pki.git/base/deploy/scripts/operations, branch dev1 Unnamed repository; edit this file 'description' to name the repository. Link to resteasy-base on rhel systems when running pkispawn 2012-11-21T05:04:32+00:00 Ade Lee alee@redhat.com 2012-11-21T04:34:32+00:00 40e58f937d49f1a0029a226ab714cb54f12a9239 






Enabled Tomcat security manager.
2012-10-27T04:32:31+00:00

Endi Sukma Dewata
edewata@redhat.com

2012-10-02T16:40:35+00:00

5eab7fedf1c78610b5e030b9e07e93f32633e9ad

The tomcat.conf and the template deployment configuration have been
modified to enable the security manager. The operations script has
been modified to generate a new catalina.policy from the standard
Tomcat policy, the standard PKI policy and the custom policy every
time the instance is started.

The current catalina.policy has been changed to store a header for
the dynamically generated catalina.policy. A new pki.policy has been
added to store the default PKI security policy. An empty
custom.policy has been added to store policy customization.

Ticket #223





The tomcat.conf and the template deployment configuration have been
modified to enable the security manager. The operations script has
been modified to generate a new catalina.policy from the standard
Tomcat policy, the standard PKI policy and the custom policy every
time the instance is started.

The current catalina.policy has been changed to store a header for
the dynamically generated catalina.policy. A new pki.policy has been
added to store the default PKI security policy. An empty
custom.policy has been added to store policy customization.

Ticket #223







add selinux context for pkidaemon, remove unneeded pid and lock code
2012-10-05T19:55:44+00:00

Ade Lee
alee@redhat.com

2012-10-01T17:55:03+00:00

6e79c7cb922072614155c067e26fab446893bae7

remove runcon from operations, add rules for spawn/destroy,
add mgrepl changes to policy





remove runcon from operations, add rules for spawn/destroy,
add mgrepl changes to policy







Fixed conflicting log4j.properties.
2012-09-19T15:36:43+00:00

Endi Sukma Dewata
edewata@redhat.com

2012-09-14T20:42:01+00:00

7b737b2ea9d798cbbfb27ad15d157a7cb42fdb08

The <instance>/lib link has been replaced with a real folder
which contains links to the files in /usr/share/tomcat/lib. This
way the log4j.properties can be placed in this folder without
causing conflicts with other instances.

Ticket: #284





The <instance>/lib link has been replaced with a real folder
which contains links to the files in /usr/share/tomcat/lib. This
way the log4j.properties can be placed in this folder without
causing conflicts with other instances.

Ticket: #284







Fixed problems with optional pki-symkey.
2012-09-18T18:11:16+00:00

Endi Sukma Dewata
edewata@redhat.com

2012-09-17T18:04:45+00:00

8ed86a749548ed2c373026ec34f5284a329bb7c2

The deployment and init scripts have been fixed to create and check
the link to symkey.jar if a TKS instance is added, and remove the
link if the instance is removed.

Ticket #331





The deployment and init scripts have been fixed to create and check
the link to symkey.jar if a TKS instance is added, and remove the
link if the instance is removed.

Ticket #331







Added proxy realm.
2012-09-05T15:09:41+00:00

Endi Sukma Dewata
edewata@redhat.com

2012-08-21T22:38:29+00:00

8eb2eac080c2e9595b506f49f25d2c1718453bbc

CMS engine is a singleton and it's used by PKI realm to authenticate
users accessing the subsystem. Since a Tomcat instance may contain
multiple subsystems, each having separate realm, the PKI JAR links
need to be moved into WEB-INF/lib so that they will run inside
separate class loaders.

Tomcat also requires that the authenticator and realm classes be
available in common/lib. To address this a new package pki-tomcat.jar
has been added. The package contains the authenticator and a proxy
realm. When the subsystems start running, they will register their
own realms into the proxy realms such that the authentications will
be forwarded to the appropriate subsystems.

Ticket #89





CMS engine is a singleton and it's used by PKI realm to authenticate
users accessing the subsystem. Since a Tomcat instance may contain
multiple subsystems, each having separate realm, the PKI JAR links
need to be moved into WEB-INF/lib so that they will run inside
separate class loaders.

Tomcat also requires that the authenticator and realm classes be
available in common/lib. To address this a new package pki-tomcat.jar
has been added. The package contains the authenticator and a proxy
realm. When the subsystems start running, they will register their
own realms into the proxy realms such that the authentications will
be forwarded to the appropriate subsystems.

Ticket #89







Verify symbolic links and update CS.cfg for Dogtag 10
2012-08-29T17:08:36+00:00

Matthew Harmsen
mharmsen@redhat.com

2012-08-28T03:48:34+00:00

48e68f928f72a782afa6ab165a026901efd53b22

* TRAC Ticket #301 - Need to modify init scripts to verify needed
  symlinks in an instance
* TRAC Ticket #303 - Dogtag 10: CS.cfg parameters for Dogtag 9 instance
  running under Dogtag 10 packages . . .





* TRAC Ticket #301 - Need to modify init scripts to verify needed
  symlinks in an instance
* TRAC Ticket #303 - Dogtag 10: CS.cfg parameters for Dogtag 9 instance
  running under Dogtag 10 packages . . .







Fixed operations to operate on correct number of instances
2012-08-04T02:28:02+00:00

Ade Lee
alee@redhat.com

2012-08-03T15:31:15+00:00

178327661293a26dfa3a9dc52dd9464f6d97fd3f

Reverted previous fix to pkidaemon and operations.  Now, as
expected, systemctl start/stop pki-tomcatd@foo.service will stop
instance foo, whereas pki-tomcatd.target will affect all tomcatd
instances.





Reverted previous fix to pkidaemon and operations.  Now, as
expected, systemctl start/stop pki-tomcatd@foo.service will stop
instance foo, whereas pki-tomcatd.target will affect all tomcatd
instances.







PKI Deployment Scriptlets
2012-08-02T17:43:30+00:00

Matthew Harmsen
mharmsen@redhat.com

2012-08-02T04:36:28+00:00

e0a57d039dec42526e5f3241a0439b04f17d4ee5

* PKI TRAC Ticket #279 - Dogtag 10: Fix remaining 'cloning' issues in
  'pkispawn' . . .
* PKI TRAC Ticket #280 - Dogtag 10: Fix remaining issues in 'pkidestroy'
  related to deletion of more than one instance . . .
* PKI TRAC Ticket #281 - Dogtag 10: Fix 'pkidaemon'/'operations' issue to
  handle individual instance . . .





* PKI TRAC Ticket #279 - Dogtag 10: Fix remaining 'cloning' issues in
  'pkispawn' . . .
* PKI TRAC Ticket #280 - Dogtag 10: Fix remaining issues in 'pkidestroy'
  related to deletion of more than one instance . . .
* PKI TRAC Ticket #281 - Dogtag 10: Fix 'pkidaemon'/'operations' issue to
  handle individual instance . . .







Selinux policy for new configuration.
2012-07-25T05:48:48+00:00

Ade Lee
alee@redhat.com

2012-07-10T15:50:59+00:00

5fd74e0e0c9407306e99ef4fd2e776cb911ee94a

Added tomcat_t for java processes.  Added aliases for old types to allow
compatibility of existng subsystems.  Added install scripts for pkispawn
and pkidestroy





Added tomcat_t for java processes.  Added aliases for old types to allow
compatibility of existng subsystems.  Added install scripts for pkispawn
and pkidestroy