From cf7d1ca9b159b4c03595bd6361417c30db89846e Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Tue, 13 Nov 2012 19:36:39 -0500 Subject: Added TPS scripts. --- scripts/tps-check-shared.sh | 5 +++++ scripts/tps-configure.sh | 37 +++++++++++++++++++++---------------- scripts/tps-import-shared.sh | 5 +++++ scripts/tps-include.sh | 7 +++---- scripts/tps-reinstall.sh | 4 ++++ scripts/tps-restart.sh | 4 ++++ scripts/tps-start.sh | 5 +++++ scripts/tps-stop.sh | 5 +++++ 8 files changed, 52 insertions(+), 20 deletions(-) create mode 100755 scripts/tps-check-shared.sh create mode 100755 scripts/tps-import-shared.sh create mode 100755 scripts/tps-reinstall.sh create mode 100755 scripts/tps-restart.sh create mode 100755 scripts/tps-start.sh create mode 100755 scripts/tps-stop.sh (limited to 'scripts') diff --git a/scripts/tps-check-shared.sh b/scripts/tps-check-shared.sh new file mode 100755 index 0000000..50ab49e --- /dev/null +++ b/scripts/tps-check-shared.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +INSTANCE_DIR=/var/lib/pki-tps +grep "internal:" $INSTANCE_DIR/conf/password.conf | sed "s/internal://" > $INSTANCE_DIR/conf/internal.txt +tkstool -L -d $INSTANCE_DIR/alias -f $INSTANCE_DIR/conf/internal.txt diff --git a/scripts/tps-configure.sh b/scripts/tps-configure.sh index 4a53a0b..dfc3251 100755 --- a/scripts/tps-configure.sh +++ b/scripts/tps-configure.sh @@ -8,11 +8,7 @@ CERTS=$SRC_DIR/pki-dev/certs/tps rm -rf $CERTS mkdir -p $CERTS -if [ "$TPS_SECURE_PORT" == "" ]; then - PORT="$TPS_ADMIN_SECURE_PORT" -else - PORT="$TPS_SECURE_PORT" -fi +PORT="$TPS_NON_CLIENTAUTH_SECURE_PORT" pkisilent ConfigureTPS \ -cs_hostname $HOSTNAME \ @@ -23,9 +19,9 @@ pkisilent ConfigureTPS \ -client_certdb_pwd "$PASSWORD" \ -token_name "internal" \ -sd_hostname "$HOSTNAME" \ - -sd_admin_port 9443 \ - -sd_ssl_port 9443 \ - -sd_agent_port 9443 \ + -sd_admin_port 8443 \ + -sd_ssl_port 8443 \ + -sd_agent_port 8443 \ -sd_admin_name "caadmin" \ -sd_admin_password "$PASSWORD" \ -domain_name "$REALM" \ @@ -36,24 +32,33 @@ pkisilent ConfigureTPS \ -db_name "$TPS_LDAP_DATABASE" \ -bind_dn "$TPS_LDAP_BIND_DN" \ -bind_password "$TPS_LDAP_PASSWORD" \ + -ldap_auth_host "$HOSTNAME" \ + -ldap_auth_port 389 \ + -ldap_auth_base_dn "dc=example,dc=com" \ -key_type rsa \ -key_size 2048 \ + -ss_keygen true \ + -tks_hostname "$HOSTNAME" \ + -tks_ssl_port 14443 \ -tps_server_cert_subject_name "$TPS_SERVER_CERT_SUBJECT_NAME" \ + -tps_server_cert_nickname "Server-Cert cert-pki-tps" \ -tps_subsystem_cert_subject_name "$TPS_SUBSYSTEM_CERT_SUBJECT_NAME" \ + -tps_subsystem_cert_nickname "subsystemCert cert-pki-tps" \ -tps_audit_signing_cert_subject_name "$TPS_AUDIT_SIGNING_CERT_SUBJECT_NAME" \ + -tps_audit_signing_cert_nickname "auditSigningCert cert-pki-tps" \ -ca_hostname "$HOSTNAME" \ - -ca_port 9180 \ - -ca_ssl_port 9443 \ - -ca_admin_port 9443 \ + -ca_port 8080 \ + -ca_ssl_port 8443 \ + -ca_admin_port 8443 \ -drm_hostname "$HOSTNAME" \ -drm_ssl_port 12443 \ - -admin_user "$CA_ADMIN_USER" \ - -agent_name "$CA_ADMIN_NAME" \ - -admin_email "$CA_ADMIN_EMAIL" \ - -admin_password "$CA_ADMIN_PASSWORD" \ + -admin_user "$TPS_ADMIN_USER" \ + -agent_name "$TPS_ADMIN_NAME" \ + -admin_email "$TPS_ADMIN_EMAIL" \ + -admin_password "$TPS_ADMIN_PASSWORD" \ -agent_key_size 2048 \ -agent_key_type rsa \ - -agent_cert_subject "$CA_ADMIN_CERT_SUBJECT" + -agent_cert_subject "$TPS_ADMIN_CERT_SUBJECT" echo $PASSWORD > "$CERTS/password.txt" PKCS12Export -d "$CERTS" -o "$CERTS/tps-client-certs.p12" -p "$CERTS/password.txt" -w "$CERTS/password.txt" diff --git a/scripts/tps-import-shared.sh b/scripts/tps-import-shared.sh new file mode 100755 index 0000000..b21cd36 --- /dev/null +++ b/scripts/tps-import-shared.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +INSTANCE_DIR=/var/lib/pki-tps +grep "internal:" $INSTANCE_DIR/conf/password.conf | sed "s/internal://" > $INSTANCE_DIR/conf/internal.txt +tkstool -I -d $INSTANCE_DIR/alias -n sharedSecret -f $INSTANCE_DIR/conf/internal.txt diff --git a/scripts/tps-include.sh b/scripts/tps-include.sh index 0b9daba..930025d 100755 --- a/scripts/tps-include.sh +++ b/scripts/tps-include.sh @@ -3,7 +3,7 @@ SRC_DIR="`cd ../.. ; pwd`" DOMAIN="example.com" -REALM="EXAMPLE-COM" +REALM="EXAMPLE" PASSWORD="Secret123" INSTANCE_ROOT="/var/lib" @@ -13,16 +13,15 @@ INSTANCE_GROUP="pkiuser" TPS_INSTANCE_NAME="pki-tps" TPS_SUBSYSTEM_TYPE="tps" -TPS_SUBSYSTEM_NAME="TPS" +TPS_SUBSYSTEM_NAME="Token Processing System" TPS_SECURE_PORT="7889" TPS_NON_CLIENTAUTH_SECURE_PORT="7890" TPS_UNSECURE_PORT="7888" -TPS_TOMCAT_SERVER_PORT="15701" TPS_LDAP_HOST="$HOSTNAME" TPS_LDAP_PORT="389" -TPS_LDAP_DATABASE="$DOMAIN-$INSTANCE_NAME" +TPS_LDAP_DATABASE="$TPS_INSTANCE_NAME" TPS_LDAP_BASE_DN="dc=tps,dc=example,dc=com" TPS_LDAP_BIND_DN="cn=Directory Manager" TPS_LDAP_PASSWORD="$PASSWORD" diff --git a/scripts/tps-reinstall.sh b/scripts/tps-reinstall.sh new file mode 100755 index 0000000..0772065 --- /dev/null +++ b/scripts/tps-reinstall.sh @@ -0,0 +1,4 @@ +#!/bin/sh -x + +./tps-uninstall.sh +./tps-install.sh diff --git a/scripts/tps-restart.sh b/scripts/tps-restart.sh new file mode 100755 index 0000000..e1df490 --- /dev/null +++ b/scripts/tps-restart.sh @@ -0,0 +1,4 @@ +#!/bin/sh -x + +./tps-stop.sh +./tps-start.sh diff --git a/scripts/tps-start.sh b/scripts/tps-start.sh new file mode 100755 index 0000000..374cf10 --- /dev/null +++ b/scripts/tps-start.sh @@ -0,0 +1,5 @@ +#!/bin/sh -x + +INSTANCE_NAME=pki-tps + +systemctl start pki-tpsd@$INSTANCE_NAME.service diff --git a/scripts/tps-stop.sh b/scripts/tps-stop.sh new file mode 100755 index 0000000..0f9696f --- /dev/null +++ b/scripts/tps-stop.sh @@ -0,0 +1,5 @@ +#!/bin/sh -x + +INSTANCE_NAME=pki-tps + +systemctl stop pki-tpsd@$INSTANCE_NAME.service -- cgit