diff options
author | Ade Lee <alee@redhat.com> | 2012-10-11 09:16:34 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2012-10-12 13:47:21 -0400 |
commit | 35eb6086ef5dfab92d3bcf1a486d80e22628ced0 (patch) | |
tree | ed149645d7ae45fa87ba211fa35a25ba007493d4 | |
parent | 8a2d3428dd7ed7fc0b83d6b776ab03b9def0d383 (diff) | |
download | pki-35eb6086ef5dfab92d3bcf1a486d80e22628ced0.tar.gz pki-35eb6086ef5dfab92d3bcf1a486d80e22628ced0.tar.xz pki-35eb6086ef5dfab92d3bcf1a486d80e22628ced0.zip |
changes to remind folks not to use pkicreate/pkiremove
-rwxr-xr-x | base/setup/pkicreate | 181 | ||||
-rwxr-xr-x | base/setup/pkiremove | 5 |
2 files changed, 8 insertions, 178 deletions
diff --git a/base/setup/pkicreate b/base/setup/pkicreate index b83fd870c..506e766ef 100755 --- a/base/setup/pkicreate +++ b/base/setup/pkicreate @@ -668,101 +668,9 @@ sub usage ### USAGE: CA, KRA, OCSP, or TKS subsystem instance creation (Tomcat) ### ############################################################################### -pkicreate -pki_instance_root=<pki_instance_root> # Instance root directory - # destination - - -pki_instance_name=<pki_instance_id> # Unique PKI subsystem - # instance name - - -subsystem_type=<subsystem_type> # Subsystem type - # [ca | kra | ocsp | tks] - - ##################################################################### - ### SELECT separate secure ports for AGENT, EE, and ADMIN: ### - ##################################################################### - - -agent_secure_port=<agent_secure_port> # Agent secure port - - -ee_secure_port=<ee_secure_port> # EE secure port - - -admin_secure_port=<admin_secure_port> # Admin secure port - - ##################################################################### - ### ... and a client auth EE port, required for CAs only ### - ##################################################################### - - -ee_secure_client_auth_port=<ee_secure_client_auth_port> - # EE secure client authentication port - - ##################################################################### - ### OR SELECT a single secure port shared by AGENT,EE and ADMIN ### - ### ### - ### WARNING: Use of a single shared secure port has been ### - ### DEPRECATED! Use 'port separation' in conjunction ### - ### with 'port forwarding' to emulate this behavior. ### - ##################################################################### - - -secure_port=<secure_port> # Secure port - # (shared by Agent, - # EE, and Admin) - - ##################################################################### - ### END secure port SELECTION ### - ##################################################################### - - -unsecure_port=<unsecure_port> # Unsecure port - - -tomcat_server_port=<tomcat_server_port> # Unique port for each - # Tomcat instance - - ##################################################################### - ### proxy configuration ### - ### if -enable_proxy is set, ajp_port, proxy_secure_port, and ### - ### proxy_unsecure_port are also set. ### - ##################################################################### - - [-enable_proxy] #enable proxy configuration - [-ajp_port=<ajp_port>] #AJP port, default 9447 - - [-proxy_secure_port=<proxy_secure_port>] # Proxy secure port, - # default 443 - - [-proxy_unsecure_port=<unsecure_port>] # Proxy unsecure port, - # default 80 - - ##################################################################### - ### END proxy configuration ### - ##################################################################### - - [-user=<username>] # User ownership - # (must ALSO specify - # group ownership) - # - # [Default=pkiuser] - - [-group=<groupname>] # Group ownership - # (must ALSO specify - # user ownership) - # - # [Default=pkiuser] - - [-redirect conf=<real conf dir path>] # Redirection of - # 'conf' directory - - [-redirect logs=<real logs dir path>] # Redirection of - # 'logs' directory - - [-verbose] # Print out liberal info - # during 'pkicreate'. - # Specify multiple times - # to increase verbosity. - - [-dry_run] # Do not perform any actions. - # Just report what would have - # been done. - - [-help] # Print out this screen - +As of Dogtag 10, pkicreate is no longer supported for the creation of CA, KRA, +OCSP and TKS subsystems. To create instances of these subsystems, use +pkispawn instead. ############################################################################### ### USAGE: RA or TPS subsystem instance creation (Apache) ### @@ -823,89 +731,12 @@ pkicreate -pki_instance_root=<pki_instance_root> # Instance root directory ############################################################################### ### EXAMPLES: ### -### PKI (Tomcat) subsystem instance creation of a CA ### -### PKI (Tomcat) subsystem instance creation of a Subordinate CA ### -### PKI (Tomcat) subsystem instance creation of a KRA ### -### PKI (Tomcat) subsystem instance creation of an OCSP ### -### PKI (Tomcat) subsystem instance creation of a TKS ### ### PKI (Apache) subsystem instance creation of an RA ### ### PKI (Apache) subsystem instance creation of a TPS ### ### PKI (Apache) subsystem instance creation of a second TPS ### ############################################################################### pkicreate -pki_instance_root=/var/lib \ - -pki_instance_name=pki-ca \ - -subsystem_type=ca \ - -agent_secure_port=9443 \ - -ee_secure_port=9444 \ - -ee_secure_client_auth_port=9446 \ - -admin_secure_port=9445 \ - -unsecure_port=9180 \ - -tomcat_server_port=9701 \ - -user=pkiuser \ - -group=pkiuser \ - -redirect conf=/etc/pki-ca \ - -redirect logs=/var/log/pki-ca \ - -verbose - -pkicreate -pki_instance_root=/var/lib \ - -pki_instance_name=pki-subca \ - -subsystem_type=ca \ - -agent_secure_port=9543 \ - -ee_secure_port=9544 \ - -ee_secure_client_auth_port=9546 \ - -admin_secure_port=9545 \ - -unsecure_port=9580 \ - -tomcat_server_port=9801 \ - -user=pkiuser \ - -group=pkiuser \ - -redirect conf=/etc/pki-subca \ - -redirect logs=/var/log/pki-subca \ - -verbose - -pkicreate -pki_instance_root=/var/lib \ - -pki_instance_name=pki-kra \ - -subsystem_type=kra \ - -agent_secure_port=10443 \ - -ee_secure_port=10444 \ - -admin_secure_port=10445 \ - -unsecure_port=10180 \ - -tomcat_server_port=10701 \ - -user=pkiuser \ - -group=pkiuser \ - -redirect conf=/etc/pki-kra \ - -redirect logs=/var/log/pki-kra \ - -verbose - -pkicreate -pki_instance_root=/var/lib \ - -pki_instance_name=pki-ocsp \ - -subsystem_type=ocsp \ - -agent_secure_port=11443 \ - -ee_secure_port=11444 \ - -admin_secure_port=11445 \ - -unsecure_port=11180 \ - -tomcat_server_port=11701 \ - -user=pkiuser \ - -group=pkiuser \ - -redirect conf=/etc/pki-ocsp \ - -redirect logs=/var/log/pki-ocsp \ - -verbose - -pkicreate -pki_instance_root=/var/lib \ - -pki_instance_name=pki-tks \ - -subsystem_type=tks \ - -agent_secure_port=13443 \ - -ee_secure_port=13444 \ - -admin_secure_port=13445 \ - -unsecure_port=13180 \ - -tomcat_server_port=13701 \ - -user=pkiuser \ - -group=pkiuser \ - -redirect conf=/etc/pki-tks \ - -redirect logs=/var/log/pki-tks \ - -verbose - -pkicreate -pki_instance_root=/var/lib \ -pki_instance_name=pki-ra \ -subsystem_type=ra \ -secure_port=12889 \ @@ -1043,11 +874,7 @@ sub parse_arguments } ## Mandatory "-subsystem_type=s" option - if ($subsystem_type ne $CA && - $subsystem_type ne $KRA && - $subsystem_type ne $OCSP && - $subsystem_type ne $TKS && - $subsystem_type ne $RA && + if ($subsystem_type ne $RA && $subsystem_type ne $TPS) { usage(); emit("Illegal value => $subsystem_type : for -subsystem_type!\n", diff --git a/base/setup/pkiremove b/base/setup/pkiremove index ca81cb09e..3b4ab63b5 100755 --- a/base/setup/pkiremove +++ b/base/setup/pkiremove @@ -168,9 +168,12 @@ Usage: pkiremove -pki_instance_root=<pki_instance_root> # Instance root [-dry_run] # Do not perform any actions. # Just report what would have been done. -Example: pkiremove -pki_instance_root=/var/lib -pki_instance_name=pki-ca +Example: pkiremove -pki_instance_root=/var/lib -pki_instance_name=pki-tps IMPORTANT: Must be run as root! +IMPORTANT: pkiremove should only be used to remove instances which were created + using pkicreate. Instances created using pkispawn should be removed + using pkidestroy. EOF return; } |