pki.git/base/deploy/config, branch alee-82 Unnamed repository; edit this file 'description' to name the repository. Set paths for default instance 2012-11-05T03:12:57+00:00 Ade Lee alee@redhat.com 2012-10-26T16:36:14+00:00 db9537d210a20b90115374e5b406db6c9658bc3a With this patch, it will be possible to install a default instance simply by adding the passwords in the pkideployment.cfg. This file can then be used without additional alteration to add subsystems to the same instance, by re-running pkispawn against the config file. The patch makes sure that cert nicknames, database and baseDN , admin users and client db are unique per subsystem. An option is added to reuse the existing server cert generated by the first subsystem and copy the required data to all subsystems. Ticket 379, 385 
With this patch, it will be possible to install a default instance
simply by adding the passwords in the pkideployment.cfg.  This file
can then be used without additional alteration to add subsystems to the
same instance, by re-running pkispawn against the config file.

The patch makes sure that cert nicknames, database and baseDN , admin users
and client db are unique per subsystem.  An option is added to reuse the
existing server cert generated by the first subsystem and copy the
required data to all subsystems.

Ticket 379, 385
Allow a PKI instance to be installed/configured independently 2012-10-30T14:56:06+00:00 Matthew Harmsen mharmsen@redhat.com 2012-10-30T05:08:00+00:00 a957a3d2960d6ae39a7785cccb0656d5ac230701 * TRAC Ticket #286 - Dogtag 10: Create parameter for optionally allowing a user to skip configuration . . . 
* TRAC Ticket #286 - Dogtag 10: Create parameter for optionally allowing
  a user to skip configuration . . .
Enabled Tomcat security manager. 2012-10-27T04:32:31+00:00 Endi Sukma Dewata edewata@redhat.com 2012-10-02T16:40:35+00:00 5eab7fedf1c78610b5e030b9e07e93f32633e9ad The tomcat.conf and the template deployment configuration have been modified to enable the security manager. The operations script has been modified to generate a new catalina.policy from the standard Tomcat policy, the standard PKI policy and the custom policy every time the instance is started. The current catalina.policy has been changed to store a header for the dynamically generated catalina.policy. A new pki.policy has been added to store the default PKI security policy. An empty custom.policy has been added to store policy customization. Ticket #223 
The tomcat.conf and the template deployment configuration have been
modified to enable the security manager. The operations script has
been modified to generate a new catalina.policy from the standard
Tomcat policy, the standard PKI policy and the custom policy every
time the instance is started.

The current catalina.policy has been changed to store a header for
the dynamically generated catalina.policy. A new pki.policy has been
added to store the default PKI security policy. An empty
custom.policy has been added to store policy customization.

Ticket #223
Provide option to install, rather than replicate schema in a clone 2012-10-22T16:03:39+00:00 Ade Lee alee@redhat.com 2012-10-19T05:35:04+00:00 1c45197227a0d54b525d4b40f66aa96aeb4f2e6a 






Various fixes to installation servlet and pki-deploy
2012-09-13T01:39:47+00:00

Ade Lee
alee@redhat.com

2012-09-11T19:42:36+00:00

d7b67c5ba1cf193c50cd46ec4bdef79646bce1af

Added logging so that we can see what is passed in to server from pkispawn.
Fixed incorrect dbuser specification.
Added required replication config items to pkispawn.
Initial refactoring of construct_pki_configuration_data in pkijython.py





Added logging so that we can see what is passed in to server from pkispawn.
Fixed incorrect dbuser specification.
Added required replication config items to pkispawn.
Initial refactoring of construct_pki_configuration_data in pkijython.py







Moved webapp deployment code into pkispawn.
2012-09-05T15:08:41+00:00

Endi Sukma Dewata
edewata@redhat.com

2012-08-21T18:15:34+00:00

63ac9595b4b193200e9b7af94f0854361a70eec9

Previously the WAR files were generated at build time, so it would
include theme files that were installed on the build machine.

The code has been changed such that instead of generating WAR files
pkispawn will copy the webapp files from the theme folders and combine
them with subsystem webapp files at deployment time. This way it will
use the actual theme files installed on the deployment machine.

Ticket #89





Previously the WAR files were generated at build time, so it would
include theme files that were installed on the build machine.

The code has been changed such that instead of generating WAR files
pkispawn will copy the webapp files from the theme folders and combine
them with subsystem webapp files at deployment time. This way it will
use the actual theme files installed on the deployment machine.

Ticket #89







PKI Deployment Scriptlets
2012-08-13T15:39:47+00:00

Matthew Harmsen
mharmsen@redhat.com

2012-08-08T20:41:46+00:00

0198bf929702b756214b5f509ffe677ca58bf650

* TRAC Ticket #184 - Dogtag 10: Update PKI Deployment to handle
  cloning CA/KRA/OCSP/TKS . . .
* TRAC Ticket #285 - Dogtag 10: Fix installation issues for
  KRA, OCSP, and TKS





* TRAC Ticket #184 - Dogtag 10: Update PKI Deployment to handle
  cloning CA/KRA/OCSP/TKS . . .
* TRAC Ticket #285 - Dogtag 10: Fix installation issues for
  KRA, OCSP, and TKS







PKI Deployment Scriptlets
2012-07-31T03:51:19+00:00

Matthew Harmsen
mharmsen@redhat.com

2012-07-29T01:59:30+00:00

f589cc1e267d6d7b67a6463b4495b7a9c982669f

* TRAC Ticket #263 - Dogtag 10: Fix 'pkidestroy' problem of sporadically "not"
  removing "/etc/sysconfig/{pki_instance_id}" . . .
* TRAC Ticket #264 - Dogtag 10: Enable various other subsystems for
  configuration . . .
* TRAC Ticket #261 - Dogtag 10: Revisit command-line options of 'pkispawn' and
  'pkidestroy' . . .
* TRAC Ticket #268 - Dogtag 10: Create a parameter for optional restart of
  configured PKI instance . . .
* TRAC Ticket #270 - Dogtag 10: Add missing parameters to
  'pkideployment.cfg' . . .
* TRAC Ticket #265 - Dogtag 10: Provide configurable options for PKI client
  information . . .
* TRAC Ticket #275 - Dogtag 10: Add debug information (comments) to Tomcat 7
  "logging.properties"
* TRAC Ticket #276 - Dogtag 10: Relocate all 'pin' data to the 'sensitive'
  dictionary
* TRAC Ticket #277 - Dogtag 10: Create an 'archive' for 'manifest' and
  'pkideployment.cfg' files
* TRAC Ticket #278 - Dogtag 10: Fix Miscellaneous PKI Deployment Scriptlet
  Issues . . .





* TRAC Ticket #263 - Dogtag 10: Fix 'pkidestroy' problem of sporadically "not"
  removing "/etc/sysconfig/{pki_instance_id}" . . .
* TRAC Ticket #264 - Dogtag 10: Enable various other subsystems for
  configuration . . .
* TRAC Ticket #261 - Dogtag 10: Revisit command-line options of 'pkispawn' and
  'pkidestroy' . . .
* TRAC Ticket #268 - Dogtag 10: Create a parameter for optional restart of
  configured PKI instance . . .
* TRAC Ticket #270 - Dogtag 10: Add missing parameters to
  'pkideployment.cfg' . . .
* TRAC Ticket #265 - Dogtag 10: Provide configurable options for PKI client
  information . . .
* TRAC Ticket #275 - Dogtag 10: Add debug information (comments) to Tomcat 7
  "logging.properties"
* TRAC Ticket #276 - Dogtag 10: Relocate all 'pin' data to the 'sensitive'
  dictionary
* TRAC Ticket #277 - Dogtag 10: Create an 'archive' for 'manifest' and
  'pkideployment.cfg' files
* TRAC Ticket #278 - Dogtag 10: Fix Miscellaneous PKI Deployment Scriptlet
  Issues . . .







PKI Deployment Scriptlets
2012-07-25T21:19:38+00:00

Matthew Harmsen
mharmsen@redhat.com

2012-07-24T18:28:29+00:00

14243746edd14be2564b625c4a940c4723c168f1

* PKI TRAC Ticket #244 - Non-user-friendly message when deleting non-existent
  subsystem with pkidestroy
* PKI TRAC Ticket #246 - Incorrect parameter names in pkispawn configuration
* PKI TRAC Ticket #248 - pki_ds_database should not be a DN
* PKI TRAC Ticket #249 - pki_ds_base_dn causing pkispawn failure
* PKI TRAC Ticket #250 - Creating/removing custom instances should not require
  http/ajp ports
* PKI TRAC Ticket #251 - Instance name may conflict with other files
* PKI TRAC Ticket #253 - Fix pki-destroy removal of
  '/var/log/pki/{pki_instance_id}' directory . . .
* PKI TRAC Ticket #254 - Dogtag 10: Fix spec file to build successfully via mock
  on Fedora 17 . . .
* PKI TRAC Ticket #255 - Missing resteasy-atom-provider.jar
* PKI TRAC Ticket #260 - Dogtag 10: Change the layout of 'pki_instance_id' . . .





* PKI TRAC Ticket #244 - Non-user-friendly message when deleting non-existent
  subsystem with pkidestroy
* PKI TRAC Ticket #246 - Incorrect parameter names in pkispawn configuration
* PKI TRAC Ticket #248 - pki_ds_database should not be a DN
* PKI TRAC Ticket #249 - pki_ds_base_dn causing pkispawn failure
* PKI TRAC Ticket #250 - Creating/removing custom instances should not require
  http/ajp ports
* PKI TRAC Ticket #251 - Instance name may conflict with other files
* PKI TRAC Ticket #253 - Fix pki-destroy removal of
  '/var/log/pki/{pki_instance_id}' directory . . .
* PKI TRAC Ticket #254 - Dogtag 10: Fix spec file to build successfully via mock
  on Fedora 17 . . .
* PKI TRAC Ticket #255 - Missing resteasy-atom-provider.jar
* PKI TRAC Ticket #260 - Dogtag 10: Change the layout of 'pki_instance_id' . . .







PKI Deployment Scriptlets
2012-07-19T17:17:18+00:00

Matthew Harmsen
mharmsen@redhat.com

2012-07-19T08:04:54+00:00

5b004df074027d1eba33c2f9038030406830cc3c

* In 'catalina.properties', removed commented out jars
  for each of the subsystems in the 'common.loader'
* In 'server.xml', removed the line containing a '1'
* Moved all parameters from the [Mandatory] and [Optional]
  sections of the 'pkideployment.cfg' file to other more
  appropriate sections (e.g. - [Common], [CA], [KRA], etc.),
  and removed these sections and all of their associated
  logic from the 'pki-deploy' package
* Resolved Dogtag TRAC Ticket #225
  Dogtag 10: Move "pkispawn"/"pkidestroy" logs
* Removed all security domain references from
  external CA logic
* Added new 'pki_subsystem_name' parameter to
  'pkideployment.cfg' file, and applied logic
  throughout 'pki-deploy'
* Added new error message in the case of an
  unset DNS domain name, and replaced the
  log message with a simple print in the
  case of a 'domainname' exception





* In 'catalina.properties', removed commented out jars
  for each of the subsystems in the 'common.loader'
* In 'server.xml', removed the line containing a '1'
* Moved all parameters from the [Mandatory] and [Optional]
  sections of the 'pkideployment.cfg' file to other more
  appropriate sections (e.g. - [Common], [CA], [KRA], etc.),
  and removed these sections and all of their associated
  logic from the 'pki-deploy' package
* Resolved Dogtag TRAC Ticket #225
  Dogtag 10: Move "pkispawn"/"pkidestroy" logs
* Removed all security domain references from
  external CA logic
* Added new 'pki_subsystem_name' parameter to
  'pkideployment.cfg' file, and applied logic
  throughout 'pki-deploy'
* Added new error message in the case of an
  unset DNS domain name, and replaced the
  log message with a simple print in the
  case of a 'domainname' exception