pki.git/base/deploy/config, branch direct-deployment Unnamed repository; edit this file 'description' to name the repository. Hardcode setting of resteasy-lib for instance 2012-12-19T02:40:24+00:00 Ade Lee alee@redhat.com 2012-12-18T17:14:31+00:00 0ed987de47410970bdfffb4900f46e3229c79ffb Tomcat in f17 expects the file under /etc/sysconfig/foo to be a set of environment variables being set, and parses it that way. We recently added some logic to source the global pki.conf file. This works in f18, but breaks instance startup in f17. While this works in f18, its an indication that we are using the tomcat config file incorrectly. Reverting to hardcoding resteasy lib. 
Tomcat in f17 expects the file under /etc/sysconfig/foo to be a
set of environment variables being set, and parses it that way.
We recently added some logic to source the global pki.conf file.
This works in f18, but breaks instance startup in f17.

While this works in f18, its an indication that we are using the
tomcat config file incorrectly.  Reverting to hardcoding resteasy lib.
Modified section on sample.cfg 2012-12-05T21:36:27+00:00 Ade Lee alee@redhat.com 2012-12-05T21:36:27+00:00 cd279e34b5d92ff8fe53e79c974baf9972221748 






Archiving default deployment configuration.
2012-12-04T20:50:55+00:00

Endi Sukma Dewata
edewata@redhat.com

2012-12-04T12:19:43+00:00

81bb209d0a3227f544b7b8e4ec3fc0631c8f3c47

The default deployment configuration has been renamed and moved to
/etc/pki/default.cfg to make it more accessible to users. The pkispawn
has been modified to archive the default deployment configuration
along with the user-provided configuration in the registry. The
pkidestroy will now use both archived configuration files to ensure
proper removal of the subsystem.

Ticket #399





The default deployment configuration has been renamed and moved to
/etc/pki/default.cfg to make it more accessible to users. The pkispawn
has been modified to archive the default deployment configuration
along with the user-provided configuration in the registry. The
pkidestroy will now use both archived configuration files to ensure
proper removal of the subsystem.

Ticket #399







Interpolation correction patch based on review comments
2012-12-04T17:11:53+00:00

Ade Lee
alee@redhat.com

2012-12-04T16:25:55+00:00

a3f7d585fed02fb8b0adaf46228f23bf1275c596












Use interpolation to build default parameters
2012-12-04T17:11:36+00:00

Ade Lee
alee@redhat.com

2012-12-03T17:08:58+00:00

065d883a5595154ec4ca91e890aa380e3bf1d6b2

This patch replaces the code in pkiparser with defaults that are
built up using ConfigParser interpolation.  The patch gets most
(but not all) default parameters.





This patch replaces the code in pkiparser with defaults that are
built up using ConfigParser interpolation.  The patch gets most
(but not all) default parameters.







Common User: pkispawn changes
2012-12-03T14:08:46+00:00

Ade Lee
alee@redhat.com

2012-12-03T03:42:36+00:00

03a6350687e033461306d6b9000ef8ea34af96f9












Replaced links of scriptlets with lists.
2012-11-30T21:03:27+00:00

Endi Sukma Dewata
edewata@redhat.com

2012-11-28T23:59:06+00:00

6344d6e7534696b9c236e818fe6f504bc957adaa

Previously the deployment tools used symbolic links to determine the
scriplets to execute and their order. The code has been changed such
that now the scriplets are listed as parameters (spawn_scriplets and
destroy_scriplets) in the configuration file.

Ticket #403





Previously the deployment tools used symbolic links to determine the
scriplets to execute and their order. The code has been changed such
that now the scriplets are listed as parameters (spawn_scriplets and
destroy_scriplets) in the configuration file.

Ticket #403







Simplified the configuration file using defaults.
2012-11-30T21:03:07+00:00

Endi Sukma Dewata
edewata@redhat.com

2012-11-28T18:12:24+00:00

471a49326ee8755bf2440962a36a30f4df619a17

Previously to create a subsystem the admin would have to copy the
entire default deployment configuration, which contains many
parameters, and then customize it. Now the deployment code has been
changed such that the default config file will be used to provide
the default values, so the admin will only need to provide the
non-default parameters, thus reducing the size of the file.

Sample configuration files are provided in /usr/share/pki/
deployment/config.

Ticket #399





Previously to create a subsystem the admin would have to copy the
entire default deployment configuration, which contains many
parameters, and then customize it. Now the deployment code has been
changed such that the default config file will be used to provide
the default values, so the admin will only need to provide the
non-default parameters, thus reducing the size of the file.

Sample configuration files are provided in /usr/share/pki/
deployment/config.

Ticket #399







Reorganized sensitive parameters.
2012-11-30T21:02:48+00:00

Endi Sukma Dewata
edewata@redhat.com

2012-11-28T14:27:16+00:00

5e93dc2ce2c26c43d3e2f7e9a40cbf08507a5ea6

Previously sensitive parameters are stored in the Sensitive section in
the configuration file, separate from the hierarchical structure used
by non-sensitive parameters. To allow defining multiple subsystems in
a single configuration file the sensitive and non-sensitive parameters
have been reorganized into the same hierarchical structure.

To maintain the security a new meta-parameter has been added to list
all sensitive parameter names. This way the deployment code will know
whether a parameter is sensitive, which then will mask the value before
displaying it to the screen or storing it in a log file.

Ticket #399





Previously sensitive parameters are stored in the Sensitive section in
the configuration file, separate from the hierarchical structure used
by non-sensitive parameters. To allow defining multiple subsystems in
a single configuration file the sensitive and non-sensitive parameters
have been reorganized into the same hierarchical structure.

To maintain the security a new meta-parameter has been added to list
all sensitive parameter names. This way the deployment code will know
whether a parameter is sensitive, which then will mask the value before
displaying it to the screen or storing it in a log file.

Ticket #399







Set paths for default instance
2012-11-05T03:12:57+00:00

Ade Lee
alee@redhat.com

2012-10-26T16:36:14+00:00

db9537d210a20b90115374e5b406db6c9658bc3a

With this patch, it will be possible to install a default instance
simply by adding the passwords in the pkideployment.cfg.  This file
can then be used without additional alteration to add subsystems to the
same instance, by re-running pkispawn against the config file.

The patch makes sure that cert nicknames, database and baseDN , admin users
and client db are unique per subsystem.  An option is added to reuse the
existing server cert generated by the first subsystem and copy the
required data to all subsystems.

Ticket 379, 385





With this patch, it will be possible to install a default instance
simply by adding the passwords in the pkideployment.cfg.  This file
can then be used without additional alteration to add subsystems to the
same instance, by re-running pkispawn against the config file.

The patch makes sure that cert nicknames, database and baseDN , admin users
and client db are unique per subsystem.  An option is added to reuse the
existing server cert generated by the first subsystem and copy the
required data to all subsystems.

Ticket 379, 385