From d06a571b5b0a3e079ee3bcc1927bacae474ce200 Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Tue, 20 Mar 2012 19:42:14 -0500 Subject: Added cloning and certificate scripts. --- scripts/ca-configure.sh | 24 ++++++++-------- scripts/ca-console.sh | 2 +- scripts/ca-create.sh | 32 +++++++++++---------- scripts/caclone-configure.sh | 67 ++++++++++++++++++++++++++++++++++++++++++++ scripts/caclone-create.sh | 25 +++++++++++++++++ scripts/caclone-remove.sh | 5 ++++ scripts/caclone-restart.sh | 3 ++ scripts/caclone-start.sh | 3 ++ scripts/caclone-stop.sh | 3 ++ scripts/certs-import.sh | 11 ++++++++ scripts/certs-list.sh | 8 ++++++ scripts/certs-remove.sh | 13 +++++++++ scripts/core-uninstall.sh | 5 +++- scripts/ds-create.sh | 4 +-- scripts/ds-remove.sh | 2 +- scripts/ds-restart.sh | 2 +- scripts/ds-start.sh | 2 +- scripts/ds-stop.sh | 2 +- scripts/dsclone-create.sh | 11 ++++++++ scripts/dsclone-remove.sh | 3 ++ scripts/dsclone-start.sh | 3 ++ scripts/kra-configure.sh | 28 +++++++++--------- scripts/kra-console.sh | 2 +- scripts/kra-create.sh | 34 +++++++++++----------- 24 files changed, 230 insertions(+), 64 deletions(-) create mode 100755 scripts/caclone-configure.sh create mode 100755 scripts/caclone-create.sh create mode 100755 scripts/caclone-remove.sh create mode 100755 scripts/caclone-restart.sh create mode 100755 scripts/caclone-start.sh create mode 100755 scripts/caclone-stop.sh create mode 100755 scripts/certs-import.sh create mode 100755 scripts/certs-list.sh create mode 100755 scripts/certs-remove.sh create mode 100755 scripts/dsclone-create.sh create mode 100755 scripts/dsclone-remove.sh create mode 100755 scripts/dsclone-start.sh diff --git a/scripts/ca-configure.sh b/scripts/ca-configure.sh index 892a94c..bbdf33c 100755 --- a/scripts/ca-configure.sh +++ b/scripts/ca-configure.sh @@ -2,26 +2,28 @@ PKI_DEV_SRC=`cd .. ; pwd` +INSTANCE_NAME=pki-ca PASSWORD=Secret123 -PIN=`grep preop.pin= /var/lib/pki-ca/conf/CS.cfg | awk -F= '{ print $2; }'` +PIN=`grep preop.pin= /var/lib/$INSTANCE_NAME/conf/CS.cfg | awk -F= '{ print $2; }'` +REALM=EXAMPLE-COM CERTS=$PKI_DEV_SRC/certs/ca rm -rf $CERTS mkdir -p $CERTS pkisilent ConfigureCA \ - -cs_hostname `hostname` \ + -cs_hostname $HOSTNAME \ -cs_port 9443 \ -preop_pin $PIN \ -client_certdb_dir "$CERTS" \ -client_certdb_pwd "$PASSWORD" \ -token_name "internal" \ - -domain_name "Example Domain" \ + -domain_name "$REALM" \ -subsystem_name "Certificate Authority" \ -ldap_host "localhost" \ -ldap_port "389" \ -base_dn "ou=ca,dc=example,dc=com" \ - -db_name "example.com-pki-ca" \ + -db_name "example.com-$INSTANCE_NAME" \ -bind_dn "cn=Directory Manager" \ -bind_password "$PASSWORD" \ -remove_data true \ @@ -32,20 +34,20 @@ pkisilent ConfigureCA \ -save_p12 true \ -backup_fname "$CERTS/ca-server-certs.p12" \ -backup_pwd "$PASSWORD" \ - -ca_sign_cert_subject_name "CN=Certificate Authority,OU=pki-ca,O=Example Domain" \ - -ca_ocsp_cert_subject_name "CN=OCSP Signing Certificate,OU=pki-ca,O=Example Domain" \ - -ca_server_cert_subject_name "CN=$HOSTNAME,OU=pki-ca,O=Example Domain" \ - -ca_subsystem_cert_subject_name "CN=CA Subsystem Certificate,OU=pki-ca,O=Example Domain" \ - -ca_audit_signing_cert_subject_name "CN=CA Audit Signing Certificate,OU=pki-ca,O=Example Domain" \ + -ca_sign_cert_subject_name "CN=Certificate Authority,O=$REALM" \ + -ca_ocsp_cert_subject_name "CN=OCSP Signing Certificate,O=$REALM" \ + -ca_server_cert_subject_name "CN=$HOSTNAME,O=$REALM" \ + -ca_subsystem_cert_subject_name "CN=CA Subsystem Certificate,O=$REALM" \ + -ca_audit_signing_cert_subject_name "CN=CA Audit Signing Certificate,O=$REALM" \ -admin_user "caadmin" \ -agent_name "caadmin" \ -admin_email "caadmin@example.com" \ -admin_password "$PASSWORD" \ -agent_key_size 2048 \ -agent_key_type rsa \ - -agent_cert_subject "CN=caadmin,UID=caadmin,E=caadmin@example.com,O=Example Domain" + -agent_cert_subject "CN=caadmin,UID=caadmin,E=caadmin@example.com,O=$REALM" echo $PASSWORD > "$CERTS/password.txt" PKCS12Export -d "$CERTS" -o "$CERTS/ca-client-certs.p12" -p "$CERTS/password.txt" -w "$CERTS/password.txt" -systemctl restart pki-cad@pki-ca.service +systemctl restart pki-cad@$INSTANCE_NAME.service diff --git a/scripts/ca-console.sh b/scripts/ca-console.sh index 5b61313..f596e6a 100755 --- a/scripts/ca-console.sh +++ b/scripts/ca-console.sh @@ -1,3 +1,3 @@ #!/bin/sh -x -pkiconsole https://`hostname`:9443/ca +pkiconsole https://$HOSTNAME:9443/ca diff --git a/scripts/ca-create.sh b/scripts/ca-create.sh index e44ecd4..312ca19 100755 --- a/scripts/ca-create.sh +++ b/scripts/ca-create.sh @@ -2,22 +2,24 @@ PKI_SRC=`cd ../.. ; pwd`/pki -pkicreate -pki_instance_root=/var/lib \ - -pki_instance_name=pki-ca \ - -subsystem_type=ca \ - -secure_port=9443 \ - -unsecure_port=9180 \ - -tomcat_server_port=9701 \ - -user=pkiuser \ - -group=pkiuser \ - -redirect conf=/etc/pki-ca \ - -redirect logs=/var/log/pki-ca \ +INSTANCE_NAME=pki-ca + +pkicreate -pki_instance_root=/var/lib \ + -pki_instance_name=$INSTANCE_NAME \ + -subsystem_type=ca \ + -secure_port=9443 \ + -unsecure_port=9180 \ + -tomcat_server_port=9701 \ + -user=pkiuser \ + -group=pkiuser \ + -redirect conf=/etc/$INSTANCE_NAME \ + -redirect logs=/var/log/$INSTANCE_NAME \ -verbose -ln -s /usr/share/tomcat6/bin /var/lib/pki-ca/bin -ln -s /usr/share/tomcat6/lib /var/lib/pki-ca/lib -rm -f /var/lib/pki-ca/webapps/ca/WEB-INF/lib/pki-* -ln -s $PKI_SRC/pki/build/classes /var/lib/pki-ca/webapps/ca/WEB-INF/classes +ln -s /usr/share/tomcat6/bin /var/lib/$INSTANCE_NAME/bin +ln -s /usr/share/tomcat6/lib /var/lib/$INSTANCE_NAME/lib +rm -f /var/lib/$INSTANCE_NAME/webapps/ca/WEB-INF/lib/pki-* +ln -s $PKI_SRC/pki/build/classes /var/lib/$INSTANCE_NAME/webapps/ca/WEB-INF/classes -systemctl restart pki-cad@pki-ca.service +systemctl restart pki-cad@$INSTANCE_NAME.service diff --git a/scripts/caclone-configure.sh b/scripts/caclone-configure.sh new file mode 100755 index 0000000..a24da2a --- /dev/null +++ b/scripts/caclone-configure.sh @@ -0,0 +1,67 @@ +#!/bin/sh -x + +PKI_DEV_SRC=`cd .. ; pwd` + +INSTANCE_NAME=pki-caclone +PASSWORD=Secret123 +PIN=`grep preop.pin= /var/lib/$INSTANCE_NAME/conf/CS.cfg | awk -F= '{ print $2; }'` + +REALM=EXAMPLE-COM +CERTS=$PKI_DEV_SRC/certs/caclone +rm -rf $CERTS +mkdir -p $CERTS + +cp "$PKI_DEV_SRC/certs/ca/ca-server-certs.p12" /var/lib/$INSTANCE_NAME/alias +chown pkiuser.pkiuser /var/lib/$INSTANCE_NAME/alias/ca-server-certs.p12 + +pkisilent ConfigureCA \ + -cs_hostname "$HOSTNAME" \ + -cs_port "9444" \ + -preop_pin "$PIN" \ + -client_certdb_dir "$CERTS" \ + -client_certdb_pwd "$PASSWORD" \ + -token_name "internal" \ + -domain_name "$REALM" \ + -subsystem_name "Certificate Authority Clone" \ + -clone "true" \ + -clone_uri "https://$HOSTNAME:9443" \ + -clone_p12_file "ca-server-certs.p12" \ + -clone_p12_password "$PASSWORD" \ + -sd_hostname "$HOSTNAME" \ + -sd_admin_port 9443 \ + -sd_ssl_port 9443 \ + -sd_agent_port 9443 \ + -sd_admin_name "caadmin" \ + -sd_admin_password "$PASSWORD" \ + -ldap_host "localhost" \ + -ldap_port "390" \ + -base_dn "ou=ca,dc=example,dc=com" \ + -db_name "example.com-$INSTANCE_NAME" \ + -bind_dn "cn=Directory Manager" \ + -bind_password "$PASSWORD" \ + -remove_data "true" \ + -key_type rsa \ + -key_size 2048 \ + -key_algorithm SHA256withRSA \ + -signing_signingalgorithm SHA256withRSA \ + -save_p12 true \ + -backup_fname "$CERTS/caclone-server-certs.p12" \ + -backup_pwd "$PASSWORD" \ + -ca_sign_cert_subject_name "CN=Certificate Authority,O=$REALM" \ + -ca_ocsp_cert_subject_name "CN=OCSP Signing Certificate,O=$REALM" \ + -ca_server_cert_subject_name "CN=$HOSTNAME,O=$REALM" \ + -ca_subsystem_cert_subject_name "CN=CA Subsystem Certificate,O=$REALM" \ + -ca_audit_signing_cert_subject_name "CN=CA Audit Signing Certificate,O=$REALM" \ + -admin_user "caadmin" \ + -agent_name "caadmin" \ + -admin_email "caadmin@example.com" \ + -admin_password "$PASSWORD" \ + -agent_key_size 2048 \ + -agent_key_type rsa \ + -agent_cert_subject "CN=caadmin,UID=caadmin,E=caadmin@example.com,O=$REALM" + + +echo $PASSWORD > "$CERTS/password.txt" +PKCS12Export -d "$CERTS" -o "$CERTS/caclone-client-certs.p12" -p "$CERTS/password.txt" -w "$CERTS/password.txt" + +systemctl restart pki-cad@$INSTANCE_NAME.service diff --git a/scripts/caclone-create.sh b/scripts/caclone-create.sh new file mode 100755 index 0000000..4871815 --- /dev/null +++ b/scripts/caclone-create.sh @@ -0,0 +1,25 @@ +#!/bin/sh -x + +PKI_SRC=`cd ../.. ; pwd`/pki + +INSTANCE_NAME=pki-caclone + +pkicreate -pki_instance_root=/var/lib \ + -pki_instance_name=$INSTANCE_NAME \ + -subsystem_type=ca \ + -secure_port=9444 \ + -unsecure_port=9181 \ + -tomcat_server_port=9702 \ + -user=pkiuser \ + -group=pkiuser \ + -redirect conf=/etc/$INSTANCE_NAME \ + -redirect logs=/var/log/$INSTANCE_NAME \ + -verbose + +ln -s /usr/share/tomcat6/bin /var/lib/$INSTANCE_NAME/bin +ln -s /usr/share/tomcat6/lib /var/lib/$INSTANCE_NAME/lib +rm -f /var/lib/$INSTANCE_NAME/webapps/ca/WEB-INF/lib/pki-* +ln -s $PKI_SRC/pki/build/classes /var/lib/$INSTANCE_NAME/webapps/ca/WEB-INF/classes + +systemctl restart pki-cad@$INSTANCE_NAME.service + diff --git a/scripts/caclone-remove.sh b/scripts/caclone-remove.sh new file mode 100755 index 0000000..43523e6 --- /dev/null +++ b/scripts/caclone-remove.sh @@ -0,0 +1,5 @@ +#!/bin/sh -x + +pkiremove -pki_instance_root=/var/lib\ + -pki_instance_name=pki-caclone\ + -force diff --git a/scripts/caclone-restart.sh b/scripts/caclone-restart.sh new file mode 100755 index 0000000..1ac3797 --- /dev/null +++ b/scripts/caclone-restart.sh @@ -0,0 +1,3 @@ +#!/bin/sh -x + +systemctl restart pki-cad@pki-caclone.service diff --git a/scripts/caclone-start.sh b/scripts/caclone-start.sh new file mode 100755 index 0000000..037f171 --- /dev/null +++ b/scripts/caclone-start.sh @@ -0,0 +1,3 @@ +#!/bin/sh -x + +systemctl start pki-cad@pki-caclone.service diff --git a/scripts/caclone-stop.sh b/scripts/caclone-stop.sh new file mode 100755 index 0000000..d4d1c36 --- /dev/null +++ b/scripts/caclone-stop.sh @@ -0,0 +1,3 @@ +#!/bin/sh -x + +systemctl stop pki-cad@pki-caclone.service diff --git a/scripts/certs-import.sh b/scripts/certs-import.sh new file mode 100755 index 0000000..86ab35d --- /dev/null +++ b/scripts/certs-import.sh @@ -0,0 +1,11 @@ +#!/bin/sh -x + +PKI_DEV_SRC=`cd .. ; pwd` +FIREFOX_DIR=~/.mozilla/firefox +PROFILE=`grep Path= $FIREFOX_DIR/profiles.ini | awk -F= '{print $2}'` + +pk12util -i $PKI_DEV_SRC/certs/ca/ca-client-certs.p12 -d $FIREFOX_DIR/$PROFILE -W Secret123 +certutil -M -n caadmin -t u,u,u -d $FIREFOX_DIR/$PROFILE + +pk12util -i $PKI_DEV_SRC/certs/kra/kra-client-certs.p12 -d $FIREFOX_DIR/$PROFILE -W Secret123 +certutil -M -n kraadmin -t u,u,u -d $FIREFOX_DIR/$PROFILE diff --git a/scripts/certs-list.sh b/scripts/certs-list.sh new file mode 100755 index 0000000..4e55245 --- /dev/null +++ b/scripts/certs-list.sh @@ -0,0 +1,8 @@ +#!/bin/sh -x + +FIREFOX_DIR=~/.mozilla/firefox +PROFILE=`grep Path= $FIREFOX_DIR/profiles.ini | awk -F= '{print $2}'` + +cd $FIREFOX_DIR/$PROFILE + +certutil -L -d . diff --git a/scripts/certs-remove.sh b/scripts/certs-remove.sh new file mode 100755 index 0000000..90d847d --- /dev/null +++ b/scripts/certs-remove.sh @@ -0,0 +1,13 @@ +#!/bin/sh -x + +FIREFOX_DIR=~/.mozilla/firefox +PROFILE=`grep Path= $FIREFOX_DIR/profiles.ini | awk -F= '{print $2}'` + +cd $FIREFOX_DIR/$PROFILE + +certutil -D -n "caadmin" -d . +certutil -D -n "kraadmin" -d . +certutil -D -n "Certificate Authority - EXAMPLE-COM" -d . +certutil -D -n "$HOSTNAME" -d . +certutil -D -n "$HOSTNAME #2" -d . +certutil -D -n "$HOSTNAME #3" -d . diff --git a/scripts/core-uninstall.sh b/scripts/core-uninstall.sh index 19bd5c2..3bc49ec 100755 --- a/scripts/core-uninstall.sh +++ b/scripts/core-uninstall.sh @@ -1,6 +1,9 @@ #!/bin/sh -x -rpm -ev pki-selinux\ +rpm -ev pki-core-debuginfo + +rpm -ev pki-deploy\ + pki-selinux\ pki-tks\ pki-kra\ pki-common\ diff --git a/scripts/ds-create.sh b/scripts/ds-create.sh index 3dd2709..116cad1 100755 --- a/scripts/ds-create.sh +++ b/scripts/ds-create.sh @@ -1,11 +1,11 @@ #!/bin/sh -x setup-ds.pl --silent --\ - General.FullMachineName=`hostname`\ + General.FullMachineName=$HOSTNAME\ General.SuiteSpotUserID=nobody\ General.SuiteSpotGroup=nobody\ slapd.ServerPort=389\ - slapd.ServerIdentifier=`hostname -s`\ + slapd.ServerIdentifier=pki-master\ slapd.Suffix=dc=example,dc=com\ slapd.RootDN="cn=Directory Manager"\ slapd.RootDNPwd=Secret123\ diff --git a/scripts/ds-remove.sh b/scripts/ds-remove.sh index af37b40..4ec570c 100755 --- a/scripts/ds-remove.sh +++ b/scripts/ds-remove.sh @@ -1,3 +1,3 @@ #!/bin/sh -x -remove-ds.pl -f -i slapd-`hostname -s` +remove-ds.pl -f -i slapd-pki-master diff --git a/scripts/ds-restart.sh b/scripts/ds-restart.sh index 84719c4..94b92ea 100755 --- a/scripts/ds-restart.sh +++ b/scripts/ds-restart.sh @@ -1,3 +1,3 @@ #!/bin/sh -x -systemctl restart dirsrv@`hostname -s`.service +systemctl restart dirsrv@pki-master.service diff --git a/scripts/ds-start.sh b/scripts/ds-start.sh index 62bba44..6f38aa6 100755 --- a/scripts/ds-start.sh +++ b/scripts/ds-start.sh @@ -1,3 +1,3 @@ #!/bin/sh -x -systemctl start dirsrv@`hostname -s`.service +systemctl start dirsrv@pki-master.service diff --git a/scripts/ds-stop.sh b/scripts/ds-stop.sh index ce3c11e..61d56e9 100755 --- a/scripts/ds-stop.sh +++ b/scripts/ds-stop.sh @@ -1,3 +1,3 @@ #!/bin/sh -x -systemctl stop dirsrv@`hostname -s`.service +systemctl stop dirsrv@pki-master.service diff --git a/scripts/dsclone-create.sh b/scripts/dsclone-create.sh new file mode 100755 index 0000000..a813f6d --- /dev/null +++ b/scripts/dsclone-create.sh @@ -0,0 +1,11 @@ +#!/bin/sh -x + +setup-ds.pl --silent --\ + General.FullMachineName=$HOSTNAME\ + General.SuiteSpotUserID=nobody\ + General.SuiteSpotGroup=nobody\ + slapd.ServerPort=390\ + slapd.ServerIdentifier=pki-clone\ + slapd.Suffix=dc=example,dc=com\ + slapd.RootDN="cn=Directory Manager"\ + slapd.RootDNPwd=Secret123\ diff --git a/scripts/dsclone-remove.sh b/scripts/dsclone-remove.sh new file mode 100755 index 0000000..175f8ca --- /dev/null +++ b/scripts/dsclone-remove.sh @@ -0,0 +1,3 @@ +#!/bin/sh -x + +remove-ds.pl -f -i slapd-pki-clone diff --git a/scripts/dsclone-start.sh b/scripts/dsclone-start.sh new file mode 100755 index 0000000..ecef723 --- /dev/null +++ b/scripts/dsclone-start.sh @@ -0,0 +1,3 @@ +#!/bin/sh -x + +systemctl start dirsrv@pki-clone.service diff --git a/scripts/kra-configure.sh b/scripts/kra-configure.sh index f2c481f..eca98dc 100755 --- a/scripts/kra-configure.sh +++ b/scripts/kra-configure.sh @@ -2,44 +2,46 @@ PKI_DEV_SRC=`cd .. ; pwd` +INSTANCE_NAME=pki-kra PASSWORD=Secret123 -PIN=`grep preop.pin= /var/lib/pki-kra/conf/CS.cfg | awk -F= '{ print $2; }'` +PIN=`grep preop.pin= /var/lib/$INSTANCE_NAME/conf/CS.cfg | awk -F= '{ print $2; }'` +REALM=EXAMPLE-COM CERTS=$PKI_DEV_SRC/certs/kra rm -rf $CERTS mkdir -p $CERTS pkisilent ConfigureDRM \ - -cs_hostname `hostname` \ + -cs_hostname "$HOSTNAME" \ -cs_port 10443 \ -preop_pin "$PIN" \ -client_certdb_dir "$CERTS" \ -client_certdb_pwd "$PASSWORD" \ -token_name "internal" \ - -sd_hostname `hostname` \ + -sd_hostname "$HOSTNAME" \ -sd_admin_port 9443 \ -sd_ssl_port 9443 \ -sd_agent_port 9443 \ -sd_admin_name "caadmin" \ -sd_admin_password "$PASSWORD" \ - -domain_name "Example Domain" \ + -domain_name "$REALM" \ -subsystem_name "Data Recovery Manager" \ -ldap_host "localhost" \ -ldap_port "389" \ -base_dn "ou=kra,dc=example,dc=com" \ - -db_name "example.com-pki-kra" \ + -db_name "example.com-$INSTANCE_NAME" \ -bind_dn "cn=Directory Manager" \ -bind_password "$PASSWORD" \ -remove_data true \ -key_type rsa \ -key_size 2048 \ -signing_algorithm SHA256withRSA \ - -drm_transport_cert_subject_name "CN=DRM Transport Certificate,OU=pki-kra,O=Example Domain" \ - -drm_storage_cert_subject_name "CN=DRM Storage Certificate,OU=pki-kra,O=Example Domain" \ - -drm_server_cert_subject_name "CN=$HOSTNAME,OU=pki-kra,O=Example Domain" \ - -drm_subsystem_cert_subject_name "CN=DRM Subsystem Certificate,OU=pki-kra,O=Example Domain" \ - -drm_audit_signing_cert_subject_name "CN=DRM Audit Signing Certificate,OU=pki-kra,O=Example Domain" \ - -ca_hostname `hostname` \ + -drm_transport_cert_subject_name "CN=DRM Transport Certificate,O=$REALM" \ + -drm_storage_cert_subject_name "CN=DRM Storage Certificate,O=$REALM" \ + -drm_server_cert_subject_name "CN=$HOSTNAME,O=$REALM" \ + -drm_subsystem_cert_subject_name "CN=DRM Subsystem Certificate,O=$REALM" \ + -drm_audit_signing_cert_subject_name "CN=DRM Audit Signing Certificate,O=$REALM" \ + -ca_hostname "$HOSTNAME" \ -ca_port 9180 \ -ca_ssl_port 9443 \ -backup_fname "$CERTS/kra-server-certs.p12" \ @@ -50,9 +52,9 @@ pkisilent ConfigureDRM \ -admin_password "$PASSWORD" \ -agent_key_size 2048 \ -agent_key_type rsa \ - -agent_cert_subject "CN=kraadmin,UID=kraadmin,E=kraadmin@example.com,O=Example Domain" + -agent_cert_subject "CN=kraadmin,UID=kraadmin,E=kraadmin@example.com,O=$REALM" echo $PASSWORD > "$CERTS/password.txt" PKCS12Export -d "$CERTS" -o "$CERTS/kra-client-certs.p12" -p "$CERTS/password.txt" -w "$CERTS/password.txt" -systemctl restart pki-krad@pki-kra.service +systemctl restart pki-krad@$INSTANCE_NAME.service diff --git a/scripts/kra-console.sh b/scripts/kra-console.sh index d2d68d0..8a1263c 100755 --- a/scripts/kra-console.sh +++ b/scripts/kra-console.sh @@ -1,3 +1,3 @@ #!/bin/sh -x -pkiconsole https://`hostname`:10443/kra +pkiconsole https://$HOSTNAME:10443/kra diff --git a/scripts/kra-create.sh b/scripts/kra-create.sh index 1472faf..046ea68 100755 --- a/scripts/kra-create.sh +++ b/scripts/kra-create.sh @@ -2,22 +2,24 @@ PKI_SRC=`cd ../.. ; pwd`/pki -pkicreate -pki_instance_root=/var/lib \ - -pki_instance_name=pki-kra \ - -subsystem_type=kra \ - -secure_port=10443 \ - -unsecure_port=10180 \ - -tomcat_server_port=10701 \ - -user=pkiuser \ - -group=pkiuser \ - -audit_group=pkiaudit \ - -redirect conf=/etc/pki-kra \ - -redirect logs=/var/log/pki-kra \ +INSTANCE_NAME=pki-kra + +pkicreate -pki_instance_root=/var/lib \ + -pki_instance_name=$INSTANCE_NAME \ + -subsystem_type=kra \ + -secure_port=10443 \ + -unsecure_port=10180 \ + -tomcat_server_port=10701 \ + -user=pkiuser \ + -group=pkiuser \ + -audit_group=pkiaudit \ + -redirect conf=/etc/$INSTANCE_NAME \ + -redirect logs=/var/log/$INSTANCE_NAME \ -verbose -ln -s /usr/share/tomcat6/bin /var/lib/pki-kra/bin -ln -s /usr/share/tomcat6/lib /var/lib/pki-kra/lib -rm -f /var/lib/pki-kra/webapps/kra/WEB-INF/lib/pki-* -ln -s $PKI_SRC/pki/build/classes /var/lib/pki-kra/webapps/kra/WEB-INF/classes +ln -s /usr/share/tomcat6/bin /var/lib/$INSTANCE_NAME/bin +ln -s /usr/share/tomcat6/lib /var/lib/$INSTANCE_NAME/lib +rm -f /var/lib/$INSTANCE_NAME/webapps/kra/WEB-INF/lib/pki-* +ln -s $PKI_SRC/pki/build/classes /var/lib/$INSTANCE_NAME/webapps/kra/WEB-INF/classes -systemctl restart pki-krad@pki-kra.service +systemctl restart pki-krad@$INSTANCE_NAME.service -- cgit