summaryrefslogtreecommitdiffstats
path: root/base/deploy/config/deployment.cfg
diff options
context:
space:
mode:
authorAde Lee <alee@redhat.com>2012-12-03 12:08:58 -0500
committerAde Lee <alee@redhat.com>2012-12-04 12:11:36 -0500
commit065d883a5595154ec4ca91e890aa380e3bf1d6b2 (patch)
tree67f95fac777fd6800560ecad4a110bc31cdc799f /base/deploy/config/deployment.cfg
parent66c519f0185f24a650df834d781be2ed7ef857f7 (diff)
downloadpki-065d883a5595154ec4ca91e890aa380e3bf1d6b2.tar.gz
pki-065d883a5595154ec4ca91e890aa380e3bf1d6b2.tar.xz
pki-065d883a5595154ec4ca91e890aa380e3bf1d6b2.zip
Use interpolation to build default parameters
This patch replaces the code in pkiparser with defaults that are built up using ConfigParser interpolation. The patch gets most (but not all) default parameters.
Diffstat (limited to 'base/deploy/config/deployment.cfg')
-rw-r--r--base/deploy/config/deployment.cfg154
1 files changed, 88 insertions, 66 deletions
diff --git a/base/deploy/config/deployment.cfg b/base/deploy/config/deployment.cfg
index 6ff7a35bb..9eb930414 100644
--- a/base/deploy/config/deployment.cfg
+++ b/base/deploy/config/deployment.cfg
@@ -1,8 +1,13 @@
###############################################################################
-## Default Configuration: ##
+## Common Configuration: ##
+## ##
+## Values in this section are common to more than one PKI subsystem, and ##
+## contain required information which MAY be overridden by users as ##
+## necessary. ##
+## ##
+## There are also some meta-parameters that determine how the PKI ##
+## configuratiion should work. ##
## ##
-## This section contains meta-parameters that determine how the PKI ##
-## configuration should work. ##
###############################################################################
[DEFAULT]
@@ -47,35 +52,17 @@ destroy_scriplets=
infrastructure_layout
finalization
-###############################################################################
-## Common Configuration: ##
-## ##
-## Values in this section are common to more than one PKI subsystem, and ##
-## contain required information which MAY be overridden by users as ##
-## necessary. ##
-## ##
-## NOTE: Default values will be generated for any and all required ##
-## 'common' data values which are left undefined. ##
-###############################################################################
-[Common]
pki_admin_cert_request_type=crmf
pki_admin_domain_name=
pki_admin_dualkey=False
-pki_admin_email=
pki_admin_keysize=2048
-pki_admin_name=
-pki_admin_nickname=
pki_admin_password=
-pki_admin_subject_dn=
-pki_admin_uid=
pki_audit_group=pkiaudit
pki_audit_signing_key_algorithm=SHA256withRSA
pki_audit_signing_key_size=2048
pki_audit_signing_key_type=rsa
-pki_audit_signing_nickname=
pki_audit_signing_signing_algorithm=SHA256withRSA
-pki_audit_signing_subject_dn=
-pki_audit_signing_token=
+pki_audit_signing_token=Internal Key Storage Token
pki_backup_keys=False
pki_backup_password=
pki_client_database_dir=
@@ -83,21 +70,22 @@ pki_client_database_password=
pki_client_database_purge=True
pki_client_dir=
pki_client_pkcs12_password=
-pki_ds_base_dn=
pki_ds_bind_dn=cn=Directory Manager
-pki_ds_database=
-pki_ds_hostname=
pki_ds_ldap_port=389
pki_ds_ldaps_port=636
pki_ds_password=
pki_ds_remove_data=True
pki_ds_secure_connection=False
pki_group=pkiuser
+pki_http_port=%(default_http_port)s
+pki_https_port=%(default_https_port)s
+pki_instance_id=%(pki_instance_name)s
+pki_instance_name=%(default_instance_name)s
pki_issuing_ca=
pki_restart_configured_instance=True
-pki_security_domain_hostname=
+pki_security_domain_hostname=%(hostname)s
pki_security_domain_https_port=8443
-pki_security_domain_name=
+pki_security_domain_name=%(dns_domainname)s Security Domain
pki_security_domain_password=
pki_security_domain_user=
pki_skip_configuration=False
@@ -105,15 +93,14 @@ pki_skip_installation=False
pki_ssl_server_key_algorithm=SHA256withRSA
pki_ssl_server_key_size=2048
pki_ssl_server_key_type=rsa
-pki_ssl_server_nickname=
-pki_ssl_server_subject_dn=
-pki_ssl_server_token=
+pki_ssl_server_nickname=Server-Cert cert-%(pki_instance_id)s
+pki_ssl_server_subject_dn=cn=%(hostname)s,o=%(pki_security_domain_name)s
+pki_ssl_server_token=Internal Key Storage Token
+pki_subsystem=%(subsystem_type)s
pki_subsystem_key_algorithm=SHA256withRSA
pki_subsystem_key_size=2048
pki_subsystem_key_type=rsa
-pki_subsystem_nickname=
-pki_subsystem_subject_dn=
-pki_subsystem_token=
+pki_subsystem_token=Internal Key Storage Token
pki_token_name=internal
pki_token_password=
pki_user=pkiuser
@@ -126,9 +113,6 @@ pki_user=pkiuser
## required information which MAY be overridden by users as necessary. ##
###############################################################################
[Apache]
-pki_instance_name=pki-apache
-pki_http_port=80
-pki_https_port=443
###############################################################################
## Tomcat Configuration: ##
@@ -157,9 +141,6 @@ pki_clone_replication_security=None
pki_clone_uri=
pki_enable_java_debugger=False
pki_enable_proxy=False
-pki_http_port=8080
-pki_https_port=8443
-pki_instance_name=pki-tomcat
pki_proxy_http_port=80
pki_proxy_https_port=443
pki_security_manager=true
@@ -185,10 +166,10 @@ pki_tomcat_server_port=8005
pki_ca_signing_key_algorithm=SHA256withRSA
pki_ca_signing_key_size=2048
pki_ca_signing_key_type=rsa
-pki_ca_signing_nickname=
+pki_ca_signing_nickname=caSigningCert cert-%(pki_instance_id)s %(pki_subsystem)s
pki_ca_signing_signing_algorithm=SHA256withRSA
-pki_ca_signing_subject_dn=
-pki_ca_signing_token=
+pki_ca_signing_subject_dn=cn=CA Signing Certificate,o=%(pki_security_domain_name)s
+pki_ca_signing_token=Internal Key Storage Token
pki_external=False
pki_external_ca_cert_chain_path=
pki_external_ca_cert_path=
@@ -198,13 +179,25 @@ pki_import_admin_cert=False
pki_ocsp_signing_key_algorithm=SHA256withRSA
pki_ocsp_signing_key_size=2048
pki_ocsp_signing_key_type=rsa
-pki_ocsp_signing_nickname=
+pki_ocsp_signing_nickname=ocspSigningCert cert-%(pki_instance_id)s %(pki_subsystem)s
pki_ocsp_signing_signing_algorithm=SHA256withRSA
-pki_ocsp_signing_subject_dn=
-pki_ocsp_signing_token=
+pki_ocsp_signing_subject_dn=cn=CA OCSP Signing Certificate,o=%(pki_security_domain_name)s
+pki_ocsp_signing_token=Internal Key Storage Token
pki_subordinate=False
-pki_subsystem=CA
-pki_subsystem_name=
+pki_admin_email=%(pki_admin_name)s@%(dns_domainname)s
+pki_admin_name=%(pki_admin_uid)s
+pki_admin_nickname=PKI Administrator for %(dns_domainname)s
+pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
+pki_admin_uid=caadmin
+pki_audit_signing_nickname= auditSigningCert cert-%(pki_instance_id)s CA
+pki_audit_signing_subject_dn=cn=CA Audit Signing Certificate,o=%(pki_security_domain_name)s
+pki_ds_base_dn=o=%(pki_instance_id)s-CA
+pki_ds_database=%(pki_instance_name)s-CA
+pki_ds_hostname=%(hostname)s
+pki_subsystem_name=CA %(hostname)s %(pki_https_port)s
+pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s CA
+pki_subsystem_subject_dn=cn=CA Subsystem Certificate,o=%(pki_security_domain_name)s
+
###############################################################################
## KRA Configuration: ##
@@ -218,19 +211,30 @@ pki_import_admin_cert=True
pki_storage_key_algorithm=SHA256withRSA
pki_storage_key_size=2048
pki_storage_key_type=rsa
-pki_storage_nickname=
+pki_storage_nickname=storageCert cert-%(pki_instance_id)s KRA
pki_storage_signing_algorithm=SHA256withRSA
-pki_storage_subject_dn=
-pki_storage_token=
-pki_subsystem=KRA
-pki_subsystem_name=
+pki_storage_subject_dn=cn=DRM Storage Certificate,o=%(pki_security_domain_name)s
+pki_storage_token=Internal Key Storage Token
pki_transport_key_algorithm=SHA256withRSA
pki_transport_key_size=2048
pki_transport_key_type=rsa
-pki_transport_nickname=
+pki_transport_nickname=transportCert cert-%(pki_instance_id)s KRA
pki_transport_signing_algorithm=SHA256withRSA
-pki_transport_subject_dn=
-pki_transport_token=
+pki_transport_subject_dn=cn=DRM Transport Certificate,o=%(pki_security_domain_name)s
+pki_transport_token=Internal Key Storage Token
+pki_admin_email=%(pki_admin_name)s@%(dns_domainname)s
+pki_admin_name=%(pki_admin_uid)s
+pki_admin_nickname=PKI Administrator for %(dns_domainname)s
+pki_admin_subject_dn=cn=PKI Administrator,,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
+pki_admin_uid=kraadmin
+pki_audit_signing_nickname= auditSigningCert cert-%(pki_instance_id)s KRA
+pki_audit_signing_subject_dn=cn=KRA Audit Signing Certificate,o=%(pki_security_domain_name)s
+pki_ds_base_dn=o=%(pki_instance_id)s-KRA
+pki_ds_database=%(pki_instance_name)s-KRA
+pki_ds_hostname=%(hostname)s
+pki_subsystem_name=KRA %(hostname)s %(pki_https_port)s
+pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s KRA
+pki_subsystem_subject_dn=cn=KRA Subsystem Certificate,o=%(pki_security_domain_name)s
###############################################################################
## OCSP Configuration: ##
@@ -244,12 +248,23 @@ pki_import_admin_cert=True
pki_ocsp_signing_key_algorithm=SHA256withRSA
pki_ocsp_signing_key_size=2048
pki_ocsp_signing_key_type=rsa
-pki_ocsp_signing_nickname=
+pki_ocsp_signing_nickname=ocspSigningCert cert-%(pki_instance_id)s OCSP
pki_ocsp_signing_signing_algorithm=SHA256withRSA
-pki_ocsp_signing_subject_dn=
-pki_ocsp_signing_token=
-pki_subsystem=OCSP
-pki_subsystem_name=
+pki_ocsp_signing_subject_dn=cn=OCSP Signing Certificate,o=%(pki_security_domain_name)s
+pki_ocsp_signing_token=Internal Key Storage Token
+pki_admin_email=%(pki_admin_name)s@%(dns_domainname)s
+pki_admin_name=%(pki_admin_uid)s
+pki_admin_nickname=PKI Administrator for %(dns_domainname)s
+pki_admin_subject_dn=cn=PKI Administrator,,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
+pki_admin_uid=ocspadmin
+pki_audit_signing_nickname= auditSigningCert cert-%(pki_instance_id)s OCSP
+pki_audit_signing_subject_dn=cn=OCSP Audit Signing Certificate,o=%(pki_security_domain_name)s
+pki_ds_base_dn=o=%(pki_instance_id)s-OCSP
+pki_ds_database=%(pki_instance_name)s-OCSP
+pki_ds_hostname=%(hostname)s
+pki_subsystem_name=OCSP %(hostname)s %(pki_https_port)s
+pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s OCSP
+pki_subsystem_subject_dn=cn=OCSP Subsystem Certificate,o=%(pki_security_domain_name)s
###############################################################################
## RA Configuration: ##
@@ -258,8 +273,6 @@ pki_subsystem_name=
## required information which MAY be overridden by users as necessary. ##
###############################################################################
[RA]
-pki_subsystem=RA
-pki_subsystem_name=
###############################################################################
## TKS Configuration: ##
@@ -270,8 +283,19 @@ pki_subsystem_name=
###############################################################################
[TKS]
pki_import_admin_cert=True
-pki_subsystem=TKS
-pki_subsystem_name=
+pki_admin_email=%(pki_admin_name)s@%(dns_domainname)s
+pki_admin_name=%(pki_admin_uid)s
+pki_admin_nickname=PKI Administrator for %(dns_domainname)s
+pki_admin_subject_dn=cn=PKI Administrator,,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
+pki_admin_uid=tksadmin
+pki_audit_signing_nickname= auditSigningCert cert-%(pki_instance_id)s TKS
+pki_audit_signing_subject_dn=cn=TKS Audit Signing Certificate,o=%(pki_security_domain_name)s
+pki_ds_base_dn=o=%(pki_instance_id)s-TKS
+pki_ds_database=%(pki_instance_name)s-TKS
+pki_ds_hostname=%(hostname)s
+pki_subsystem_name=TKS %(hostname)s %(pki_https_port)s
+pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s TKS
+pki_subsystem_subject_dn=cn=TKS Subsystem Certificate,o=%(pki_security_domain_name)s
###############################################################################
## TPS Configuration: ##
@@ -280,5 +304,3 @@ pki_subsystem_name=
## required information which MAY be overridden by users as necessary. ##
###############################################################################
[TPS]
-pki_subsystem=TPS
-pki_subsystem_name=
generated by cgit (git 2.34.1) at 2024-04-24 22:43:35 +0000