diff options
author | Ade Lee <alee@redhat.com> | 2012-12-03 12:08:58 -0500 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2012-12-04 12:11:36 -0500 |
commit | 065d883a5595154ec4ca91e890aa380e3bf1d6b2 (patch) | |
tree | 67f95fac777fd6800560ecad4a110bc31cdc799f /base/deploy/config | |
parent | 66c519f0185f24a650df834d781be2ed7ef857f7 (diff) | |
download | pki-065d883a5595154ec4ca91e890aa380e3bf1d6b2.tar.gz pki-065d883a5595154ec4ca91e890aa380e3bf1d6b2.tar.xz pki-065d883a5595154ec4ca91e890aa380e3bf1d6b2.zip |
Use interpolation to build default parameters
This patch replaces the code in pkiparser with defaults that are
built up using ConfigParser interpolation. The patch gets most
(but not all) default parameters.
Diffstat (limited to 'base/deploy/config')
-rw-r--r-- | base/deploy/config/deployment.cfg | 154 |
1 files changed, 88 insertions, 66 deletions
diff --git a/base/deploy/config/deployment.cfg b/base/deploy/config/deployment.cfg index 6ff7a35bb..9eb930414 100644 --- a/base/deploy/config/deployment.cfg +++ b/base/deploy/config/deployment.cfg @@ -1,8 +1,13 @@ ############################################################################### -## Default Configuration: ## +## Common Configuration: ## +## ## +## Values in this section are common to more than one PKI subsystem, and ## +## contain required information which MAY be overridden by users as ## +## necessary. ## +## ## +## There are also some meta-parameters that determine how the PKI ## +## configuratiion should work. ## ## ## -## This section contains meta-parameters that determine how the PKI ## -## configuration should work. ## ############################################################################### [DEFAULT] @@ -47,35 +52,17 @@ destroy_scriplets= infrastructure_layout finalization -############################################################################### -## Common Configuration: ## -## ## -## Values in this section are common to more than one PKI subsystem, and ## -## contain required information which MAY be overridden by users as ## -## necessary. ## -## ## -## NOTE: Default values will be generated for any and all required ## -## 'common' data values which are left undefined. ## -############################################################################### -[Common] pki_admin_cert_request_type=crmf pki_admin_domain_name= pki_admin_dualkey=False -pki_admin_email= pki_admin_keysize=2048 -pki_admin_name= -pki_admin_nickname= pki_admin_password= -pki_admin_subject_dn= -pki_admin_uid= pki_audit_group=pkiaudit pki_audit_signing_key_algorithm=SHA256withRSA pki_audit_signing_key_size=2048 pki_audit_signing_key_type=rsa -pki_audit_signing_nickname= pki_audit_signing_signing_algorithm=SHA256withRSA -pki_audit_signing_subject_dn= -pki_audit_signing_token= +pki_audit_signing_token=Internal Key Storage Token pki_backup_keys=False pki_backup_password= pki_client_database_dir= @@ -83,21 +70,22 @@ pki_client_database_password= pki_client_database_purge=True pki_client_dir= pki_client_pkcs12_password= -pki_ds_base_dn= pki_ds_bind_dn=cn=Directory Manager -pki_ds_database= -pki_ds_hostname= pki_ds_ldap_port=389 pki_ds_ldaps_port=636 pki_ds_password= pki_ds_remove_data=True pki_ds_secure_connection=False pki_group=pkiuser +pki_http_port=%(default_http_port)s +pki_https_port=%(default_https_port)s +pki_instance_id=%(pki_instance_name)s +pki_instance_name=%(default_instance_name)s pki_issuing_ca= pki_restart_configured_instance=True -pki_security_domain_hostname= +pki_security_domain_hostname=%(hostname)s pki_security_domain_https_port=8443 -pki_security_domain_name= +pki_security_domain_name=%(dns_domainname)s Security Domain pki_security_domain_password= pki_security_domain_user= pki_skip_configuration=False @@ -105,15 +93,14 @@ pki_skip_installation=False pki_ssl_server_key_algorithm=SHA256withRSA pki_ssl_server_key_size=2048 pki_ssl_server_key_type=rsa -pki_ssl_server_nickname= -pki_ssl_server_subject_dn= -pki_ssl_server_token= +pki_ssl_server_nickname=Server-Cert cert-%(pki_instance_id)s +pki_ssl_server_subject_dn=cn=%(hostname)s,o=%(pki_security_domain_name)s +pki_ssl_server_token=Internal Key Storage Token +pki_subsystem=%(subsystem_type)s pki_subsystem_key_algorithm=SHA256withRSA pki_subsystem_key_size=2048 pki_subsystem_key_type=rsa -pki_subsystem_nickname= -pki_subsystem_subject_dn= -pki_subsystem_token= +pki_subsystem_token=Internal Key Storage Token pki_token_name=internal pki_token_password= pki_user=pkiuser @@ -126,9 +113,6 @@ pki_user=pkiuser ## required information which MAY be overridden by users as necessary. ## ############################################################################### [Apache] -pki_instance_name=pki-apache -pki_http_port=80 -pki_https_port=443 ############################################################################### ## Tomcat Configuration: ## @@ -157,9 +141,6 @@ pki_clone_replication_security=None pki_clone_uri= pki_enable_java_debugger=False pki_enable_proxy=False -pki_http_port=8080 -pki_https_port=8443 -pki_instance_name=pki-tomcat pki_proxy_http_port=80 pki_proxy_https_port=443 pki_security_manager=true @@ -185,10 +166,10 @@ pki_tomcat_server_port=8005 pki_ca_signing_key_algorithm=SHA256withRSA pki_ca_signing_key_size=2048 pki_ca_signing_key_type=rsa -pki_ca_signing_nickname= +pki_ca_signing_nickname=caSigningCert cert-%(pki_instance_id)s %(pki_subsystem)s pki_ca_signing_signing_algorithm=SHA256withRSA -pki_ca_signing_subject_dn= -pki_ca_signing_token= +pki_ca_signing_subject_dn=cn=CA Signing Certificate,o=%(pki_security_domain_name)s +pki_ca_signing_token=Internal Key Storage Token pki_external=False pki_external_ca_cert_chain_path= pki_external_ca_cert_path= @@ -198,13 +179,25 @@ pki_import_admin_cert=False pki_ocsp_signing_key_algorithm=SHA256withRSA pki_ocsp_signing_key_size=2048 pki_ocsp_signing_key_type=rsa -pki_ocsp_signing_nickname= +pki_ocsp_signing_nickname=ocspSigningCert cert-%(pki_instance_id)s %(pki_subsystem)s pki_ocsp_signing_signing_algorithm=SHA256withRSA -pki_ocsp_signing_subject_dn= -pki_ocsp_signing_token= +pki_ocsp_signing_subject_dn=cn=CA OCSP Signing Certificate,o=%(pki_security_domain_name)s +pki_ocsp_signing_token=Internal Key Storage Token pki_subordinate=False -pki_subsystem=CA -pki_subsystem_name= +pki_admin_email=%(pki_admin_name)s@%(dns_domainname)s +pki_admin_name=%(pki_admin_uid)s +pki_admin_nickname=PKI Administrator for %(dns_domainname)s +pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s +pki_admin_uid=caadmin +pki_audit_signing_nickname= auditSigningCert cert-%(pki_instance_id)s CA +pki_audit_signing_subject_dn=cn=CA Audit Signing Certificate,o=%(pki_security_domain_name)s +pki_ds_base_dn=o=%(pki_instance_id)s-CA +pki_ds_database=%(pki_instance_name)s-CA +pki_ds_hostname=%(hostname)s +pki_subsystem_name=CA %(hostname)s %(pki_https_port)s +pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s CA +pki_subsystem_subject_dn=cn=CA Subsystem Certificate,o=%(pki_security_domain_name)s + ############################################################################### ## KRA Configuration: ## @@ -218,19 +211,30 @@ pki_import_admin_cert=True pki_storage_key_algorithm=SHA256withRSA pki_storage_key_size=2048 pki_storage_key_type=rsa -pki_storage_nickname= +pki_storage_nickname=storageCert cert-%(pki_instance_id)s KRA pki_storage_signing_algorithm=SHA256withRSA -pki_storage_subject_dn= -pki_storage_token= -pki_subsystem=KRA -pki_subsystem_name= +pki_storage_subject_dn=cn=DRM Storage Certificate,o=%(pki_security_domain_name)s +pki_storage_token=Internal Key Storage Token pki_transport_key_algorithm=SHA256withRSA pki_transport_key_size=2048 pki_transport_key_type=rsa -pki_transport_nickname= +pki_transport_nickname=transportCert cert-%(pki_instance_id)s KRA pki_transport_signing_algorithm=SHA256withRSA -pki_transport_subject_dn= -pki_transport_token= +pki_transport_subject_dn=cn=DRM Transport Certificate,o=%(pki_security_domain_name)s +pki_transport_token=Internal Key Storage Token +pki_admin_email=%(pki_admin_name)s@%(dns_domainname)s +pki_admin_name=%(pki_admin_uid)s +pki_admin_nickname=PKI Administrator for %(dns_domainname)s +pki_admin_subject_dn=cn=PKI Administrator,,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s +pki_admin_uid=kraadmin +pki_audit_signing_nickname= auditSigningCert cert-%(pki_instance_id)s KRA +pki_audit_signing_subject_dn=cn=KRA Audit Signing Certificate,o=%(pki_security_domain_name)s +pki_ds_base_dn=o=%(pki_instance_id)s-KRA +pki_ds_database=%(pki_instance_name)s-KRA +pki_ds_hostname=%(hostname)s +pki_subsystem_name=KRA %(hostname)s %(pki_https_port)s +pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s KRA +pki_subsystem_subject_dn=cn=KRA Subsystem Certificate,o=%(pki_security_domain_name)s ############################################################################### ## OCSP Configuration: ## @@ -244,12 +248,23 @@ pki_import_admin_cert=True pki_ocsp_signing_key_algorithm=SHA256withRSA pki_ocsp_signing_key_size=2048 pki_ocsp_signing_key_type=rsa -pki_ocsp_signing_nickname= +pki_ocsp_signing_nickname=ocspSigningCert cert-%(pki_instance_id)s OCSP pki_ocsp_signing_signing_algorithm=SHA256withRSA -pki_ocsp_signing_subject_dn= -pki_ocsp_signing_token= -pki_subsystem=OCSP -pki_subsystem_name= +pki_ocsp_signing_subject_dn=cn=OCSP Signing Certificate,o=%(pki_security_domain_name)s +pki_ocsp_signing_token=Internal Key Storage Token +pki_admin_email=%(pki_admin_name)s@%(dns_domainname)s +pki_admin_name=%(pki_admin_uid)s +pki_admin_nickname=PKI Administrator for %(dns_domainname)s +pki_admin_subject_dn=cn=PKI Administrator,,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s +pki_admin_uid=ocspadmin +pki_audit_signing_nickname= auditSigningCert cert-%(pki_instance_id)s OCSP +pki_audit_signing_subject_dn=cn=OCSP Audit Signing Certificate,o=%(pki_security_domain_name)s +pki_ds_base_dn=o=%(pki_instance_id)s-OCSP +pki_ds_database=%(pki_instance_name)s-OCSP +pki_ds_hostname=%(hostname)s +pki_subsystem_name=OCSP %(hostname)s %(pki_https_port)s +pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s OCSP +pki_subsystem_subject_dn=cn=OCSP Subsystem Certificate,o=%(pki_security_domain_name)s ############################################################################### ## RA Configuration: ## @@ -258,8 +273,6 @@ pki_subsystem_name= ## required information which MAY be overridden by users as necessary. ## ############################################################################### [RA] -pki_subsystem=RA -pki_subsystem_name= ############################################################################### ## TKS Configuration: ## @@ -270,8 +283,19 @@ pki_subsystem_name= ############################################################################### [TKS] pki_import_admin_cert=True -pki_subsystem=TKS -pki_subsystem_name= +pki_admin_email=%(pki_admin_name)s@%(dns_domainname)s +pki_admin_name=%(pki_admin_uid)s +pki_admin_nickname=PKI Administrator for %(dns_domainname)s +pki_admin_subject_dn=cn=PKI Administrator,,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s +pki_admin_uid=tksadmin +pki_audit_signing_nickname= auditSigningCert cert-%(pki_instance_id)s TKS +pki_audit_signing_subject_dn=cn=TKS Audit Signing Certificate,o=%(pki_security_domain_name)s +pki_ds_base_dn=o=%(pki_instance_id)s-TKS +pki_ds_database=%(pki_instance_name)s-TKS +pki_ds_hostname=%(hostname)s +pki_subsystem_name=TKS %(hostname)s %(pki_https_port)s +pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s TKS +pki_subsystem_subject_dn=cn=TKS Subsystem Certificate,o=%(pki_security_domain_name)s ############################################################################### ## TPS Configuration: ## @@ -280,5 +304,3 @@ pki_subsystem_name= ## required information which MAY be overridden by users as necessary. ## ############################################################################### [TPS] -pki_subsystem=TPS -pki_subsystem_name= |