diff options
| author | Endi Sukma Dewata <edewata@redhat.com> | 2012-12-04 07:19:43 -0500 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2012-12-04 15:50:55 -0500 |
| commit | 81bb209d0a3227f544b7b8e4ec3fc0631c8f3c47 (patch) | |
| tree | 0d72fda5309de4cd1c23319995f0214d7c361e39 /base/deploy/config | |
| parent | cb3d05b1225137f9a54952045dace4fc1f9a99b8 (diff) | |
| download | pki-81bb209d0a3227f544b7b8e4ec3fc0631c8f3c47.tar.gz pki-81bb209d0a3227f544b7b8e4ec3fc0631c8f3c47.tar.xz pki-81bb209d0a3227f544b7b8e4ec3fc0631c8f3c47.zip | |
Archiving default deployment configuration.
The default deployment configuration has been renamed and moved to
/etc/pki/default.cfg to make it more accessible to users. The pkispawn
has been modified to archive the default deployment configuration
along with the user-provided configuration in the registry. The
pkidestroy will now use both archived configuration files to ensure
proper removal of the subsystem.
Ticket #399
Diffstat (limited to 'base/deploy/config')
| -rw-r--r-- | base/deploy/config/deployment.cfg | 315 |
1 files changed, 0 insertions, 315 deletions
diff --git a/base/deploy/config/deployment.cfg b/base/deploy/config/deployment.cfg deleted file mode 100644 index abd0fb441..000000000 --- a/base/deploy/config/deployment.cfg +++ /dev/null @@ -1,315 +0,0 @@ -############################################################################### -## Default Configuration: ## -## ## -## Values in this section are common to more than one PKI subsystem, and ## -## contain required information which MAY be overridden by users as ## -## necessary. ## -## ## -## There are also some meta-parameters that determine how the PKI ## -## configuratiion should work. ## -## ## -############################################################################### -[DEFAULT] - -# The sensitive_parameters contains a list of parameters which may contain -# sensitive information which must not be displayed to the console nor stored -# in log files for security reasons. -sensitive_parameters= - pki_admin_password - pki_backup_password - pki_client_database_password - pki_client_pin - pki_client_pkcs12_password - pki_clone_pkcs12_password - pki_ds_password - pki_one_time_pin - pki_pin - pki_security_domain_password - pki_token_password - -# The spawn_scriplets contains a list of scriplets to be executed by pkispawn. -spawn_scriplets= - initialization - infrastructure_layout - instance_layout - subsystem_layout - selinux_setup - webapp_deployment - slot_substitution - security_databases - configuration - finalization - -# The destroy_scriplets contains a list of scriplets to be executed by pkidestroy. -destroy_scriplets= - initialization - configuration - webapp_deployment - subsystem_layout - security_databases - instance_layout - selinux_setup - infrastructure_layout - finalization - -# By default, the following parameters will be set for Tomcat and Apache instances. -# There is no reason to uncomment these. They are provided for reference in -# case someone wants to override them in their config file. -# -# Tomcat instances: -# pki_subsystem_name=pki_tomcat -# pki_https_port=8443 -# pki_http_port=8080 -# -# Apache instances: -# pki_subsystem_name=pki_tomcat -# pki_https_port=443 -# pki_http_port=80 - -pki_admin_cert_request_type=crmf -pki_admin_dualkey=False -pki_admin_keysize=2048 -pki_admin_password= -pki_audit_group=pkiaudit -pki_audit_signing_key_algorithm=SHA256withRSA -pki_audit_signing_key_size=2048 -pki_audit_signing_key_type=rsa -pki_audit_signing_signing_algorithm=SHA256withRSA -pki_audit_signing_token=Internal Key Storage Token -pki_backup_keys=False -pki_backup_password= -pki_client_database_dir= -pki_client_database_password= -pki_client_database_purge=True -pki_client_dir= -pki_client_pkcs12_password= -pki_ds_bind_dn=cn=Directory Manager -pki_ds_ldap_port=389 -pki_ds_ldaps_port=636 -pki_ds_password= -pki_ds_remove_data=True -pki_ds_secure_connection=False -pki_group=pkiuser -pki_instance_id=%(pki_instance_name)s -pki_issuing_ca= -pki_restart_configured_instance=True -pki_security_domain_hostname=%(pki_hostname)s -pki_security_domain_https_port=8443 -pki_security_domain_name=%(pki_dns_domainname)s Security Domain -pki_security_domain_password= -pki_security_domain_user= -pki_skip_configuration=False -pki_skip_installation=False -pki_ssl_server_key_algorithm=SHA256withRSA -pki_ssl_server_key_size=2048 -pki_ssl_server_key_type=rsa -pki_ssl_server_nickname=Server-Cert cert-%(pki_instance_id)s -pki_ssl_server_subject_dn=cn=%(pki_hostname)s,o=%(pki_security_domain_name)s -pki_ssl_server_token=Internal Key Storage Token -pki_subsystem_key_algorithm=SHA256withRSA -pki_subsystem_key_size=2048 -pki_subsystem_key_type=rsa -pki_subsystem_token=Internal Key Storage Token -pki_token_name=internal -pki_token_password= -pki_user=pkiuser - -############################################################################### -## Apache Configuration: ## -## ## -## Values in this section are common to PKI subsystems that run ## -## as an instance of 'Apache' (RA and TPS subsystems), and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[Apache] - -############################################################################### -## Tomcat Configuration: ## -## ## -## Values in this section are common to PKI subsystems that run ## -## as an instance of 'Tomcat' (CA, KRA, OCSP, and TKS subsystems ## -## including 'Clones', 'Subordinate CAs', and 'External CAs'), and contain ## -## required information which MAY be overridden by users as necessary. ## -## ## -## PKI CLONES: To specify a 'CA Clone', a 'KRA Clone', an 'OCSP Clone', ## -## or a 'TKS Clone', change the value of 'pki_clone' ## -## from 'False' to 'True'. ## -## ## -## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## -## are MUTUALLY EXCLUSIVE entities!!! ## -############################################################################### -[Tomcat] -pki_ajp_port=8009 -pki_clone=False -pki_clone_pkcs12_password= -pki_clone_pkcs12_path= -pki_clone_replicate_schema=True -pki_clone_replication_master_port= -pki_clone_replication_clone_port= -pki_clone_replication_security=None -pki_clone_uri= -pki_enable_java_debugger=False -pki_enable_proxy=False -pki_proxy_http_port=80 -pki_proxy_https_port=443 -pki_security_manager=true -pki_tomcat_server_port=8005 - -############################################################################### -## CA Configuration: ## -## ## -## Values in this section are common to CA subsystems including 'PKI CAs', ## -## 'Cloned CAs', 'Subordinate CAs', and 'External CAs', and contain ## -## required information which MAY be overridden by users as necessary. ## -## ## -## EXTERNAL CAs: To specify an 'External CA', change the value ## -## of 'pki_external' from 'False' to 'True'. ## -## ## -## SUBORDINATE CAs: To specify a 'Subordinate CA', change the value ## -## of 'pki_subordinate' from 'False' to 'True'. ## -## ## -## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## -## are MUTUALLY EXCLUSIVE entities!!! ## -############################################################################### -[CA] -pki_ca_signing_key_algorithm=SHA256withRSA -pki_ca_signing_key_size=2048 -pki_ca_signing_key_type=rsa -pki_ca_signing_nickname=caSigningCert cert-%(pki_instance_id)s CA -pki_ca_signing_signing_algorithm=SHA256withRSA -pki_ca_signing_subject_dn=cn=CA Signing Certificate,o=%(pki_security_domain_name)s -pki_ca_signing_token=Internal Key Storage Token -pki_external=False -pki_external_ca_cert_chain_path= -pki_external_ca_cert_path= -pki_external_csr_path= -pki_external_step_two=False -pki_import_admin_cert=False -pki_ocsp_signing_key_algorithm=SHA256withRSA -pki_ocsp_signing_key_size=2048 -pki_ocsp_signing_key_type=rsa -pki_ocsp_signing_nickname=ocspSigningCert cert-%(pki_instance_id)s CA -pki_ocsp_signing_signing_algorithm=SHA256withRSA -pki_ocsp_signing_subject_dn=cn=CA OCSP Signing Certificate,o=%(pki_security_domain_name)s -pki_ocsp_signing_token=Internal Key Storage Token -pki_subordinate=False -pki_admin_email=%(pki_admin_name)s@%(pki_dns_domainname)s -pki_admin_name=%(pki_admin_uid)s -pki_admin_nickname=PKI Administrator for %(pki_dns_domainname)s -pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s -pki_admin_uid=caadmin -pki_audit_signing_nickname=auditSigningCert cert-%(pki_instance_id)s CA -pki_audit_signing_subject_dn=cn=CA Audit Signing Certificate,o=%(pki_security_domain_name)s -pki_ds_base_dn=o=%(pki_instance_id)s-CA -pki_ds_database=%(pki_instance_name)s-CA -pki_ds_hostname=%(pki_hostname)s -pki_subsystem_name=CA %(pki_hostname)s %(pki_https_port)s -pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s CA -pki_subsystem_subject_dn=cn=CA Subsystem Certificate,o=%(pki_security_domain_name)s - - -############################################################################### -## KRA Configuration: ## -## ## -## Values in this section are common to KRA subsystems ## -## including 'PKI KRAs' and 'Cloned KRAs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[KRA] -pki_import_admin_cert=True -pki_storage_key_algorithm=SHA256withRSA -pki_storage_key_size=2048 -pki_storage_key_type=rsa -pki_storage_nickname=storageCert cert-%(pki_instance_id)s KRA -pki_storage_signing_algorithm=SHA256withRSA -pki_storage_subject_dn=cn=DRM Storage Certificate,o=%(pki_security_domain_name)s -pki_storage_token=Internal Key Storage Token -pki_transport_key_algorithm=SHA256withRSA -pki_transport_key_size=2048 -pki_transport_key_type=rsa -pki_transport_nickname=transportCert cert-%(pki_instance_id)s KRA -pki_transport_signing_algorithm=SHA256withRSA -pki_transport_subject_dn=cn=DRM Transport Certificate,o=%(pki_security_domain_name)s -pki_transport_token=Internal Key Storage Token -pki_admin_email=%(pki_admin_name)s@%(pki_dns_domainname)s -pki_admin_name=%(pki_admin_uid)s -pki_admin_nickname=PKI Administrator for %(pki_dns_domainname)s -pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s -pki_admin_uid=kraadmin -pki_audit_signing_nickname=auditSigningCert cert-%(pki_instance_id)s KRA -pki_audit_signing_subject_dn=cn=KRA Audit Signing Certificate,o=%(pki_security_domain_name)s -pki_ds_base_dn=o=%(pki_instance_id)s-KRA -pki_ds_database=%(pki_instance_name)s-KRA -pki_ds_hostname=%(pki_hostname)s -pki_subsystem_name=KRA %(pki_hostname)s %(pki_https_port)s -pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s KRA -pki_subsystem_subject_dn=cn=KRA Subsystem Certificate,o=%(pki_security_domain_name)s - -############################################################################### -## OCSP Configuration: ## -## ## -## Values in this section are common to OCSP subsystems ## -## including 'PKI OCSPs' and 'Cloned OCSPs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[OCSP] -pki_import_admin_cert=True -pki_ocsp_signing_key_algorithm=SHA256withRSA -pki_ocsp_signing_key_size=2048 -pki_ocsp_signing_key_type=rsa -pki_ocsp_signing_nickname=ocspSigningCert cert-%(pki_instance_id)s OCSP -pki_ocsp_signing_signing_algorithm=SHA256withRSA -pki_ocsp_signing_subject_dn=cn=OCSP Signing Certificate,o=%(pki_security_domain_name)s -pki_ocsp_signing_token=Internal Key Storage Token -pki_admin_email=%(pki_admin_name)s@%(pki_dns_domainname)s -pki_admin_name=%(pki_admin_uid)s -pki_admin_nickname=PKI Administrator for %(pki_dns_domainname)s -pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s -pki_admin_uid=ocspadmin -pki_audit_signing_nickname=auditSigningCert cert-%(pki_instance_id)s OCSP -pki_audit_signing_subject_dn=cn=OCSP Audit Signing Certificate,o=%(pki_security_domain_name)s -pki_ds_base_dn=o=%(pki_instance_id)s-OCSP -pki_ds_database=%(pki_instance_name)s-OCSP -pki_ds_hostname=%(pki_hostname)s -pki_subsystem_name=OCSP %(pki_hostname)s %(pki_https_port)s -pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s OCSP -pki_subsystem_subject_dn=cn=OCSP Subsystem Certificate,o=%(pki_security_domain_name)s - -############################################################################### -## RA Configuration: ## -## ## -## Values in this section are common to PKI RA subsystems, and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[RA] - -############################################################################### -## TKS Configuration: ## -## ## -## Values in this section are common to TKS subsystems ## -## including 'PKI TKSs' and 'Cloned TKSs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[TKS] -pki_import_admin_cert=True -pki_admin_email=%(pki_admin_name)s@%(pki_dns_domainname)s -pki_admin_name=%(pki_admin_uid)s -pki_admin_nickname=PKI Administrator for %(pki_dns_domainname)s -pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s -pki_admin_uid=tksadmin -pki_audit_signing_nickname=auditSigningCert cert-%(pki_instance_id)s TKS -pki_audit_signing_subject_dn=cn=TKS Audit Signing Certificate,o=%(pki_security_domain_name)s -pki_ds_base_dn=o=%(pki_instance_id)s-TKS -pki_ds_database=%(pki_instance_name)s-TKS -pki_ds_hostname=%(pki_hostname)s -pki_subsystem_name=TKS %(pki_hostname)s %(pki_https_port)s -pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s TKS -pki_subsystem_subject_dn=cn=TKS Subsystem Certificate,o=%(pki_security_domain_name)s - -############################################################################### -## TPS Configuration: ## -## ## -## Values in this section are common to PKI TPS subsystems, and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[TPS] |