Changes to get TPS and RA running on dogtag 10

Added systemd scripts for RA and TPS.  Modified init scripts
and configuration files to use correct directives for httpd 2.4.
TPS and RA subsystems are now installable using pkicreate

7 files changed, 51 insertions, 17 deletions

diff --git a/base/ra/CMakeLists.txt b/base/ra/CMakeLists.txt
index 59910fe95..79152e291 100644
--- a/base/ra/CMakeLists.txt
+++ b/base/ra/CMakeLists.txt
@@ -3,6 +3,19 @@ project(ra)
 add_subdirectory(doc)
 add_subdirectory(setup)
 
+# install systemd scripts
+install(
+    FILES
+        lib/systemd/system/pki-rad.target
+        lib/systemd/system/pki-rad@.service
+    DESTINATION
+        ${SYSTEMD_LIB_INSTALL_DIR}
+    PERMISSIONS
+        OWNER_EXECUTE OWNER_WRITE OWNER_READ
+        GROUP_EXECUTE GROUP_READ
+        WORLD_EXECUTE WORLD_READ
+)
+
 # install init script
 install(
     FILES
@@ -74,3 +87,8 @@ install(
         ${VAR_INSTALL_DIR}/run/pki/ra
 )
 
+install(
+    DIRECTORY
+    DESTINATION
+        ${SYSTEMD_ETC_INSTALL_DIR}/pki-rad.target.wants
+)
diff --git a/base/ra/apache/conf/httpd.conf b/base/ra/apache/conf/httpd.conf
index f89e43b33..180c08de0 100644
--- a/base/ra/apache/conf/httpd.conf
+++ b/base/ra/apache/conf/httpd.conf
@@ -232,8 +232,13 @@ Listen [PORT]
 # LoadModule foo_module modules/mod_foo.so
 #
 
-# Required modules for command 'Order':
+# MPM worker module is a loadable module as of 2.4
+LoadModule mpm_worker_module /etc/httpd/modules/mod_mpm_worker.so
+
+LoadModule authz_core_module /etc/httpd/modules/mod_authz_core.so
 [FORTITUDE_AUTH_MODULES]
+# Module for User and Group
+LoadModule unixd_module /etc/httpd/modules/mod_unixd.so
 # Required module for command 'UserDir':
 LoadModule userdir_module [FORTITUDE_LIB_DIR]/modules/mod_userdir.so
 # Required module for command 'DirectoryIndex':
@@ -394,8 +399,7 @@ DocumentRoot "[SERVER_ROOT]/docroot"
 #
 # Controls who can get stuff from this server.
 #
-    Order allow,deny
-    Allow from all
+    Require all granted
 
 </Directory>
 
@@ -444,8 +448,7 @@ AccessFileName .htaccess
 # viewed by Web clients. 
 #
 <Files ~ "^\.ht">
-    Order allow,deny
-    Deny from all
+    Require all denied
 </Files>
 
 #
@@ -592,8 +595,7 @@ Alias /icons/ "[SERVER_ROOT]/icons/"
 <Directory "[SERVER_ROOT]/icons">
     Options Indexes MultiViews
     AllowOverride None
-    Order allow,deny
-    Allow from all
+    Require all granted
 </Directory>
 
 #
@@ -606,8 +608,7 @@ AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|ru))?(/.*)?$ "[SERVER_ROOT]/manual$1
 <Directory "[SERVER_ROOT]/manual">
     Options Indexes
     AllowOverride None
-    Order allow,deny
-    Allow from all
+    Require all granted
 
     <Files *.html>
         SetHandler type-map
@@ -642,8 +643,7 @@ ScriptAlias /cgi-bin/ "[SERVER_ROOT]/cgi-bin/"
 <Directory "[SERVER_ROOT]/cgi-bin">
     AllowOverride None
     Options ExecCGI
-    Order allow,deny
-    Allow from all
+    Require all granted
 </Directory>
 
 #
diff --git a/base/ra/apache/conf/perl.conf b/base/ra/apache/conf/perl.conf
index 50139cdab..02a503f74 100644
--- a/base/ra/apache/conf/perl.conf
+++ b/base/ra/apache/conf/perl.conf
@@ -58,15 +58,13 @@ PerlSetEnv PKI_ROOT [SERVER_ROOT]
 <Location /ra/admin/console/config/wizard>
    SetHandler perl-script
    PerlHandler PKI::RA::Wizard
-   Order deny,allow
-   Allow from all
+   Require all granted
 </Location>
 
 <Location /ra/admin/console/config/login>
    SetHandler perl-script
    PerlHandler PKI::RA::Login
-   Order deny,allow
-   Allow from all
+   Require all granted
 </Location>
 
 PerlModule ModPerl::PerlRun
diff --git a/base/ra/lib/systemd/system/pki-rad.target b/base/ra/lib/systemd/system/pki-rad.target
new file mode 100644
index 000000000..e1a4f808e
--- /dev/null
+++ b/base/ra/lib/systemd/system/pki-rad.target
@@ -0,0 +1,6 @@
+[Unit]
+Description=PKI Registration Authority Server
+After=syslog.target network.target
+
+[Install]
+WantedBy=multi-user.target
diff --git a/base/ra/lib/systemd/system/pki-rad@.service b/base/ra/lib/systemd/system/pki-rad@.service
new file mode 100644
index 000000000..5432c62b2
--- /dev/null
+++ b/base/ra/lib/systemd/system/pki-rad@.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=PKI Registration Authority Server %i
+After=pki-rad.target
+BindTo=pki-rad.target
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/pkicontrol start ra %i
+ExecStop=/usr/bin/pkicontrol stop ra %i
+
+[Install]
+WantedBy=multi-user.target
diff --git a/base/ra/setup/pkidaemon_registry b/base/ra/setup/pkidaemon_registry
index 8d23dda05..2e81158ef 100644
--- a/base/ra/setup/pkidaemon_registry
+++ b/base/ra/setup/pkidaemon_registry
@@ -62,7 +62,7 @@ export RESTART_SERVER
 # available, but does not work with some modules (such as PHP).
 # The service must be stopped before changing this variable.
 #
-PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd.worker
+PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd
 export PKI_HTTPD
 
 #
diff --git a/base/ra/setup/registry_instance b/base/ra/setup/registry_instance
index f8cae5a43..5be7a4de0 100644
--- a/base/ra/setup/registry_instance
+++ b/base/ra/setup/registry_instance
@@ -59,7 +59,7 @@ export RESTART_SERVER
 # available, but does not work with some modules (such as PHP).
 # The service must be stopped before changing this variable.
 #
-PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd.worker
+PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd
 export PKI_HTTPD
 
 #