PKI Deployment Scriptlets

* Integration of Tomcat 7 * Introduction of dependency upon tomcatjss 7.0 * Removal of http filtering configuration mechanisms * Introduction of additional slot substitution to support revised filesystem layout * Addition of 'pkiuser' uid:gid creation methods * Inclusion of per instance '*.profile' files * Introduction of configurable 'configurationRoot' parameter * Introduction of default configuration of 'log4j' mechanism (alee) * Modify web.xml to use new Application classes to bootstrap servers (alee) * Introduction of "Wrapper" logic to support Tomcat 6 --> Tomcat 7 API change (jmagne) * Added jython helper function to allow attaching a remote java debugger (e. g. - eclipse)
author: Matthew Harmsen <mharmsen@redhat.com> 2012-07-03 17:52:33 -0700
committer: Matthew Harmsen <mharmsen@redhat.com> 2012-07-19 10:15:56 -0700
commit: 0ce6c97e4fe0e36786b78c273833b8f1dfbc12b4 (patch)
tree: 79c0152be9f49069e977d0156283dbed746e7cfb /base/ocsp
parent: 32b2670ba16084896e10ae27f7ce7b50313e375a (diff)
download: pki-0ce6c97e4fe0e36786b78c273833b8f1dfbc12b4.tar.gz
pki-0ce6c97e4fe0e36786b78c273833b8f1dfbc12b4.tar.xz
pki-0ce6c97e4fe0e36786b78c273833b8f1dfbc12b4.zip
2 files changed, 16 insertions, 100 deletions
diff --git a/base/ocsp/shared/conf/CS.cfg.in b/base/ocsp/shared/conf/CS.cfg.in
index 658a1b6d3..0910d6672 100644
--- a/base/ocsp/shared/conf/CS.cfg.in
+++ b/base/ocsp/shared/conf/CS.cfg.in
@@ -99,6 +99,7 @@ preop.cert.subsystem.cncomponent.override=true
 cs.state=0
 authType=pwd
 instanceRoot=[PKI_INSTANCE_PATH]
+configurationRoot=/[PKI_SUBSYSTEM_DIR]conf/
 machineName=[PKI_MACHINE_NAME]
 instanceId=[PKI_INSTANCE_ID]
 service.machineName=[PKI_MACHINE_NAME]
@@ -163,7 +164,7 @@ dbs.ldap=internaldb
 dbs.newSchemaEntryAdded=true
 debug.append=true
 debug.enabled=true
-debug.filename=[PKI_INSTANCE_PATH]/logs/debug
+debug.filename=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]debug
 debug.hashkeytypes=
 debug.level=0
 debug.showcaller=false
@@ -216,7 +217,7 @@ log.instance.SignedAudit.bufferSize=512
 log.instance.SignedAudit.enable=true
 log.instance.SignedAudit.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION
 log.instance.SignedAudit.expirationTime=0
-log.instance.SignedAudit.fileName=[PKI_INSTANCE_PATH]/logs/signedAudit/ocsp_cert-ocsp_audit
+log.instance.SignedAudit.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]signedAudit/ocsp_cert-ocsp_audit
 log.instance.SignedAudit.flushInterval=5
 log.instance.SignedAudit.level=1
 log.instance.SignedAudit.logSigning=false
@@ -234,7 +235,7 @@ log.instance.System._002=##
 log.instance.System.bufferSize=512
 log.instance.System.enable=true
 log.instance.System.expirationTime=0
-log.instance.System.fileName=[PKI_INSTANCE_PATH]/logs/system
+log.instance.System.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]system
 log.instance.System.flushInterval=5
 log.instance.System.level=3
 log.instance.System.maxFileSize=2000
@@ -247,15 +248,15 @@ log.instance.Transactions._002=##
 log.instance.Transactions.bufferSize=512
 log.instance.Transactions.enable=true
 log.instance.Transactions.expirationTime=0
-log.instance.Transactions.fileName=[PKI_INSTANCE_PATH]/logs/transactions
+log.instance.Transactions.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]transactions
 log.instance.Transactions.flushInterval=5
 log.instance.Transactions.level=1
 log.instance.Transactions.maxFileSize=2000
 log.instance.Transactions.pluginName=file
 log.instance.Transactions.rolloverInterval=2592000
 log.instance.Transactions.type=transaction
-logAudit.fileName=[PKI_INSTANCE_PATH]/logs/access
-logError.fileName=[PKI_INSTANCE_PATH]/logs/error
+logAudit.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]access
+logError.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]error
 ocsp.certNickname=
 ocsp.storeId=defStore
 ocsp.signing.certnickname=
@@ -302,7 +303,7 @@ selftests.container.logger.bufferSize=512
 selftests.container.logger.class=com.netscape.cms.logging.RollingLogFile
 selftests.container.logger.enable=true
 selftests.container.logger.expirationTime=0
-selftests.container.logger.fileName=[PKI_INSTANCE_PATH]/logs/selftests.log
+selftests.container.logger.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]selftests.log
 selftests.container.logger.flushInterval=5
 selftests.container.logger.level=1
 selftests.container.logger.maxFileSize=2000
diff --git a/base/ocsp/shared/webapps/ocsp/WEB-INF/web.xml b/base/ocsp/shared/webapps/ocsp/WEB-INF/web.xml
index e4ea799eb..cb18574b3 100644
--- a/base/ocsp/shared/webapps/ocsp/WEB-INF/web.xml
+++ b/base/ocsp/shared/webapps/ocsp/WEB-INF/web.xml
@@ -7,71 +7,6 @@
    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "file:///usr/share/pki/setup/web-app_2_3.dtd">
 <web-app>
 
-    <filter>
-        <filter-name>AgentRequestFilter</filter-name>
-        <filter-class>com.netscape.cms.servlet.filter.AgentRequestFilter</filter-class>
-        <init-param>
-            <param-name>https_port</param-name>
-            <param-value>[PKI_AGENT_SECURE_PORT]</param-value>
-        </init-param>
-[PKI_OPEN_ENABLE_PROXY_COMMENT]
-        <init-param>
-            <param-name>proxy_port</param-name>
-            <param-value>[PKI_PROXY_SECURE_PORT]</param-value>
-        </init-param>
-[PKI_CLOSE_ENABLE_PROXY_COMMENT]
-        <init-param>
-            <param-name>active</param-name>
-            <param-value>true</param-value>
-        </init-param>
-    </filter>
-
-    <filter>
-        <filter-name>AdminRequestFilter</filter-name>
-        <filter-class>com.netscape.cms.servlet.filter.AdminRequestFilter</filter-class>
-        <init-param>
-            <param-name>https_port</param-name>
-            <param-value>[PKI_ADMIN_SECURE_PORT]</param-value>
-        </init-param>
-[PKI_OPEN_ENABLE_PROXY_COMMENT]
-        <init-param>
-            <param-name>proxy_port</param-name>
-            <param-value>[PKI_PROXY_SECURE_PORT]</param-value>
-        </init-param>
-[PKI_CLOSE_ENABLE_PROXY_COMMENT]
-        <init-param>
-            <param-name>active</param-name>
-            <param-value>true</param-value>
-        </init-param>
-    </filter>
-
-    <filter>
-        <filter-name>EERequestFilter</filter-name>
-        <filter-class>com.netscape.cms.servlet.filter.EERequestFilter</filter-class>
-        <init-param>
-            <param-name>http_port</param-name>
-            <param-value>[PKI_UNSECURE_PORT]</param-value>
-        </init-param>
-        <init-param>
-            <param-name>https_port</param-name>
-            <param-value>[PKI_EE_SECURE_PORT]</param-value>
-        </init-param>
-[PKI_OPEN_ENABLE_PROXY_COMMENT]
-        <init-param>
-            <param-name>proxy_port</param-name>
-            <param-value>[PKI_PROXY_SECURE_PORT]</param-value>
-        </init-param>
-        <init-param>
-            <param-name>proxy_http_port</param-name>
-            <param-value>[PKI_PROXY_UNSECURE_PORT]</param-value>
-        </init-param>
-[PKI_CLOSE_ENABLE_PROXY_COMMENT]
-        <init-param>
-            <param-name>active</param-name>
-            <param-value>true</param-value>
-        </init-param>
-    </filter>
-
     <servlet>
         <servlet-name>csadmin-wizard</servlet-name>
         <servlet-class>com.netscape.cms.servlet.wizard.WizardServlet</servlet-class>
@@ -160,7 +95,7 @@
              <init-param><param-name>  AuthzMgr    </param-name>
                          <param-value> BasicAclAuthz </param-value> </init-param>
              <init-param><param-name>  cfgPath     </param-name>
-                         <param-value> [PKI_INSTANCE_PATH]/conf/CS.cfg </param-value> </init-param>
+                         <param-value> [PKI_INSTANCE_PATH]/conf/[PKI_SUBSYSTEM_DIR]CS.cfg </param-value> </init-param>
              <init-param><param-name>  ID          </param-name>
                          <param-value> ocspstart   </param-value> </init-param>
       <load-on-startup>  1  </load-on-startup>
@@ -469,10 +404,9 @@
                          <param-value> ee          </param-value> </init-param>
    </servlet>
 
-   <context-param>
-      <param-name>resteasy.scan</param-name>
-      <param-value>true</param-value>
-   </context-param>
+   <listener>
+      <listener-class> org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap </listener-class>
+   </listener>
 
    <context-param>
       <param-name>resteasy.servlet.mapping.prefix</param-name>
@@ -489,31 +423,12 @@
    <servlet>
       <servlet-name>Resteasy</servlet-name>
       <servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class>
+      <init-param>
+         <param-name>javax.ws.rs.Application</param-name>
+         <param-value>com.netscape.ocsp.OCSPApplication</param-value>
+      </init-param>
    </servlet>
 
-[PKI_OPEN_SEPARATE_PORTS_WEB_COMMENT]
-   <filter-mapping>
-      <filter-name>  AgentRequestFilter  </filter-name>
-      <url-pattern>  /agent/*            </url-pattern>
-   </filter-mapping>
-
-   <filter-mapping>
-      <filter-name>  AdminRequestFilter  </filter-name>
-      <url-pattern>  /admin/*            </url-pattern>
-      <url-pattern>  /auths              </url-pattern>
-      <url-pattern>  /ug                 </url-pattern>
-      <url-pattern>  /log                </url-pattern>
-      <url-pattern>  /acl                </url-pattern>
-      <url-pattern>  /server             </url-pattern>
-      <url-pattern>  /ocsp               </url-pattern>
-   </filter-mapping>
-
-   <filter-mapping>
-      <filter-name>  EERequestFilter  </filter-name>
-      <url-pattern>  /ee/*            </url-pattern>
-   </filter-mapping>
-[PKI_CLOSE_SEPARATE_PORTS_WEB_COMMENT]
-
    <servlet-mapping>
       <servlet-name>Resteasy</servlet-name>
       <url-pattern>/pki/*</url-pattern>
author	Matthew Harmsen <mharmsen@redhat.com>	2012-07-03 17:52:33 -0700
committer	Matthew Harmsen <mharmsen@redhat.com>	2012-07-19 10:15:56 -0700
commit	0ce6c97e4fe0e36786b78c273833b8f1dfbc12b4 (patch)
tree	79c0152be9f49069e977d0156283dbed746e7cfb /base/ocsp
parent	32b2670ba16084896e10ae27f7ce7b50313e375a (diff)
download	pki-0ce6c97e4fe0e36786b78c273833b8f1dfbc12b4.tar.gz pki-0ce6c97e4fe0e36786b78c273833b8f1dfbc12b4.tar.xz pki-0ce6c97e4fe0e36786b78c273833b8f1dfbc12b4.zip