summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAde Lee <alee@redhat.com>2012-10-11 09:16:34 -0400
committerAde Lee <alee@redhat.com>2012-10-12 13:47:21 -0400
commit35eb6086ef5dfab92d3bcf1a486d80e22628ced0 (patch)
treeed149645d7ae45fa87ba211fa35a25ba007493d4
parent8a2d3428dd7ed7fc0b83d6b776ab03b9def0d383 (diff)
downloadpki-35eb6086ef5dfab92d3bcf1a486d80e22628ced0.tar.gz
pki-35eb6086ef5dfab92d3bcf1a486d80e22628ced0.tar.xz
pki-35eb6086ef5dfab92d3bcf1a486d80e22628ced0.zip
changes to remind folks not to use pkicreate/pkiremove
-rwxr-xr-xbase/setup/pkicreate181
-rwxr-xr-xbase/setup/pkiremove5
2 files changed, 8 insertions, 178 deletions
diff --git a/base/setup/pkicreate b/base/setup/pkicreate
index b83fd870c..506e766ef 100755
--- a/base/setup/pkicreate
+++ b/base/setup/pkicreate
@@ -668,101 +668,9 @@ sub usage
### USAGE: CA, KRA, OCSP, or TKS subsystem instance creation (Tomcat) ###
###############################################################################
-pkicreate -pki_instance_root=<pki_instance_root> # Instance root directory
- # destination
-
- -pki_instance_name=<pki_instance_id> # Unique PKI subsystem
- # instance name
-
- -subsystem_type=<subsystem_type> # Subsystem type
- # [ca | kra | ocsp | tks]
-
- #####################################################################
- ### SELECT separate secure ports for AGENT, EE, and ADMIN: ###
- #####################################################################
-
- -agent_secure_port=<agent_secure_port> # Agent secure port
-
- -ee_secure_port=<ee_secure_port> # EE secure port
-
- -admin_secure_port=<admin_secure_port> # Admin secure port
-
- #####################################################################
- ### ... and a client auth EE port, required for CAs only ###
- #####################################################################
-
- -ee_secure_client_auth_port=<ee_secure_client_auth_port>
- # EE secure client authentication port
-
- #####################################################################
- ### OR SELECT a single secure port shared by AGENT,EE and ADMIN ###
- ### ###
- ### WARNING: Use of a single shared secure port has been ###
- ### DEPRECATED! Use 'port separation' in conjunction ###
- ### with 'port forwarding' to emulate this behavior. ###
- #####################################################################
-
- -secure_port=<secure_port> # Secure port
- # (shared by Agent,
- # EE, and Admin)
-
- #####################################################################
- ### END secure port SELECTION ###
- #####################################################################
-
- -unsecure_port=<unsecure_port> # Unsecure port
-
- -tomcat_server_port=<tomcat_server_port> # Unique port for each
- # Tomcat instance
-
- #####################################################################
- ### proxy configuration ###
- ### if -enable_proxy is set, ajp_port, proxy_secure_port, and ###
- ### proxy_unsecure_port are also set. ###
- #####################################################################
-
- [-enable_proxy] #enable proxy configuration
- [-ajp_port=<ajp_port>] #AJP port, default 9447
-
- [-proxy_secure_port=<proxy_secure_port>] # Proxy secure port,
- # default 443
-
- [-proxy_unsecure_port=<unsecure_port>] # Proxy unsecure port,
- # default 80
-
- #####################################################################
- ### END proxy configuration ###
- #####################################################################
-
- [-user=<username>] # User ownership
- # (must ALSO specify
- # group ownership)
- #
- # [Default=pkiuser]
-
- [-group=<groupname>] # Group ownership
- # (must ALSO specify
- # user ownership)
- #
- # [Default=pkiuser]
-
- [-redirect conf=<real conf dir path>] # Redirection of
- # 'conf' directory
-
- [-redirect logs=<real logs dir path>] # Redirection of
- # 'logs' directory
-
- [-verbose] # Print out liberal info
- # during 'pkicreate'.
- # Specify multiple times
- # to increase verbosity.
-
- [-dry_run] # Do not perform any actions.
- # Just report what would have
- # been done.
-
- [-help] # Print out this screen
-
+As of Dogtag 10, pkicreate is no longer supported for the creation of CA, KRA,
+OCSP and TKS subsystems. To create instances of these subsystems, use
+pkispawn instead.
###############################################################################
### USAGE: RA or TPS subsystem instance creation (Apache) ###
@@ -823,89 +731,12 @@ pkicreate -pki_instance_root=<pki_instance_root> # Instance root directory
###############################################################################
### EXAMPLES: ###
-### PKI (Tomcat) subsystem instance creation of a CA ###
-### PKI (Tomcat) subsystem instance creation of a Subordinate CA ###
-### PKI (Tomcat) subsystem instance creation of a KRA ###
-### PKI (Tomcat) subsystem instance creation of an OCSP ###
-### PKI (Tomcat) subsystem instance creation of a TKS ###
### PKI (Apache) subsystem instance creation of an RA ###
### PKI (Apache) subsystem instance creation of a TPS ###
### PKI (Apache) subsystem instance creation of a second TPS ###
###############################################################################
pkicreate -pki_instance_root=/var/lib \
- -pki_instance_name=pki-ca \
- -subsystem_type=ca \
- -agent_secure_port=9443 \
- -ee_secure_port=9444 \
- -ee_secure_client_auth_port=9446 \
- -admin_secure_port=9445 \
- -unsecure_port=9180 \
- -tomcat_server_port=9701 \
- -user=pkiuser \
- -group=pkiuser \
- -redirect conf=/etc/pki-ca \
- -redirect logs=/var/log/pki-ca \
- -verbose
-
-pkicreate -pki_instance_root=/var/lib \
- -pki_instance_name=pki-subca \
- -subsystem_type=ca \
- -agent_secure_port=9543 \
- -ee_secure_port=9544 \
- -ee_secure_client_auth_port=9546 \
- -admin_secure_port=9545 \
- -unsecure_port=9580 \
- -tomcat_server_port=9801 \
- -user=pkiuser \
- -group=pkiuser \
- -redirect conf=/etc/pki-subca \
- -redirect logs=/var/log/pki-subca \
- -verbose
-
-pkicreate -pki_instance_root=/var/lib \
- -pki_instance_name=pki-kra \
- -subsystem_type=kra \
- -agent_secure_port=10443 \
- -ee_secure_port=10444 \
- -admin_secure_port=10445 \
- -unsecure_port=10180 \
- -tomcat_server_port=10701 \
- -user=pkiuser \
- -group=pkiuser \
- -redirect conf=/etc/pki-kra \
- -redirect logs=/var/log/pki-kra \
- -verbose
-
-pkicreate -pki_instance_root=/var/lib \
- -pki_instance_name=pki-ocsp \
- -subsystem_type=ocsp \
- -agent_secure_port=11443 \
- -ee_secure_port=11444 \
- -admin_secure_port=11445 \
- -unsecure_port=11180 \
- -tomcat_server_port=11701 \
- -user=pkiuser \
- -group=pkiuser \
- -redirect conf=/etc/pki-ocsp \
- -redirect logs=/var/log/pki-ocsp \
- -verbose
-
-pkicreate -pki_instance_root=/var/lib \
- -pki_instance_name=pki-tks \
- -subsystem_type=tks \
- -agent_secure_port=13443 \
- -ee_secure_port=13444 \
- -admin_secure_port=13445 \
- -unsecure_port=13180 \
- -tomcat_server_port=13701 \
- -user=pkiuser \
- -group=pkiuser \
- -redirect conf=/etc/pki-tks \
- -redirect logs=/var/log/pki-tks \
- -verbose
-
-pkicreate -pki_instance_root=/var/lib \
-pki_instance_name=pki-ra \
-subsystem_type=ra \
-secure_port=12889 \
@@ -1043,11 +874,7 @@ sub parse_arguments
}
## Mandatory "-subsystem_type=s" option
- if ($subsystem_type ne $CA &&
- $subsystem_type ne $KRA &&
- $subsystem_type ne $OCSP &&
- $subsystem_type ne $TKS &&
- $subsystem_type ne $RA &&
+ if ($subsystem_type ne $RA &&
$subsystem_type ne $TPS) {
usage();
emit("Illegal value => $subsystem_type : for -subsystem_type!\n",
diff --git a/base/setup/pkiremove b/base/setup/pkiremove
index ca81cb09e..3b4ab63b5 100755
--- a/base/setup/pkiremove
+++ b/base/setup/pkiremove
@@ -168,9 +168,12 @@ Usage: pkiremove -pki_instance_root=<pki_instance_root> # Instance root
[-dry_run] # Do not perform any actions.
# Just report what would have been done.
-Example: pkiremove -pki_instance_root=/var/lib -pki_instance_name=pki-ca
+Example: pkiremove -pki_instance_root=/var/lib -pki_instance_name=pki-tps
IMPORTANT: Must be run as root!
+IMPORTANT: pkiremove should only be used to remove instances which were created
+ using pkicreate. Instances created using pkispawn should be removed
+ using pkidestroy.
EOF
return;
}