pki.git/base/deploy/config, branch tkstool

WIP

2012-11-30T05:23:04+00:00

Removed unused pki_admin_domain_name.

2012-11-29T18:38:14+00:00

Replaced links of scriptlets with lists.

2012-11-28T23:59:06+00:00

Previously the deployment tools used symbolic links to determine the
scriplets to execute and their order. The code has been changed such
that now the scriplets are listed as parameters (spawn_scriplets and
destroy_scriplets) in the configuration file.

Ticket #403

Simplified the configuration file using defaults.

2012-11-28T20:33:47+00:00

Previously to create a subsystem the admin would have to copy the
entire default deployment configuration, which contains many
parameters, and then customize it. Now the deployment code has been
changed such that the default config file will be used to provide
the default values, so the admin will only need to provide the
non-default parameters, thus reducing the size of the file.

Sample configuration files are provided in /usr/share/pki/
deployment/config.

Ticket #399

Reorganized sensitive parameters.

2012-11-28T15:24:48+00:00

Previously sensitive parameters are stored in the Sensitive section in
the configuration file, separate from the hierarchical structure used
by non-sensitive parameters. To allow defining multiple subsystems in
a single configuration file the sensitive and non-sensitive parameters
have been reorganized into the same hierarchical structure.

To maintain the security a new meta-parameter has been added to list
all sensitive parameter names. This way the deployment code will know
whether a parameter is sensitive, which then will mask the value before
displaying it to the screen or storing it in a log file.

Ticket #399

Set paths for default instance

2012-11-05T03:12:57+00:00

With this patch, it will be possible to install a default instance
simply by adding the passwords in the pkideployment.cfg.  This file
can then be used without additional alteration to add subsystems to the
same instance, by re-running pkispawn against the config file.

The patch makes sure that cert nicknames, database and baseDN , admin users
and client db are unique per subsystem.  An option is added to reuse the
existing server cert generated by the first subsystem and copy the
required data to all subsystems.

Ticket 379, 385

Allow a PKI instance to be installed/configured independently

2012-10-30T14:56:06+00:00

* TRAC Ticket #286 - Dogtag 10: Create parameter for optionally allowing
  a user to skip configuration . . .

Enabled Tomcat security manager.

2012-10-27T04:32:31+00:00

The tomcat.conf and the template deployment configuration have been
modified to enable the security manager. The operations script has
been modified to generate a new catalina.policy from the standard
Tomcat policy, the standard PKI policy and the custom policy every
time the instance is started.

The current catalina.policy has been changed to store a header for
the dynamically generated catalina.policy. A new pki.policy has been
added to store the default PKI security policy. An empty
custom.policy has been added to store policy customization.

Ticket #223

Provide option to install, rather than replicate schema in a clone

2012-10-22T16:03:39+00:00

Various fixes to installation servlet and pki-deploy

2012-09-13T01:39:47+00:00

Added logging so that we can see what is passed in to server from pkispawn.
Fixed incorrect dbuser specification.
Added required replication config items to pkispawn.
Initial refactoring of construct_pki_configuration_data in pkijython.py