remove inaccessible URLs from server.xml

- PKI TRAC Ticket #1443 - pkidaemon status tomcat list URLs under PKI
  subsystems which are not accessible

4 files changed, 44 insertions, 6 deletions

diff --git a/base/common/upgrade/10.2.6/.gitignore b/base/common/upgrade/10.2.6/.gitignore
new file mode 100644
index 000000000..5e7d2734c
--- /dev/null
+++ b/base/common/upgrade/10.2.6/.gitignore
@@ -0,0 +1,4 @@
+# Ignore everything in this directory
+*
+# Except this file
+!.gitignore
diff --git a/base/server/tomcat7/conf/server.xml b/base/server/tomcat7/conf/server.xml
index 81ed5c4e3..c52bd5bab 100644
--- a/base/server/tomcat7/conf/server.xml
+++ b/base/server/tomcat7/conf/server.xml
@@ -32,7 +32,6 @@ Unsecure URL        = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/ca/ee/ca
 Secure Agent URL    = https://[PKI_HOSTNAME]:[PKI_AGENT_SECURE_PORT]/ca/agent/ca
 Secure EE URL       = https://[PKI_HOSTNAME]:[PKI_EE_SECURE_PORT]/ca/ee/ca
 Secure Admin URL    = https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/ca/services
-EE Client Auth URL  = https://[PKI_HOSTNAME]:[PKI_EE_SECURE_CLIENT_AUTH_PORT]/ca/eeca/ca
 PKI Console Command = pkiconsole https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/ca
 Tomcat Port         = [TOMCAT_SERVER_PORT] (for shutdown)
 -->
@@ -40,7 +39,6 @@ Tomcat Port         = [TOMCAT_SERVER_PORT] (for shutdown)
 <!--
 Unsecure URL        = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/kra/ee/kra
 Secure Agent URL    = https://[PKI_HOSTNAME]:[PKI_AGENT_SECURE_PORT]/kra/agent/kra
-Secure EE URL       = https://[PKI_HOSTNAME]:[PKI_EE_SECURE_PORT]/kra/ee/kra
 Secure Admin URL    = https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/kra/services
 PKI Console Command = pkiconsole https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/kra
 Tomcat Port         = [TOMCAT_SERVER_PORT] (for shutdown)
@@ -58,7 +56,6 @@ Tomcat Port         = [TOMCAT_SERVER_PORT] (for shutdown)
 <!--
 Unsecure URL        = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tks/ee/tks
 Secure Agent URL    = https://[PKI_HOSTNAME]:[PKI_AGENT_SECURE_PORT]/tks/agent/tks
-Secure EE URL       = https://[PKI_HOSTNAME]:[PKI_EE_SECURE_PORT]/tks/ee/tks
 Secure Admin URL    = https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/tks/services
 PKI Console Command = pkiconsole https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/tks
 Tomcat Port         = [TOMCAT_SERVER_PORT] (for shutdown)
diff --git a/base/server/tomcat8/conf/server.xml b/base/server/tomcat8/conf/server.xml
index 3a6c55934..a794760d8 100644
--- a/base/server/tomcat8/conf/server.xml
+++ b/base/server/tomcat8/conf/server.xml
@@ -32,7 +32,6 @@ Unsecure URL        = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/ca/ee/ca
 Secure Agent URL    = https://[PKI_HOSTNAME]:[PKI_AGENT_SECURE_PORT]/ca/agent/ca
 Secure EE URL       = https://[PKI_HOSTNAME]:[PKI_EE_SECURE_PORT]/ca/ee/ca
 Secure Admin URL    = https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/ca/services
-EE Client Auth URL  = https://[PKI_HOSTNAME]:[PKI_EE_SECURE_CLIENT_AUTH_PORT]/ca/eeca/ca
 PKI Console Command = pkiconsole https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/ca
 Tomcat Port         = [TOMCAT_SERVER_PORT] (for shutdown)
 -->
@@ -40,7 +39,6 @@ Tomcat Port         = [TOMCAT_SERVER_PORT] (for shutdown)
 <!--
 Unsecure URL        = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/kra/ee/kra
 Secure Agent URL    = https://[PKI_HOSTNAME]:[PKI_AGENT_SECURE_PORT]/kra/agent/kra
-Secure EE URL       = https://[PKI_HOSTNAME]:[PKI_EE_SECURE_PORT]/kra/ee/kra
 Secure Admin URL    = https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/kra/services
 PKI Console Command = pkiconsole https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/kra
 Tomcat Port         = [TOMCAT_SERVER_PORT] (for shutdown)
@@ -58,7 +56,6 @@ Tomcat Port         = [TOMCAT_SERVER_PORT] (for shutdown)
 <!--
 Unsecure URL        = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tks/ee/tks
 Secure Agent URL    = https://[PKI_HOSTNAME]:[PKI_AGENT_SECURE_PORT]/tks/agent/tks
-Secure EE URL       = https://[PKI_HOSTNAME]:[PKI_EE_SECURE_PORT]/tks/ee/tks
 Secure Admin URL    = https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/tks/services
 PKI Console Command = pkiconsole https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/tks
 Tomcat Port         = [TOMCAT_SERVER_PORT] (for shutdown)
diff --git a/base/server/upgrade/10.2.6/01-RemoveInaccessableURLsFromServerXML b/base/server/upgrade/10.2.6/01-RemoveInaccessableURLsFromServerXML
new file mode 100755
index 000000000..1a9d3283c
--- /dev/null
+++ b/base/server/upgrade/10.2.6/01-RemoveInaccessableURLsFromServerXML
@@ -0,0 +1,40 @@
+#!/usr/bin/python
+# Authors:
+#     Matthew Harmsen <mharmsen@redhat.com>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2015 Red Hat, Inc.
+# All rights reserved.
+#
+
+import subprocess
+
+import pki.server.upgrade
+
+
+class RemoveInaccessableURLsFromServerXML(
+    pki.server.upgrade.PKIServerUpgradeScriptlet):
+    def __init__(self):
+        super(RemoveInaccessableURLsFromServerXML, self).__init__()
+        self.message = 'Remove inaccessable URLs from server.xml'
+
+    def upgrade_instance(self, instance):
+        subprocess.check_call([
+            'sed', '-i',
+            '-e', '\|^.*EE Client Auth URL.*ca/eeca/ca.*$|d',
+            '-e', '\|^.*Secure EE URL.*kra/ee/kra.*$|d',
+            '-e', '\|^.*Secure EE URL.*tks/ee/tks.*$|d',
+            '/etc/pki/{0}/server.xml'.format(instance.name)
+        ])