP Clone', ## -## or a 'TKS Clone', change the value of 'pki_clone' ## -## from 'False' to 'True'. ## -## ## -## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## -## are MUTUALLY EXCLUSIVE entities!!! ## -############################################################################### -[Tomcat] -pki_ajp_port=8009 -pki_clone=False -pki_clone_pkcs12_path= -pki_clone_replicate_schema=True -pki_clone_replication_master_port= -pki_clone_replication_clone_port= -pki_clone_replication_security=None -pki_clone_uri= -pki_enable_java_debugger=False -pki_enable_proxy=False -pki_http_port=8080 -pki_https_port=8443 -pki_instance_name=master -pki_proxy_http_port=80 -pki_proxy_https_port=443 -pki_security_manager=true -pki_tomcat_server_port=8005 -############################################################################### -## 'CA' Data: ## -## ## -## Values in this section are common to CA subsystems including 'PKI CAs', ## -## 'Cloned CAs', 'Subordinate CAs', and 'External CAs', and contain ## -## required information which MAY be overridden by users as necessary. ## -## ## -## EXTERNAL CAs: To specify an 'External CA', change the value ## -## of 'pki_external' from 'False' to 'True'. ## -## ## -## SUBORDINATE CAs: To specify a 'Subordinate CA', change the value ## -## of 'pki_subordinate' from 'False' to 'True'. ## -## ## -## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## -## are MUTUALLY EXCLUSIVE entities!!! ## -############################################################################### -[CA] -pki_ca_signing_key_algorithm=SHA256withRSA -pki_ca_signing_key_size=2048 -pki_ca_signing_key_type=rsa -pki_ca_signing_nickname= -pki_ca_signing_signing_algorithm=SHA256withRSA -pki_ca_signing_subject_dn= -pki_ca_signing_token= -pki_external=False -pki_external_ca_cert_chain_path= -pki_external_ca_cert_path= -pki_external_csr_path= -pki_external_step_two=False -pki_ocsp_signing_key_algorithm=SHA256withRSA -pki_ocsp_signing_key_size=2048 -pki_ocsp_signing_key_type=rsa -pki_ocsp_signing_nickname= -pki_ocsp_signing_signing_algorithm=SHA256withRSA -pki_ocsp_signing_subject_dn= -pki_ocsp_signing_token= -pki_subordinate=False -pki_subsystem=CA -pki_subsystem_name= -############################################################################### -## 'KRA' Data: ## -## ## -## Values in this section are common to KRA subsystems ## -## including 'PKI KRAs' and 'Cloned KRAs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[KRA] -pki_storage_key_algorithm=SHA256withRSA -pki_storage_key_size=2048 -pki_storage_key_type=rsa -pki_storage_nickname= -pki_storage_signing_algorithm=SHA256withRSA -pki_storage_subject_dn= -pki_storage_token= -pki_subsystem=KRA -pki_subsystem_name= -pki_transport_key_algorithm=SHA256withRSA -pki_transport_key_size=2048 -pki_transport_key_type=rsa -pki_transport_nickname= -pki_transport_signing_algorithm=SHA256withRSA -pki_transport_subject_dn= -pki_transport_token= -############################################################################### -## 'OCSP' Data: ## -## ## -## Values in this section are common to OCSP subsystems ## -## including 'PKI OCSPs' and 'Cloned OCSPs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[OCSP] -pki_ocsp_signing_key_algorithm=SHA256withRSA -pki_ocsp_signing_key_size=2048 -pki_ocsp_signing_key_type=rsa -pki_ocsp_signing_nickname= -pki_ocsp_signing_signing_algorithm=SHA256withRSA -pki_ocsp_signing_subject_dn= -pki_ocsp_signing_token= -pki_subsystem=OCSP -pki_subsystem_name= -############################################################################### -## 'RA' Data: ## -## ## -## Values in this section are common to PKI RA subsystems, and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[RA] -pki_subsystem=RA -pki_subsystem_name= -############################################################################### -## 'TKS' Data: ## -## ## -## Values in this section are common to TKS subsystems ## -## including 'PKI TKSs' and 'Cloned TKSs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[TKS] -pki_subsystem=TKS -pki_subsystem_name= -############################################################################### -## 'TPS' Data: ## -## ## -## Values in this section are common to PKI TPS subsystems, and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[TPS] -pki_subsystem=TPS -pki_subsystem_name= +pki_token_password=Secret123 diff --git a/scripts/ca.cfg b/scripts/ca.cfg index 997e431..83b19bf 100644 --- a/scripts/ca.cfg +++ b/scripts/ca.cfg @@ -14,7 +14,6 @@ pki_client_database_purge=False pki_client_pkcs12_password=Secret123 pki_clone_pkcs12_password=Secret123 pki_ds_base_dn=dc=ca,dc=example,dc=com -pki_ds_bind_dn=cn=Directory Manager pki_ds_database=ca pki_ds_password=Secret123 pki_security_domain_name=EXAMPLE diff --git a/scripts/core-remove.sh b/scripts/core-remove.sh new file mode 100755 index 0000000..5747eb9 --- /dev/null +++ b/scripts/core-remove.sh @@ -0,0 +1,20 @@ +#!/bin/sh -x + +rpm -e --nodeps \ + pki-symkey\ + pki-base\ + pki-tools\ + pki-server\ + pki-ca\ + pki-kra\ + pki-ocsp\ + pki-tks\ + pki-core-debuginfo + +rpm -e --nodeps \ + pki-util\ + pki-silent\ + pki-selinux + +rpm -e --nodeps pki-tps +rpm -e --nodeps pki-javadoc diff --git a/scripts/core-update.sh b/scripts/core-update.sh index 57ef607..e38b85e 100755 --- a/scripts/core-update.sh +++ b/scripts/core-update.sh @@ -1,6 +1,4 @@ #!/bin/sh -x -SRC_DIR=`cd ../.. ; pwd` - -cd $SRC_DIR/repo -rpm -Uvh *.rpm +./core-remove.sh +./core-install.sh diff --git a/scripts/kra-merged-create.sh b/scripts/kra-merged-create.sh index 91c3810..efad072 100755 --- a/scripts/kra-merged-create.sh +++ b/scripts/kra-merged-create.sh @@ -1,3 +1,3 @@ #!/bin/sh -x -pkispawn -f merged.cfg -s KRA -v 2>&1 | tee build/kra-merged-create.log +pkispawn -vvv -f kra-merged.cfg -s KRA -v 2>&1 | tee build/kra-merged-create.log diff --git a/scripts/kra-merged.cfg b/scripts/kra-merged.cfg index 63e7f76..bbbc4ee 100644 --- a/scripts/kra-merged.cfg +++ b/scripts/kra-merged.cfg @@ -1,233 +1,35 @@ -############################################################################### -## 'Sensitive' Data: ## -## ## -## Values in this section pertain to various PKI subsystems, and contain ## -## required 'sensitive' information which MUST ALWAYS be provided by users. ## -## ## -## IMPORTANT: Sensitive data values must NEVER be displayed to the ## -## console NOR stored in log files!!! ## -############################################################################### -[Sensitive] -pki_admin_password=Secret123 -pki_backup_password=Secret123 -pki_client_database_password=Secret123 -pki_client_pkcs12_password=Secret123 -pki_clone_pkcs12_password=Secret123 -pki_ds_password=Secret123 -pki_security_domain_password=Secret123 -pki_token_password=Secret123 -############################################################################### -## 'Common' Data: ## -## ## -## Values in this section are common to more than one PKI subsystem, and ## -## contain required information which MAY be overridden by users as ## -## necessary. ## -## ## -## NOTE: Default values will be generated for any and all required ## -## 'common' data values which are left undefined. ## -############################################################################### -[Common] -pki_admin_cert_request_type=crmf -pki_admin_domain_name= -pki_admin_dualkey=False -pki_admin_email=kraadmin@example.com -pki_admin_keysize=2048 -pki_admin_name=kraadmin -pki_admin_nickname=kraadmin -pki_admin_subject_dn= -pki_admin_uid=kraadmin -pki_audit_group=pkiaudit -pki_audit_signing_key_algorithm=SHA256withRSA -pki_audit_signing_key_size=2048 -pki_audit_signing_key_type=rsa -pki_audit_signing_nickname= -pki_audit_signing_signing_algorithm=SHA256withRSA -pki_audit_signing_subject_dn= -pki_audit_signing_token= -pki_backup_keys=False -pki_client_database_dir= -pki_client_database_purge=False -pki_client_dir= -pki_ds_base_dn=dc=kra,dc=example,dc=com -pki_ds_bind_dn=cn=Directory Manager -pki_ds_database=kra -pki_ds_hostname= -pki_ds_ldap_port=389 -pki_ds_ldaps_port=636 -pki_ds_remove_data=True -pki_ds_secure_connection=False -pki_group=pkiuser -pki_issuing_ca= -pki_restart_configured_instance=True -pki_security_domain_hostname= -pki_security_domain_https_port=8443 -pki_security_domain_name=EXAMPLE -pki_security_domain_user=caadmin -pki_skip_configuration=False -pki_skip_installation=False -pki_ssl_server_key_algorithm=SHA256withRSA -pki_ssl_server_key_size=2048 -pki_ssl_server_key_type=rsa -pki_ssl_server_nickname= -pki_ssl_server_subject_dn= -pki_ssl_server_token= -pki_subsystem_key_algorithm=SHA256withRSA -pki_subsystem_key_size=2048 -pki_subsystem_key_type=rsa -pki_subsystem_nickname= -pki_subsystem_subject_dn= -pki_subsystem_token= -pki_token_name=internal -pki_user=pkiuser -############################################################################### -## 'Apache' Data: ## -## ## -## Values in this section are common to PKI subsystems that run ## -## as an instance of 'Apache' (RA and TPS subsystems), and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[Apache] -pki_instance_name=pki-apache -pki_http_port=80 -pki_https_port=443 -############################################################################### -## 'Tomcat' Data: ## -## ## -## Values in this section are common to PKI subsystems that run ## -## as an instance of 'Tomcat' (CA, KRA, OCSP, and TKS subsystems ## -## including 'Clones', 'Subordinate CAs', and 'External CAs'), and contain ## -## required information which MAY be overridden by users as necessary. ## -## ## -## PKI CLONES: To specify a 'CA Clone', a 'KRA Clone', an 'OCSP Clone', ## -## or a 'TKS Clone', change the value of 'pki_clone' ## -## from 'False' to 'True'. ## -## ## -## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## -## are MUTUALLY EXCLUSIVE entities!!! ## -############################################################################### -[Tomcat] -pki_ajp_port=8009 -pki_clone=False -pki_clone_pkcs12_path= -pki_clone_replicate_schema=True -pki_clone_replication_master_port= -pki_clone_replication_clone_port= -pki_clone_replication_security=None -pki_clone_uri= -pki_enable_java_debugger=False -pki_enable_proxy=False -pki_http_port=8080 -pki_https_port=8443 -pki_instance_name=master -pki_proxy_http_port=80 -pki_proxy_https_port=443 -pki_security_manager=true -pki_tomcat_server_port=8005 -############################################################################### -## 'CA' Data: ## -## ## -## Values in this section are common to CA subsystems including 'PKI CAs', ## -## 'Cloned CAs', 'Subordinate CAs', and 'External CAs', and contain ## -## required information which MAY be overridden by users as necessary. ## -## ## -## EXTERNAL CAs: To specify an 'External CA', change the value ## -## of 'pki_external' from 'False' to 'True'. ## -## ## -## SUBORDINATE CAs: To specify a 'Subordinate CA', change the value ## -## of 'pki_subordinate' from 'False' to 'True'. ## -## ## -## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## -## are MUTUALLY EXCLUSIVE entities!!! ## -############################################################################### -[CA] -pki_ca_signing_key_algorithm=SHA256withRSA -pki_ca_signing_key_size=2048 -pki_ca_signing_key_type=rsa -pki_ca_signing_nickname= -pki_ca_signing_signing_algorithm=SHA256withRSA -pki_ca_signing_subject_dn= -pki_ca_signing_token= -pki_external=False -pki_external_ca_cert_chain_path= -pki_external_ca_cert_path= -pki_external_csr_path= -pki_external_step_two=False -pki_ocsp_signing_key_algorithm=SHA256withRSA -pki_ocsp_signing_key_size=2048 -pki_ocsp_signing_key_type=rsa -pki_ocsp_signing_nickname= -pki_ocsp_signing_signing_algorithm=SHA256withRSA -pki_ocsp_signing_subject_dn= -pki_ocsp_signing_token= -pki_subordinate=False -pki_subsystem=CA -pki_subsystem_name= -############################################################################### -## 'KRA' Data: ## -## ## -## Values in this section are common to KRA subsystems ## -## including 'PKI KRAs' and 'Cloned KRAs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[KRA] -pki_storage_key_algorithm=SHA256withRSA -pki_storage_key_size=2048 -pki_storage_key_type=rsa -pki_storage_nickname= -pki_storage_signing_algorithm=SHA256withRSA -pki_storage_subject_dn= -pki_storage_token= -pki_subsystem=KRA -pki_subsystem_name= -pki_transport_key_algorithm=SHA256withRSA -pki_transport_key_size=2048 -pki_transport_key_type=rsa -pki_transport_nickname= -pki_transport_signing_algorithm=SHA256withRSA -pki_transport_subject_dn= -pki_transport_token= -############################################################################### -## 'OCSP' Data: ## -## ## -## Values in this section are common to OCSP subsystems ## -## including 'PKI OCSPs' and 'Cloned OCSPs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[OCSP] -pki_ocsp_signing_key_algorithm=SHA256withRSA -pki_ocsp_signing_key_size=2048 -pki_ocsp_signing_key_type=rsa -pki_ocsp_signing_nickname= -pki_ocsp_signing_signing_algorithm=SHA256withRSA -pki_ocsp_signing_subject_dn= -pki_ocsp_signing_token= -pki_subsystem=OCSP -pki_subsystem_name= -############################################################################### -## 'RA' Data: ## -## ## -## Values in this section are common to PKI RA subsystems, and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[RA] -pki_subsystem=RA -pki_subsystem_name= -############################################################################### -## 'TKS' Data: ## -## ## -## Values in this section are common to TKS subsystems ## -## including 'PKI TKSs' and 'Cloned TKSs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[TKS] -pki_subsystem=TKS -pki_subsystem_name= -############################################################################### -## 'TPS' Data: ## -## ## -## Values in this section are common to PKI TPS subsystems, and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[TPS] -pki_subsystem=TPS -pki_subsystem_name= +[KRA]
+pki_security_domain_https_port=443
+pki_security_domain_password=Secret123
+pki_security_domain_user=admin
+pki_enable_proxy = True
+pki_restart_configured_instance = False
+pki_backup_keys = True
+pki_backup_password = Secret123
+pki_client_database_dir = /tmp/tmp-ce2oQN
+pki_client_database_password = Secret123
+pki_client_database_purge = False
+pki_client_pkcs12_password = Secret123
+pki_admin_name = admin
+pki_admin_uid = admin
+pki_admin_email = root@localhost
+pki_admin_password = Secret123
+pki_admin_nickname = ipa-ca-agent
+pki_admin_subject_dn = cn=ipa-ca-agent,O=GREYOAK.COM
+pki_import_admin_cert=True
+pki_admin_cert_file=/root/.dogtag/pki-tomcat/ca_admin.cert
+pki_client_admin_cert_p12 = /root/ca-agent.p12
+pki_ds_ldap_port = 389
+pki_ds_password = Secret123
+pki_ds_base_dn = o=ipakra
+pki_ds_database = ipakra
+pki_storage_subject_dn=cn=DRM Storage Certificate,o=GREYOAK.COM
+pki_transport_subject_dn=cn=DRM Transport Certificate,o=GREYOAK.COM
+pki_subsystem_subject_dn = cn=DRM Subsystem,O=GREYOAK.COM
+pki_ssl_server_subject_dn = cn=dart.greyoak.com,O=GREYOAK.COM
+pki_audit_signing_subject_dn = cn=DRM Audit,O=GREYOAK.COM
+pki_subsystem_nickname = subsystemCert cert-pki-kra
+pki_ssl_server_nickname = Server-Cert cert-pki-ca
+pki_audit_signing_nickname = auditSigningCert cert-pki-kra
+pki_storage_nickname=storageCert cert-pki-kra
+pki_transport_nickname=transportCert cert-pki-kra
diff --git a/scripts/tps-format.sh b/scripts/tps-format.sh index 13e5cad..4e0d971 100755 --- a/scripts/tps-format.sh +++ b/scripts/tps-format.sh @@ -3,7 +3,7 @@ tpsclient <<EOF op=var_set name=ra_host value=localhost op=var_set name=ra_port value=16080 -op=var_set name=ra_uri value=/tps/test +op=var_set name=ra_uri value=/tps/tps op=var_list op=token_status |