summaryrefslogtreecommitdiffstats
path: root/pki/base/kra
diff options
context:
space:
mode:
authorjdennis <jdennis@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2010-11-19 21:00:40 +0000
committerjdennis <jdennis@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2010-11-19 21:00:40 +0000
commit2ab4b4058a240143e513db050bbf4170e9115ef1 (patch)
treea00195c6f63f11ee5e2fd9c4fc5f3c216ef7ace2 /pki/base/kra
parente73bde97720375973af57a29c5dd62aaec6342f2 (diff)
downloadpki-2ab4b4058a240143e513db050bbf4170e9115ef1.tar.gz
pki-2ab4b4058a240143e513db050bbf4170e9115ef1.tar.xz
pki-2ab4b4058a240143e513db050bbf4170e9115ef1.zip
Merge CA changes into KRA,OCSP & TKS
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1575 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/kra')
-rw-r--r--pki/base/kra/build.xml14
-rw-r--r--pki/base/kra/setup/registry_instance54
-rw-r--r--pki/base/kra/shared/conf/catalina.policy123
-rw-r--r--pki/base/kra/shared/conf/catalina.properties29
-rw-r--r--pki/base/kra/shared/conf/context.xml30
-rwxr-xr-xpki/base/kra/shared/conf/dtomcat5476
-rw-r--r--pki/base/kra/shared/conf/logging.properties70
-rw-r--r--pki/base/kra/shared/conf/server.xml532
-rw-r--r--pki/base/kra/shared/conf/tomcat-users.xml38
-rw-r--r--pki/base/kra/shared/conf/tomcat5.conf74
-rw-r--r--pki/base/kra/shared/conf/tomcat6.conf55
-rwxr-xr-xpki/base/kra/shared/etc/init.d/pki-krad1832
12 files changed, 507 insertions, 2820 deletions
diff --git a/pki/base/kra/build.xml b/pki/base/kra/build.xml
index abbdbe7ab..eecf414ee 100644
--- a/pki/base/kra/build.xml
+++ b/pki/base/kra/build.xml
@@ -191,6 +191,7 @@
filemode="644"
prefix="usr/share/${product.prefix}/${product}/setup">
<include name="config.desktop"/>
+ <include name="registry_instance"/>
</zipfileset>
<zipfileset dir="./shared/etc/init.d"
filemode="755"
@@ -198,15 +199,9 @@
<include name="pki-krad"/>
</zipfileset>
<zipfileset dir="./shared"
- filemode="755"
- prefix="usr/share/${product.prefix}/${product}">
- <include name="conf/dtomcat5"/>
- </zipfileset>
- <zipfileset dir="./shared"
filemode="644"
prefix="usr/share/${product.prefix}/${product}">
<include name="**"/>
- <exclude name="conf/dtomcat5"/>
<exclude name="etc/init.d/pki-krad"/>
</zipfileset>
<zipfileset dir="."
@@ -230,6 +225,7 @@
mode="644"
prefix="${dist.name}/usr/share/${product.prefix}/${product}/setup">
<include name="config.desktop"/>
+ <include name="registry_instance"/>
</tarfileset>
<tarfileset dir="./shared/etc/init.d"
mode="755"
@@ -237,15 +233,9 @@
<include name="pki-krad"/>
</tarfileset>
<tarfileset dir="./shared"
- mode="755"
- prefix="${dist.name}/usr/share/${product.prefix}/${product}">
- <include name="conf/dtomcat5"/>
- </tarfileset>
- <tarfileset dir="./shared"
mode="644"
prefix="${dist.name}/usr/share/${product.prefix}/${product}">
<include name="**"/>
- <exclude name="conf/dtomcat5"/>
<exclude name="etc/init.d/pki-krad"/>
</tarfileset>
<tarfileset dir="."
diff --git a/pki/base/kra/setup/registry_instance b/pki/base/kra/setup/registry_instance
new file mode 100644
index 000000000..7f0e592a1
--- /dev/null
+++ b/pki/base/kra/setup/registry_instance
@@ -0,0 +1,54 @@
+# Establish PKI Variable "Slot" Substitutions
+
+PKI_FLAVOR=[PKI_FLAVOR]
+export PKI_FLAVOR
+
+PKI_SUBSYSTEM_TYPE=[PKI_SUBSYSTEM_TYPE]
+export PKI_SUBSYSTEM_TYPE
+
+PKI_USER=[PKI_USER]
+export PKI_USER
+
+PKI_GROUP=[PKI_GROUP]
+export PKI_GROUP
+
+PKI_INSTANCE_ID=[PKI_INSTANCE_ID]
+export PKI_INSTANCE_ID
+
+PKI_INSTANCE_PATH=[PKI_INSTANCE_PATH]
+export PKI_INSTANCE_PATH
+
+PKI_INSTANCE_INITSCRIPT=[PKI_INSTANCE_INITSCRIPT]
+export PKI_INSTANCE_INITSCRIPT
+
+PKI_SERVER_XML_CONF=[PKI_SERVER_XML_CONF]
+export PKI_SERVER_XML_CONF
+
+# Use CATALINA_BASE
+
+CATALINA_BASE=$PKI_INSTANCE_PATH
+export CATALINA_BASE
+
+TOMCAT_PROG=$PKI_INSTANCE_ID
+export TOMCAT_PROG
+
+TOMCAT_USER=$PKI_USER
+export TOMCAT_USER
+
+TOMCAT_GROUP=$PKI_GROUP
+export TOMCAT_GROUP
+
+PKI_LOCKDIR="/var/lock/${PKI_FLAVOR}/${PKI_SUBSYSTEM_TYPE}"
+export PKI_LOCKDIR
+
+PKI_LOCKFILE="${PKI_LOCKDIR}/${PKI_INSTANCE_ID}.pid"
+export PKI_LOCKFILE
+
+TOMCAT_PIDFILE=[TOMCAT_PIDFILE]
+export TOMCAT_PIDFILE
+
+pki_instance_configuration_file=${PKI_INSTANCE_PATH}/conf/CS.cfg
+export pki_instance_configuration_file
+
+RESTART_SERVER=${PKI_INSTANCE_PATH}/conf/restart_server_after_configuration
+export RESTART_SERVER
diff --git a/pki/base/kra/shared/conf/catalina.policy b/pki/base/kra/shared/conf/catalina.policy
index 8f481e333..cf8302cd0 100644
--- a/pki/base/kra/shared/conf/catalina.policy
+++ b/pki/base/kra/shared/conf/catalina.policy
@@ -1,5 +1,26 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// Copyright (C) 2006-2010 Red Hat, Inc.
+// All rights reserved.
+// Modifications: configuration parameters
+// --- END COPYRIGHT BLOCK ---
+
+// Licensed to the Apache Software Foundation (ASF) under one or more
+// contributor license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright ownership.
+// The ASF licenses this file to You under the Apache License, Version 2.0
+// (the "License"); you may not use this file except in compliance with
+// the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
// ============================================================================
-// catalina.corepolicy - Security Policy Permissions for Tomcat 5
+// catalina.corepolicy - Security Policy Permissions for Tomcat 6
//
// This file contains a default set of security policies to be enforced (by the
// JVM) when Catalina is executed with the "-security" option. In addition
@@ -40,35 +61,16 @@ grant codeBase "file:${java.home}/lib/ext/-" {
// ========== CATALINA CODE PERMISSIONS =======================================
-// These permissions apply to the launcher code
-grant codeBase "file:${catalina.home}/bin/commons-launcher.jar" {
- permission java.security.AllPermission;
-};
-
// These permissions apply to the daemon code
grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" {
permission java.security.AllPermission;
};
-// These permissions apply to the commons-logging API
-grant codeBase "file:${catalina.home}/bin/commons-logging-api.jar" {
- permission java.security.AllPermission;
-};
-
-// These permissions apply to the server startup code
-grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
- permission java.security.AllPermission;
-};
-
-// These permissions apply to the JMX server
-grant codeBase "file:${catalina.home}/bin/jmx.jar" {
- permission java.security.AllPermission;
-};
-
-// These permissions apply to JULI
+// These permissions apply to the logging API
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
permission java.util.PropertyPermission "java.util.logging.config.class", "read";
permission java.util.PropertyPermission "java.util.logging.config.file", "read";
+ permission java.io.FilePermission "${java.home}${file.separator}lib${file.separator}logging.properties", "read";
permission java.lang.RuntimePermission "shutdownHooks";
permission java.io.FilePermission "${catalina.base}${file.separator}conf${file.separator}logging.properties", "read";
permission java.util.PropertyPermission "catalina.base", "read";
@@ -82,24 +84,19 @@ grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
// permission java.io.FilePermission "${catalina.base}${file.separator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties", "read";
};
-// These permissions apply to the servlet API classes
-// and those that are shared across all class loaders
-// located in the "common" directory
-grant codeBase "file:${catalina.home}/common/-" {
+// These permissions apply to the server startup code
+grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
permission java.security.AllPermission;
};
-// These permissions apply to the container's core code, plus any additional
-// libraries installed in the "server" directory
-grant codeBase "file:${catalina.home}/server/-" {
+// These permissions apply to the servlet API classes
+// and those that are shared across all class loaders
+// located in the "lib" directory
+grant codeBase "file:${catalina.home}/lib/-" {
permission java.security.AllPermission;
};
-// The permissions granted to the balancer WEB-INF/classes and WEB-INF/lib directory
-grant codeBase "file:${catalina.home}/webapps/balancer/-" {
- permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.util.digester";
- permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.util.digester.*";
-};
+
// ========== WEB APPLICATION PERMISSIONS =====================================
@@ -147,6 +144,9 @@ grant {
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime.*";
+ // Precompiled JSPs need access to this system property.
+ permission java.util.PropertyPermission "org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER", "read";
+
};
@@ -182,58 +182,3 @@ grant {
// permission java.net.SocketPermission "*.noaa.gov:80", "connect";
// };
-
-
-// These permissions apply to Tomcat5 java
-grant codeBase "file:/usr/share/java/tomcat5/-" {
- permission java.security.AllPermission;
-};
-grant codeBase "file:/usr/share/java/jakarta-commons-modeler.jar" {
- permission java.security.AllPermission;
-};
-grant codeBase "file:/usr/share/java/jasper5-compiler.jar" {
- permission java.security.AllPermission;
-};
-grant codeBase "file:/usr/share/java/jasper5-runtime.jar" {
- permission java.security.AllPermission;
-};
-
-
-
-// These permissions apply to PKI configuration
-grant codeBase "file:/usr/share/java/velocity.jar" {
- permission java.security.AllPermission;
-};
-grant codeBase "file:/usr/share/java/tomcat5-servlet-2.4-api.jar" {
- permission java.security.AllPermission;
-};
-
-
-
-
-// These permissions apply to PKI support
-grant codeBase "file:/usr/share/java/ldapjdk.jar" {
- permission java.security.AllPermission;
-};
-
-
-
-// These permissions apply to PKI
-grant codeBase "file:/usr/lib/java/jss4.jar" {
- permission java.security.AllPermission;
-};
-grant codeBase "file:/usr/share/java/tomcatjss.jar" {
- permission java.security.AllPermission;
-};
-grant codeBase "file:/usr/lib/java/osutil.jar" {
- permission java.security.AllPermission;
-};
-grant codeBase "file:/usr/lib/java/symkey.jar" {
- permission java.security.AllPermission;
-};
-grant codeBase "file:/usr/share/java/pki/-" {
- permission java.security.AllPermission;
-};
-
-
-
diff --git a/pki/base/kra/shared/conf/catalina.properties b/pki/base/kra/shared/conf/catalina.properties
index 86334d29f..70cb7c05e 100644
--- a/pki/base/kra/shared/conf/catalina.properties
+++ b/pki/base/kra/shared/conf/catalina.properties
@@ -1,3 +1,24 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# Copyright (C) 2006-2010 Red Hat, Inc.
+# All rights reserved.
+# Modifications: configuration parameters
+# --- END COPYRIGHT BLOCK ---
+
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
#
# List of comma-separated packages that start with or equal this string
# will cause a security exception to be thrown when
@@ -29,7 +50,7 @@ package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,org.apache
# "foo/*.jar": Add all the JARs of the specified folder as class
# repositories
# "foo/bar.jar": Add bar.jar as a class repository
-common.loader=${catalina.home}/common/classes,${catalina.home}/common/i18n/*.jar,${catalina.home}/common/endorsed/*.jar,${catalina.home}/common/lib/*.jar
+common.loader=${catalina.home}/lib,${catalina.home}/lib/*.jar,[TOMCAT_INSTANCE_COMMON_LIB]
#
# List of comma-separated paths defining the contents of the "server"
@@ -42,7 +63,7 @@ common.loader=${catalina.home}/common/classes,${catalina.home}/common/i18n/*.jar
# "foo/*.jar": Add all the JARs of the specified folder as class
# repositories
# "foo/bar.jar": Add bar.jar as a class repository
-server.loader=${catalina.home}/server/classes,${catalina.home}/server/lib/*.jar
+server.loader=
#
# List of comma-separated paths defining the contents of the "shared"
@@ -54,7 +75,9 @@ server.loader=${catalina.home}/server/classes,${catalina.home}/server/lib/*.jar
# "foo/*.jar": Add all the JARs of the specified folder as class
# repositories
# "foo/bar.jar": Add bar.jar as a class repository
-shared.loader=${catalina.base}/shared/classes,${catalina.base}/shared/lib/*.jar
+# Please note that for single jars, e.g. bar.jar, you need the URL form
+# starting with file:.
+shared.loader=
#
# String cache configuration.
diff --git a/pki/base/kra/shared/conf/context.xml b/pki/base/kra/shared/conf/context.xml
index 4998ad27d..8b6fe4905 100644
--- a/pki/base/kra/shared/conf/context.xml
+++ b/pki/base/kra/shared/conf/context.xml
@@ -1,5 +1,27 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!-- BEGIN COPYRIGHT BLOCK
+ Copyright (C) 2006-2010 Red Hat, Inc.
+ All rights reserved.
+ Modifications: configuration parameters
+ END COPYRIGHT BLOCK -->
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
<!-- The contents of this file will be loaded for each web application -->
-<Context crossContext="true">
+<Context crossContext="true" allowLinking="true">
<!-- Default set of monitored resources -->
<WatchedResource>WEB-INF/web.xml</WatchedResource>
@@ -9,4 +31,10 @@
<Manager pathname="" />
-->
+ <!-- Uncomment this to enable Comet connection tacking (provides events
+ on session expiration as well as webapp lifecycle) -->
+ <!--
+ <Valve className="org.apache.catalina.valves.CometConnectionManagerValve" />
+ -->
+
</Context>
diff --git a/pki/base/kra/shared/conf/dtomcat5 b/pki/base/kra/shared/conf/dtomcat5
deleted file mode 100755
index 2eeb889e6..000000000
--- a/pki/base/kra/shared/conf/dtomcat5
+++ /dev/null
@@ -1,476 +0,0 @@
-#!/bin/bash
-#
-# --- BEGIN COPYRIGHT BLOCK ---
-# Copyright (C) 2006 Red Hat, Inc.
-# All rights reserved.
-# --- END COPYRIGHT BLOCK ---
-#
-# -----------------------------------------------------------------------------
-# Start/Stop Script for the CATALINA Server
-#
-# Environment Variable Prequisites
-#
-# CATALINA_HOME May point at your Catalina "build" directory.
-#
-# CATALINA_BASE (Optional) Base directory for resolving dynamic portions
-# of a Catalina installation. If not present, resolves to
-# the same directory that CATALINA_HOME points to.
-#
-# CATALINA_OPTS (Optional) Java runtime options used when the "start",
-# "stop", or "run" command is executed.
-#
-# CATALINA_TMPDIR (Optional) Directory path location of temporary directory
-# the JVM should use (java.io.tmpdir). Defaults to
-# $CATALINA_BASE/temp.
-#
-# JAVA_HOME Must point at your Java Development Kit installation.
-# Required to run the with the "debug" or "javac" argument.
-#
-# JRE_HOME Must point at your Java Development Kit installation.
-# Defaults to JAVA_HOME if empty.
-#
-# JAVA_OPTS (Optional) Java runtime options used when the "start",
-# "stop", or "run" command is executed.
-#
-# JPDA_TRANSPORT (Optional) JPDA transport used when the "jpda start"
-# command is executed. The default is "dt_socket".
-#
-# JPDA_ADDRESS (Optional) Java runtime options used when the "jpda start"
-# command is executed. The default is 8000.
-#
-# JSSE_HOME (Optional) May point at your Java Secure Sockets Extension
-# (JSSE) installation, whose JAR files will be added to the
-# system class path used to start Tomcat.
-#
-# CATALINA_PID (Optional) Path of the file which should contains the pid
-# of catalina startup java process, when start (fork) is used
-#
-# $Id$
-# -----------------------------------------------------------------------------
-
-# Disallow 'others' the ability to 'write' to new files
-umask 00002
-
-# Check to insure that this script's original invocation directory
-# has not been deleted!
-CWD=`/bin/pwd > /dev/null 2>&1`
-if [ $? -ne 0 ] ; then
- echo "Cannot invoke '$0' from non-existent directory!"
- exit 255
-fi
-
-# Check to insure that this script's associated PKI
-# subsystem currently resides on this system.
-PKI_SUBSYSTEM_TYPE=[PKI_SUBSYSTEM_TYPE]
-if [ ! -d /usr/share/pki/${PKI_SUBSYSTEM_TYPE} ] ; then
- echo "This machine is missing the '${PKI_SUBSYSTEM_TYPE}' subsystem!"
- exit 255
-fi
-
-# OS specific support. $var _must_ be set to either true or false.
-OS=`uname -s`
-cygwin=false
-os400=false
-case "${OS}" in
-CYGWIN*) cygwin=true;;
-OS400*) os400=true;;
-esac
-
-TOMCAT_CFG=[PKI_INSTANCE_PATH]/conf/tomcat5.conf
-JAVADIR="/usr/share/java"
-
-# resolve links - $0 may be a softlink
-PRG="$0"
-
-while [ -h "$PRG" ]; do
- ls=`ls -ld "$PRG"`
- link=`expr "$ls" : '.*-> \(.*\)$'`
- if expr "$link" : '.*/.*' > /dev/null; then
- PRG="$link"
- else
- PRG=`dirname "$PRG"`/"$link"
- fi
-done
-
-# Get standard environment variables
-PRGDIR=`dirname "$PRG"`
-
-# Only set CATALINA_HOME if not already set
-[ -z "$CATALINA_HOME" ] && CATALINA_HOME=`cd "$PRGDIR/.." ; pwd`
-
-if [ -r "$CATALINA_HOME"/bin/setenv.sh ]; then
- . "$CATALINA_HOME"/bin/setenv.sh
-fi
-
-# For Cygwin, ensure paths are in UNIX format before anything is touched
-if $cygwin; then
- [ -n "$JAVA_HOME" ] && JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
- [ -n "$JRE_HOME" ] && JRE_HOME=`cygpath --unix "$JRE_HOME"`
- [ -n "$CATALINA_HOME" ] && CATALINA_HOME=`cygpath --unix "$CATALINA_HOME"`
- [ -n "$CATALINA_BASE" ] && CATALINA_BASE=`cygpath --unix "$CATALINA_BASE"`
- [ -n "$CLASSPATH" ] && CLASSPATH=`cygpath --path --unix "$CLASSPATH"`
- [ -n "$JSSE_HOME" ] && JSSE_HOME=`cygpath --absolute --unix "$JSSE_HOME"`
-fi
-
-# For OS400
-if $os400; then
- # Set job priority to standard for interactive (interactive - 6) by using
- # the interactive priority - 6, the helper threads that respond to requests
- # will be running at the same priority as interactive jobs.
- COMMAND='chgjob job('$JOBNAME') runpty(6)'
- system $COMMAND
-
- # Enable multi threading
- export QIBM_MULTI_THREADED=Y
-fi
-
-[ -r "$TOMCAT_CFG" ] && . "${TOMCAT_CFG}"
-
-### Set up defaults if they were omitted in TOMCAT_CFG
-### JVM lookup
-if [ -z "$JAVA_HOME" ]; then
- # Search for java in PATH
- JAVA=`which java`
- if [ -z "$JAVA" ] ; then
- JAVA_BINDIR=`dirname ${JAVA}`
- JAVA_HOME="${JAVA_BINDIR}/.."
- fi
- # Default clean JAVA_HOME
- [ -z "$JAVA_HOME" -a -d "/usr/lib/java" ] && JAVA_HOME="/usr/lib/java"
- # Default IBM JAVA_HOME
- [ -z "$JAVA_HOME" -a -d "/opt/IBMJava2-13" ] && \
- JAVA_HOME="/opt/IBMJava2-13"
- [ -z "$JAVA_HOME" -a -d "/opt/IBMJava2-131" ] && \
- JAVA_HOME="/opt/IBMJava2-131"
- [ -z "$JAVA_HOME" -a -d "/opt/IBMJava2-14" ] && \
- JAVA_HOME="/opt/IBMJava2-14"
- [ -z "$JAVA_HOME" -a -d "/opt/IBMJava2-141" ] && \
- JAVA_HOME="/opt/IBMJava2-141"
- # Another solution
- [ -z "$JAVA_HOME" -a -d "/usr/java/jdk" ] && \
- JAVA_HOME="/usr/java/jdk"
- # madeinlinux JAVA_HOME
- [ -z "$JAVA_HOME" -a -d "/usr/local/jdk1.2.2" ] && \
- JAVA_HOME="/usr/local/jdk1.2.2"
- # Kondara JAVA_HOME
- [ -z "$JAVA_HOME" -a -d "/usr/lib/java/jdk1.2.2" ] && \
- JAVA_HOME="/usr/lib/java/jdk1.2.2"
- # Other commonly found JAVA_HOMEs
- [ -z "$JAVA_HOME" -a -d "/usr/jdk1.2" ] && JAVA_HOME="/usr/jdk1.2"
- # Default Caldera JAVA_HOME
- [ -z "$JAVA_HOME" -a -d "/opt/java-1.3" ] && \
- JAVA_HOME="/opt/java-1.3"
- # Add other locations here
- if [ -z "$JAVA_HOME" ]; then
- echo "No JAVA_HOME specified in ${TOMCAT_CFG} and no java found"
- exit 1
- else
- echo "Found JAVA_HOME: ${JAVA_HOME}"
- echo "Please complete your ${TOMCAT_CFG} so we won't have to look for it next time"
- fi
-fi
-
-# Set juli LogManager if it is present
-if [ -r "$CATALINA_HOME"/bin/tomcat-juli.jar ]; then
- JAVA_OPTS="$JAVA_OPTS "-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
-fi
-
-# Set standard commands for invoking Java.
-_RUNJAVA="$JAVA_HOME"/bin/java
-_RUNJAVAC="$JAVA_HOME"/bin/javac
-_RUNJDB="$JAVA_HOME"/bin/jdb
-
-# Set standard CLASSPATH
-# (always inherit any preset values from the PKI start script)
-if [ ${OS} = "Linux" ] ; then
- # Checking for OpenJDK JVM
- OPENJDK_JVM="`java -version 2>&1 | tail -1 | awk '{print $1};'`"
- if [ "${OPENJDK_JVM}" = "OpenJDK" ] ||
- [ "${OPENJDK_JVM}" = "IcedTea" ]; then
- # using OpenJDK
- CLASSPATH="$CLASSPATH":"$JAVA_HOME"/lib/rt.jar
-
- # add required classes to the CLASSPATH for OpenJDK
- CLASSPATH="$CLASSPATH":"$JAVADIR"/commons-collections.jar
- else
- # NOT using OpenJDK
- CLASSPATH="$CLASSPATH":"$JAVA_HOME"/lib/tools.jar
- fi
-elif [ ${OS} = "SunOS" ] ; then
- CLASSPATH="$CLASSPATH":"$JAVA_HOME"/lib/rt.jar
-fi
-
-# Add on extra jar files to CLASSPATH
-if [ -n "$JSSE_HOME" ]; then
- CLASSPATH="$CLASSPATH":"$JSSE_HOME"/lib/jcert.jar:"$JSSE_HOME"/lib/jnet.jar:"$JSSE_HOME"/lib/jsse.jar
-fi
-
-# JPackage JSSE location check
-if [ -r "$JAVADIR/jsse/jcert.jar" ]; then
- CLASSPATH="$CLASSPATH":"$JAVADIR"/jsse/jcert.jar:"$JAVADIR"/jsse/jnet.jar:"$JAVADIR"/jsse/jsse.jar
-fi
-
-if [ ${OS} = "Linux" ] ; then
- CLASSPATH="$CLASSPATH":"$CATALINA_HOME"/bin/bootstrap.jar:"$CATALINA_HOME"/bin/commons-logging-api.jar:`/usr/bin/build-classpath mx4j/mx4j-impl`:`/usr/bin/build-classpath mx4j/mx4j-jmx`
-
- # add jars in required components for velocity >= 1.6 (just in case)
- VELOCITY=`rpm -q velocity|sed 's/velocity-\([0-9]*\)\.\([0-9]*\).*/\1\2/'`
- if [ "$VELOCITY" -ge 16 ]; then
- CLASSPATH="$CLASSPATH":`/usr/bin/build-classpath bcel hsqldb commons-collections commons-lang commons-logging commons-logging-api jdom junit oro servletapi5 werken.xpath`
- fi
-
-elif [ ${OS} = "SunOS" ] ; then
- # The following definitions are provided for Solaris
- # platforms since they are unable to execute the
- # "/usr/bin/build-classpath" and
- # "/usr/share/java-utils/java-functions" files . . .
-
- CLASSPATH="$CLASSPATH":"$CATALINA_HOME"/bin/bootstrap.jar
- CLASSPATH="$CLASSPATH":"$CATALINA_HOME"/bin/commons-logging-api.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-impl.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-jmx.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/pki/base.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/pki/certsrv.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/pki/cms.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/pki/cms72.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/pki/cms72_en.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/pki/cmsbundle.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/pki/cmscore.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/pki/cmsutil.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/pki/mcc70.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/pki/mcc70_en.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/pki/nmclf70.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/pki/nmclf70_en.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/pki/nsutil.jar
-
- if [ -f /usr/share/java/pkitools.jar ]; then
- CLASSPATH="$CLASSPATH":/usr/share/java/pkitools.jar
- elif [ -f /usr/share/java/cstools.jar ]; then
- CLASSPATH="$CLASSPATH":/usr/share/java/cstools.jar
- elif [ -f /usr/share/java/pki/cstools.jar ]; then
- CLASSPATH="$CLASSPATH":/usr/share/java/pki/cstools.jar
- fi
-
- if [ -f /usr/share/java/ca.jar ]; then
- CLASSPATH="$CLASSPATH":/usr/share/java/ca.jar
- elif [ -f /usr/share/java/pki/ca/ca.jar ]; then
- CLASSPATH="$CLASSPATH":/usr/share/java/pki/ca/ca.jar
- fi
- if [ -f /usr/share/java/kra.jar ]; then
- CLASSPATH="$CLASSPATH":/usr/share/java/kra.jar
- elif [ -f /usr/share/java/pki/kra/kra.jar ]; then
- CLASSPATH="$CLASSPATH":/usr/share/java/pki/kra/kra.jar
- fi
- if [ -f /usr/share/java/ocsp.jar ]; then
- CLASSPATH="$CLASSPATH":/usr/share/java/ocsp.jar
- elif [ -f /usr/share/java/pki/ocsp/ocsp.jar ]; then
- CLASSPATH="$CLASSPATH":/usr/share/java/pki/ocsp/ocsp.jar
- fi
- if [ -f /usr/share/java/tks.jar ]; then
- CLASSPATH="$CLASSPATH":/usr/share/java/tks.jar
- elif [ -f /usr/share/java/pki/tks/tks.jar ]; then
- CLASSPATH="$CLASSPATH":/usr/share/java/pki/tks/tks.jar
- fi
-
- # add jars for velocity 1.6 (just in case)
- CLASSPATH="$CLASSPATH":/usr/share/java/bcel.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/hsqldb.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/commons-collections.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/commons-lang.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/commons-logging.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/commons-logging-api.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/jdom.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/junit.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/oro.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/servletapi5.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/werken.xpath.jar
-
-fi
-
-if [ -z "$CATALINA_BASE" ] ; then
- CATALINA_BASE="$CATALINA_HOME"
-fi
-
-if [ -z "$CATALINA_TMPDIR" ] ; then
- # Define the java.io.tmpdir to use for Catalina
- CATALINA_TMPDIR="$CATALINA_BASE"/temp
-fi
-
-if [ -z "$CATALINA_PID" ] ; then
- export CATALINA_PID=/var/run/tomcat5.pid
-fi
-
-# For Cygwin, switch paths to Windows format before running java
-if $cygwin; then
- JAVA_HOME=`cygpath --absolute --windows "$JAVA_HOME"`
- JRE_HOME=`cygpath --absolute --windows "$JRE_HOME"`
- CATALINA_HOME=`cygpath --absolute --windows "$CATALINA_HOME"`
- CATALINA_BASE=`cygpath --absolute --windows "$CATALINA_BASE"`
- CATALINA_TMPDIR=`cygpath --absolute --windows "$CATALINA_TMPDIR"`
- CLASSPATH=`cygpath --path --windows "$CLASSPATH"`
- [ -n "$JSSE_HOME" ] && JSSE_HOME=`cygpath --absolute --windows "$JSSE_HOME"`
- JAVA_ENDORSED_DIRS=`cygpath --path --windows "$JAVA_ENDORSED_DIRS"`
-fi
-
-# ----- Execute The Requested Command -----------------------------------------
-echo "Using CATALINA_PID $CATALINA_PID"
-echo "Using CATALINA_BASE: $CATALINA_BASE"
-echo "Using CATALINA_HOME: $CATALINA_HOME"
-echo "Using CATALINA_TMPDIR: $CATALINA_TMPDIR"
-if [ "$1" = "debug" -o "$1" = "javac" ] ; then
- echo "Using JAVA_HOME: $JAVA_HOME"
-else
- echo "Using JRE_HOME: $JRE_HOME"
-fi
-
-if [ "$1" = "jpda" ] ; then
- if [ -z "$JPDA_TRANSPORT" ]; then
- JPDA_TRANSPORT="dt_socket"
- fi
- if [ -z "$JPDA_ADDRESS" ]; then
- JPDA_ADDRESS="8000"
- fi
- if [ -z "$JPDA_OPTS" ]; then
- JPDA_OPTS="-Xdebug -Xrunjdwp:transport=$JPDA_TRANSPORT,address=$JPDA_ADDRESS,server=y,suspend=n"
- fi
- CATALINA_OPTS="$CATALINA_OPTS $JPDA_OPTS"
- shift
-fi
-
-if [ "$1" = "debug" ] ; then
- if $os400; then
- echo "Debug command not available on OS400"
- exit 1
- else
- shift
- if [ "$1" = "-security" ] ; then
- echo "Using Security Manager"
- shift
- exec "$_RUNJDB" $JAVA_OPTS $CATALINA_OPTS \
- -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
- -sourcepath "$CATALINA_HOME"/../../jakarta-tomcat-catalina/catalina/src/share \
- -Djava.security.manager \
- -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \
- -Dcatalina.base="$CATALINA_BASE" \
- -Dcatalina.home="$CATALINA_HOME" \
- -Djava.io.tmpdir="$CATALINA_TMPDIR" \
- org.apache.catalina.startup.Bootstrap "$@" start
- else
- exec "$_RUNJDB" $JAVA_OPTS $CATALINA_OPTS \
- -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
- -sourcepath "$CATALINA_HOME"/../../jakarta-tomcat-catalina/catalina/src/share \
- -Dcatalina.base="$CATALINA_BASE" \
- -Dcatalina.home="$CATALINA_HOME" \
- -Djava.io.tmpdir="$CATALINA_TMPDIR" \
- org.apache.catalina.startup.Bootstrap "$@" start
- fi
- fi
-
-elif [ "$1" = "run" ]; then
-
- shift
- if [ "$1" = "-security" ] ; then
- echo "Using Security Manager"
- shift
- exec "$_RUNJAVA" $JAVA_OPTS $CATALINA_OPTS \
- -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
- -Djava.security.manager \
- -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \
- -Dcatalina.base="$CATALINA_BASE" \
- -Dcatalina.home="$CATALINA_HOME" \
- -Djava.io.tmpdir="$CATALINA_TMPDIR" \
- org.apache.catalina.startup.Bootstrap "$@" start
- else
- exec "$_RUNJAVA" $JAVA_OPTS $CATALINA_OPTS \
- -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
- -Dcatalina.base="$CATALINA_BASE" \
- -Dcatalina.home="$CATALINA_HOME" \
- -Djava.io.tmpdir="$CATALINA_TMPDIR" \
- org.apache.catalina.startup.Bootstrap "$@" start
- fi
-
-elif [ "$1" = "start" ] ; then
-
- shift
- touch "$CATALINA_BASE"/logs/catalina.out
- if [ "$1" = "-security" ] ; then
- echo "Using Security Manager"
- shift
- "$_RUNJAVA" $JAVA_OPTS $CATALINA_OPTS \
- -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
- -Djava.security.manager \
- -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \
- -Dcatalina.base="$CATALINA_BASE" \
- -Dcatalina.home="$CATALINA_HOME" \
- -Djava.io.tmpdir="$CATALINA_TMPDIR" \
- org.apache.catalina.startup.Bootstrap "$@" start \
- >> "$CATALINA_BASE"/logs/catalina.out 2>&1 &
-
- if [ ! -z "$CATALINA_PID" ]; then
- echo $! > $CATALINA_PID
- fi
- else
- "$_RUNJAVA" $JAVA_OPTS $CATALINA_OPTS \
- -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
- -Dcatalina.base="$CATALINA_BASE" \
- -Dcatalina.home="$CATALINA_HOME" \
- -Djava.io.tmpdir="$CATALINA_TMPDIR" \
- org.apache.catalina.startup.Bootstrap "$@" start \
- >> "$CATALINA_BASE"/logs/catalina.out 2>&1 &
-
- if [ ! -z "$CATALINA_PID" ]; then
- echo $! > $CATALINA_PID
- fi
- fi
-
-elif [ "$1" = "stop" ] ; then
-
- shift
- FORCE=0
- if [ "$1" = "-force" ]; then
- shift
- FORCE=1
- fi
-
- "$_RUNJAVA" $JAVA_OPTS $CATALINA_OPTS \
- -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
- -Dcatalina.base="$CATALINA_BASE" \
- -Dcatalina.home="$CATALINA_HOME" \
- -Djava.io.tmpdir="$CATALINA_TMPDIR" \
- org.apache.catalina.startup.Bootstrap "$@" stop
-
- if [ $FORCE -eq 1 ]; then
- if [ ! -z "$CATALINA_PID" ]; then
- echo "Killing: `cat $CATALINA_PID`"
- kill -9 `cat $CATALINA_PID`
- fi
- fi
-
-elif [ "$1" = "version" ] ; then
-
- "$_RUNJAVA" \
- -classpath "$CATALINA_HOME/server/lib/catalina.jar" \
- org.apache.catalina.util.ServerInfo
-
-else
-
- echo "Usage: dtomcat5 ( commands ... )"
- echo "commands:"
- if $os400; then
- echo " debug Start Catalina in a debugger (not available on OS400)"
- echo " debug -security Debug Catalina with a security manager (not available on OS400)"
- else
- echo " debug Start Catalina in a debugger"
- echo " debug -security Debug Catalina with a security manager"
- fi
- echo " jpda start Start Catalina under JPDA debugger"
- echo " run Start Catalina in the current window"
- echo " run -security Start in the current window with security manager"
- echo " start Start Catalina in a separate window"
- echo " start -security Start in a separate window with security manager"
- echo " stop Stop Catalina"
- echo " stop -force Stop Catalina (followed by kill -KILL)"
- echo " version What version of tomcat are you running?"
- exit 1
-
-fi
diff --git a/pki/base/kra/shared/conf/logging.properties b/pki/base/kra/shared/conf/logging.properties
new file mode 100644
index 000000000..796cfc071
--- /dev/null
+++ b/pki/base/kra/shared/conf/logging.properties
@@ -0,0 +1,70 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# Copyright (C) 2006-2010 Red Hat, Inc.
+# All rights reserved.
+# Modifications: configuration parameters
+# --- END COPYRIGHT BLOCK ---
+
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+handlers = 1catalina.org.apache.juli.FileHandler, 2localhost.org.apache.juli.FileHandler, 3manager.org.apache.juli.FileHandler, 4host-manager.org.apache.juli.FileHandler, java.util.logging.ConsoleHandler
+
+.handlers = 1catalina.org.apache.juli.FileHandler, java.util.logging.ConsoleHandler
+
+############################################################
+# Handler specific properties.
+# Describes specific configuration info for Handlers.
+############################################################
+
+1catalina.org.apache.juli.FileHandler.level = FINE
+1catalina.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
+1catalina.org.apache.juli.FileHandler.prefix = catalina.
+
+2localhost.org.apache.juli.FileHandler.level = FINE
+2localhost.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
+2localhost.org.apache.juli.FileHandler.prefix = localhost.
+
+3manager.org.apache.juli.FileHandler.level = FINE
+3manager.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
+3manager.org.apache.juli.FileHandler.prefix = manager.
+
+4host-manager.org.apache.juli.FileHandler.level = FINE
+4host-manager.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
+4host-manager.org.apache.juli.FileHandler.prefix = host-manager.
+
+java.util.logging.ConsoleHandler.level = FINE
+java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
+
+
+############################################################
+# Facility specific properties.
+# Provides extra control for each logger.
+############################################################
+
+org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = INFO
+org.apache.catalina.core.ContainerBase.[Catalina].[localhost].handlers = 2localhost.org.apache.juli.FileHandler
+
+org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].level = INFO
+org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].handlers = 3manager.org.apache.juli.FileHandler
+
+org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].level = INFO
+org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].handlers = 4host-manager.org.apache.juli.FileHandler
+
+# For example, set the com.xyz.foo logger to only log SEVERE
+# messages:
+#org.apache.catalina.startup.ContextConfig.level = FINE
+#org.apache.catalina.startup.HostConfig.level = FINE
+#org.apache.catalina.session.ManagerBase.level = FINE
+#org.apache.catalina.core.AprLifecycleListener.level=FINE
diff --git a/pki/base/kra/shared/conf/server.xml b/pki/base/kra/shared/conf/server.xml
index 71b433bef..9a24cfa44 100644
--- a/pki/base/kra/shared/conf/server.xml
+++ b/pki/base/kra/shared/conf/server.xml
@@ -1,208 +1,196 @@
-<!-- Example Server Configuration File -->
-<!-- Note that component elements are nested corresponding to their
- parent-child relationships with each other -->
-
-<!-- A "Server" is a singleton element that represents the entire JVM,
- which may contain one or more "Service" instances. The Server
- listens for a shutdown command on the indicated port.
-
- Note: A "Server" is not itself a "Container", so you may not
- define subcomponents such as "Valves" or "Loggers" at this level.
+<?xml version='1.0' encoding='utf-8'?>
+<!-- BEGIN COPYRIGHT BLOCK
+ Copyright (C) 2006-2010 Red Hat, Inc.
+ All rights reserved.
+ Modifications: configuration parameters
+ END COPYRIGHT BLOCK -->
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!-- Note: A "Server" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" at this level.
+ Documentation at /docs/config/server.html
-->
<!-- DO NOT REMOVE - Begin PKI Status Definitions -->
<!--
-Unsecure Port = http://[PKI_MACHINE_NAME]:[PKI_UNSECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/ee/[PKI_SUBSYSTEM_TYPE]
-Secure Agent Port = https://[PKI_MACHINE_NAME]:[PKI_AGENT_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/agent/[PKI_SUBSYSTEM_TYPE]
-Secure EE Port = https://[PKI_MACHINE_NAME]:[PKI_EE_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/ee/[PKI_SUBSYSTEM_TYPE]
-Secure Admin Port = https://[PKI_MACHINE_NAME]:[PKI_ADMIN_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/services
-PKI Console Port = pkiconsole https://[PKI_MACHINE_NAME]:[PKI_ADMIN_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]
-Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown)
+Unsecure Port = http://[PKI_MACHINE_NAME]:[PKI_UNSECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/ee/[PKI_SUBSYSTEM_TYPE]
+Secure Agent Port = https://[PKI_MACHINE_NAME]:[PKI_AGENT_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/agent/[PKI_SUBSYSTEM_TYPE]
+Secure EE Port = https://[PKI_MACHINE_NAME]:[PKI_EE_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/ee/[PKI_SUBSYSTEM_TYPE]
+Secure Admin Port = https://[PKI_MACHINE_NAME]:[PKI_ADMIN_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/services
+PKI Console Port = pkiconsole https://[PKI_MACHINE_NAME]:[PKI_ADMIN_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]
+Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown)
-->
<!-- DO NOT REMOVE - End PKI Status Definitions -->
<Server port="[TOMCAT_SERVER_PORT]" shutdown="SHUTDOWN">
- <!-- Comment these entries out to disable JMX MBeans support used for the
- administration web application -->
+ <!--APR library loader. Documentation at /docs/apr.html -->
+ <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+ <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
+ <Listener className="org.apache.catalina.core.JasperListener" />
+ <!-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html -->
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
- <Listener className="org.apache.catalina.storeconfig.StoreConfigLifecycleListener"/>
- <!-- Global JNDI resources -->
+ <!-- Global JNDI resources
+ Documentation at /docs/jndi-resources-howto.html
+ -->
<GlobalNamingResources>
-
- <!-- Test entry for demonstration purposes -->
- <Environment name="simpleValue" type="java.lang.Integer" value="30"/>
-
<!-- Editable user database that can also be used by
- UserDatabaseRealm to authenticate users -->
+ UserDatabaseRealm to authenticate users
+ -->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
- description="User database that can be updated and saved"
- factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
- pathname="conf/tomcat-users.xml" />
-
+ description="User database that can be updated and saved"
+ factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
+ pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
- a single "Container" (and therefore the web applications visible
- within that Container). Normally, that Container is an "Engine",
- but this is not required.
-
- Note: A "Service" is not itself a "Container", so you may not
- define subcomponents such as "Valves" or "Loggers" at this level.
+ a single "Container" Note: A "Service" is not itself a "Container",
+ so you may not define subcomponents such as "Valves" at this level.
+ Documentation at /docs/config/service.html
-->
-
- <!-- Define the Tomcat Stand-Alone Service -->
<Service name="Catalina">
-
+
+ <!--The connectors can use a shared executor, you can define one or more named thread pools-->
+ <!--
+ <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
+ maxThreads="150" minSpareThreads="4"/>
+ -->
+
+
<!-- A "Connector" represents an endpoint by which requests are received
- and responses are returned. Each Connector passes requests on to the
- associated "Container" (normally an Engine) for processing.
-
- By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
- You can also enable an SSL HTTP/1.1 Connector on port 8443 by
- following the instructions below and uncommenting the second Connector
- entry. SSL support requires the following steps (see the SSL Config
- HOWTO in the Tomcat 5 documentation bundle for more detailed
- instructions):
- * If your JDK version 1.3 or prior, download and install JSSE 1.0.2 or
- later, and put the JAR files into "$JAVA_HOME/jre/lib/ext".
- * Execute:
- %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
- $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
- with a password value of "changeit" for both the certificate and
- the keystore itself.
-
- By default, DNS lookups are enabled when a web application calls
- request.getRemoteHost(). This can have an adverse impact on
- performance, so you can disable it by setting the
- "enableLookups" attribute to "false". When DNS lookups are disabled,
- request.getRemoteHost() will return the String version of the
- IP address of the remote client.
+ and responses are returned. Documentation at :
+ Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
+ Java AJP Connector: /docs/config/ajp.html
+ APR (HTTP/AJP) Connector: /docs/apr.html
+ Define a non-SSL HTTP/1.1 Connector on port 8080
-->
-<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
-[PKI_UNSECURE_PORT_SERVER_COMMENT]
-<Connector name="[PKI_UNSECURE_PORT_CONNECTOR_NAME]" port="[PKI_UNSECURE_PORT]" maxHttpHeaderSize="8192"
- maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
- enableLookups="false" redirectPort="8443" acceptCount="100"
- connectionTimeout="20000" disableUploadTimeout="true"/>
-
-
-<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
-[PKI_SECURE_PORT_SERVER_COMMENT]
-<!-- DO NOT REMOVE - Begin define PKI secure port -->
-<Connector name="[PKI_SECURE_PORT_CONNECTOR_NAME]" port="[PKI_SECURE_PORT]" maxHttpHeaderSize="8192"
- maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
- enableLookups="false" disableUploadTimeout="true"
- acceptCount="100" scheme="https" secure="true"
- clientAuth="[PKI_AGENT_CLIENTAUTH]" sslProtocol="SSL"
- sslOptions="ssl2=false,ssl3=true,tls=true"
- ssl2Ciphers="-SSL2_RC4_128_WITH_MD5,-SSL2_RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,-SSL2_DES_64_CBC_WITH_MD5,-SSL2_DES_192_EDE3_CBC_WITH_MD5"
- ssl3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
- tls3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
- SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation"
- serverCertNickFile="[PKI_INSTANCE_PATH]/conf/serverCertNick.conf"
- passwordFile="[PKI_INSTANCE_PATH]/conf/password.conf"
- passwordClass="org.apache.tomcat.util.net.jss.PlainPasswordFile"
- certdbDir="[PKI_INSTANCE_PATH]/alias"/>
-<!-- DO NOT REMOVE - End define PKI secure port -->
-
-[PKI_OPEN_SEPARATE_PORTS_SERVER_COMMENT][PKI_ADMIN_SECURE_PORT_SERVER_COMMENT]
-<Connector name="[PKI_ADMIN_SECURE_PORT_CONNECTOR_NAME]" port="[PKI_ADMIN_SECURE_PORT]" maxHttpHeaderSize="8192"
- maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
- enableLookups="false" disableUploadTimeout="true"
- acceptCount="100" scheme="https" secure="true"
- clientAuth="false" sslProtocol="SSL"
- sslOptions="ssl2=false,ssl3=true,tls=true"
- ssl2Ciphers="-SSL2_RC4_128_WITH_MD5,-SSL2_RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,-SSL2_DES_64_CBC_WITH_MD5,-SSL2_DES_192_EDE3_CBC_WITH_MD5"
- ssl3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
- tls3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
- SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation"
- serverCertNickFile="[PKI_INSTANCE_PATH]/conf/serverCertNick.conf"
- passwordFile="[PKI_INSTANCE_PATH]/conf/password.conf"
- passwordClass="org.apache.tomcat.util.net.jss.PlainPasswordFile"
- certdbDir="[PKI_INSTANCE_PATH]/alias"/>
-[PKI_CLOSE_SEPARATE_PORTS_SERVER_COMMENT]
-
-[PKI_OPEN_SEPARATE_PORTS_SERVER_COMMENT][PKI_EE_SECURE_PORT_SERVER_COMMENT]
-<Connector name="[PKI_EE_SECURE_PORT_CONNECTOR_NAME]" port="[PKI_EE_SECURE_PORT]" maxHttpHeaderSize="8192"
- maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
- enableLookups="false" disableUploadTimeout="true"
- acceptCount="100" scheme="https" secure="true"
- clientAuth="false" sslProtocol="SSL"
- sslOptions="ssl2=false,ssl3=true,tls=true"
- ssl2Ciphers="-SSL2_RC4_128_WITH_MD5,-SSL2_RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,-SSL2_DES_64_CBC_WITH_MD5,-SSL2_DES_192_EDE3_CBC_WITH_MD5"
- ssl3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
- tls3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
- SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation"
- serverCertNickFile="[PKI_INSTANCE_PATH]/conf/serverCertNick.conf"
- passwordFile="[PKI_INSTANCE_PATH]/conf/password.conf"
- passwordClass="org.apache.tomcat.util.net.jss.PlainPasswordFile"
- certdbDir="[PKI_INSTANCE_PATH]/alias"/>
-[PKI_CLOSE_SEPARATE_PORTS_SERVER_COMMENT]
-
- <!-- Note : To disable connection timeouts, set connectionTimeout value
- to 0 -->
-
- <!-- Note : To use gzip compression you could set the following properties :
-
- compression="on"
- compressionMinSize="2048"
- noCompressionUserAgents="gozilla, traviata"
- compressableMimeType="text/html,text/xml"
- -->
-
+ [PKI_UNSECURE_PORT_SERVER_COMMENT]
+ <Connector name="[PKI_UNSECURE_PORT_CONNECTOR_NAME]" port="[PKI_UNSECURE_PORT]" protocol="HTTP/1.1" redirectPort="8443"
+ maxHttpHeaderSize="8192"
+ acceptCount="100" maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
+ enableLookups="false" connectionTimeout="20000" disableUploadTimeout="true"
+ />
+
+ <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
+ [PKI_SECURE_PORT_SERVER_COMMENT]
+ <!-- DO NOT REMOVE - Begin define PKI secure port -->
+ <Connector name="[PKI_SECURE_PORT_CONNECTOR_NAME]" port="[PKI_SECURE_PORT]" protocol="HTTP/1.1" SSLEnabled="true" sslProtocol="SSL" scheme="https" secure="true"
+ maxHttpHeaderSize="8192"
+ acceptCount="100" maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
+ enableLookups="false" connectionTimeout="20000" disableUploadTimeout="true"
+ SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation"
+ clientAuth="[PKI_AGENT_CLIENTAUTH]"
+ sslOptions="[TOMCAT_SSL_OPTIONS]"
+ ssl2Ciphers="[TOMCAT_SSL2_CIPHERS]"
+ ssl3Ciphers="[TOMCAT_SSL3_CIPHERS]"
+ tls3Ciphers="[TOMCAT_TLS3_CIPHERS]"
+ serverCertNickFile="[PKI_INSTANCE_PATH]/conf/serverCertNick.conf"
+ passwordFile="[PKI_INSTANCE_PATH]/conf/password.conf"
+ passwordClass="org.apache.tomcat.util.net.jss.PlainPasswordFile"
+ certdbDir="[PKI_INSTANCE_PATH]/alias"
+ />
+ <!-- DO NOT REMOVE - End define PKI secure port -->
+
+ [PKI_OPEN_SEPARATE_PORTS_SERVER_COMMENT][PKI_ADMIN_SECURE_PORT_SERVER_COMMENT]
+ <Connector name="[PKI_ADMIN_SECURE_PORT_CONNECTOR_NAME]" port="[PKI_ADMIN_SECURE_PORT]" SSLEnabled="true" sslProtocol="SSL" scheme="https" secure="true"
+ maxHttpHeaderSize="8192"
+ acceptCount="100" maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
+ enableLookups="false" disableUploadTimeout="true"
+ SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation"
+ clientAuth="false"
+ sslOptions="[TOMCAT_SSL_OPTIONS]"
+ ssl2Ciphers="[TOMCAT_SSL2_CIPHERS]"
+ ssl3Ciphers="[TOMCAT_SSL3_CIPHERS]"
+ tls3Ciphers="[TOMCAT_TLS3_CIPHERS]"
+ serverCertNickFile="[PKI_INSTANCE_PATH]/conf/serverCertNick.conf"
+ passwordFile="[PKI_INSTANCE_PATH]/conf/password.conf"
+ passwordClass="org.apache.tomcat.util.net.jss.PlainPasswordFile"
+ certdbDir="[PKI_INSTANCE_PATH]/alias"/>
+ [PKI_CLOSE_SEPARATE_PORTS_SERVER_COMMENT]
+
+ [PKI_OPEN_SEPARATE_PORTS_SERVER_COMMENT][PKI_EE_SECURE_PORT_SERVER_COMMENT]
+ <Connector name="[PKI_EE_SECURE_PORT_CONNECTOR_NAME]" port="[PKI_EE_SECURE_PORT]" SSLEnabled="true" sslProtocol="SSL" scheme="https" secure="true"
+ maxHttpHeaderSize="8192"
+ acceptCount="100" maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
+ enableLookups="false" connectionTimeout="20000" disableUploadTimeout="true"
+ SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation"
+ clientAuth="false"
+ sslOptions="[TOMCAT_SSL_OPTIONS]"
+ ssl2Ciphers="[TOMCAT_SSL2_CIPHERS]"
+ ssl3Ciphers="[TOMCAT_SSL3_CIPHERS]"
+ tls3Ciphers="[TOMCAT_TLS3_CIPHERS]"
+ serverCertNickFile="[PKI_INSTANCE_PATH]/conf/serverCertNick.conf"
+ passwordFile="[PKI_INSTANCE_PATH]/conf/password.conf"
+ passwordClass="org.apache.tomcat.util.net.jss.PlainPasswordFile"
+ certdbDir="[PKI_INSTANCE_PATH]/alias"/>
+ [PKI_CLOSE_SEPARATE_PORTS_SERVER_COMMENT]
+
+ <!-- A "Connector" using the shared thread pool-->
+ <!--
+ <Connector executor="tomcatThreadPool"
+ port="8080" protocol="HTTP/1.1"
+ connectionTimeout="20000"
+ redirectPort="8443" />
+ -->
+ <!-- Define a SSL HTTP/1.1 Connector on port 8443
+ This connector uses the JSSE configuration, when using APR, the
+ connector should be using the OpenSSL style configuration
+ described in the APR documentation -->
+ <!--
+ <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
+ maxThreads="150" scheme="https" secure="true"
+ clientAuth="false" sslProtocol="TLS" />
+ -->
<!-- Define an AJP 1.3 Connector on port 8009 -->
<!--
- <Connector port="8009"
- enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />
+ <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
-->
- <!-- Define a Proxied HTTP/1.1 Connector on port 8082 -->
- <!-- See proxy documentation for more information about using this. -->
- <!--
- <Connector port="8082"
- maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
- enableLookups="false" acceptCount="100" connectionTimeout="20000"
- proxyPort="80" disableUploadTimeout="true" />
- -->
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
- on to the appropriate Host (virtual host). -->
+ on to the appropriate Host (virtual host).
+ Documentation at /docs/config/engine.html -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
- <Engine name="Standalone" defaultHost="localhost" jvmRoute="jvm1">
+ <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
-
- <!-- Define the top level container in our container hierarchy -->
<Engine name="Catalina" defaultHost="localhost">
- <!-- The request dumper valve dumps useful debugging information about
- the request headers and cookies that were received, and the response
- headers and cookies that were sent, for all requests received by
- this instance of Tomcat. If you care only about requests to a
- particular virtual host, or a particular application, nest this
- element inside the corresponding <Host> or <Context> entry instead.
-
- For a similar mechanism that is portable to all Servlet 2.4
- containers, check out the "RequestDumperFilter" Filter in the
- example application (the source for this filter may be found in
- "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
+ <!--For clustering, please take a look at documentation at:
+ /docs/cluster-howto.html (simple how to)
+ /docs/config/cluster.html (reference documentation) -->
+ <!--
+ <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
+ -->
- Request dumping is disabled by default. Uncomment the following
- element to enable it. -->
+ <!-- The request dumper valve dumps useful debugging information about
+ the request and response data received and sent by Tomcat.
+ Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.valves.RequestDumperValve"/>
-->
- <!-- Because this Realm is here, an instance will be shared globally -->
-
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
@@ -210,229 +198,27 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown)
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
- <!-- Comment out the old realm but leave here for now in case we
- need to go back quickly -->
- <!--
- <Realm className="org.apache.catalina.realm.MemoryRealm" />
- -->
-
- <!-- Replace the above Realm with one of the following to get a Realm
- stored in a database and accessed via JDBC -->
-
- <!--
- <Realm className="org.apache.catalina.realm.JDBCRealm"
- driverName="org.gjt.mm.mysql.Driver"
- connectionURL="jdbc:mysql://localhost/authority"
- connectionName="test" connectionPassword="test"
- userTable="users" userNameCol="user_name" userCredCol="user_pass"
- userRoleTable="user_roles" roleNameCol="role_name" />
- -->
-
- <!--
- <Realm className="org.apache.catalina.realm.JDBCRealm"
- driverName="oracle.jdbc.driver.OracleDriver"
- connectionURL="jdbc:oracle:thin:@ntserver:1521:ORCL"
- connectionName="scott" connectionPassword="tiger"
- userTable="users" userNameCol="user_name" userCredCol="user_pass"
- userRoleTable="user_roles" roleNameCol="role_name" />
- -->
-
- <!--
- <Realm className="org.apache.catalina.realm.JDBCRealm"
- driverName="sun.jdbc.odbc.JdbcOdbcDriver"
- connectionURL="jdbc:odbc:CATALINA"
- userTable="users" userNameCol="user_name" userCredCol="user_pass"
- userRoleTable="user_roles" roleNameCol="role_name" />
- -->
-
<!-- Define the default virtual host
Note: XML Schema validation will not work with Xerces 2.2.
-->
- <Host name="localhost" appBase="webapps"
- unpackWARs="true" autoDeploy="false"
- xmlValidation="false" xmlNamespaceAware="false">
-
- <!-- Defines a cluster for this node,
- By defining this element, means that every manager will be changed.
- So when running a cluster, only make sure that you have webapps in there
- that need to be clustered and remove the other ones.
- A cluster has the following parameters:
-
- className = the fully qualified name of the cluster class
-
- name = a descriptive name for your cluster, can be anything
-
- mcastAddr = the multicast address, has to be the same for all the nodes
-
- mcastPort = the multicast port, has to be the same for all the nodes
-
- mcastBindAddr = bind the multicast socket to a specific address
-
- mcastTTL = the multicast TTL if you want to limit your broadcast
-
- mcastSoTimeout = the multicast readtimeout
-
- mcastFrequency = the number of milliseconds in between sending a "I'm alive" heartbeat
+ <Host name="localhost" appBase="webapps"
+ unpackWARs="true" autoDeploy="false"
+ xmlValidation="false" xmlNamespaceAware="false">
- mcastDropTime = the number a milliseconds before a node is considered "dead" if no heartbeat is received
-
- tcpThreadCount = the number of threads to handle incoming replication requests, optimal would be the same amount of threads as nodes
-
- tcpListenAddress = the listen address (bind address) for TCP cluster request on this host,
- in case of multiple ethernet cards.
- auto means that address becomes
- InetAddress.getLocalHost().getHostAddress()
-
- tcpListenPort = the tcp listen port
-
- tcpSelectorTimeout = the timeout (ms) for the Selector.select() method in case the OS
- has a wakup bug in java.nio. Set to 0 for no timeout
-
- printToScreen = true means that managers will also print to std.out
-
- expireSessionsOnShutdown = true means that
-
- useDirtyFlag = true means that we only replicate a session after setAttribute,removeAttribute has been called.
- false means to replicate the session after each request.
- false means that replication would work for the following piece of code: (only for SimpleTcpReplicationManager)
- <%
- HashMap map = (HashMap)session.getAttribute("map");
- map.put("key","value");
- %>
- replicationMode = can be either 'pooled', 'synchronous' or 'asynchronous'.
- * Pooled means that the replication happens using several sockets in a synchronous way. Ie, the data gets replicated, then the request return. This is the same as the 'synchronous' setting except it uses a pool of sockets, hence it is multithreaded. This is the fastest and safest configuration. To use this, also increase the nr of tcp threads that you have dealing with replication.
- * Synchronous means that the thread that executes the request, is also the
- thread the replicates the data to the other nodes, and will not return until all
- nodes have received the information.
- * Asynchronous means that there is a specific 'sender' thread for each cluster node,
- so the request thread will queue the replication request into a "smart" queue,
- and then return to the client.
- The "smart" queue is a queue where when a session is added to the queue, and the same session
- already exists in the queue from a previous request, that session will be replaced
- in the queue instead of replicating two requests. This almost never happens, unless there is a
- large network delay.
- -->
- <!--
- When configuring for clustering, you also add in a valve to catch all the requests
- coming in, at the end of the request, the session may or may not be replicated.
- A session is replicated if and only if all the conditions are met:
- 1. useDirtyFlag is true or setAttribute or removeAttribute has been called AND
- 2. a session exists (has been created)
- 3. the request is not trapped by the "filter" attribute
-
- The filter attribute is to filter out requests that could not modify the session,
- hence we don't replicate the session after the end of this request.
- The filter is negative, ie, anything you put in the filter, you mean to filter out,
- ie, no replication will be done on requests that match one of the filters.
- The filter attribute is delimited by ;, so you can't escape out ; even if you wanted to.
-
- filter=".*\.gif;.*\.js;" means that we will not replicate the session after requests with the URI
- ending with .gif and .js are intercepted.
-
- The deployer element can be used to deploy apps cluster wide.
- Currently the deployment only deploys/undeploys to working members in the cluster
- so no WARs are copied upons startup of a broken node.
- The deployer watches a directory (watchDir) for WAR files when watchEnabled="true"
- When a new war file is added the war gets deployed to the local instance,
- and then deployed to the other instances in the cluster.
- When a war file is deleted from the watchDir the war is undeployed locally
- and cluster wide
- -->
-
- <!--
- <Cluster className="org.apache.catalina.cluster.tcp.SimpleTcpCluster"
- managerClassName="org.apache.catalina.cluster.session.DeltaManager"
- expireSessionsOnShutdown="false"
- useDirtyFlag="true"
- notifyListenersOnReplication="true">
-
- <Membership
- className="org.apache.catalina.cluster.mcast.McastService"
- mcastAddr="228.0.0.4"
- mcastPort="45564"
- mcastFrequency="500"
- mcastDropTime="3000"/>
-
- <Receiver
- className="org.apache.catalina.cluster.tcp.ReplicationListener"
- tcpListenAddress="auto"
- tcpListenPort="4001"
- tcpSelectorTimeout="100"
- tcpThreadCount="6"/>
-
- <Sender
- className="org.apache.catalina.cluster.tcp.ReplicationTransmitter"
- replicationMode="pooled"
- ackTimeout="15000"/>
-
- <Valve className="org.apache.catalina.cluster.tcp.ReplicationValve"
- filter=".*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.htm;.*\.html;.*\.css;.*\.txt;"/>
-
- <Deployer className="org.apache.catalina.cluster.deploy.FarmWarDeployer"
- tempDir="/tmp/war-temp/"
- deployDir="/tmp/war-deploy/"
- watchDir="/tmp/war-listen/"
- watchEnabled="false"/>
- </Cluster>
- -->
-
-
-
- <!-- Normally, users must authenticate themselves to each web app
- individually. Uncomment the following entry if you would like
- a user to be authenticated the first time they encounter a
- resource protected by a security constraint, and then have that
- user identity maintained across *all* web applications contained
- in this virtual host. -->
+ <!-- SingleSignOn valve, share authentication between web applications
+ Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
- <!-- Access log processes all requests for this virtual host. By
- default, log files are created in the "logs" directory relative to
- $CATALINA_HOME. If you wish, you can specify a different
- directory with the "directory" attribute. Specify either a relative
- (to $CATALINA_HOME) or absolute path to the desired directory.
- -->
- <Valve className="org.apache.catalina.valves.AccessLogValve"
- directory="logs" prefix="localhost_access_log." suffix=".txt"
- pattern="common" resolveHosts="false"/>
-
- <!-- Access log processes all requests for this virtual host. By
- default, log files are created in the "logs" directory relative to
- $CATALINA_HOME. If you wish, you can specify a different
- directory with the "directory" attribute. Specify either a relative
- (to $CATALINA_HOME) or absolute path to the desired directory.
- This access log implementation is optimized for maximum performance,
- but is hardcoded to support only the "common" and "combined" patterns.
- -->
+ <!-- Access log processes all example.
+ Documentation at: /docs/config/valve.html -->
<!--
- <Valve className="org.apache.catalina.valves.FastCommonAccessLogValve"
- directory="logs" prefix="localhost_access_log." suffix=".txt"
- pattern="common" resolveHosts="false"/>
+ <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
+ prefix="localhost_access_log." suffix=".txt" pattern="common" resolveHosts="false"/>
-->
- <!-- Access log processes all requests for this virtual host. By
- default, log files are created in the "logs" directory relative to
- $CATALINA_HOME. If you wish, you can specify a different
- directory with the "directory" attribute. Specify either a relative
- (to $CATALINA_HOME) or absolute path to the desired directory.
- This access log implementation is optimized for maximum performance,
- but is hardcoded to support only the "common" and "combined" patterns.
- This valve use NIO direct Byte Buffer to asynchornously store the
- log.
- -->
- <!--
- <Valve className="org.apache.catalina.valves.ByteBufferAccessLogValve"
- directory="logs" prefix="localhost_access_log." suffix=".txt"
- pattern="common" resolveHosts="false"/>
- -->
-
- <!-- <Context docBase="webapps" path="/webapps" reloadable="false"/> -->
</Host>
-
</Engine>
-
</Service>
-
</Server>
diff --git a/pki/base/kra/shared/conf/tomcat-users.xml b/pki/base/kra/shared/conf/tomcat-users.xml
index 920e68240..daa9260cc 100644
--- a/pki/base/kra/shared/conf/tomcat-users.xml
+++ b/pki/base/kra/shared/conf/tomcat-users.xml
@@ -1,13 +1,45 @@
<?xml version='1.0' encoding='utf-8'?>
+<!-- BEGIN COPYRIGHT BLOCK
+ Copyright (C) 2006-2010 Red Hat, Inc.
+ All rights reserved.
+ Modifications: configuration parameters
+ END COPYRIGHT BLOCK -->
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<!--
+ <role rolename="tomcat"/>
+ <role rolename="role1"/>
+ <user username="tomcat" password="tomcat" roles="tomcat"/>
+ <user username="both" password="tomcat" roles="tomcat,role1"/>
+ <user username="role1" password="tomcat" roles="role1"/>
+-->
+
+<!-- The host manager webapp is restricted to users with role "admin" -->
+<!--<user name="tomcat" password="password" roles="admin" />-->
+<!-- The manager webapp is restricted to users with role "manager" -->
+<!--<user name="tomcat" password="password" roles="manager" />-->
<tomcat-users>
<role rolename="pkiuser"/>
<role rolename="tomcat"/>
- <role rolename="role1"/>
<role rolename="manager"/>
<role rolename="admin"/>
+
<user username="pkiuser" password="pkiuser" roles="pkiuser"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
- <user username="both" password="tomcat" roles="tomcat,role1"/>
- <user username="role1" password="tomcat" roles="role1"/>
<user username="admin" password="netscape" roles="admin,manager"/>
</tomcat-users>
diff --git a/pki/base/kra/shared/conf/tomcat5.conf b/pki/base/kra/shared/conf/tomcat5.conf
deleted file mode 100644
index 181fb12dc..000000000
--- a/pki/base/kra/shared/conf/tomcat5.conf
+++ /dev/null
@@ -1,74 +0,0 @@
-# tomcat5 service configuration file
-
-# Check to insure that this configuration file's associated PKI
-# subsystem currently resides on this system.
-PKI_SUBSYSTEM_TYPE=[PKI_SUBSYSTEM_TYPE]
-if [ ! -d /usr/share/pki/${PKI_SUBSYSTEM_TYPE} ] ; then
- echo "This machine is missing the '${PKI_SUBSYSTEM_TYPE}' subsystem!"
- exit 255
-fi
-
-# you could also override JAVA_HOME here
-# Where your java installation lives
-JAVA_HOME="/usr/lib/jvm/jre"
-
-# You can pass some parameters to java
-# here if you wish to
-#JAVA_OPTS="-Xminf0.1 -Xmaxf0.3"
-
-# Where your tomcat installation lives
-# That change from previous RPM where TOMCAT_HOME
-# used to be /var/tomcat.
-# Now /var/tomcat will be the base for webapps only
-CATALINA_HOME="/usr/share/tomcat5"
-JASPER_HOME="/usr/share/tomcat5"
-CATALINA_TMPDIR="/usr/share/tomcat5/temp"
-JAVA_ENDORSED_DIRS="/usr/share/tomcat5/common/endorsed"
-
-# What user should run tomcat
-TOMCAT_USER="[PKI_USER]"
-TOMCAT_GROUP="[PKI_GROUP]"
-
-# You can change your tomcat locale here
-#LANG=en_US
-
-# Time to wait in seconds, while starting process
-STARTUP_WAIT=30
-
-# Time to wait in seconds, before killing process
-SHUTDOWN_WAIT=30
-
-
-# If you wish to further customize your tomcat environment,
-# put your own definitions here
-# (i.e. LD_LIBRARY_PATH for some jdbc drivers)
-# Just do not forget to export them :)
-
-OS=`uname -s`
-if [ $OS = "Linux" ]; then
- PLATFORM=`uname -i`
- if [ $PLATFORM = "i386" ]; then
- # 32-bit Linux
- LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib/dirsec:/usr/lib
- elif [ $PLATFORM = "x86_64" ]; then
- # 64-bit Linux
- LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib64/dirsec:/usr/lib64:/usr/lib
- fi
- export LD_LIBRARY_PATH
-elif [ $PLATFORM = "SunOS" ]; then
- PLATFORM=`uname -p`
- if [ "${PLATFORM}" = "sparc" ] &&
- [ -d "/usr/lib/sparcv9/" ] ; then
- PLATFORM="sparcv9"
- fi
- if [ $PLATFORM = "sparc" ]; then
- # 32-bit Solaris
- LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib/dirsec:/usr/lib
- elif [ $PLATFORM = "sparcv9" ]; then
- # 64-bit Solaris
- JAVA_OPTS="-d64"
- export JAVA_OPTS
- LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib/sparcv9/dirsec:/usr/lib/sparcv9:/usr/lib/dirsec:/usr/lib
- fi
- export LD_LIBRARY_PATH
-fi
diff --git a/pki/base/kra/shared/conf/tomcat6.conf b/pki/base/kra/shared/conf/tomcat6.conf
new file mode 100644
index 000000000..31385567d
--- /dev/null
+++ b/pki/base/kra/shared/conf/tomcat6.conf
@@ -0,0 +1,55 @@
+# Service-specific configuration file for tomcat6. This will be sourced by
+# the SysV init script after the global configuration file
+# /etc/tomcat6/tomcat6.conf, thus allowing values to be overridden in
+# a per-service manner.
+#
+# NEVER change the init script itself. To change values for all services make
+# your changes in /etc/tomcat6/tomcat6.conf
+#
+# To change values for a specific service make your edits here.
+# To create a new service create a link from /etc/init.d/<your new service> to
+# /etc/init.d/tomcat6 (do not copy the init script) and make a copy of the
+# /etc/sysconfig/tomcat6 file to /etc/sysconfig/<your new service> and change
+# the property values so the two services won't conflict. Register the new
+# service in the system as usual (see chkconfig and similars).
+#
+
+# Where your java installation lives
+#JAVA_HOME="/usr/lib/jvm/java"
+
+# Where your tomcat installation lives
+CATALINA_BASE="[PKI_INSTANCE_PATH]"
+#CATALINA_HOME="/usr/share/tomcat6"
+#JASPER_HOME="/usr/share/tomcat6"
+#CATALINA_TMPDIR="/var/cache/tomcat6/temp"
+
+# You can pass some parameters to java here if you wish to
+#JAVA_OPTS="-Xminf0.1 -Xmaxf0.3"
+
+# Use JAVA_OPTS to set java.library.path for libtcnative.so
+#JAVA_OPTS="-Djava.library.path=/usr/lib64"
+
+# What user should run tomcat
+TOMCAT_USER="[PKI_USER]"
+
+# You can change your tomcat locale here
+#LANG="en_US"
+
+# Run tomcat under the Java Security Manager
+#SECURITY_MANAGER="false"
+
+# Time to wait in seconds, before killing process
+#SHUTDOWN_WAIT="30"
+
+# Whether to annoy the user with "attempting to shut down" messages or not
+#SHUTDOWN_VERBOSE="false"
+
+# Set the TOMCAT_PID location
+CATALINA_PID="[TOMCAT_PIDFILE]"
+
+# Connector port is 8080 for this tomcat6 instance
+#CONNECTOR_PORT="8080"
+
+# If you wish to further customize your tomcat environment,
+# put your own definitions here
+# (i.e. LD_LIBRARY_PATH for some jdbc drivers)
diff --git a/pki/base/kra/shared/etc/init.d/pki-krad b/pki/base/kra/shared/etc/init.d/pki-krad
index 5a3b9be9b..b27dc8c62 100755
--- a/pki/base/kra/shared/etc/init.d/pki-krad
+++ b/pki/base/kra/shared/etc/init.d/pki-krad
@@ -14,1816 +14,70 @@
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
-# Copyright (C) 2007 Red Hat, Inc.
+# Copyright (C) 2007-2010 Red Hat, Inc.
# All rights reserved.
-# --- END COPYRIGHT BLOCK ### ---
+# --- END COPYRIGHT BLOCK ---
#
-# pki-krad Startup script for Tomcat 5.0 pki-kra, the Apache Servlet Engine
+# pki-krad Startup script pki-kra with tomcat6
#
# chkconfig: - 82 18
-# description: Data Recovery Manager \
-# (Tomcat 5.0)
+# description: Data Recovery Manager (Tomcat 6.0)
# processname: pki-krad
# piddir: /var/run/pki/kra
-# config: ${PKI_INSTANCE_PATH}/conf/tomcat5.conf
-#
-# Gomez Henri <hgomez@users.sourceforge.net>
-# Keith Irwin <keith_irwin@non.hp.com>
-# Nicolas Mailhot <nicolas.mailhot@one2team.com>
-#
-# version 1.02 - Removed initlog support
-# version 1.03 - Removed config:
-# version 1.04 - tomcat will start before httpd and stop after httpd
-# version 1.05 - jdk hardcoded to link /usr/java/jdk and tomcat runs
-# as "nobody"
-# version 1.06 - split up into script and config file
-# version 1.07 - Rework from Nicolas ideas
-# version 1.08 - Fix work dir permission at start time, switch to use tomcat4
-# version 1.09 - Fix pidfile and config tags
-# version 1.10 - Fallback to su direct use on systems without
-# Redhat/Mandrake init.d functions
-# version 1.11 - Fix webapps dir permissions
-# version 1.12 - remove initial start/stop level for chkconfig (- 80 20)
-# version 1.13 - remove chown of logs/work/temp/webapps dir,
-# owned by tomcat4 at install time
-# version 1.14 - correct the start/stop ugly hack by waiting
-# all the threads stops
-# version 1.15 - ensure we're looking for TOMCAT_USER running catalina
-# version 1.16 - Add support for CATALINA_PID env var
-# version 1.17 - Remove run files only tomcat started correctl
-# in start area, check that tomcat is not allready running
-# version 1.18 - Fix kill typo (thanks Kaj J. Niemi)
-# version 1.19 - Add jar relinking
-# version 1.20 - Check there is no stalling tomcat4.pid
-# version 1.20tc5 - Changed all instances of tomcat4 to
-# tomcat5 except TOMCAT_USER
-# version 1.20tc5rh - Changed TOMCAT_USER from tomcat4 to tomcat
#
-PKI_INIT_SCRIPT=""
+PROG_NAME=`basename $0`
+SERVICE_NAME="pki-krad"
+SERVICE_PROG="/sbin/service"
PKI_PATH="/usr/share/pki/kra"
-PKI_PIDDIR="/var/run/pki/kra"
-PKI_PROCESS="pki-krad"
PKI_REGISTRY="/etc/sysconfig/pki/kra"
PKI_TYPE="pki-kra"
-
-# PKI subsystem-level directory and file values for locks
-lockfile="/var/lock/subsys/pki-krad"
+PKI_TOTAL_PORTS=6
# Disallow 'others' the ability to 'write' to new files
umask 00002
-default_error=0
command="$1"
pki_instance="$2"
-case "${command}" in
- start|stop|restart|condrestart|force-restart|try-restart)
- # * 1 generic or unspecified error (current practice)
- default_error=1
- ;;
- reload)
- default_error=3
- ;;
- status)
- # * 4 program or service status is unknown
- default_error=4
- ;;
- *)
- # * 2 invalid argument(s)
- default_error=2
- ;;
-esac
-
-# Check to insure that this script's original invocation directory
-# has not been deleted!
-CWD=`/bin/pwd > /dev/null 2>&1`
-if [ $? -ne 0 ] ; then
- echo "Cannot invoke '$0' from non-existent directory!"
- exit ${default_error}
-fi
-
-# Check to insure that this script's associated PKI
-# subsystem currently resides on this system.
-if [ ! -d ${PKI_PATH} ] ; then
- echo "This machine is missing the '${PKI_TYPE}' subsystem!"
- if [ "${command}" != "status" ]; then
- # * 5 program is not installed
- exit 5
- else
- exit ${default_error}
- fi
-fi
-
-# Check to insure that this script's associated PKI
-# subsystem instance registry currently resides on this system.
-if [ ! -d ${PKI_REGISTRY} ] ; then
- echo "This machine contains no registered '${PKI_TYPE}' subsystem instances!"
- if [ "${command}" != "status" ]; then
- # * 5 program is not installed
- exit 5
- else
- exit ${default_error}
- fi
-fi
-
-# Obtain the operating system upon which this script is being executed
-OS=`uname -s`
-ARCHITECTURE=""
-
-# This script must be run as root!
-RV=0
-if [ ${OS} = "Linux" ] ; then
- PKI_INIT_SCRIPT="/sbin/service ${PKI_PROCESS}"
- if [ `id -u` -ne 0 ] ; then
- echo "Must be 'root' to execute '$0'!"
- if [ "${command}" != "status" ]; then
- # * 4 user had insufficient privilege
- exit 4
- else
- # * 4 program or service status is unknown
- exit 4
- fi
- fi
- ARCHITECTURE=`uname -i`
-elif [ ${OS} = "SunOS" ] ; then
- PKI_INIT_SCRIPT="/etc/init.d/${PKI_PROCESS}"
- if [ `/usr/xpg4/bin/id -u` -ne 0 ] ; then
- echo "Must be 'root' to execute '$0'!"
- if [ "${command}" != "status" ]; then
- # * 4 user had insufficient privilege
- exit 4
- else
- # * 4 program or service status is unknown
- exit 4
- fi
- fi
- ARCHITECTURE=`uname -p`
- if [ "${ARCHITECTURE}" = "sparc" ] &&
- [ -d "/usr/lib/sparcv9/" ] ; then
- ARCHITECTURE="sparcv9"
- fi
-else
- echo "Unsupported OS '${OS}'!"
- exit ${default_error}
-fi
# Source function library.
-if [ -f /etc/init.d/functions ]; then
- . /etc/init.d/functions
-else
- # The checkpid() function is provided for platforms that do not
- # contain the "/etc/init.d/functions" file (e. g. - Solaris) . . .
-
- # Check if ${pid} (could be plural) are running (keep count)
- checkpid()
- {
- rv=0
- for i in $* ; do
- ps -p $i > /dev/null 2>&1 ;
- if [ $? -ne 0 ] ; then
- rv=`expr ${rv} + 1`
- else
- rv=`expr ${rv} + 0`
- fi
- done
- # echo "rv=${rv}"
- return ${rv}
- }
-
- # Create the following directories on platforms
- # where they do not exist (e. g. - Solaris) . . .
- if [ ! -d "/var/lock" ] ; then
- mkdir -p /var/lock
- chown root:sys /var/lock
- chmod 00755 /var/lock
- fi
- if [ ! -d "/var/lock/subsys" ] ; then
- mkdir -p /var/lock/subsys
- chown root:root /var/lock/subsys
- chmod 00755 /var/lock/subsys
- fi
-
- #######################################################################
- ## NOTE: The following code needs to eventually be moved into the ##
- ## template used to create the ##
- ## "${PKI_INSTANCE_PATH}/conf/tomcat5.conf" file! ##
- #######################################################################
-
- if [ ${OS} = "SunOS" ] ; then
- DEFAULT_SOLARIS_JAVA_HOME="/usr/jdk/instances/jdk1.5.0/jre"
- DEFAULT_LINUX_JAVA_HOME="/usr/lib/jvm/jre"
- DEFAULT_LINUX_JAVA_HOME_PATH=`dirname ${DEFAULT_LINUX_JAVA_HOME}`
-
- # ensure that the Sun JRE 1.5.0 exists at the default location
- if [ -d ${DEFAULT_SOLARIS_JAVA_HOME} ] ; then
- # create the directory in which the symlink resides (if necessary)
- if [ ! -d ${DEFAULT_LINUX_JAVA_HOME_PATH} ] ; then
- mkdir -p ${DEFAULT_LINUX_JAVA_HOME_PATH}
- fi
- # create the actual symlink (if necessary)
- if [ ! -h ${DEFAULT_LINUX_JAVA_HOME} ] ; then
- ln -s ${DEFAULT_SOLARIS_JAVA_HOME} ${DEFAULT_LINUX_JAVA_HOME}
- fi
- else
- # for now, simply exit with an appropriate error message
- echo -n "The Solaris 1.5.0 JRE must be installed "
- echo -n "at \"${DEFAULT_SOLARIS_JAVA_HOME}\"!"
- echo
- echo
- exit ${default_error}
- fi
- fi
-fi
-
-PKI_REGISTRY_ENTRIES=""
-TOTAL_PKI_REGISTRY_ENTRIES=0
-TOTAL_UNCONFIGURED_PKI_ENTRIES=0
-
-# Gather ALL registered instances of this PKI subsystem type
-for FILE in `/bin/ls -1 ${PKI_REGISTRY}/* 2>/dev/null`; do
- if [ -f "$FILE" ] ; then
- inst=`echo "$FILE"`
- PKI_REGISTRY_ENTRIES="${PKI_REGISTRY_ENTRIES} $inst"
- TOTAL_PKI_REGISTRY_ENTRIES=`expr ${TOTAL_PKI_REGISTRY_ENTRIES} + 1`
- fi
-done
-
-if [ -n "${pki_instance}" ]; then
- for I in ${PKI_REGISTRY_ENTRIES}; do
- if [ "${PKI_REGISTRY}/${pki_instance}" = "$I" ]; then
- PKI_REGISTRY_ENTRIES="${PKI_REGISTRY}/${pki_instance}"
- TOTAL_PKI_REGISTRY_ENTRIES=1
- break
- fi
- done
-fi
-
-usage()
-{
- echo -n "Usage: ${PKI_INIT_SCRIPT} "
- echo -n "{start"
- echo -n "|stop"
- echo -n "|restart"
- echo -n "|condrestart"
- echo -n "|force-restart"
- echo -n "|try-restart"
- echo -n "|reload"
- echo -n "|status} "
- echo -n "[instance-name]"
- echo
- echo
-}
-
-list_instances()
-{
- echo
- for FILE in `/bin/ls -1 ${PKI_REGISTRY}/* 2>/dev/null`; do
- echo " ${FILE}"
- done
- echo
-}
-
-# Check arguments
-if [ $# -lt 1 ] ; then
- # * 3 unimplemented feature (for example, "reload")
- # [insufficient arguments]
- echo "$0: Insufficient arguments!"
- echo
- usage
- echo "where valid instance names include:"
- list_instances
- exit 3
-elif [ ${default_error} -eq 2 ] ; then
- # * 2 invalid argument
- echo "$0: Invalid arguments!"
- echo
- usage
- echo "where valid instance names include:"
- list_instances
- exit 2
-elif [ $# -gt 2 ] ; then
- echo "$0: Excess arguments!"
- echo
- usage
- echo "where valid instance names include:"
- list_instances
- if [ "${command}" != "status" ]; then
- # * 2 excess arguments
- exit 2
- else
- # * 4 program or service status is unknown
- exit 4
- fi
-fi
-
-# If an "instance" was supplied, check that it is a "valid" instance
-if [ -n "${pki_instance}" ]; then
- if [ "${PKI_REGISTRY}/${pki_instance}" != "${PKI_REGISTRY_ENTRIES}" ]; then
- echo -n "${pki_instance} is an invalid '${PKI_TYPE}' instance"
- echo_failure
- echo
- if [ "${command}" != "status" ]; then
- # * 5 program is not installed
- exit 5
- else
- # * 4 program or service status is unknown
- exit 4
- fi
- fi
-fi
-
-# On Solaris /var/run is in tmpfs and gets wiped out upon reboot
-# we have to recreate the ${PKI_PIDDIR} directory and make sure that
-# the directory is writable by the ${PKI_TYPE} server process.
-#
-# IMPORTANT: ALL PKI subsystems installed on this machine MUST utilize
-# the SAME values for ${PKI_GROUP} and ${PKI_USER}, since the
-# "${PKI_PIDDIR}" will end up with the ownership permissions
-# of the first instance that executes this function!
-#
-fix_pid_dir_ownership()
-{
- if [ ! -d ${PKI_PIDDIR} ] ; then
- mkdir -p ${PKI_PIDDIR}
-
- chown root:root /var/run/pki
- chmod 00755 /var/run/pki
-
- chown root:root ${PKI_PIDDIR}
- chmod 00755 ${PKI_PIDDIR}
- fi
-}
-
-check_pki_configuration_status()
-{
- rv=0
-
- rv=`grep -c ^preop ${pki_instance_configuration_file}`
-
- rv=`expr ${rv} + 0`
-
- if [ ${rv} -ne 0 ] ; then
- echo " '${PKI_INSTANCE_ID}' must still be CONFIGURED!"
- echo " (see /var/log/${PKI_INSTANCE_ID}-install.log)"
- if [ "${command}" != "status" ]; then
- # * 6 program is not configured
- rv=6
- else
- # * 4 program or service status is unknown
- rv=4
- fi
- TOTAL_UNCONFIGURED_PKI_ENTRIES=`expr ${TOTAL_UNCONFIGURED_PKI_ENTRIES} + 1`
- elif [ -f ${RESTART_SERVER} ] ; then
- echo -n " Although '${PKI_INSTANCE_ID}' has been CONFIGURED, "
- echo -n "it must still be RESTARTED!"
- echo
- if [ "${command}" != "status" ]; then
- # * 1 generic or unspecified error (current practice)
- rv=1
- else
- # * 4 program or service status is unknown
- rv=4
- fi
- fi
-
- return ${rv}
-}
-
-get_pki_status_definitions()
-{
- # establish well-known strings
- begin_pki_status_comment="<!-- DO NOT REMOVE - Begin PKI Status Definitions -->"
- end_pki_status_comment="<!-- DO NOT REMOVE - End PKI Status Definitions -->"
- total_ports=0
- unsecure_port_statement="Unsecure Port = "
- secure_agent_port_statement="Secure Agent Port = "
- secure_ee_port_statement="Secure EE Port = "
- secure_admin_port_statement="Secure Admin Port = "
- pki_console_port_statement="PKI Console Port = "
- tomcat_port_statement="Tomcat Port = "
-
- # initialize looping variables
- pki_status_comment_found=0
-
- # first check to see that an instance-specific "server.xml" file exists
- if [ ! -f ${PKI_SERVER_XML_CONF} ] ; then
- echo "File '${PKI_SERVER_XML_CONF}' does not exist!"
- exit ${default_error}
- fi
-
- # read this instance-specific "server.xml" file line-by-line
- # to obtain the current PKI Status Definitions
- exec < ${PKI_SERVER_XML_CONF}
- while read line; do
- # first look for the well-known end PKI Status comment
- # (to turn off processing)
- if [ "$line" == "$end_pki_status_comment" ] ; then
- pki_status_comment_found=0
- break;
- fi
-
- # then look for the well-known begin PKI Status comment
- # (to turn on processing)
- if [ "$line" == "$begin_pki_status_comment" ] ; then
- pki_status_comment_found=1
- fi
-
- # once the well-known begin PKI Status comment has been found,
- # begin processing to obtain all of the PKI Status Definitions
- if [ $pki_status_comment_found -eq 1 ] ; then
- # look for a PKI Status Definition and print it
- head=`echo "$line" | cut -b1-20`
- if [ "$head" == "$unsecure_port_statement" ] ||
- [ "$head" == "$secure_agent_port_statement" ] ||
- [ "$head" == "$secure_ee_port_statement" ] ||
- [ "$head" == "$secure_admin_port_statement" ] ||
- [ "$head" == "$pki_console_port_statement" ] ||
- [ "$head" == "$tomcat_port_statement" ] ; then
- echo " $line"
- total_ports=`expr ${total_ports} + 1`
- fi
- fi
- done
-
- if [ ${total_ports} -eq 6 ] ; then
- return 0
- else
- return ${default_error}
- fi
-}
-
-get_pki_configuration_definitions()
-{
- # Obtain the PKI Subsystem Type
- line=`grep ^cs.type= ${pki_instance_configuration_file}`
- pki_subsystem=`echo "${line}" | cut -b9-`
- if [ "${line}" != "" ] ; then
- if [ "${pki_subsystem}" != "CA" ] &&
- [ "${pki_subsystem}" != "KRA" ] &&
- [ "${pki_subsystem}" != "OCSP" ] &&
- [ "${pki_subsystem}" != "TKS" ] &&
- [ "${pki_subsystem}" != "RA" ] &&
- [ "${pki_subsystem}" != "TPS" ]
- then
- return ${default_error}
- fi
- if [ "${pki_subsystem}" == "KRA" ] ; then
- # Rename "KRA" to "DRM"
- pki_subsystem="DRM"
- fi
- else
- return ${default_error}
- fi
-
- # If "${pki_subsystem}" is a CA, DRM, OCSP, or TKS,
- # check to see if "${pki_subsystem}" is a "Clone"
- pki_clone=""
- if [ "${pki_subsystem}" == "CA" ] ||
- [ "${pki_subsystem}" == "DRM" ] ||
- [ "${pki_subsystem}" == "OCSP" ] ||
- [ "${pki_subsystem}" == "TKS" ]
- then
- line=`grep ^subsystem.select= ${pki_instance_configuration_file}`
- if [ "${line}" != "" ] ; then
- pki_clone=`echo "${line}" | cut -b18-`
- if [ "${pki_clone}" != "Clone" ] ; then
- # Reset "${pki_clone}" to be empty
- pki_clone=""
- fi
- else
- return ${default_error}
- fi
- fi
-
- # If "${pki_subsystem}" is a CA, and is NOT a "Clone", check to
- # see "${pki_subsystem}" is a "Root" or a "Subordinate" CA
- pki_hierarchy=""
- if [ "${pki_subsystem}" == "CA" ] &&
- [ "${pki_clone}" != "Clone" ]
- then
- line=`grep ^hierarchy.select= ${pki_instance_configuration_file}`
- if [ "${line}" != "" ] ; then
- pki_hierarchy=`echo "${line}" | cut -b18-`
- else
- return ${default_error}
- fi
- fi
-
- # If ${pki_subsystem} is a CA, check to
- # see if it is also a Security Domain
- pki_security_domain=""
- if [ "${pki_subsystem}" == "CA" ] ; then
- line=`grep ^securitydomain.select= ${pki_instance_configuration_file}`
- if [ "${line}" != "" ] ; then
- pki_security_domain=`echo "${line}" | cut -b23-`
- if [ "${pki_security_domain}" == "new" ] ; then
- # Set a fixed value for "${pki_security_domain}"
- pki_security_domain="(Security Domain)"
- else
- # Reset "${pki_security_domain}" to be empty
- pki_security_domain=""
- fi
- else
- return ${default_error}
- fi
- fi
-
- # Always obtain this PKI instance's "registered"
- # security domain information
- pki_security_domain_name=""
- pki_security_domain_hostname=""
- pki_security_domain_https_admin_port=""
-
- line=`grep ^securitydomain.name= ${pki_instance_configuration_file}`
- if [ "${line}" != "" ] ; then
- pki_security_domain_name=`echo "${line}" | cut -b21-`
- else
- return ${default_error}
- fi
-
- line=`grep ^securitydomain.host= ${pki_instance_configuration_file}`
- if [ "${line}" != "" ] ; then
- pki_security_domain_hostname=`echo "${line}" | cut -b21-`
- else
- return ${default_error}
- fi
-
- line=`grep ^securitydomain.httpsadminport= ${pki_instance_configuration_file}`
- if [ "${line}" != "" ] ; then
- pki_security_domain_https_admin_port=`echo "${line}" | cut -b31-`
- else
- return ${default_error}
- fi
-
- # Compose the "PKI Instance Name" Status Line
- pki_instance_name="PKI Instance Name: ${PKI_INSTANCE_ID}"
-
- # Compose the "PKI Subsystem Type" Status Line
- header="PKI Subsystem Type: "
- if [ "${pki_clone}" != "" ] ; then
- if [ "${pki_security_domain}" != "" ]; then
- # Possible Values:
- #
- # "CA Clone (Security Domain)"
- #
- data="${pki_subsystem} ${pki_clone} ${pki_security_domain}"
- else
- # Possible Values:
- #
- # "CA Clone"
- # "DRM Clone"
- # "OCSP Clone"
- # "TKS Clone"
- #
- data="${pki_subsystem} ${pki_clone}"
- fi
- elif [ "${pki_hierarchy}" != "" ] ; then
- if [ "${pki_security_domain}" != "" ]; then
- # Possible Values:
- #
- # "Root CA (Security Domain)"
- # "Subordinate CA (Security Domain)"
- #
- data="${pki_hierarchy} ${pki_subsystem} ${pki_security_domain}"
- else
- # Possible Values:
- #
- # "Root CA"
- # "Subordinate CA"
- #
- data="${pki_hierarchy} ${pki_subsystem}"
- fi
- else
- # Possible Values:
- #
- # "DRM"
- # "OCSP"
- # "RA"
- # "TKS"
- # "TPS"
- #
- data="${pki_subsystem}"
- fi
- pki_subsystem_type="${header} ${data}"
-
- # Compose the "Registered PKI Security Domain Information" Status Line
- header="Name: "
- registered_pki_security_domain_name="${header} ${pki_security_domain_name}"
-
- header="URL: "
- if [ "${pki_security_domain_hostname}" != "" ] &&
- [ "${pki_security_domain_https_admin_port}" != "" ]
- then
- data="https://${pki_security_domain_hostname}:${pki_security_domain_https_admin_port}"
- else
- return ${default_error}
- fi
- registered_pki_security_domain_url="${header} ${data}"
-
- # Print the "PKI Subsystem Type" Status Line
- echo
- echo " ${pki_instance_name}"
-
- # Print the "PKI Subsystem Type" Status Line
- echo
- echo " ${pki_subsystem_type}"
-
- # Print the "Registered PKI Security Domain Information" Status Line
- echo
- echo " Registered PKI Security Domain Information:"
- echo " =========================================================================="
- echo " ${registered_pki_security_domain_name}"
- echo " ${registered_pki_security_domain_url}"
- echo " =========================================================================="
-
- return 0
-}
-
-get_pki_secure_port()
-{
- # establish well-known strings
- begin_ssl_comment="<!-- DO NOT REMOVE - Begin define PKI secure port -->"
- end_ssl_comment="<!-- DO NOT REMOVE - End define PKI secure port -->"
- connector_statement="<Connector name=\""
-
- # initialize looping variables
- ssl_comment_found=0
-
- # first check to see that an instance-specific "server.xml" file exists
- if [ ! -f ${PKI_SERVER_XML_CONF} ] ; then
- echo "File '${PKI_SERVER_XML_CONF}' does not exist!"
- exit ${default_error}
- fi
-
- # read this instance-specific "server.xml" file line-by-line
- # to obtain the current value of the PKI secure port
- exec < ${PKI_SERVER_XML_CONF}
- while read line; do
- # first look for the well-known end SSL comment
- # (to turn off processing)
- if [ "$line" == "$end_ssl_comment" ] ; then
- ssl_comment_found=0
- fi
-
- # then look for the well-known begin SSL comment
- # (to turn on processing)
- if [ "$line" == "$begin_ssl_comment" ] ; then
- ssl_comment_found=1
- fi
-
- # once the well-known begin SSL comment has been found,
- # begin processing to obtain the numeric port information
- if [ $ssl_comment_found -eq 1 ] ; then
- # look for the next Connector statement
- head=`echo $line | cut -b1-17`
- if [ "$head" == "$connector_statement" ] ; then
- # once the Connector statement has been found,
- tail=`echo $line | cut -b18-`
- # extract the name of the connector
- name=`echo $tail | cut -d\" -f1`
- if [ "$name" == "Agent" ] ||
- [ "$name" == "Secure" ] ; then
- # extract the numeric port information
- port=`echo $tail | cut -d\" -f3`
- PKI_SECURE_PORT=$port
- return 0
- fi
- fi
- fi
- done
-
- return ${default_error}
-}
-
-display_instance_status()
-{
- rv=0
-
- if [ -f ${pidfile} ] ; then
- pid=`cat ${pidfile}`
- if [ "${pid}" == "" ] ; then
- echo "${PKI_INSTANCE_ID} pid file exists but is empty"
- if [ "${command}" != "status" ]; then
- # * 1 generic or unspecified error (current practice)
- rv=1
- else
- # * 4 program or service status is unknown
- rv=4
- fi
- elif kill -0 ${pid} > /dev/null 2>&1 ; then
- echo "${PKI_INSTANCE_ID} (pid ${pid}) is running ..."
- echo
- check_pki_configuration_status
- rv=$?
- if [ ${rv} -eq 0 ] ; then
- get_pki_status_definitions
- rv=$?
- if [ ${rv} -ne 0 ] ; then
- echo
- echo "${PKI_INSTANCE_ID} Status Definitions not found"
- else
- get_pki_configuration_definitions
- rv=$?
- if [ ${rv} -ne 0 ] ; then
- echo
- echo "${PKI_INSTANCE_ID} Configuration Definitions not found"
- fi
- fi
- else
- # From the PKI point of view for a "non-status" action,
- # a returned error code of "6" implies that the program
- # is not "configured". Similarly, an error code of "1"
- # implies that the program was "configured" but must
- # still be restarted.
- #
- # Similarly, from the PKI point of view for a "status"
- # action, a returned error code of "4" implies that either
- # the program is not "configured", or that the program
- # was "configured" but must still be restarted.
- #
- # Regardless, it must still be considered that the instance
- # is "running" from the viewpoint of other OS programs such
- # as 'chkconfig'.
- #
- # For this reason, when returning from
- # 'display_instance_status()', ignore non-zero return codes
- # returned from 'check_pki_configuration_status()'.
- #
- if [ "${command}" != "status" ]; then
- # * 0 action was successful
- rv=0
- else
- # * 0 program is running or service is OK
- rv=0
- fi
- fi
- echo
- else
- echo "${PKI_INSTANCE_ID} is dead but pid file exists"
- if [ "${command}" != "status" ]; then
- # * 1 generic or unspecified error (current practice)
- rv=1
- else
- # * 1 program is dead and /var/run pid file exists
- rv=1
- fi
- fi
- else
- echo "${PKI_INSTANCE_ID} is stopped"
- if [ "${command}" != "status" ]; then
- # * 7 program is not running
- rv=7
- else
- # * 3 program is not running
- rv=3
- fi
- fi
-
- return ${rv}
-}
-
-start_instance()
-{
- rv=0
-
- echo -n "Starting $TOMCAT_PROG: "
-
- if [ -f ${RESTART_SERVER} ] ; then
- rm -f ${RESTART_SERVER}
- fi
-
- if [ -f ${PKI_LOCKFILE} ] ; then
- if [ -f ${pidfile} ]; then
- read kpid < ${pidfile}
- if checkpid $kpid 2>&1; then
- echo
- echo "${PKI_INSTANCE_ID} (pid ${kpid}) is already running ..."
- echo
- check_pki_configuration_status
- rv=$?
- if [ ${rv} != 0 ]; then
- # From the PKI point of view for a "non-status" action,
- # a returned error code of "6" implies that the program
- # is not "configured". Similarly, an error code of "1"
- # implies that the program was "configured" but must
- # still be restarted.
- #
- # Regardless, it must still be considered that the instance
- # is "running" from the viewpoint of other OS programs such
- # as 'chkconfig'.
- #
- # For "non-status" actions, ignore return codes of "1"
- # from 'check_pki_configuration_status()'.
- #
- # However, for "non-status" actions that have a return
- # code of "6", return this value unchanged to
- # the calling routine so that the total number of
- # configuration errors may be counted.
- #
-
- echo
- if [ ${rv} = 1 ] ; then
- # * 0 action was successful
- return 0
- elif [ ${rv} = 6 ] ; then
- # * 6 program is not configured
- return 6
- else
- # should never be reached
- return ${rv}
- fi
- else
- return 0
- fi
- else
- echo
- echo -n "lock file found but no process "
- echo -n "running for pid $kpid, continuing"
- echo
- echo
- rm -f ${PKI_LOCKFILE}
- fi
- fi
- fi
-
- fix_pid_dir_ownership
-
- CATALINA_PID=${pidfile}
- export CATALINA_PID
- touch $CATALINA_PID
- chown $TOMCAT_USER:$TOMCAT_GROUP $CATALINA_PID
- chmod 00600 $CATALINA_PID
- [ -x /sbin/restorecon ] && /sbin/restorecon $CATALINA_PID
-
- # restore context for ncipher hsm
- [ -x /sbin/restorecon ] && [ -d /dev/nfast ] && /sbin/restorecon -R /dev/nfast
-
- # Always initialize CLASSPATH to start looking
- # in the local PKI classes directory . . .
- CLASSPATH=/usr/share/pki/classes
-
- if [ ${OS} = "Linux" ] ; then
- $TOMCAT_RELINK_SCRIPT
- elif [ ${OS} = "SunOS" ] ; then
- # The following definitions are provided for Solaris
- # platforms since they are unable to execute the
- # "/usr/share/tomcat5/bin/relink",
- # "/usr/bin/rebuild-jar-repository", and
- # "/usr/share/java-utils/java-functions" files . . .
-
- #######################################
- ## /var/lib/tomcat5/common/lib:
- #######################################
-
- # Build the tomcat jar classpath . . .
- CLASSPATH="$CLASSPATH":/usr/share/java/ant.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/commons-collections.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/commons-dbcp.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/commons-el.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/commons-logging-api.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/commons-pool.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/geronimo/spec-ejb-2.1.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/geronimo/spec-j2ee-1.4.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/geronimo/spec-j2ee-connector-1.5.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/geronimo/spec-j2ee-deployment-1.1.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/geronimo/spec-j2ee-jacc-1.0.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/geronimo/spec-j2ee-management-1.0.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/geronimo/spec-j2eeschema-1.0.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/geronimo/spec-jms-1.1.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/geronimo/spec-jsp-2.0.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/geronimo/spec-jta-1.0.1B.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/geronimo/spec-servlet-2.4.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/jaf.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/jakarta-commons-collections.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/jakarta-commons-modeler.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/jasper5-compiler.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/jasper5-runtime.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/javamail/imap.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/javamail/mailapi.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/javamail/nntp.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/javamail/pop3.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/javamail/providers.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/javamail/smtp.jar
-
- # BEGIN LINUX-SPECIFIC FILE
- # CLASSPATH="$CLASSPATH":/usr/share/java/jdtCompilerAdapter.jar
- # CLASSPATH="$CLASSPATH":/usr/share/java/jdtcore.jar
- # CLASSPATH="$CLASSPATH":/usr/share/java/jsp.jar
- # END LINUX-SPECIFIC FILE
-
- CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-impl.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-jmx.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-remote.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-rimpl.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-rjmx.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-tools.jar
-
- # BEGIN LINUX-SPECIFIC FILE
- # CLASSPATH="$CLASSPATH":/usr/share/java/servlet.jar
- # END LINUX-SPECIFIC FILE
-
- CLASSPATH="$CLASSPATH":/usr/share/java/avalon-logkit.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/cmsutil.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/commons-logging.jar
- if [ "$ARCHITECTURE" = "sparc" ] ; then
- CLASSPATH="$CLASSPATH":/usr/lib/java/dirsec/jss4.jar
- elif [ "$ARCHITECTURE" = "sparcv9" ] ; then
- CLASSPATH="$CLASSPATH":/usr/lib/sparcv9/java/dirsec/jss4.jar
- fi
- CLASSPATH="$CLASSPATH":/usr/share/java/ldapjdk.jar
- CLASSPATH="$CLASSPATH":/var/lib/tomcat5/common/lib/naming-factory.jar
- CLASSPATH="$CLASSPATH":/var/lib/tomcat5/common/lib/naming-resources.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/pki/nsutil.jar
- if [ "$ARCHITECTURE" = "sparc" ] ; then
- CLASSPATH="$CLASSPATH":/usr/lib/java/osutil.jar
- elif [ "$ARCHITECTURE" = "sparcv9" ] ; then
- CLASSPATH="$CLASSPATH":/usr/lib/sparcv9/java/osutil.jar
- fi
- CLASSPATH="$CLASSPATH":/usr/share/java/rhino.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/servletapi5.jar
- if [ "$ARCHITECTURE" = "sparc" ] ; then
- CLASSPATH="$CLASSPATH":/usr/lib/java/symkey.jar
- elif [ "$ARCHITECTURE" = "sparcv9" ] ; then
- CLASSPATH="$CLASSPATH":/usr/lib/sparcv9/java/symkey.jar
- fi
- CLASSPATH="$CLASSPATH":/usr/share/java/velocity.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/xalan-j2.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/xerces-j2.jar
-
- # Relink tomcat jar repositories . . .
- cd /var/lib/tomcat5/common/lib
-
- if [ ! -e /var/lib/tomcat5/common/lib/\[ant\].jar ]; then
- ln -s /usr/share/java/ant.jar [ant].jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[commons\-collections\].jar ]; then
- ln -s /usr/share/java/commons-collections.jar [commons-collections].jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[commons\-dbcp\].jar ]; then
- ln -s /usr/share/java/commons-dbcp.jar [commons-dbcp].jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[commons\-el\].jar ]; then
- ln -s /usr/share/java/commons-el.jar [commons-el].jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[commons\-logging-api\].jar ]; then
- ln -s /usr/share/java/commons-logging-api.jar [commons-logging-api].jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[commons\-pool\].jar ]; then
- ln -s /usr/share/java/commons-pool.jar [commons-pool].jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-ejb\-2.1\-rc2.jar ]; then
- ln -s /usr/share/java/geronimo/spec-ejb-2.1-rc2.jar [geronimo]spec-ejb-2.1-rc2.jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-ejb\-2.1.jar ]; then
- ln -s /usr/share/java/geronimo/spec-ejb-2.1.jar [geronimo]spec-ejb-2.1.jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2ee\-1.4\-rc2.jar ]; then
- ln -s /usr/share/java/geronimo/spec-j2ee-1.4-rc2.jar [geronimo]spec-j2ee-1.4-rc2.jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2ee\-1.4.jar ]; then
- ln -s /usr/share/java/geronimo/spec-j2ee-1.4.jar [geronimo]spec-j2ee-1.4.jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2ee\-connector\-1.5\-rc2.jar ]; then
- ln -s /usr/share/java/geronimo/spec-j2ee-connector-1.5-rc2.jar [geronimo]spec-j2ee-connector-1.5-rc2.jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2ee\-connector\-1.5.jar ]; then
- ln -s /usr/share/java/geronimo/spec-j2ee-connector-1.5.jar [geronimo]spec-j2ee-connector-1.5.jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2ee\-deployment\-1.1\-rc2.jar ]; then
- ln -s /usr/share/java/geronimo/spec-j2ee-deployment-1.1-rc2.jar [geronimo]spec-j2ee-deployment-1.1-rc2.jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2ee\-deployment\-1.1.jar ]; then
- ln -s /usr/share/java/geronimo/spec-j2ee-deployment-1.1.jar [geronimo]spec-j2ee-deployment-1.1.jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2ee\-jacc\-1.0\-rc2.jar ]; then
- ln -s /usr/share/java/geronimo/spec-j2ee-jacc-1.0-rc2.jar [geronimo]spec-j2ee-jacc-1.0-rc2.jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2ee\-jacc\-1.0.jar ]; then
- ln -s /usr/share/java/geronimo/spec-j2ee-jacc-1.0.jar [geronimo]spec-j2ee-jacc-1.0.jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2ee\-management\-1.0\-rc2.jar ]; then
- ln -s /usr/share/java/geronimo/spec-j2ee-management-1.0-rc2.jar [geronimo]spec-j2ee-management-1.0-rc2.jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2ee\-management\-1.0.jar ]; then
- ln -s /usr/share/java/geronimo/spec-j2ee-management-1.0.jar [geronimo]spec-j2ee-management-1.0.jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2eeschema\-1.0\-M2.jar ]; then
- ln -s /usr/share/java/geronimo/spec-j2eeschema-1.0-M2.jar [geronimo]spec-j2eeschema-1.0-M2.jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2eeschema\-1.0.jar ]; then
- ln -s /usr/share/java/geronimo/spec-j2eeschema-1.0.jar [geronimo]spec-j2eeschema-1.0.jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-jms\-1.1\-rc2.jar ]; then
- ln -s /usr/share/java/geronimo/spec-jms-1.1-rc2.jar [geronimo]spec-jms-1.1-rc2.jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-jms\-1.1.jar ]; then
- ln -s /usr/share/java/geronimo/spec-jms-1.1.jar [geronimo]spec-jms-1.1.jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-jsp\-2.0\-rc2.jar ]; then
- ln -s /usr/share/java/geronimo/spec-jsp-2.0-rc2.jar [geronimo]spec-jsp-2.0-rc2.jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-jsp\-2.0.jar ]; then
- ln -s /usr/share/java/geronimo/spec-jsp-2.0.jar [geronimo]spec-jsp-2.0.jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec-jta-1.0.1B-rc2.jar ]; then
- ln -s /usr/share/java/geronimo/spec-jta-1.0.1B-rc2.jar [geronimo]spec-jta-1.0.1B-rc2.jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-jta\-1.0.1B.jar ]; then
- ln -s /usr/share/java/geronimo/spec-jta-1.0.1B.jar [geronimo]spec-jta-1.0.1B.jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-servlet\-2.4\-rc2.jar ]; then
- ln -s /usr/share/java/geronimo/spec-servlet-2.4-rc2.jar [geronimo]spec-servlet-2.4-rc2.jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-servlet\-2.4.jar ]; then
- ln -s /usr/share/java/geronimo/spec-servlet-2.4.jar [geronimo]spec-servlet-2.4.jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[jaf\].jar ]; then
- ln -s /usr/share/java/jaf.jar [jaf].jar
- fi
-
- ### BEGIN SOLARIS-SPECIFIC LINKS
- ### if [ ! -e /var/lib/tomcat5/common/lib/\[jakarta\-commons\-collections.jar\] ]; then
- ### ln -s /usr/share/java/jakarta-commons-collections.jar [jakarta-commons-collections.jar]
- ### fi
- ### if [ ! -e /var/lib/tomcat5/common/lib/\[jakarta\-commons\-modeler.jar\] ]; then
- ### ln -s /usr/share/java/jakarta-commons-modeler.jar [jakarta-commons-modeler.jar]
- ### fi
- ### END SOLARIS-SPECIFIC LINKS
-
- ### if [ ! -e /var/lib/tomcat5/common/lib/\[jasper5\-compiler\].jar ]; then
- ### ln -s /usr/share/java/jasper5-compiler.jar [jasper5-compiler].jar
- ### fi
- ### if [ ! -e /var/lib/tomcat5/common/lib/\[jasper5\-runtime\].jar ]; then
- ### ln -s /usr/share/java/jasper5-runtime.jar [jasper5-runtime].jar
- ### fi
-
- if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]imap\-1.3.1.jar ]; then
- ln -s /usr/share/java/javamail/imap-1.3.1.jar [javamail]imap-1.3.1.jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]imap.jar ]; then
- ln -s /usr/share/java/javamail/imap.jar [javamail]imap.jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]mailapi\-1.3.1.jar ]; then
- ln -s /usr/share/java/javamail/mailapi-1.3.1.jar [javamail]mailapi-1.3.1.jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]mailapi.jar ]; then
- ln -s /usr/share/java/javamail/mailapi.jar [javamail]mailapi.jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]nntp\-1.3.1.jar ]; then
- ln -s /usr/share/java/javamail/nntp-1.3.1.jar [javamail]nntp-1.3.1.jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]nntp.jar ]; then
- ln -s /usr/share/java/javamail/nntp.jar [javamail]nntp.jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]pop3\-1.3.1.jar ]; then
- ln -s /usr/share/java/javamail/pop3-1.3.1.jar [javamail]pop3-1.3.1.jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]pop3.jar ]; then
- ln -s /usr/share/java/javamail/pop3.jar [javamail]pop3.jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]providers\-1.3.1.jar ]; then
- ln -s /usr/share/java/javamail/providers-1.3.1.jar [javamail]providers-1.3.1.jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]providers.jar ]; then
- ln -s /usr/share/java/javamail/providers.jar [javamail]providers.jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]smtp\-1.3.1.jar ]; then
- ln -s /usr/share/java/javamail/smtp-1.3.1.jar [javamail]smtp-1.3.1.jar
- fi
- if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]smtp.jar ]; then
- ln -s /usr/share/java/javamail/smtp.jar [javamail]smtp.jar
- fi
-
- ### BEGIN LINUX-SPECIFIC LINKS
- ### if [ ! -e /var/lib/tomcat5/common/lib/\[jdtCompilerAdapter\].jar ]; then
- ### ln -s /usr/share/java/jdtCompilerAdapter.jar [jdtCompilerAdapter].jar
- ### fi
- ### if [ ! -e /var/lib/tomcat5/common/lib/\[jdtcore\].jar ]; then
- ### ln -s /usr/share/java/jdtcore.jar [jdtcore].jar
- ### fi
- ### if [ ! -e /var/lib/tomcat5/common/lib/\[jsp\].jar ]; then
- ### ln -s /usr/share/java/jsp.jar [jsp].jar
- ### fi
- ### END LINUX-SPECIFIC LINKS
-
- if [ ! -e /var/lib/tomcat5/common/lib/\[mx4j\]\[mx4j\].jar ]; then
- ln -s /usr/share/java/mx4j/mx4j.jar [mx4j][mx4j].jar
- fi
-
- ### BEGIN LINUX-SPECIFIC LINKS
- ### if [ ! -e /var/lib/tomcat5/common/lib/\[servlet\].jar ]; then
- ### ln -s /usr/share/java/servlet.jar [servlet].jar
- ### fi
- ### END LINUX-SPECIFIC LINKS
-
- ### BEGIN LINUX-SPECIFIC FILE BUT SOLARIS-SPECIFIC LINK
- if [ ! -e /var/lib/tomcat5/common/lib/avalon\-logkit.jar ]; then
- ln -s /usr/share/java/avalon-logkit.jar avalon-logkit.jar
- fi
- ### END LINUX-SPECIFIC FILE BUT SOLARIS-SPECIFIC LINK
-
- ### if [ ! -e /var/lib/tomcat5/common/lib/cmsutil.jar ]; then
- ### ln -s /usr/share/java/rphki/cmsutil.jar cmsutil.jar
- ### fi
-
- ### BEGIN LINUX-SPECIFIC FILE BUT SOLARIS-SPECIFIC LINK
- if [ ! -e /var/lib/tomcat5/common/lib/commons\-logging.jar ]; then
- ln -s /usr/share/java/commons-logging.jar commons-logging.jar
- fi
- ### END LINUX-SPECIFIC FILE BUT SOLARIS-SPECIFIC LINK
-
- ### if [ ! -e /var/lib/tomcat5/common/lib/jss4.jar ]; then
- ### if [ "$ARCHITECTURE" = "sparc" ] ; then
- ### ln -s /usr/lib/java/dirsec/jss4.jar jss4.jar
- ### elif [ "$ARCHITECTURE" = "sparcv9" ] ; then
- ### ln -s /usr/lib/sparcv9/java/dirsec/jss4.jar jss4.jar
- ### fi
- ### fi
- ### if [ ! -e /var/lib/tomcat5/common/lib/ldapjdk.jar ]; then
- ### ln -s /usr/share/java/ldapjdk.jar ldapjdk.jar
- ### fi
-
- ### naming-factory.jar
- ### naming-resources.jar
-
- ### if [ ! -e /var/lib/tomcat5/common/lib/nsutil.jar ]; then
- ### ln -s /usr/share/java/pki/nsutil.jar nsutil.jar
- ### fi
- ### if [ ! -e /var/lib/tomcat5/common/lib/osutil.jar ]; then
- ### if [ "$ARCHITECTURE" = "sparc" ] ; then
- ### ln -s /usr/lib/java/osutil.jar osutil.jar
- ### elif [ "$ARCHITECTURE" = "sparcv9" ] ; then
- ### ln -s /usr/lib/sparcv9/java/osutil.jar osutil.jar
- ### fi
- ### fi
- ### if [ ! -e /var/lib/tomcat5/common/lib/rhino.jar ]; then
- ### ln -s /usr/share/java/rhino.jar rhino.jar
- ### fi
-
- ### BEGIN SOLARIS-SPECIFIC LINKS
- ### if [ ! -e /var/lib/tomcat5/common/lib/\[servletapi5.jar\] ]; then
- ### ln -s /usr/share/java/servletapi5.jar [servletapi5.jar]
- ### fi
- ### END SOLARIS-SPECIFIC LINKS
-
- ### if [ ! -e /var/lib/tomcat5/common/lib/symkey.jar ]; then
- ### if [ "$ARCHITECTURE" = "sparc" ] ; then
- ### ln -s /usr/lib/java/symkey.jar symkey.jar
- ### elif [ "$ARCHITECTURE" = "sparcv9" ] ; then
- ### ln -s /usr/lib/sparcv9/java/symkey.jar symkey.jar
- ### fi
- ### fi
- ### if [ ! -e /var/lib/tomcat5/common/lib/velocity.jar ]; then
- ### ln -s /usr/share/java/velocity.jar velocity.jar
- ### fi
- ### if [ ! -e /var/lib/tomcat5/common/lib/xalan\-j2.jar ]; then
- ### ln -s /usr/share/java/xalan-j2.jar xalan-j2.jar
- ### fi
-
- if [ ! -e /var/lib/tomcat5/common/lib/xerces\-j2\-2.6.2.jar ]; then
- ln -s /usr/share/java/xerces-j2-2.6.2.jar xerces-j2-2.6.2.jar
- fi
-
- ### if [ ! -e /var/lib/tomcat5/common/lib/xerces\-j2.jar ]; then
- ### ln -s /usr/share/java/xerces-j2.jar xerces-j2.jar
- ### fi
+. /etc/init.d/functions
-
- #######################################
- ## /var/lib/tomcat5/common/endorsed:
- #######################################
-
- # Build the tomcat jar classpath . . .
- CLASSPATH="$CLASSPATH":/usr/share/java/xml-commons-apis.jar
-
- # BEGIN LINUX-SPECIFIC FILE
- # CLASSPATH="$CLASSPATH":/usr/share/java/jaxp_parser_impl.jar
- # END LINUX-SPECIFIC FILE
-
-
- # Relink tomcat jar repositories . . .
- cd /var/lib/tomcat5/common/endorsed
-
- ### BEGIN LINUX-SPECIFIC LINKS
- ### if [ ! -e /var/lib/tomcat5/common/endorsed/\[jaxp_parser_impl\].jar ]; then
- ### ln -s /usr/share/java/jaxp_parser_impl.jar [jaxp_parser_impl].jar
- ### fi
- ### END LINUX-SPECIFIC LINKS
-
- if [ ! -e /var/lib/tomcat5/common/endorsed/\[xml\-commons\-apis\].jar ]; then
- ln -s /usr/share/java/xml-commons-apis.jar [xml-commons-apis].jar
- fi
-
-
- #######################################
- ## /var/lib/tomcat5/server/lib:
- #######################################
-
- # Build the tomcat jar classpath . . .
- CLASSPATH="$CLASSPATH":/usr/share/java/catalina-ant5.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/commons-beanutils.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/commons-digester.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/commons-el.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/commons-fileupload.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/commons-logging.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/commons-modeler.jar
-
- # BEGIN LINUX-SPECIFIC FILE
- # CLASSPATH="$CLASSPATH":/usr/share/java/jdtCompilerAdapter.jar
- # CLASSPATH="$CLASSPATH":/usr/share/java/jdtcore.jar
- # END LINUX-SPECIFIC FILE
-
- CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-impl.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-jmx.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-remote.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-rimpl.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-rjmx.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-tools.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/regexp.jar
- CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/catalina-cluster.jar
- CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/catalina-optional.jar
- CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/catalina-storeconfig.jar
- CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/catalina.jar
- if [ "$ARCHITECTURE" = "sparc" ] ; then
- CLASSPATH="$CLASSPATH":/usr/lib/java/dirsec/jss4.jar
- elif [ "$ARCHITECTURE" = "sparcv9" ] ; then
- CLASSPATH="$CLASSPATH":/usr/lib/sparcv9/java/dirsec/jss4.jar
- fi
- CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/servlets-cgi.renametojar
- CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/servlets-default.jar
- CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/servlets-invoker.jar
- CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/servlets-ssi.renametojar
- CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/servlets-webdav.jar
- CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/tomcat-ajp.jar
- CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/tomcat-coyote.jar
- CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/tomcat-http.jar
- CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/tomcat-util.jar
- CLASSPATH="$CLASSPATH":/usr/share/java/tomcatjss.jar
-
-
- # Relink tomcat jar repositories . . .
- cd /var/lib/tomcat5/server/lib
-
- if [ ! -e /var/lib/tomcat5/server/lib/\[catalina\-ant5\].jar ]; then
- ln -s /usr/share/java/catalina-ant5.jar [catalina-ant5].jar
- fi
- if [ ! -e /var/lib/tomcat5/server/lib/\[commons\-beanutils\].jar ]; then
- ln -s /usr/share/java/commons-beanutils.jar [commons-beanutils].jar
- fi
- if [ ! -e /var/lib/tomcat5/server/lib/\[commons\-digester\].jar ]; then
- ln -s /usr/share/java/commons-digester.jar [commons-digester].jar
- fi
- if [ ! -e /var/lib/tomcat5/server/lib/\[commons\-el\].jar ]; then
- ln -s /usr/share/java/commons-el.jar [commons-el].jar
- fi
- if [ ! -e /var/lib/tomcat5/server/lib/\[commons\-fileupload\].jar ]; then
- ln -s /usr/share/java/commons-fileupload.jar [commons-fileupload].jar
- fi
- if [ ! -e /var/lib/tomcat5/server/lib/\[commons\-logging\].jar ]; then
- ln -s /usr/share/java/commons-logging.jar [commons-logging].jar
- fi
- if [ ! -e /var/lib/tomcat5/server/lib/\[commons\-modeler\].jar ]; then
- ln -s /usr/share/java/commons-modeler.jar [commons-modeler].jar
- fi
-
- ### BEGIN LINUX-SPECIFIC LINKS
- ### if [ ! -e /var/lib/tomcat5/server/lib/\[jdtCompilerAdapter\].jar ]; then
- ### ln -s /usr/share/java/jdtCompilerAdapter.jar [jdtCompilerAdapter].jar
- ### fi
- ### if [ ! -e /var/lib/tomcat5/server/lib/\[jdtcore\].jar ]; then
- ### ln -s /usr/share/java/jdtcore.jar [jdtcore].jar
- ### fi
- ### END LINUX-SPECIFIC LINKS
-
- if [ ! -e /var/lib/tomcat5/server/lib/\[mx4j\]\[mx4j\].jar ]; then
- ln -s /usr/share/java/mx4j/mx4j.jar [mx4j][mx4j].jar
- fi
- if [ ! -e /var/lib/tomcat5/server/lib/\[regexp\].jar ]; then
- ln -s /usr/share/java/regexp.jar [regexp].jar
- fi
-
- ### catalina-cluster.jar
- ### catalina-optional.jar
- ### catalina-storeconfig.jar
- ### catalina.jar
- ### if [ ! -e /var/lib/tomcat5/server/lib/jss4.jar ]; then
- ### if [ "$ARCHITECTURE" = "sparc" ] ; then
- ### ln -s /usr/lib/java/dirsec/jss4.jar jss4.jar
- ### elif [ "$ARCHITECTURE" = "sparcv9" ] ; then
- ### ln -s /usr/lib/sparcv9/java/dirsec/jss4.jar jss4.jar
- ### fi
- ### fi
- ### servlets-cgi.renametojar
- ### servlets-default.jar
- ### servlets-invoker.jar
- ### servlets-ssi.renametojar
- ### servlets-webdav.jar
- ### tomcat-ajp.jar
- ### tomcat-coyote.jar
- ### tomcat-http.jar
- ### tomcat-util.jar
- ### if [ ! -e /var/lib/tomcat5/server/lib/tomcatjss.jar ]; then
- ### ln -s /usr/share/java/tomcatjss.jar tomcatjss.jar
- ### fi
-
-
- #######################################
- ## /var/lib/tomcat5/shared/lib:
- #######################################
-
- # Build the tomcat jar classpath . . .
-
- export CLASSPATH
-
-
- # Relink tomcat jar repositories . . .
- cd /var/lib/tomcat5/shared/lib
- fi
-
- # daemon --user $TOMCAT_USER $TOMCAT_SCRIPT start
- if [ ${OS} = "SunOS" ] ; then
- su $TOMCAT_USER -c "$TOMCAT_SCRIPT start" > /dev/null
- else
- runuser -s /bin/bash $TOMCAT_USER -c "$TOMCAT_SCRIPT start" > /dev/null
- fi
-
- rv=$?
- if [ ${rv} = 0 ] ; then
- touch ${PKI_LOCKFILE}
- chown $TOMCAT_USER:$TOMCAT_GROUP $PKI_LOCKFILE
- chmod 00600 $PKI_LOCKFILE
- fi
-
- if [ ${rv} = 0 ] ; then
- count=0;
-
- let swait=$STARTUP_WAIT
- while [ ! -s ${pidfile} ] &&
- [ $count -lt $swait ]
- do
- echo -n "."
- sleep 1
- let count=$count+1;
- done
-
- if [ -f /etc/init.d/functions ]; then
- if [ "$CONSOLETYPE" = "serial" ]; then
- echo -n " "
- fi
- echo_success
- echo
- else
- echo " [ OK ]"
- fi
-
- get_pki_secure_port
- if [ $? -ne 0 ] ; then
- PKI_SECURE_PORT="<Port Undefined>"
- fi
-
- # Set permissions of log files
- pki_logs_directory=${PKI_INSTANCE_PATH}/logs
- pki_signedAudit="${pki_logs_directory}/signedAudit"
- for file in ${pki_logs_directory}/*; do
- if [ ! -d "${file}" ]; then
- chmod 00640 ${file}
- chgrp $TOMCAT_GROUP ${file}
- chown $TOMCAT_USER ${file}
- fi
- done
-
- # Set permissions of signedAudit log files
- # do not set the group id, this will be set by the sgid on the directory
- pki_signedAudit_files=`ls -1A ${pki_signedAudit} | wc -l`
- if [ ${pki_signedAudit_files} -gt 0 ]; then
- for file in ${pki_signedAudit}/*; do
- chmod 00640 ${file}
- chown $TOMCAT_USER ${file}
- done
- fi
-
- # ignore "status" return codes
- echo
- display_instance_status
- else
- if [ -f /etc/init.d/functions ]; then
- if [ "$CONSOLETYPE" = "serial" ]; then
- $0 echo -n " "
- fi
- echo_failure
- echo
- else
- echo " [ FAILED ]"
- fi
- fi
-
- sleep 5
- return ${rv}
-}
-
-stop_instance()
-{
- rv=0
-
- echo -n "Stopping $TOMCAT_PROG: "
-
- if [ -f ${PKI_LOCKFILE} ] ; then
- CATALINA_PID=${pidfile}
- export CATALINA_PID
-
- # daemon --user $TOMCAT_USER $TOMCAT_SCRIPT stop
- if [ ${OS} = "SunOS" ] ; then
- su $TOMCAT_USER -c "$TOMCAT_SCRIPT stop" > /dev/null
- else
- runuser -s /bin/bash $TOMCAT_USER -c "$TOMCAT_SCRIPT stop" > /dev/null
- fi
-
- rv=$?
-
- if [ ${rv} = 0 ]; then
- count=0;
-
- if [ -f ${pidfile} ]; then
- read kpid < ${pidfile}
- let kwait=$SHUTDOWN_WAIT
-
- until [ `ps -p $kpid | grep -c $kpid` = '0' ] ||
- [ $count -gt $kwait ]
- do
- echo -n "."
- sleep 1
- let count=$count+1;
- done
-
- if [ $count -gt $kwait ]; then
- kill -9 $kpid
- fi
- fi
-
- rm -f ${PKI_LOCKFILE}
- rm -f ${pidfile}
-
- if [ -f /etc/init.d/functions ]; then
- if [ "$CONSOLETYPE" = "serial" ]; then
- echo -n " "
- fi
- echo_success
- echo
- else
- echo " [ OK ]"
- fi
- else
- if [ -f /etc/init.d/functions ]; then
- if [ "$CONSOLETYPE" = "serial" ]; then
- echo -n " "
- fi
- echo_failure
- echo
- else
- echo " [ FAILED ]"
- fi
- rv=${default_error}
- fi
- else
- echo
- echo "process already stopped"
- rv=0
- fi
-
- return ${rv}
-}
-
-start()
-{
- # From "http://fedoraproject.org/wiki/FCNewInit/Initscripts":
- #
- # * 0 action was successful
- # * 1 generic or unspecified error (current practice)
- # * 2 invalid or excess argument(s)
- # * 3 unimplemented feature (for example, "reload")
- # * 4 user had insufficient privilege
- # * 5 program is not installed
- # * 6 program is not configured
- # * 7 program is not running
- # * 8-99 reserved for future LSB use
- # * 100-149 reserved for distribution use
- # * 150-199 reserved for application use
- # * 200-254 reserved
- #
-
- error_rv=0
- rv=0
-
- if [ -n "${PKI_REGISTRY_ENTRIES}" ]; then
- config_errors=0
- errors=0
-
- if [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] ; then
- echo "BEGIN STARTING '${PKI_TYPE}' INSTANCE(S):"
- fi
-
- # Start every PKI instance of this type that isn't already running
- for PKI_REGISTRY_ENTRY in ${PKI_REGISTRY_ENTRIES}; do
- # Source values associated with this particular PKI instance
- [ -f ${PKI_REGISTRY_ENTRY} ] &&
- . ${PKI_REGISTRY_ENTRY}
-
- pidfile=${PKI_PIDDIR}/${PKI_PIDFILE}
-
- [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] && echo
-
- start_instance
-
- rv=$?
- if [ ${rv} = 6 ] ; then
- # Since at least ONE configuration error exists, then there
- # is at least ONE unconfigured instance from the PKI point
- # of view.
- #
- # However, it must still be considered that the
- # instance is "running" from the point of view of other
- # OS programs such as 'chkconfig'.
- #
- # Therefore, ignore non-zero return codes resulting
- # from configuration errors.
- #
-
- config_errors=`expr $config_errors + 1`
- rv=0
- elif [ ${rv} != 0 ] ; then
- errors=`expr $errors + 1`
- error_rv=${rv}
- fi
- done
-
- if [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt ${errors} ] ; then
- touch ${lockfile}
- chmod 00600 ${lockfile}
- fi
-
- # ONLY print a "WARNING" message if multiple
- # instances are being examined
- if [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] ; then
- # NOTE: "bad" return code(s) OVERRIDE configuration errors!
- if [ ${errors} -eq 1 ]; then
- # Since only ONE error exists, return that "bad" error code.
- rv=${error_rv}
- elif [ ${errors} -gt 1 ]; then
- # Since MORE than ONE error exists, return an OVERALL status
- # of "1 generic or unspecified error (current practice)"
- rv=1
- fi
-
- if [ ${errors} -ge 1 ]; then
- echo
- echo -n "WARNING: "
- echo -n "${errors} of ${TOTAL_PKI_REGISTRY_ENTRIES} "
- echo -n "'${PKI_TYPE}' instances failed to start!"
- echo
- fi
-
- if [ ${TOTAL_UNCONFIGURED_PKI_ENTRIES} -ge 1 ]; then
- echo
- echo -n "WARNING: "
- echo -n "${TOTAL_UNCONFIGURED_PKI_ENTRIES} "
- echo -n "of ${TOTAL_PKI_REGISTRY_ENTRIES} "
- echo -n "'${PKI_TYPE}' instances MUST be configured!"
- echo
- fi
-
- echo
- echo "FINISHED STARTING '${PKI_TYPE}' INSTANCE(S)."
- fi
- else
- echo
- echo "ERROR: No '${PKI_TYPE}' instances installed!"
- rv=5
- fi
-
- return ${rv}
-}
-
-stop()
-{
- # From "http://fedoraproject.org/wiki/FCNewInit/Initscripts":
- #
- # * 0 action was successful
- # * 1 generic or unspecified error (current practice)
- # * 2 invalid or excess argument(s)
- # * 3 unimplemented feature (for example, "reload")
- # * 4 user had insufficient privilege
- # * 5 program is not installed
- # * 6 program is not configured
- # * 7 program is not running
- # * 8-99 reserved for future LSB use
- # * 100-149 reserved for distribution use
- # * 150-199 reserved for application use
- # * 200-254 reserved
- #
-
- error_rv=0
- rv=0
-
- if [ -n "${PKI_REGISTRY_ENTRIES}" ]; then
- errors=0
-
- if [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] ; then
- echo "BEGIN SHUTTING DOWN '${PKI_TYPE}' INSTANCE(S):"
- fi
-
- # Shutdown every PKI instance of this type that is running
- for PKI_REGISTRY_ENTRY in ${PKI_REGISTRY_ENTRIES}; do
- # Source values associated with this particular PKI instance
- [ -f ${PKI_REGISTRY_ENTRY} ] &&
- . ${PKI_REGISTRY_ENTRY}
-
- pidfile=${PKI_PIDDIR}/${PKI_PIDFILE}
-
- [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] && echo
-
- stop_instance
-
- rv=$?
- if [ ${rv} != 0 ] ; then
- errors=`expr $errors + 1`
- error_rv=${rv}
- fi
- done
-
- if [ ${errors} -eq 0 ] ; then
- rm -f ${lockfile}
- fi
-
- # ONLY print a "WARNING" message if multiple
- # instances are being examined
- if [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] ; then
- if [ ${errors} -eq 1 ]; then
- # Since only ONE error exists, return that "bad" error code.
- rv=${error_rv}
- elif [ ${errors} -gt 1 ]; then
- # Since MORE than ONE error exists, return an OVERALL status
- # of "1 generic or unspecified error (current practice)"
- rv=1
- fi
-
- if [ ${errors} -ge 1 ]; then
- echo
- echo -n "WARNING: "
- echo -n "${errors} of ${TOTAL_PKI_REGISTRY_ENTRIES} "
- echo -n "'${PKI_TYPE}' instances were "
- echo -n "unsuccessfully stopped!"
- echo
- fi
-
- echo
- echo "FINISHED SHUTTING DOWN '${PKI_TYPE}' INSTANCE(S)."
- fi
- else
- echo
- echo "ERROR: No '${PKI_TYPE}' instances installed!"
- rv=5
- fi
-
- return ${rv}
-}
-
-restart()
-{
- # From "http://fedoraproject.org/wiki/FCNewInit/Initscripts":
- #
- # * 0 action was successful
- # * 1 generic or unspecified error (current practice)
- # * 2 invalid or excess argument(s)
- # * 3 unimplemented feature (for example, "reload")
- # * 4 user had insufficient privilege
- # * 5 program is not installed
- # * 6 program is not configured
- # * 7 program is not running
- # * 8-99 reserved for future LSB use
- # * 100-149 reserved for distribution use
- # * 150-199 reserved for application use
- # * 200-254 reserved
- #
-
- stop
- sleep 2
- echo
- echo "============================================================"
- echo
- start
-
- return $?
-}
-
-status()
-{
- # From "http://fedoraproject.org/wiki/FCNewInit/Initscripts":
- #
- # * 0 program is running or service is OK
- # * 1 program is dead and /var/run pid file exists
- # * 2 program is dead and /var/lock lock file exists
- # * 3 program is not running
- # * 4 program or service status is unknown
- # * 5-99 reserved for future LSB use
- # * 100-149 reserved for distribution use
- # * 150-199 reserved for application use
- # * 200-254 reserved
- #
-
- error_rv=0
- rv=0
-
- if [ -n "${PKI_REGISTRY_ENTRIES}" ]; then
- errors=0
-
- if [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] ; then
- echo "REPORT STATUS OF '${PKI_TYPE}' INSTANCE(S):"
- fi
-
- # Obtain status of every PKI instance of this type
- for PKI_REGISTRY_ENTRY in ${PKI_REGISTRY_ENTRIES}; do
- # Source values associated with this particular PKI instance
- [ -f ${PKI_REGISTRY_ENTRY} ] &&
- . ${PKI_REGISTRY_ENTRY}
-
- pidfile=${PKI_PIDDIR}/${PKI_PIDFILE}
-
- [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] && echo
-
- display_instance_status
-
- rv=$?
- if [ ${rv} -ne 0 ] ; then
- errors=`expr $errors + 1`
- error_rv=${rv}
- fi
- done
-
- # ONLY print a "WARNING" message if multiple
- # instances are being examined
- if [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] ; then
- if [ ${errors} -eq 1 ]; then
- # Since only ONE error exists, return that "bad" error code.
- rv=${error_rv}
- elif [ ${errors} -gt 1 ]; then
- # Since MORE than ONE error exists, return an OVERALL status
- # of "4 - program or service status is unknown"
- rv=4
- fi
-
- if [ ${errors} -ge 1 ]; then
- echo
- echo -n "WARNING: "
- echo -n "${errors} of ${TOTAL_PKI_REGISTRY_ENTRIES} "
- echo -n "'${PKI_TYPE}' instances reported status failures!"
- echo
- fi
-
- if [ ${TOTAL_UNCONFIGURED_PKI_ENTRIES} -ge 1 ]; then
- echo
- echo -n "WARNING: "
- echo -n "${TOTAL_UNCONFIGURED_PKI_ENTRIES} "
- echo -n "of ${TOTAL_PKI_REGISTRY_ENTRIES} "
- echo -n "'${PKI_TYPE}' instances MUST be configured!"
- echo
- fi
-
- echo
- echo "FINISHED REPORTING STATUS OF '${PKI_TYPE}' INSTANCE(S)."
- fi
- else
- echo
- echo "ERROR: No '${PKI_TYPE}' instances installed!"
- rv=4
- fi
-
- return ${rv}
-}
+# Source the PKI function library
+. /usr/share/pki/scripts/functions
# See how we were called.
-case "${command}" in
- start|stop|restart|status)
- ${command}
- exit $?
- ;;
- condrestart|force-restart|try-restart)
- [ ! -f ${lockfile} ] || restart
- exit $?
- ;;
- reload)
- echo "The 'reload' action is an unimplemented feature."
- exit ${default_error}
- ;;
- *)
- # * 3 unimplemented feature (for example, "reload")
- # [invalid command - should never be reached]
- echo
- usage
- echo "where valid instance names include:"
- list_instances
- exit 3
- ;;
+case $command in
+ status)
+ registry_status
+ exit $?
+ ;;
+ start)
+ start
+ exit $?
+ ;;
+ restart)
+ restart
+ exit $?
+ ;;
+ stop)
+ stop
+ exit $?
+ ;;
+ condrestart|force-restart|try-restart)
+ [ ! -f ${lockfile} ] || restart
+ exit $?
+ ;;
+ reload)
+ echo "The 'reload' action is an unimplemented feature."
+ exit ${default_error}
+ ;;
+ *)
+ echo "unknown action ($command)"
+ usage
+ echo "where valid instance names include:"
+ list_instances
+ exit ${default_error}
+ ;;
esac
generated by cgit (git 2.34.1) at 2024-07-15 22:31:21 +0000