pki.git/base/deploy/src/pkispawn, branch alee-95 Unnamed repository; edit this file 'description' to name the repository. Interpolation correction patch based on review comments 2012-12-04T16:56:25+00:00 Ade Lee alee@redhat.com 2012-12-04T16:25:55+00:00 b2e265466c6b183b707f9a1a8495e31cb121ddfd 






Use interpolation to build default parameters
2012-12-04T15:19:58+00:00

Ade Lee
alee@redhat.com

2012-12-03T17:08:58+00:00

71979729a3b5084d27057f9c83d43a4452888994

This patch replaces the code in pkiparser with defaults that are
built up using ConfigParser interpolation.  The patch gets most
(but not all) default parameters.





This patch replaces the code in pkiparser with defaults that are
built up using ConfigParser interpolation.  The patch gets most
(but not all) default parameters.







Replaced links of scriptlets with lists.
2012-11-30T21:03:27+00:00

Endi Sukma Dewata
edewata@redhat.com

2012-11-28T23:59:06+00:00

6344d6e7534696b9c236e818fe6f504bc957adaa

Previously the deployment tools used symbolic links to determine the
scriplets to execute and their order. The code has been changed such
that now the scriplets are listed as parameters (spawn_scriplets and
destroy_scriplets) in the configuration file.

Ticket #403





Previously the deployment tools used symbolic links to determine the
scriplets to execute and their order. The code has been changed such
that now the scriplets are listed as parameters (spawn_scriplets and
destroy_scriplets) in the configuration file.

Ticket #403







Reorganized sensitive parameters.
2012-11-30T21:02:48+00:00

Endi Sukma Dewata
edewata@redhat.com

2012-11-28T14:27:16+00:00

5e93dc2ce2c26c43d3e2f7e9a40cbf08507a5ea6

Previously sensitive parameters are stored in the Sensitive section in
the configuration file, separate from the hierarchical structure used
by non-sensitive parameters. To allow defining multiple subsystems in
a single configuration file the sensitive and non-sensitive parameters
have been reorganized into the same hierarchical structure.

To maintain the security a new meta-parameter has been added to list
all sensitive parameter names. This way the deployment code will know
whether a parameter is sensitive, which then will mask the value before
displaying it to the screen or storing it in a log file.

Ticket #399





Previously sensitive parameters are stored in the Sensitive section in
the configuration file, separate from the hierarchical structure used
by non-sensitive parameters. To allow defining multiple subsystems in
a single configuration file the sensitive and non-sensitive parameters
have been reorganized into the same hierarchical structure.

To maintain the security a new meta-parameter has been added to list
all sensitive parameter names. This way the deployment code will know
whether a parameter is sensitive, which then will mask the value before
displaying it to the screen or storing it in a log file.

Ticket #399







Refactored pkiparser.py into PKIConfigParser.
2012-11-30T20:01:47+00:00

Endi Sukma Dewata
edewata@redhat.com

2012-11-30T18:45:50+00:00

68751fb281477190cad960d2ef4fce2d15e00798

The code in pkiparser.py has been converted into PKIConfigParser
class to facilitate further improvements.

Ticket #399





The code in pkiparser.py has been converted into PKIConfigParser
class to facilitate further improvements.

Ticket #399







removed dry_run from pkispawn
2012-11-11T04:10:15+00:00

Ade Lee
alee@redhat.com

2012-11-09T17:31:40+00:00

318716f3425a1d818e0633453a1d27a68d2f7f5f

Ticket 411





Ticket 411







Added package checking for pkispawn.
2012-10-01T16:04:10+00:00

Endi Sukma Dewata
edewata@redhat.com

2012-09-27T01:17:33+00:00

aa1c7e757ee01759cb08f3dd5d0556cfe2ef8e32

The pkispawn has been modified such that it will check whether
the package for the subsystem being created has been installed.

Ticket #332





The pkispawn has been modified such that it will check whether
the package for the subsystem being created has been installed.

Ticket #332







PKI Deployment Scriptlets
2012-07-31T03:51:19+00:00

Matthew Harmsen
mharmsen@redhat.com

2012-07-29T01:59:30+00:00

f589cc1e267d6d7b67a6463b4495b7a9c982669f

* TRAC Ticket #263 - Dogtag 10: Fix 'pkidestroy' problem of sporadically "not"
  removing "/etc/sysconfig/{pki_instance_id}" . . .
* TRAC Ticket #264 - Dogtag 10: Enable various other subsystems for
  configuration . . .
* TRAC Ticket #261 - Dogtag 10: Revisit command-line options of 'pkispawn' and
  'pkidestroy' . . .
* TRAC Ticket #268 - Dogtag 10: Create a parameter for optional restart of
  configured PKI instance . . .
* TRAC Ticket #270 - Dogtag 10: Add missing parameters to
  'pkideployment.cfg' . . .
* TRAC Ticket #265 - Dogtag 10: Provide configurable options for PKI client
  information . . .
* TRAC Ticket #275 - Dogtag 10: Add debug information (comments) to Tomcat 7
  "logging.properties"
* TRAC Ticket #276 - Dogtag 10: Relocate all 'pin' data to the 'sensitive'
  dictionary
* TRAC Ticket #277 - Dogtag 10: Create an 'archive' for 'manifest' and
  'pkideployment.cfg' files
* TRAC Ticket #278 - Dogtag 10: Fix Miscellaneous PKI Deployment Scriptlet
  Issues . . .





* TRAC Ticket #263 - Dogtag 10: Fix 'pkidestroy' problem of sporadically "not"
  removing "/etc/sysconfig/{pki_instance_id}" . . .
* TRAC Ticket #264 - Dogtag 10: Enable various other subsystems for
  configuration . . .
* TRAC Ticket #261 - Dogtag 10: Revisit command-line options of 'pkispawn' and
  'pkidestroy' . . .
* TRAC Ticket #268 - Dogtag 10: Create a parameter for optional restart of
  configured PKI instance . . .
* TRAC Ticket #270 - Dogtag 10: Add missing parameters to
  'pkideployment.cfg' . . .
* TRAC Ticket #265 - Dogtag 10: Provide configurable options for PKI client
  information . . .
* TRAC Ticket #275 - Dogtag 10: Add debug information (comments) to Tomcat 7
  "logging.properties"
* TRAC Ticket #276 - Dogtag 10: Relocate all 'pin' data to the 'sensitive'
  dictionary
* TRAC Ticket #277 - Dogtag 10: Create an 'archive' for 'manifest' and
  'pkideployment.cfg' files
* TRAC Ticket #278 - Dogtag 10: Fix Miscellaneous PKI Deployment Scriptlet
  Issues . . .







PKI Deployment Scriptlets
2012-07-25T21:19:38+00:00

Matthew Harmsen
mharmsen@redhat.com

2012-07-24T18:28:29+00:00

14243746edd14be2564b625c4a940c4723c168f1

* PKI TRAC Ticket #244 - Non-user-friendly message when deleting non-existent
  subsystem with pkidestroy
* PKI TRAC Ticket #246 - Incorrect parameter names in pkispawn configuration
* PKI TRAC Ticket #248 - pki_ds_database should not be a DN
* PKI TRAC Ticket #249 - pki_ds_base_dn causing pkispawn failure
* PKI TRAC Ticket #250 - Creating/removing custom instances should not require
  http/ajp ports
* PKI TRAC Ticket #251 - Instance name may conflict with other files
* PKI TRAC Ticket #253 - Fix pki-destroy removal of
  '/var/log/pki/{pki_instance_id}' directory . . .
* PKI TRAC Ticket #254 - Dogtag 10: Fix spec file to build successfully via mock
  on Fedora 17 . . .
* PKI TRAC Ticket #255 - Missing resteasy-atom-provider.jar
* PKI TRAC Ticket #260 - Dogtag 10: Change the layout of 'pki_instance_id' . . .





* PKI TRAC Ticket #244 - Non-user-friendly message when deleting non-existent
  subsystem with pkidestroy
* PKI TRAC Ticket #246 - Incorrect parameter names in pkispawn configuration
* PKI TRAC Ticket #248 - pki_ds_database should not be a DN
* PKI TRAC Ticket #249 - pki_ds_base_dn causing pkispawn failure
* PKI TRAC Ticket #250 - Creating/removing custom instances should not require
  http/ajp ports
* PKI TRAC Ticket #251 - Instance name may conflict with other files
* PKI TRAC Ticket #253 - Fix pki-destroy removal of
  '/var/log/pki/{pki_instance_id}' directory . . .
* PKI TRAC Ticket #254 - Dogtag 10: Fix spec file to build successfully via mock
  on Fedora 17 . . .
* PKI TRAC Ticket #255 - Missing resteasy-atom-provider.jar
* PKI TRAC Ticket #260 - Dogtag 10: Change the layout of 'pki_instance_id' . . .







PKI Deployment Scriptlets
2012-07-19T17:17:18+00:00

Matthew Harmsen
mharmsen@redhat.com

2012-07-19T08:04:54+00:00

5b004df074027d1eba33c2f9038030406830cc3c

* In 'catalina.properties', removed commented out jars
  for each of the subsystems in the 'common.loader'
* In 'server.xml', removed the line containing a '1'
* Moved all parameters from the [Mandatory] and [Optional]
  sections of the 'pkideployment.cfg' file to other more
  appropriate sections (e.g. - [Common], [CA], [KRA], etc.),
  and removed these sections and all of their associated
  logic from the 'pki-deploy' package
* Resolved Dogtag TRAC Ticket #225
  Dogtag 10: Move "pkispawn"/"pkidestroy" logs
* Removed all security domain references from
  external CA logic
* Added new 'pki_subsystem_name' parameter to
  'pkideployment.cfg' file, and applied logic
  throughout 'pki-deploy'
* Added new error message in the case of an
  unset DNS domain name, and replaced the
  log message with a simple print in the
  case of a 'domainname' exception





* In 'catalina.properties', removed commented out jars
  for each of the subsystems in the 'common.loader'
* In 'server.xml', removed the line containing a '1'
* Moved all parameters from the [Mandatory] and [Optional]
  sections of the 'pkideployment.cfg' file to other more
  appropriate sections (e.g. - [Common], [CA], [KRA], etc.),
  and removed these sections and all of their associated
  logic from the 'pki-deploy' package
* Resolved Dogtag TRAC Ticket #225
  Dogtag 10: Move "pkispawn"/"pkidestroy" logs
* Removed all security domain references from
  external CA logic
* Added new 'pki_subsystem_name' parameter to
  'pkideployment.cfg' file, and applied logic
  throughout 'pki-deploy'
* Added new error message in the case of an
  unset DNS domain name, and replaced the
  log message with a simple print in the
  case of a 'domainname' exception