summaryrefslogtreecommitdiffstats
path: root/base/deploy
diff options
context:
space:
mode:
authorAde Lee <alee@redhat.com>2012-12-04 11:25:55 -0500
committerEndi Sukma Dewata <edewata@redhat.com>2012-12-04 11:56:25 -0500
commitb2e265466c6b183b707f9a1a8495e31cb121ddfd (patch)
tree5d46516ecad2450022d78ebc5a83f1c61d83a33b /base/deploy
parent71979729a3b5084d27057f9c83d43a4452888994 (diff)
downloadpki-b2e265466c6b183b707f9a1a8495e31cb121ddfd.tar.gz
pki-b2e265466c6b183b707f9a1a8495e31cb121ddfd.tar.xz
pki-b2e265466c6b183b707f9a1a8495e31cb121ddfd.zip
Interpolation correction patch based on review commentsalee-95
Diffstat (limited to 'base/deploy')
-rw-r--r--base/deploy/config/deployment.cfg75
-rwxr-xr-xbase/deploy/src/pkidestroy16
-rwxr-xr-xbase/deploy/src/pkispawn16
-rw-r--r--base/deploy/src/scriptlets/pkimessages.py7
-rw-r--r--base/deploy/src/scriptlets/pkiparser.py16
5 files changed, 56 insertions, 74 deletions
diff --git a/base/deploy/config/deployment.cfg b/base/deploy/config/deployment.cfg
index 9eb930414..316d3c8f9 100644
--- a/base/deploy/config/deployment.cfg
+++ b/base/deploy/config/deployment.cfg
@@ -52,8 +52,21 @@ destroy_scriplets=
infrastructure_layout
finalization
+# By default, the following parameters will be set for Tomcat and Apache instances.
+# There is no reason to uncomment these. They are provided for reference in
+# case someone wants to override them in their config file.
+#
+# Tomcat instances:
+# pki_subsystem_name=pki_tomcat
+# pki_https_port=8443
+# pki_http_port=8080
+#
+# Apache instances:
+# pki_subsystem_name=pki_tomcat
+# pki_https_port=443
+# pki_http_port=80
+
pki_admin_cert_request_type=crmf
-pki_admin_domain_name=
pki_admin_dualkey=False
pki_admin_keysize=2048
pki_admin_password=
@@ -77,15 +90,12 @@ pki_ds_password=
pki_ds_remove_data=True
pki_ds_secure_connection=False
pki_group=pkiuser
-pki_http_port=%(default_http_port)s
-pki_https_port=%(default_https_port)s
pki_instance_id=%(pki_instance_name)s
-pki_instance_name=%(default_instance_name)s
pki_issuing_ca=
pki_restart_configured_instance=True
-pki_security_domain_hostname=%(hostname)s
+pki_security_domain_hostname=%(pki_hostname)s
pki_security_domain_https_port=8443
-pki_security_domain_name=%(dns_domainname)s Security Domain
+pki_security_domain_name=%(pki_dns_domainname)s Security Domain
pki_security_domain_password=
pki_security_domain_user=
pki_skip_configuration=False
@@ -94,9 +104,8 @@ pki_ssl_server_key_algorithm=SHA256withRSA
pki_ssl_server_key_size=2048
pki_ssl_server_key_type=rsa
pki_ssl_server_nickname=Server-Cert cert-%(pki_instance_id)s
-pki_ssl_server_subject_dn=cn=%(hostname)s,o=%(pki_security_domain_name)s
+pki_ssl_server_subject_dn=cn=%(pki_hostname)s,o=%(pki_security_domain_name)s
pki_ssl_server_token=Internal Key Storage Token
-pki_subsystem=%(subsystem_type)s
pki_subsystem_key_algorithm=SHA256withRSA
pki_subsystem_key_size=2048
pki_subsystem_key_type=rsa
@@ -166,7 +175,7 @@ pki_tomcat_server_port=8005
pki_ca_signing_key_algorithm=SHA256withRSA
pki_ca_signing_key_size=2048
pki_ca_signing_key_type=rsa
-pki_ca_signing_nickname=caSigningCert cert-%(pki_instance_id)s %(pki_subsystem)s
+pki_ca_signing_nickname=caSigningCert cert-%(pki_instance_id)s CA
pki_ca_signing_signing_algorithm=SHA256withRSA
pki_ca_signing_subject_dn=cn=CA Signing Certificate,o=%(pki_security_domain_name)s
pki_ca_signing_token=Internal Key Storage Token
@@ -179,22 +188,22 @@ pki_import_admin_cert=False
pki_ocsp_signing_key_algorithm=SHA256withRSA
pki_ocsp_signing_key_size=2048
pki_ocsp_signing_key_type=rsa
-pki_ocsp_signing_nickname=ocspSigningCert cert-%(pki_instance_id)s %(pki_subsystem)s
+pki_ocsp_signing_nickname=ocspSigningCert cert-%(pki_instance_id)s CA
pki_ocsp_signing_signing_algorithm=SHA256withRSA
pki_ocsp_signing_subject_dn=cn=CA OCSP Signing Certificate,o=%(pki_security_domain_name)s
pki_ocsp_signing_token=Internal Key Storage Token
pki_subordinate=False
-pki_admin_email=%(pki_admin_name)s@%(dns_domainname)s
+pki_admin_email=%(pki_admin_name)s@%(pki_dns_domainname)s
pki_admin_name=%(pki_admin_uid)s
-pki_admin_nickname=PKI Administrator for %(dns_domainname)s
+pki_admin_nickname=PKI Administrator for %(pki_dns_domainname)s
pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
pki_admin_uid=caadmin
-pki_audit_signing_nickname= auditSigningCert cert-%(pki_instance_id)s CA
+pki_audit_signing_nickname=auditSigningCert cert-%(pki_instance_id)s CA
pki_audit_signing_subject_dn=cn=CA Audit Signing Certificate,o=%(pki_security_domain_name)s
pki_ds_base_dn=o=%(pki_instance_id)s-CA
pki_ds_database=%(pki_instance_name)s-CA
-pki_ds_hostname=%(hostname)s
-pki_subsystem_name=CA %(hostname)s %(pki_https_port)s
+pki_ds_hostname=%(pki_hostname)s
+pki_subsystem_name=CA %(pki_hostname)s %(pki_https_port)s
pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s CA
pki_subsystem_subject_dn=cn=CA Subsystem Certificate,o=%(pki_security_domain_name)s
@@ -222,17 +231,17 @@ pki_transport_nickname=transportCert cert-%(pki_instance_id)s KRA
pki_transport_signing_algorithm=SHA256withRSA
pki_transport_subject_dn=cn=DRM Transport Certificate,o=%(pki_security_domain_name)s
pki_transport_token=Internal Key Storage Token
-pki_admin_email=%(pki_admin_name)s@%(dns_domainname)s
+pki_admin_email=%(pki_admin_name)s@%(pki_dns_domainname)s
pki_admin_name=%(pki_admin_uid)s
-pki_admin_nickname=PKI Administrator for %(dns_domainname)s
-pki_admin_subject_dn=cn=PKI Administrator,,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
+pki_admin_nickname=PKI Administrator for %(pki_dns_domainname)s
+pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
pki_admin_uid=kraadmin
-pki_audit_signing_nickname= auditSigningCert cert-%(pki_instance_id)s KRA
+pki_audit_signing_nickname=auditSigningCert cert-%(pki_instance_id)s KRA
pki_audit_signing_subject_dn=cn=KRA Audit Signing Certificate,o=%(pki_security_domain_name)s
pki_ds_base_dn=o=%(pki_instance_id)s-KRA
pki_ds_database=%(pki_instance_name)s-KRA
-pki_ds_hostname=%(hostname)s
-pki_subsystem_name=KRA %(hostname)s %(pki_https_port)s
+pki_ds_hostname=%(pki_hostname)s
+pki_subsystem_name=KRA %(pki_hostname)s %(pki_https_port)s
pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s KRA
pki_subsystem_subject_dn=cn=KRA Subsystem Certificate,o=%(pki_security_domain_name)s
@@ -252,17 +261,17 @@ pki_ocsp_signing_nickname=ocspSigningCert cert-%(pki_instance_id)s OCSP
pki_ocsp_signing_signing_algorithm=SHA256withRSA
pki_ocsp_signing_subject_dn=cn=OCSP Signing Certificate,o=%(pki_security_domain_name)s
pki_ocsp_signing_token=Internal Key Storage Token
-pki_admin_email=%(pki_admin_name)s@%(dns_domainname)s
+pki_admin_email=%(pki_admin_name)s@%(pki_dns_domainname)s
pki_admin_name=%(pki_admin_uid)s
-pki_admin_nickname=PKI Administrator for %(dns_domainname)s
-pki_admin_subject_dn=cn=PKI Administrator,,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
+pki_admin_nickname=PKI Administrator for %(pki_dns_domainname)s
+pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
pki_admin_uid=ocspadmin
-pki_audit_signing_nickname= auditSigningCert cert-%(pki_instance_id)s OCSP
+pki_audit_signing_nickname=auditSigningCert cert-%(pki_instance_id)s OCSP
pki_audit_signing_subject_dn=cn=OCSP Audit Signing Certificate,o=%(pki_security_domain_name)s
pki_ds_base_dn=o=%(pki_instance_id)s-OCSP
pki_ds_database=%(pki_instance_name)s-OCSP
-pki_ds_hostname=%(hostname)s
-pki_subsystem_name=OCSP %(hostname)s %(pki_https_port)s
+pki_ds_hostname=%(pki_hostname)s
+pki_subsystem_name=OCSP %(pki_hostname)s %(pki_https_port)s
pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s OCSP
pki_subsystem_subject_dn=cn=OCSP Subsystem Certificate,o=%(pki_security_domain_name)s
@@ -283,17 +292,17 @@ pki_subsystem_subject_dn=cn=OCSP Subsystem Certificate,o=%(pki_security_domain_n
###############################################################################
[TKS]
pki_import_admin_cert=True
-pki_admin_email=%(pki_admin_name)s@%(dns_domainname)s
+pki_admin_email=%(pki_admin_name)s@%(pki_dns_domainname)s
pki_admin_name=%(pki_admin_uid)s
-pki_admin_nickname=PKI Administrator for %(dns_domainname)s
-pki_admin_subject_dn=cn=PKI Administrator,,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
+pki_admin_nickname=PKI Administrator for %(pki_dns_domainname)s
+pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
pki_admin_uid=tksadmin
-pki_audit_signing_nickname= auditSigningCert cert-%(pki_instance_id)s TKS
+pki_audit_signing_nickname=auditSigningCert cert-%(pki_instance_id)s TKS
pki_audit_signing_subject_dn=cn=TKS Audit Signing Certificate,o=%(pki_security_domain_name)s
pki_ds_base_dn=o=%(pki_instance_id)s-TKS
pki_ds_database=%(pki_instance_name)s-TKS
-pki_ds_hostname=%(hostname)s
-pki_subsystem_name=TKS %(hostname)s %(pki_https_port)s
+pki_ds_hostname=%(pki_hostname)s
+pki_subsystem_name=TKS %(pki_hostname)s %(pki_https_port)s
pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s TKS
pki_subsystem_subject_dn=cn=TKS Subsystem Certificate,o=%(pki_security_domain_name)s
diff --git a/base/deploy/src/pkidestroy b/base/deploy/src/pkidestroy
index 69daa13ad..9e0a37396 100755
--- a/base/deploy/src/pkidestroy
+++ b/base/deploy/src/pkidestroy
@@ -115,21 +115,11 @@ def main(argv):
config.pki_log.error(log.PKI_UNABLE_TO_PARSE_1, rv,
extra=config.PKI_INDENTATION_LEVEL_0)
sys.exit(1)
- else:
- # NEVER print out 'sensitive' name/value pairs!!!
- config.pki_log.debug(log.PKI_DICTIONARY_COMMON,
- extra=config.PKI_INDENTATION_LEVEL_0)
- config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER,
- extra=config.PKI_INDENTATION_LEVEL_0)
- config.pki_log.debug(pkilogging.format(config.pki_web_server_dict),
- extra=config.PKI_INDENTATION_LEVEL_0)
- config.pki_log.debug(log.PKI_DICTIONARY_SUBSYSTEM,
- extra=config.PKI_INDENTATION_LEVEL_0)
- config.pki_log.debug(pkilogging.format(config.pki_subsystem_dict),
- extra=config.PKI_INDENTATION_LEVEL_0)
# NEVER print out 'sensitive' name/value pairs!!!
- config.pki_log.debug(log.PKI_DICTIONARY_COMMON,
+ config.pki_log.debug(log.PKI_DICTIONARY_DEFAULT,
+ extra=config.PKI_INDENTATION_LEVEL_0)
+ config.pki_log.debug(pkilogging.format(config.pki_default_dict),
extra=config.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER,
extra=config.PKI_INDENTATION_LEVEL_0)
diff --git a/base/deploy/src/pkispawn b/base/deploy/src/pkispawn
index 79ab1b230..21da9aef7 100755
--- a/base/deploy/src/pkispawn
+++ b/base/deploy/src/pkispawn
@@ -135,21 +135,11 @@ def main(argv):
config.pki_log.error(log.PKI_UNABLE_TO_PARSE_1, rv,
extra=config.PKI_INDENTATION_LEVEL_0)
sys.exit(1)
- else:
- # NEVER print out 'sensitive' name/value pairs!!!
- config.pki_log.debug(log.PKI_DICTIONARY_COMMON,
- extra=config.PKI_INDENTATION_LEVEL_0)
- config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER,
- extra=config.PKI_INDENTATION_LEVEL_0)
- config.pki_log.debug(pkilogging.format(config.pki_web_server_dict),
- extra=config.PKI_INDENTATION_LEVEL_0)
- config.pki_log.debug(log.PKI_DICTIONARY_SUBSYSTEM,
- extra=config.PKI_INDENTATION_LEVEL_0)
- config.pki_log.debug(pkilogging.format(config.pki_subsystem_dict),
- extra=config.PKI_INDENTATION_LEVEL_0)
# NEVER print out 'sensitive' name/value pairs!!!
- config.pki_log.debug(log.PKI_DICTIONARY_COMMON,
+ config.pki_log.debug(log.PKI_DICTIONARY_DEFAULT,
+ extra=config.PKI_INDENTATION_LEVEL_0)
+ config.pki_log.debug(pkilogging.format(config.pki_default_dict),
extra=config.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER,
extra=config.PKI_INDENTATION_LEVEL_0)
diff --git a/base/deploy/src/scriptlets/pkimessages.py b/base/deploy/src/scriptlets/pkimessages.py
index dbfb8e1f7..8d7ba1b6e 100644
--- a/base/deploy/src/scriptlets/pkimessages.py
+++ b/base/deploy/src/scriptlets/pkimessages.py
@@ -20,9 +20,9 @@
#
# PKI Deployment Engine Messages
-PKI_DICTIONARY_COMMON ="\n"\
+PKI_DICTIONARY_DEFAULT ="\n"\
"=====================================================\n"\
-" DISPLAY CONTENTS OF PKI COMMON DICTIONARY\n"\
+" DISPLAY CONTENTS OF PKI DEFAULT DICTIONARY\n"\
"====================================================="
PKI_DICTIONARY_MASTER="\n"\
"=====================================================\n"\
@@ -137,9 +137,6 @@ PKISPAWN_EPILOG =\
" Apache: 'pki_instance_name', 'pki_http_port', and 'pki_https_port'\n"\
" Tomcat: 'pki_instance_name', 'pki_http_port', 'pki_https_port',\n"\
" 'pki_ajp_port', and 'pki_tomcat_server_port'\n\n"\
-" Optionally, the 'pki_admin_domain_name' may be changed instead of, or\n"\
-" in addition to, the 'pki_instance_name' since a PKI instance is\n"\
-" defined as '${pki_instance_name}[.${pki_admin_domain_name}]'.\n\n"\
" Finally, if an optional '-p <prefix>' is defined, this value WILL NOT\n"\
" be prepended in front of the mandatory '-f <configuration_file>'.\n\n" +\
PKI_VERBOSITY
diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py
index 05536f424..6109e7486 100644
--- a/base/deploy/src/scriptlets/pkiparser.py
+++ b/base/deploy/src/scriptlets/pkiparser.py
@@ -227,12 +227,12 @@ class PKIConfigParser:
default_http_port = '80'
default_https_port = '443'
- predefined_dict = {'default_instance_name': default_instance_name,
- 'default_http_port': default_http_port,
- 'default_https_port': default_https_port,
- 'dns_domainname': config.pki_dns_domainname,
- 'subsystem_type' : config.pki_subsystem,
- 'hostname': config.pki_hostname}
+ predefined_dict = {'pki_instance_name': default_instance_name,
+ 'pki_http_port': default_http_port,
+ 'pki_https_port': default_https_port,
+ 'pki_dns_domainname': config.pki_dns_domainname,
+ 'pki_subsystem' : config.pki_subsystem,
+ 'pki_hostname': config.pki_hostname}
self.pki_config = ConfigParser.SafeConfigParser(predefined_dict)
# Make keys case-sensitive!
@@ -283,9 +283,6 @@ class PKIConfigParser:
config.pki_master_dict['pki_certificate_timestamp'] =\
config.pki_certificate_timestamp
config.pki_master_dict['pki_architecture'] = config.pki_architecture
- config.pki_master_dict['pki_hostname'] = config.pki_hostname
- config.pki_master_dict['pki_dns_domainname'] =\
- config.pki_dns_domainname
config.pki_master_dict['pki_jython_log_level'] =\
config.pki_jython_log_level
config.pki_master_dict['pki_deployment_cfg'] = config.pkideployment_cfg
@@ -362,7 +359,6 @@ class PKIConfigParser:
# (e. g. Tomcat: "pki-tomcat", "pki-tomcat.example.com")
# (e. g. Apache: "pki-apache", "pki-apache.example.com")
#
- config.pki_master_dict['pki_instance_id'] = config.pki_master_dict['pki_instance_name']
# PKI Source name/value pairs
config.pki_master_dict['pki_source_conf_path'] =\