diff options
author | Asha Akkiangady <aakkiang@redhat.com> | 2014-08-29 14:48:11 -0400 |
---|---|---|
committer | Asha Akkiangady <aakkiang@redhat.com> | 2014-08-29 14:52:10 -0400 |
commit | 2512d5d22c03524892ec05115fe5ec502a75ff35 (patch) | |
tree | 33aacaca129c2c0dae2e5d49df7cb8c88250cc16 /tests | |
parent | a4c36d953281967d653ef8a1d33dae6a8ba34a77 (diff) | |
download | pki-2512d5d22c03524892ec05115fe5ec502a75ff35.tar.gz pki-2512d5d22c03524892ec05115fe5ec502a75ff35.tar.xz pki-2512d5d22c03524892ec05115fe5ec502a75ff35.zip |
Added routine to get subsytemId.
Added SSLServer cert input to pkispawn.
Diffstat (limited to 'tests')
-rwxr-xr-x | tests/dogtag/acceptance/quickinstall/rhcs-install-lib.sh | 170 | ||||
-rw-r--r-- | tests/dogtag/shared/env.sh | 190 | ||||
-rwxr-xr-x | tests/dogtag/topologies.sh | 696 |
3 files changed, 710 insertions, 346 deletions
diff --git a/tests/dogtag/acceptance/quickinstall/rhcs-install-lib.sh b/tests/dogtag/acceptance/quickinstall/rhcs-install-lib.sh index d201ca40c..53751c69f 100755 --- a/tests/dogtag/acceptance/quickinstall/rhcs-install-lib.sh +++ b/tests/dogtag/acceptance/quickinstall/rhcs-install-lib.sh @@ -107,13 +107,13 @@ rhcs_install_RootCA() { echo "pki_audit_signing_token=$ROOTCA_AUDIT_SIGNING_TOKEN" >> $INSTANCECFG echo "pki_audit_signing_nickname=$ROOTCA_AUDIT_SIGNING_NICKNAME" >> $INSTANCECFG echo "pki_audit_signing_subject_dn=$ROOTCA_AUDIT_SIGNING_CERT_SUBJECT_NAME" >> $INSTANCECFG - #echo "pki_ssl_server_key_type=$ROOTCA_SSL_SERVER_KEY_TYPE" >> $INSTANCECFG - #echo "pki_ssl_server_key_size=$ROOTCA_SSL_SERVER_KEY_SIZE" >> $INSTANCECFG - #echo "pki_ssl_server_key_algorithm=$ROOTCA_SSL_SERVER_KEY_ALGORITHM" >> $INSTANCECFG - #echo "pki_ssl_server_signing_algorithm=$ROOTCA_SSL_SERVER_SIGNING_ALGORITHM" >> $INSTANCECFG - #echo "pki_ssl_server_token=$ROOTCA_SSL_SERVER_TOKEN" >> $INSTANCECFG - #echo "pki_ssl_server_nickname=$ROOTCA_SSL_SERVER_NICKNAME" >> $INSTANCECFG - #echo "pki_ssl_server_subject_dn=$ROOTCA_SSL_SERVER_CERT_SUBJECT_NAME" >> $INSTANCECFG + echo "pki_ssl_server_key_type=$ROOTCA_SSL_SERVER_KEY_TYPE" >> $INSTANCECFG + echo "pki_ssl_server_key_size=$ROOTCA_SSL_SERVER_KEY_SIZE" >> $INSTANCECFG + echo "pki_ssl_server_key_algorithm=$ROOTCA_SSL_SERVER_KEY_ALGORITHM" >> $INSTANCECFG + echo "pki_ssl_server_signing_algorithm=$ROOTCA_SSL_SERVER_SIGNING_ALGORITHM" >> $INSTANCECFG + echo "pki_ssl_server_token=$ROOTCA_SSL_SERVER_TOKEN" >> $INSTANCECFG + echo "pki_ssl_server_nickname=$ROOTCA_SSL_SERVER_NICKNAME" >> $INSTANCECFG + echo "pki_ssl_server_subject_dn=$ROOTCA_SSL_SERVER_CERT_SUBJECT_NAME" >> $INSTANCECFG echo "pki_subsystem_key_type=$ROOTCA_SUBSYSTEM_KEY_TYPE" >> $INSTANCECFG echo "pki_subsystem_key_size=$ROOTCA_SUBYSTEM_KEY_SIZE" >> $INSTANCECFG echo "pki_subsystem_key_algorithm=$ROOTCA_SUBSYSTEM_KEY_ALGORITHM" >> $INSTANCECFG @@ -134,7 +134,6 @@ rhcs_install_RootCA() { echo "pki_client_admin_cert_p12=$CLIENT_DIR/$ROOTCA_ADMIN_CERT_NICKNAME.p12" >> $INSTANCECFG echo "pki_backup_keys=$ROOTCA_BACKUP" >> $INSTANCECFG echo "pki_backup_password=$ROOTCA_BACKUP_PASSWORD" >> $INSTANCECFG - echo "pki_backup_fname=$ROOTCA_BACKUP_FILE_NAME" >> $INSTANCECFG echo "pki_client_database_dir=$CERTDB_DIR" >> $INSTANCECFG echo "pki_client_database_password=$CERTDB_DIR_PASSWORD" >> $INSTANCECFG echo "pki_client_database_purge=$CLIENT_DB_PURGE" >> $INSTANCECFG @@ -255,13 +254,13 @@ rhcs_install_kra() { echo "pki_audit_signing_token=$(eval echo \$KRA${number}_AUDIT_SIGNING_TOKEN)" >> $INSTANCECFG echo "pki_audit_signing_nickname=$(eval echo \$KRA${number}_AUDIT_SIGNING_NICKNAME)" >> $INSTANCECFG echo "pki_audit_signing_subject_dn=$(eval echo \$KRA${number}_AUDIT_SIGNING_SUBJECT_DN)" >> $INSTANCECFG - #echo "pki_ssl_server_key_type=$(eval echo $KRA${number}_SSL_SERVER_KEY_TYPE)" >> $INSTANCECFG - #echo "pki_ssl_server_key_size=$(eval echo $KRA${number}_SSL_SERVER_KEY_SIZE)" >> $INSTANCECFG - #echo "pki_ssl_server_key_algorithm=$(eval echo $KRA${number}_SSL_SERVER_KEY_ALGORITHM)" >> $INSTANCECFG - #echo "pki_ssl_server_signing_algorithm=$(eval echo $KRA${number}_SSL_SERVER_SIGNING_ALGORITHM)" >> $INSTANCECFG - #echo "pki_ssl_server_token=$(eval echo $KRA${number}_SSL_SERVER_TOKEN)" >> $INSTANCECFG - #echo "pki_ssl_server_nickname=$(eval echo $KRA${number}_SSL_SERVER_NICKNAME)" >> $INSTANCECFG - #echo "pki_ssl_server_subject_dn=$(eval echo $KRA${number}_SSL_SERVER_CERT_SUBJECT_NAME)" >> $INSTANCECFG + echo "pki_ssl_server_key_type=$(eval echo \$KRA${number}_SSL_SERVER_KEY_TYPE)" >> $INSTANCECFG + echo "pki_ssl_server_key_size=$(eval echo \$KRA${number}_SSL_SERVER_KEY_SIZE)" >> $INSTANCECFG + echo "pki_ssl_server_key_algorithm=$(eval echo \$KRA${number}_SSL_SERVER_KEY_ALGORITHM)" >> $INSTANCECFG + echo "pki_ssl_server_signing_algorithm=$(eval echo \$KRA${number}_SSL_SERVER_SIGNING_ALGORITHM)" >> $INSTANCECFG + echo "pki_ssl_server_token=$(eval echo \$KRA${number}_SSL_SERVER_TOKEN)" >> $INSTANCECFG + echo "pki_ssl_server_nickname=$(eval echo \$KRA${number}_SSL_SERVER_NICKNAME)" >> $INSTANCECFG + echo "pki_ssl_server_subject_dn=$(eval echo \$KRA${number}_SSL_SERVER_CERT_SUBJECT_NAME)" >> $INSTANCECFG echo "pki_admin_name=$(eval echo \$KRA${number}_ADMIN_USER)" >> $INSTANCECFG echo "pki_admin_uid=$(eval echo \$KRA${number}_ADMIN_USER)" >> $INSTANCECFG echo "pki_admin_email=$(eval echo \$KRA${number}_ADMIN_EMAIL)" >> $INSTANCECFG @@ -278,7 +277,6 @@ rhcs_install_kra() { echo "pki_issuing_ca_uri=https://$master_hostname:$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG echo "pki_backup_keys=$ROOTCA_BACKUP" >> $INSTANCECFG echo "pki_backup_password=$(eval echo \$KRA${number}_BACKUP_PASSWORD)" >> $INSTANCECFG - echo "pki_backup_fname=$(eval echo \$KRA${number}_BACKUP_FILE_NAME)" >> $INSTANCECFG echo "pki_client_database_dir=$CERTDB_DIR" >> $INSTANCECFG echo "pki_client_database_password=$CERTDB_DIR_PASSWORD" >> $INSTANCECFG echo "pki_client_database_purge=$CLIENT_DB_PURGE" >> $INSTANCECFG @@ -387,13 +385,13 @@ rhcs_install_ocsp() { echo "pki_audit_signing_token=$(eval echo \$OCSP${number}_AUDIT_SIGNING_TOKEN)" >> $INSTANCECFG echo "pki_audit_signing_nickname=$(eval echo \$OCSP${number}_AUDIT_SIGNING_CERT_NICKNAME)" >> $INSTANCECFG echo "pki_audit_signing_subject_dn=$(eval echo \$OCSP${number}_AUDIT_SIGNING_SUBJECT_DN)" >> $INSTANCECFG - #echo "pki_ssl_server_key_type=$(eval echo $OCSP${number}_SSL_SERVER_KEY_TYPE)" >> $INSTANCECFG - #echo "pki_ssl_server_key_size=$(eval echo $OCSP${number}_SSL_SERVER_KEY_SIZE)" >> $INSTANCECFG - #echo "pki_ssl_server_key_algorithm=$(eval echo $OCSP${number}_SSL_SERVER_KEY_ALGORITHM)" >> $INSTANCECFG - #echo "pki_ssl_server_signing_algorithm=$(eval echo $OCSP${number}_SSL_SERVER_SIGNING_ALGORITHM)" >> $INSTANCECFG - #echo "pki_ssl_server_token=$(eval echo $OCSP${number}_SSL_SERVER_TOKEN)" >> $INSTANCECFG - #echo "pki_ssl_server_nickname=$(eval echo $OCSP${number}_SSL_SERVER_NICKNAME)" >> $INSTANCECFG - #echo "pki_ssl_server_subject_dn=$(eval echo $OCSP${number}_SSL_SERVER_CERT_SUBJECT_NAME)" >> $INSTANCECFG + echo "pki_ssl_server_key_type=$(eval echo \$OCSP${number}_SSL_SERVER_KEY_TYPE)" >> $INSTANCECFG + echo "pki_ssl_server_key_size=$(eval echo \$OCSP${number}_SSL_SERVER_KEY_SIZE)" >> $INSTANCECFG + echo "pki_ssl_server_key_algorithm=$(eval echo \$OCSP${number}_SSL_SERVER_KEY_ALGORITHM)" >> $INSTANCECFG + echo "pki_ssl_server_signing_algorithm=$(eval echo \$OCSP${number}_SSL_SERVER_SIGNING_ALGORITHM)" >> $INSTANCECFG + echo "pki_ssl_server_token=$(eval echo \$OCSP${number}_SSL_SERVER_TOKEN)" >> $INSTANCECFG + echo "pki_ssl_server_nickname=$(eval echo \$OCSP${number}_SSL_SERVER_NICKNAME)" >> $INSTANCECFG + echo "pki_ssl_server_subject_dn=$(eval echo \$OCSP${number}_SSL_SERVER_CERT_SUBJECT_NAME)" >> $INSTANCECFG echo "pki_admin_name=$(eval echo \$OCSP${number}_ADMIN_USER)" >> $INSTANCECFG echo "pki_admin_uid=$(eval echo \$OCSP${number}_ADMIN_USER)" >> $INSTANCECFG echo "pki_admin_email=$(eval echo \$OCSP${number}_ADMIN_EMAIL)" >> $INSTANCECFG @@ -410,7 +408,6 @@ rhcs_install_ocsp() { echo "pki_issuing_ca_uri=https://$master_hostname:$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG echo "pki_backup_keys=$ROOTCA_BACKUP" >> $INSTANCECFG echo "pki_backup_password=$(eval echo \$OCSP${number}_BACKUP_PASSWORD)" >> $INSTANCECFG - echo "pki_backup_fname=$(eval echo \$OCSP${number}_BACKUP_FILE_NAME)" >> $INSTANCECFG echo "pki_client_database_dir=$CERTDB_DIR" >> $INSTANCECFG echo "pki_client_database_password=$CERTDB_DIR_PASSWORD" >> $INSTANCECFG echo "pki_client_database_purge=$CLIENT_DB_PURGE" >> $INSTANCECFG @@ -509,13 +506,13 @@ rhcs_install_tks() { echo "pki_audit_signing_token=$(eval echo \$TKS${number}_AUDIT_SIGNING_TOKEN)" >> $INSTANCECFG echo "pki_audit_signing_nickname=$(eval echo \$TKS${number}_AUDIT_SIGNING_CERT_NICKNAME)" >> $INSTANCECFG echo "pki_audit_signing_subject_dn=$(eval echo \$TKS${number}_AUDIT_SIGNING_SUBJECT_DN)" >> $INSTANCECFG - #echo "pki_ssl_server_key_type=$(eval echo $TKS${number}_SSL_SERVER_KEY_TYPE)" >> $INSTANCECFG - #echo "pki_ssl_server_key_size=$(eval echo $TKS${number}_SSL_SERVER_KEY_SIZE)" >> $INSTANCECFG - #echo "pki_ssl_server_key_algorithm=$(eval echo $TKS${number}_SSL_SERVER_KEY_ALGORITHM)" >> $INSTANCECFG - #echo "pki_ssl_server_signing_algorithm=$(eval echo $TKS${number}_SSL_SERVER_SIGNING_ALGORITHM)" >> $INSTANCECFG - #echo "pki_ssl_server_token=$(eval echo $TKS${number}_SSL_SERVER_TOKEN)" >> $INSTANCECFG - #echo "pki_ssl_server_nickname=$(eval echo $TKS${number}_SSL_SERVER_NICKNAME)" >> $INSTANCECFG - #echo "pki_ssl_server_subject_dn=$(eval echo $TKS${number}_SSL_SERVER_CERT_SUBJECT_NAME)" >> $INSTANCECFG + echo "pki_ssl_server_key_type=$(eval echo \$TKS${number}_SSL_SERVER_KEY_TYPE)" >> $INSTANCECFG + echo "pki_ssl_server_key_size=$(eval echo \$TKS${number}_SSL_SERVER_KEY_SIZE)" >> $INSTANCECFG + echo "pki_ssl_server_key_algorithm=$(eval echo \$TKS${number}_SSL_SERVER_KEY_ALGORITHM)" >> $INSTANCECFG + echo "pki_ssl_server_signing_algorithm=$(eval echo \$TKS${number}_SSL_SERVER_SIGNING_ALGORITHM)" >> $INSTANCECFG + echo "pki_ssl_server_token=$(eval echo \$TKS${number}_SSL_SERVER_TOKEN)" >> $INSTANCECFG + echo "pki_ssl_server_nickname=$(eval echo \$TKS${number}_SSL_SERVER_NICKNAME)" >> $INSTANCECFG + echo "pki_ssl_server_subject_dn=$(eval echo \$TKS${number}_SSL_SERVER_CERT_SUBJECT_NAME)" >> $INSTANCECFG echo "pki_admin_name=$(eval echo \$TKS${number}_ADMIN_USER)" >> $INSTANCECFG echo "pki_admin_uid=$(eval echo \$TKS${number}_ADMIN_USER)" >> $INSTANCECFG @@ -533,7 +530,6 @@ rhcs_install_tks() { echo "pki_issuing_ca_uri=https://$master_hostname:$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG echo "pki_backup_keys=$ROOTCA_BACKUP" >> $INSTANCECFG echo "pki_backup_password=$(eval echo \$TKS${number}_BACKUP_PASSWORD)" >> $INSTANCECFG - echo "pki_backup_fname=$(eval echo \$TKS${number}_BACKUP_FILE_NAME)" >> $INSTANCECFG echo "pki_client_database_dir=$CERTDB_DIR" >> $INSTANCECFG echo "pki_client_database_password=$CERTDB_DIR_PASSWORD" >> $INSTANCECFG echo "pki_client_database_purge=$CLIENT_DB_PURGE" >> $INSTANCECFG @@ -613,7 +609,7 @@ rhcs_install_cloneCA() rlLog "Creating CLONE CA Instance" rlLog "Setting up Dogtag CLONE CA instance ............." echo "[DEFAULT]" > $INSTANCECFG - echo "pki_instance_name=$(eval echo \$CLONE${number}_TOMCAT_INSTANCE_NAME)" >> $INSTANCECFG + echo "pki_instance_name=$(eval echo \$CLONE_CA${number}_TOMCAT_INSTANCE_NAME)" >> $INSTANCECFG echo "pki_https_port=$(eval echo \$CLONE_CA${number}_SECURE_PORT)" >> $INSTANCECFG echo "pki_http_port=$(eval echo \$CLONE_CA${number}_UNSECURE_PORT)" >> $INSTANCECFG echo "pki_ajp_port=$(eval echo \$CLONE_CA${number}_AJP_PORT)" >> $INSTANCECFG @@ -647,7 +643,15 @@ rhcs_install_cloneCA() echo "pki_admin_key_type=$(eval echo \$CLONE_CA${number}_ADMIN_KEY_TYPE)" >> $INSTANCECFG echo "pki_admin_subject_dn=$(eval echo \$CLONE_CA${number}_ADMIN_SUBJECT_DN)" >> $INSTANCECFG echo "pki_admin_nickname=$(eval echo \$CLONE_CA${number}_ADMIN_CERT_NICKNAME)" >> $INSTANCECFG - echo "pki_import_admin_cert=$(eval echo \$CLONE_CA${number}_ADMIN_IMPORT_CERT)" >> $INSTANCECFG + + echo "pki_ssl_server_key_type=$(eval echo \$CLONE_CA${number}_SSL_SERVER_KEY_TYPE)" >> $INSTANCECFG + echo "pki_ssl_server_key_size=$(eval echo \$CLONE_CA${number}_SSL_SERVER_KEY_SIZE)" >> $INSTANCECFG + echo "pki_ssl_server_key_algorithm=$(eval echo \$CLONE_CA${number}_SSL_SERVER_KEY_ALGORITHM)" >> $INSTANCECFG + echo "pki_ssl_server_signing_algorithm=$(eval echo \$CLONE_CA${number}_SSL_SERVER_SIGNING_ALGORITHM)" >> $INSTANCECFG + echo "pki_ssl_server_token=$(eval echo \$CLONE_CA${number}_SSL_SERVER_TOKEN)" >> $INSTANCECFG + echo "pki_ssl_server_nickname=$(eval echo \$CLONE_CA${number}_SSL_SERVER_NICKNAME)" >> $INSTANCECFG + echo "pki_ssl_server_subject_dn=$(eval echo \$CLONE_CA${number}_SSL_SERVER_CERT_SUBJECT_NAME)" >> $INSTANCECFG + echo "pki_import_admin_cert=$(eval echo \$CLONE_CA${number}_ADMIN_IMPORT_CERT)" >> $INSTANCECFG echo "pki_client_admin_cert_p12=$(eval echo \$CLONE_CA${number}_CLIENT_DIR)/$(eval echo \$CLONE_CA${number}_ADMIN_CERT_NICKNAME).p12" >> $INSTANCECFG echo "pki_security_domain_hostname=$master_hostname" >> $INSTANCECFG echo "pki_security_domain_https_port=$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG @@ -674,17 +678,17 @@ rhcs_install_cloneCA() rlAssertGrep "$exp_message2" "$INSTANCE_CREATE_OUT" exp_message3_1="To check the status of the subsystem:" rlAssertGrep "$exp_message3_1" "$INSTANCE_CREATE_OUT" - exp_message3_2="systemctl status pki-tomcatd@$(eval echo \$CLONE${number}_TOMCAT_INSTANCE_NAME).service" + exp_message3_2="systemctl status pki-tomcatd@$(eval echo \$CLONE_CA${number}_TOMCAT_INSTANCE_NAME).service" rlAssertGrep "$exp_message3_2" "$INSTANCE_CREATE_OUT" exp_message4_1="To restart the subsystem:" rlAssertGrep "$exp_message4_1" "$INSTANCE_CREATE_OUT" - exp_message4_2=" systemctl restart pki-tomcatd@$(eval echo \$CLONE${number}_TOMCAT_INSTANCE_NAME).service" + exp_message4_2=" systemctl restart pki-tomcatd@$(eval echo \$CLONE_CA${number}_TOMCAT_INSTANCE_NAME).service" rlAssertGrep "$exp_message4_2" "$INSTANCE_CREATE_OUT" exp_message5="The URL for the subsystem is:" rlAssertGrep "$exp_message5" "$INSTANCE_CREATE_OUT" exp_message5_1="https://$HOSTNAME_CLONE:$(eval echo \$CLONE_CA${number}_SECURE_PORT)/ca" rlAssertGrep "$exp_message5_1" "$INSTANCE_CREATE_OUT" - #echo "export CA_SERVER_ROOT=/var/lib/pki/$(eval echo \$CLONE${number}_TOMCAT_INSTANCE_NAME)/ca" >> /opt/rhqa_pki/env.sh + #echo "export CA_SERVER_ROOT=/var/lib/pki/$(eval echo \$CLONE_CA${number}_TOMCAT_INSTANCE_NAME)/ca" >> /opt/rhqa_pki/env.sh rlPhaseEnd } @@ -723,14 +727,14 @@ rhcs_install_SubCA(){ echo "pki_client_pkcs12_password=$(eval echo \$SUBCA${number}_CLIENT_PKCS12_PASSWORD)" >> $INSTANCECFG echo "pki_admin_password=$(eval echo \$SUBCA${number}_ADMIN_PASSWORD)" >> $INSTANCECFG echo "pki_ds_password=$(eval echo \$SUBCA${number}_DS_PASSWORD)" >> $INSTANCECFG - echo "pki_subordinate=True" >> $INSTANCECFG echo "pki_ds_password=$(eval echo \$SUBCA${number}_LDAP_ROOTDNPWD)" >> $INSTANCECFG echo "pki_client_dir=$(eval echo \$SUBCA${number}_CLIENT_DIR)" >> $INSTANCECFG - echo "pki_issuing_ca=https://$master_hostname:$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG echo "[CA]" >> $INSTANCECFG + echo "pki_subordinate=True" >> $INSTANCECFG echo "pki_admin_name=$(eval echo \$SUBCA${number}_ADMIN_USER)" >> $INSTANCECFG + echo "pki_issuing_ca=https://$master_hostname:$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG echo "pki_admin_uid=$(eval echo \$SUBCA${number}_ADMIN_USER)" >> $INSTANCECFG echo "pki_admin_email=$(eval echo \$SUBCA${number}_ADMIN_EMAIL)" >> $INSTANCECFG echo "pki_admin_dualkey=$(eval echo \$SUBCA${number}_ADMIN_DUAL_KEY)" >> $INSTANCECFG @@ -769,13 +773,13 @@ rhcs_install_SubCA(){ echo "pki_audit_signing_token=$(eval echo \$SUBCA${number}_AUDIT_SIGNING_TOKEN)" >> $INSTANCECFG echo "pki_audit_signing_nickname=$(eval echo \$SUBCA${number}_AUDIT_SIGNING_NICKNAME)" >> $INSTANCECFG echo "pki_audit_signing_subject_dn=$(eval echo \$SUBCA${number}_AUDIT_SIGNING_CERT_SUBJECT_NAME)" >> $INSTANCECFG - #echo "pki_ssl_server_key_type=$(eval echo $SUBCA${number}_SSL_SERVER_KEY_TYPE" >> $INSTANCECFG - #echo "pki_ssl_server_key_size=$(eval echo $SUBCA${number}_SSL_SERVER_KEY_SIZE" >> $INSTANCECFG - #echo "pki_ssl_server_key_algorithm=$(eval echo $SUBCA${number}_SSL_SERVER_KEY_ALGORITHM" >> $INSTANCECFG - #echo "pki_ssl_server_signing_algorithm=$(eval echo $SUBCA${number}_SSL_SERVER_SIGNING_ALGORITHM" >> $INSTANCECFG - #echo "pki_ssl_server_token=$(eval echo $SUBCA${number}_SSL_SERVER_TOKEN" >> $INSTANCECFG - #echo "pki_ssl_server_nickname=$(eval echo $SUBCA${number}_SSL_SERVER_NICKNAME" >> $INSTANCECFG - #echo "pki_ssl_server_subject_dn=$(eval echo $(eval echo $SUBCA${number}_SSL_SERVER_CERT_SUBJECT_NAME" >> $INSTANCECFG + echo "pki_ssl_server_key_type=$(eval echo \$SUBCA${number}_SSL_SERVER_KEY_TYPE)" >> $INSTANCECFG + echo "pki_ssl_server_key_size=$(eval echo \$SUBCA${number}_SSL_SERVER_KEY_SIZE)" >> $INSTANCECFG + echo "pki_ssl_server_key_algorithm=$(eval echo \$SUBCA${number}_SSL_SERVER_KEY_ALGORITHM)" >> $INSTANCECFG + echo "pki_ssl_server_signing_algorithm=$(eval echo \$SUBCA${number}_SSL_SERVER_SIGNING_ALGORITHM)" >> $INSTANCECFG + echo "pki_ssl_server_token=$(eval echo \$SUBCA${number}_SSL_SERVER_TOKEN)" >> $INSTANCECFG + echo "pki_ssl_server_nickname=$(eval echo \$SUBCA${number}_SSL_SERVER_NICKNAME)" >> $INSTANCECFG + echo "pki_ssl_server_subject_dn=$(eval echo \$SUBCA${number}_SSL_SERVER_CERT_SUBJECT_NAME)" >> $INSTANCECFG echo "pki_security_domain_hostname=$(hostname)" >> $INSTANCECFG echo "pki_security_domain_https_port=$(eval echo \$SUBCA${number}_SECURE_PORT)" >> $INSTANCECFG echo "pki_security_domain_user=$(eval echo \$SUBCA${number}_ADMIN_USER)" >> $INSTANCECFG @@ -791,7 +795,6 @@ rhcs_install_SubCA(){ echo "pki_ds_database=$(eval echo \$SUBCA${number}_LDAP_INSTANCE_NAME)" >> $INSTANCECFG echo "pki_backup_keys=$(eval echo \$SUBCA${number}_BACKUP)" >> $INSTANCECFG echo "pki_backup_password=$(eval echo \$SUBCA${number}_BACKUP_PASSWORD)" >> $INSTANCECFG - echo "pki_backup_fname=$(eval echo \$SUBCA${number}_BACKUP_FILE_NAME)" >> $INSTANCECFG echo "pki_client_database_dir=$(eval echo \$SUBCA${number}_CERTDB_DIR)" >> $INSTANCECFG echo "pki_client_database_password=$(eval echo \$SUBCA${number}_CERTDB_DIR_PASSWORD)" >> $INSTANCECFG echo "pki_client_database_purge=$(eval echo \$SUBCA${number}_CLIENT_DB_PURGE)" >> $INSTANCECFG @@ -853,11 +856,11 @@ rhcs_install_cloneKRA(){ rlLog "Creating CLONE KRA Instance" rlLog "Setting up Dogtag CLONE KRA instance ............." echo "[DEFAULT]" > $INSTANCECFG - echo "pki_instance_name=$(eval echo \$CLONE${number}_TOMCAT_INSTANCE_NAME)" >> $INSTANCECFG - echo "pki_https_port=$(eval echo \$CLONE_CA${number}_SECURE_PORT)" >> $INSTANCECFG - echo "pki_http_port=$(eval echo \$CLONE_CA${number}_UNSECURE_PORT)" >> $INSTANCECFG - echo "pki_ajp_port=$(eval echo \$CLONE_CA${number}_AJP_PORT)" >> $INSTANCECFG - echo "pki_tomcat_server_port=$(eval echo \$CLONE_CA${number}_TOMCAT_SERVER_PORT)" >> $INSTANCECFG + echo "pki_instance_name=$(eval echo \$CLONE_KRA${number}_TOMCAT_INSTANCE_NAME)" >> $INSTANCECFG + echo "pki_https_port=$(eval echo \$CLONE_KRA${number}_SECURE_PORT)" >> $INSTANCECFG + echo "pki_http_port=$(eval echo \$CLONE_KRA${number}_UNSECURE_PORT)" >> $INSTANCECFG + echo "pki_ajp_port=$(eval echo \$CLONE_KRA${number}_AJP_PORT)" >> $INSTANCECFG + echo "pki_tomcat_server_port=$(eval echo \$CLONE_KRA${number}_TOMCAT_SERVER_PORT)" >> $INSTANCECFG echo "pki_user=$(eval echo \$CLONE${number}_USER)" >> $INSTANCECFG echo "pki_group=$(eval echo \$CLONE${number}_GROUP)" >> $INSTANCECFG echo "pki_audit_group=$(eval echo \$CLONE${number}_GROUP_AUDIT)" >> $INSTANCECFG @@ -892,6 +895,13 @@ rhcs_install_cloneKRA(){ echo "pki_admin_key_type=$(eval echo \$CLONE_KRA${number}_ADMIN_KEY_TYPE)" >> $INSTANCECFG echo "pki_admin_subject_dn=$(eval echo \$CLONE_KRA${number}_ADMIN_SUBJECT_DN)" >> $INSTANCECFG echo "pki_admin_nickname=$(eval echo \$CLONE_KRA${number}_ADMIN_CERT_NICKNAME)" >> $INSTANCECFG + echo "pki_ssl_server_key_type=$(eval echo \$CLONE_KRA${number}_SSL_SERVER_KEY_TYPE)" >> $INSTANCECFG + echo "pki_ssl_server_key_size=$(eval echo \$CLONE_KRA${number}_SSL_SERVER_KEY_SIZE)" >> $INSTANCECFG + echo "pki_ssl_server_key_algorithm=$(eval echo \$CLONE_KRA${number}_SSL_SERVER_KEY_ALGORITHM)" >> $INSTANCECFG + echo "pki_ssl_server_signing_algorithm=$(eval echo \$CLONE_KRA${number}_SSL_SERVER_SIGNING_ALGORITHM)" >> $INSTANCECFG + echo "pki_ssl_server_token=$(eval echo \$CLONE_KRA${number}_SSL_SERVER_TOKEN)" >> $INSTANCECFG + echo "pki_ssl_server_nickname=$(eval echo \$CLONE_KRA${number}_SSL_SERVER_NICKNAME)" >> $INSTANCECFG + echo "pki_ssl_server_subject_dn=$(eval echo \$CLONE_KRA${number}_SSL_SERVER_CERT_SUBJECT_NAME)" >> $INSTANCECFG echo "pki_import_admin_cert=$CLONE_ADMIN_IMPORT_CERT" >> $INSTANCECFG echo "pki_client_admin_cert_p12=$(eval echo \$CLONE_CA${number}_CLIENT_DIR)/$(eval echo \$${MASTER_KRA}_ADMIN_CERT_NICKNAME).p12" >> $INSTANCECFG echo "pki_security_domain_name=$DOMAIN" >> $INSTANCECFG @@ -911,17 +921,17 @@ rhcs_install_cloneKRA(){ rlAssertGrep "$exp_message1" "$INSTANCE_CREATE_OUT" exp_message4="To check the status of the subsystem:" rlAssertGrep "$exp_message4" "$INSTANCE_CREATE_OUT" - exp_message5="systemctl status pki-tomcatd@$(eval echo \$CLONE${number}_TOMCAT_INSTANCE_NAME).service" + exp_message5="systemctl status pki-tomcatd@$(eval echo \$CLONE_KRA${number}_TOMCAT_INSTANCE_NAME).service" rlAssertGrep "$exp_message5" "$INSTANCE_CREATE_OUT" exp_message6="To restart the subsystem:" rlAssertGrep "$exp_message6" "$INSTANCE_CREATE_OUT" - exp_message7=" systemctl restart pki-tomcatd@$(eval echo \$CLONE${number}_TOMCAT_INSTANCE_NAME).service" + exp_message7=" systemctl restart pki-tomcatd@$(eval echo \$CLONE_KRA${number}_TOMCAT_INSTANCE_NAME).service" rlAssertGrep "$exp_message7" "$INSTANCE_CREATE_OUT" exp_message8="The URL for the subsystem is:" rlAssertGrep "$exp_message8" "$INSTANCE_CREATE_OUT" - exp_message8_1="https://$master_hostname:$(eval echo \$CLONE_CA${number}_SECURE_PORT)/kra" + exp_message8_1="https://$master_hostname:$(eval echo \$CLONE_KRA${number}_SECURE_PORT)/kra" rlAssertGrep "$exp_message8_1" "$INSTANCE_CREATE_OUT" -# echo "export KRA_SERVER_ROOT=/var/lib/pki/$(eval echo \$CLONE{number}_TOMCAT_INSTANCE_NAME)/kra" >> /opt/rhqa_pki/env.sh +# echo "export KRA_SERVER_ROOT=/var/lib/pki/$(eval echo \$CLONE_KRA{number}_TOMCAT_INSTANCE_NAME)/kra" >> /opt/rhqa_pki/env.sh rlPhaseEnd } @@ -950,11 +960,11 @@ rhcs_install_cloneOCSP(){ rlLog "Creating CLONE OCSP Instance" rlLog "Setting up Dogtag OCSP instance ............." echo "[DEFAULT]" > $INSTANCECFG - echo "pki_instance_name=$(eval echo \$CLONE${number}_TOMCAT_INSTANCE_NAME)" >> $INSTANCECFG - echo "pki_https_port=$(eval echo \$CLONE_CA${number}_SECURE_PORT)" >> $INSTANCECFG - echo "pki_http_port=$(eval echo \$CLONE_CA${number}_UNSECURE_PORT)" >> $INSTANCECFG - echo "pki_ajp_port=$(eval echo \$CLONE_CA${number}_AJP_PORT)" >> $INSTANCECFG - echo "pki_tomcat_server_port=$(eval echo \$CLONE_CA${number}_TOMCAT_SERVER_PORT)" >> $INSTANCECFG + echo "pki_instance_name=$(eval echo \$CLONE_OCSP${number}_TOMCAT_INSTANCE_NAME)" >> $INSTANCECFG + echo "pki_https_port=$(eval echo \$CLONE_OCSP${number}_SECURE_PORT)" >> $INSTANCECFG + echo "pki_http_port=$(eval echo \$CLONE_OCSP${number}_UNSECURE_PORT)" >> $INSTANCECFG + echo "pki_ajp_port=$(eval echo \$CLONE_OCSP${number}_AJP_PORT)" >> $INSTANCECFG + echo "pki_tomcat_server_port=$(eval echo \$CLONE_OCSP${number}_TOMCAT_SERVER_PORT)" >> $INSTANCECFG echo "pki_user=$(eval echo \$CLONE${number}_USER)" >> $INSTANCECFG echo "pki_group=$(eval echo \$CLONE${number}_GROUP)" >> $INSTANCECFG echo "pki_audit_group=$(eval echo \$CLONE${number}_GROUP_AUDIT)" >> $INSTANCECFG @@ -984,6 +994,13 @@ rhcs_install_cloneOCSP(){ echo "pki_admin_key_type=$(eval echo \$CLONE_OCSP${number}_ADMIN_KEY_TYPE)" >> $INSTANCECFG echo "pki_admin_subject_dn=$(eval echo \$CLONE_OCSP${number}_ADMIN_SUBJECT_DN)" >> $INSTANCECFG echo "pki_admin_nickname=$(eval echo \$CLONE_OCSP${number}_ADMIN_CERT_NICKNAME)" >> $INSTANCECFG + echo "pki_ssl_server_key_type=$(eval echo \$CLONE_OCSP${number}_SSL_SERVER_KEY_TYPE)" >> $INSTANCECFG + echo "pki_ssl_server_key_size=$(eval echo \$CLONE_OCSP${number}_SSL_SERVER_KEY_SIZE)" >> $INSTANCECFG + echo "pki_ssl_server_key_algorithm=$(eval echo \$CLONE_OCSP${number}_SSL_SERVER_KEY_ALGORITHM)" >> $INSTANCECFG + echo "pki_ssl_server_signing_algorithm=$(eval echo \$CLONE_OCSP${number}_SSL_SERVER_SIGNING_ALGORITHM)" >> $INSTANCECFG + echo "pki_ssl_server_token=$(eval echo \$CLONE_OCSP${number}_SSL_SERVER_TOKEN)" >> $INSTANCECFG + echo "pki_ssl_server_nickname=$(eval echo \$CLONE_OCSP${number}_SSL_SERVER_NICKNAME)" >> $INSTANCECFG + echo "pki_ssl_server_subject_dn=$(eval echo \$CLONE_OCSP${number}_SSL_SERVER_CERT_SUBJECT_NAME)" >> $INSTANCECFG echo "pki_import_admin_cert=$CLONE_ADMIN_IMPORT_CERT" >> $INSTANCECFG echo "pki_admin_password=$(eval echo \$CLONE_OCSP${number}_ADMIN_PASSWORD)" >> $INSTANCECFG echo "pki_client_admin_cert_p12=$(eval echo \$CLONE_CA${number}_CLIENT_DIR)/$(eval echo \$CLONE_OCSP${number}_ADMIN_CERT_NICKNAME).p12" >> $INSTANCECFG @@ -1009,17 +1026,17 @@ rhcs_install_cloneOCSP(){ rlAssertGrep "$exp_message1" "$INSTANCE_CREATE_OUT" exp_message3_1="To check the status of the subsystem:" rlAssertGrep "$exp_message3_1" "$INSTANCE_CREATE_OUT" - exp_message3_2="systemctl status pki-tomcatd@$(eval echo \$CLONE${number}_TOMCAT_INSTANCE_NAME).service" + exp_message3_2="systemctl status pki-tomcatd@$(eval echo \$CLONE_OCSP${number}_TOMCAT_INSTANCE_NAME).service" rlAssertGrep "$exp_message3_2" "$INSTANCE_CREATE_OUT" exp_message4_1="To restart the subsystem:" rlAssertGrep "$exp_message4_1" "$INSTANCE_CREATE_OUT" - exp_message4_2=" systemctl restart pki-tomcatd@$(eval echo \$CLONE${number}_TOMCAT_INSTANCE_NAME).service" + exp_message4_2=" systemctl restart pki-tomcatd@$(eval echo \$CLONE_OCSP${number}_TOMCAT_INSTANCE_NAME).service" rlAssertGrep "$exp_message4_2" "$INSTANCE_CREATE_OUT" exp_message5="The URL for the subsystem is:" rlAssertGrep "$exp_message5" "$INSTANCE_CREATE_OUT" - exp_message5_1="https://$BEAKERCLONE:$(eval echo \$CLONE_CA${number}_SECURE_PORT)/ocsp" + exp_message5_1="https://$BEAKERCLONE:$(eval echo \$CLONE_OCSP${number}_SECURE_PORT)/ocsp" rlAssertGrep "$exp_message5_1" "$INSTANCE_CREATE_OUT" - #echo "export OCSP_SERVER_ROOT=/var/lib/pki/$(eval echo \$CLONE${number}_TOMCAT_INSTANCE_NAME)/ocsp" >> /opt/rhqa_pki/env.sh + #echo "export OCSP_SERVER_ROOT=/var/lib/pki/$(eval echo \$CLONE_OCSP${number}_TOMCAT_INSTANCE_NAME)/ocsp" >> /opt/rhqa_pki/env.sh rlPhaseEnd } @@ -1049,11 +1066,11 @@ rhcs_install_cloneTKS(){ rlLog "Creating CLONE TKS Instance" rlLog "Setting up Dogtag TKS CLONE Instance" echo "[DEFAULT]" > $INSTANCECFG - echo "pki_instance_name=$(eval echo \$CLONE${number}_TOMCAT_INSTANCE_NAME)" >> $INSTANCECFG - echo "pki_https_port=$(eval echo \$CLONE_CA${number}_SECURE_PORT)" >> $INSTANCECFG - echo "pki_http_port=$(eval echo \$CLONE_CA${number}_UNSECURE_PORT)" >> $INSTANCECFG - echo "pki_ajp_port=$(eval echo \$CLONE_CA${number}_AJP_PORT)" >> $INSTANCECFG - echo "pki_tomcat_server_port=$(eval echo \$CLONE_CA${number}_TOMCAT_SERVER_PORT)" >> $INSTANCECFG + echo "pki_instance_name=$(eval echo \$CLONE_TKS${number}_TOMCAT_INSTANCE_NAME)" >> $INSTANCECFG + echo "pki_https_port=$(eval echo \$CLONE_TKS${number}_SECURE_PORT)" >> $INSTANCECFG + echo "pki_http_port=$(eval echo \$CLONE_TKS${number}_UNSECURE_PORT)" >> $INSTANCECFG + echo "pki_ajp_port=$(eval echo \$CLONE_TKS${number}_AJP_PORT)" >> $INSTANCECFG + echo "pki_tomcat_server_port=$(eval echo \$CLONE_TKS${number}_TOMCAT_SERVER_PORT)" >> $INSTANCECFG echo "pki_user=$(eval echo \$CLONE${number}_USER)" >> $INSTANCECFG echo "pki_group=$(eval echo \$CLONE${number}_GROUP)" >> $INSTANCECFG echo "pki_audit_group=$(eval echo \$CLONE${number}_GROUP_AUDIT)" >> $INSTANCECFG @@ -1089,6 +1106,13 @@ rhcs_install_cloneTKS(){ echo "pki_admin_key_type=$(eval echo \$CLONE_TKS${number}_ADMIN_KEY_TYPE)" >> $INSTANCECFG echo "pki_admin_subject_dn=$(eval echo \$CLONE_TKS${number}_ADMIN_SUBJECT_DN)" >> $INSTANCECFG echo "pki_admin_nickname=$(eval echo \$CLONE_TKS${number}_ADMIN_CERT_NICKNAME)" >> $INSTANCECFG + echo "pki_ssl_server_key_type=$(eval echo \$CLONE_TKS${number}_SSL_SERVER_KEY_TYPE)" >> $INSTANCECFG + echo "pki_ssl_server_key_size=$(eval echo \$CLONE_TKS${number}_SSL_SERVER_KEY_SIZE)" >> $INSTANCECFG + echo "pki_ssl_server_key_algorithm=$(eval echo \$CLONE_TKS${number}_SSL_SERVER_KEY_ALGORITHM)" >> $INSTANCECFG + echo "pki_ssl_server_signing_algorithm=$(eval echo \$CLONE_TKS${number}_SSL_SERVER_SIGNING_ALGORITHM)" >> $INSTANCECFG + echo "pki_ssl_server_token=$(eval echo \$CLONE_TKS${number}_SSL_SERVER_TOKEN)" >> $INSTANCECFG + echo "pki_ssl_server_nickname=$(eval echo \$CLONE_TKS${number}_SSL_SERVER_NICKNAME)" >> $INSTANCECFG + echo "pki_ssl_server_subject_dn=$(eval echo \$CLONE_TKS${number}_SSL_SERVER_CERT_SUBJECT_NAME)" >> $INSTANCECFG echo "pki_import_admin_cert=$CLONE_ADMIN_IMPORT_CERT" >> $INSTANCECFG echo "pki_client_admin_cert_p12=$(eval echo \$CLONE_CA${number}_CLIENT_DIR)/$TKS1_ADMIN_CERT_NICKNAME.p12" >> $INSTANCECFG echo "pki_ds_hostname=$(hostname)" >> $INSTANCECFG @@ -1107,15 +1131,15 @@ rhcs_install_cloneTKS(){ rlAssertGrep "$exp_message1" "$INSTANCE_CREATE_OUT" exp_message3_1="To check the status of the subsystem:" rlAssertGrep "$exp_message3_1" "$INSTANCE_CREATE_OUT" - exp_message3_2="systemctl status pki-tomcatd@$(eval echo \$CLONE${number}_TOMCAT_INSTANCE_NAME).service" + exp_message3_2="systemctl status pki-tomcatd@$(eval echo \$CLONE_TKS${number}_TOMCAT_INSTANCE_NAME).service" rlAssertGrep "$exp_message3_2" "$INSTANCE_CREATE_OUT" exp_message4_1="To restart the subsystem:" rlAssertGrep "$exp_message4_1" "$INSTANCE_CREATE_OUT" - exp_message4_2=" systemctl restart pki-tomcatd@$(eval echo \$CLONE${number}_TOMCAT_INSTANCE_NAME).service" + exp_message4_2=" systemctl restart pki-tomcatd@$(eval echo \$CLONE_TKS${number}_TOMCAT_INSTANCE_NAME).service" rlAssertGrep "$exp_message4_2" "$INSTANCE_CREATE_OUT" exp_message5="The URL for the subsystem is:" rlAssertGrep "$exp_message5" "$INSTANCE_CREATE_OUT" - exp_message5_1="https://$(hostname):$(eval echo \$CLONE_CA${number}_SECURE_PORT)/tks" + exp_message5_1="https://$(hostname):$(eval echo \$CLONE_TKS${number}_SECURE_PORT)/tks" rlAssertGrep "$exp_message5_1" "$INSTANCE_CREATE_OUT" rlPhaseEnd } diff --git a/tests/dogtag/shared/env.sh b/tests/dogtag/shared/env.sh index 3e76fbf2d..f25b2f931 100644 --- a/tests/dogtag/shared/env.sh +++ b/tests/dogtag/shared/env.sh @@ -21,13 +21,13 @@ ROOTCA_SUBSYSTEM_TOKEN=Internal ROOTCA_SUBSYTEM_NICKNAME="casubsystemcert" ROOTCA_SUBSYSTEM_CERT_SUBJECT_NAME="CN=PKI ROOTCA SUBSYSTEM Certificate,O=Redhat" #Following 7 lines are commented due to bug https://fedorahosted.org/pki/ticket/1052, installation fails otherwise. -#CA_SSL_SERVER_KEY_TYPE=rsa -#CA_SSL_SERVER_KEY_SIZE=2048 -#CA_SSL_SERVER_KEY_ALGORITHM=SHA512withRSA -#CA_SSL_SERVER_SIGNING_ALGORITHM=SHA512withRSA -#CA_SSL_SERVER_TOKEN=Internal -#CA_SSL_SERVER_NICKNAME="Server-Cert cert-pki-ipa" -#CA_SSL_SERVER_CERT_SUBJECT_NAME="CN=PKI ROOTCA SSL SERVER Certificate, O=Redhat" +ROOTCA_SSL_SERVER_KEY_TYPE=rsa +ROOTCA_SSL_SERVER_KEY_SIZE=2048 +ROOTCA_SSL_SERVER_KEY_ALGORITHM=SHA512withRSA +ROOTCA_SSL_SERVER_SIGNING_ALGORITHM=SHA512withRSA +ROOTCA_SSL_SERVER_TOKEN=Internal +ROOTCA_SSL_SERVER_NICKNAME="Server-Cert cert-pki-RootCA" +ROOTCA_SSL_SERVER_CERT_SUBJECT_NAME="cn=`hostname`, O=Redhat" ROOTCA_TOMCAT_INSTANCE_NAME="pki-master" ROOTCA_SECURE_PORT=30042 ROOTCA_UNSECURE_PORT=30044 @@ -59,8 +59,6 @@ ROOTCA_ADMIN_CERT_NICKNAME="caadmincert" ROOTCA_ADMIN_IMPORT_CERT=False ROOTCA_BACKUP=True ROOTCA_BACKUP_PASSWORD="Secret123" -#ROOTCA_BACKUP_FILE_NAME param is not effective, always created in defaut location, bug to be filed. -ROOTCA_BACKUP_FILE_NAME="/opt/rhqa_pki/backup.p12" ROOTCA_SECURITY_DOMAIN_PASSWORD="Secret123" ROOTCA_LDAP_PORT=389 ROOTCA_DB_SUFFIX="dc=pki-ca" @@ -102,6 +100,13 @@ KRA1_TRANSPORT_SIGNING_ALGORITHM=SHA512withRSA KRA1_TRANSPORT_TOKEN="Internal" KRA1_TRANSPORT_NICKNAME="kra1transportcert" KRA1_TRANSPORT_SUBJECT_DN="cn=PKI KRA1 TRANSPORT CERT" +KRA1_SSL_SERVER_KEY_TYPE=rsa +KRA1_SSL_SERVER_KEY_SIZE=2048 +KRA1_SSL_SERVER_KEY_ALGORITHM=SHA512withRSA +KRA1_SSL_SERVER_SIGNING_ALGORITHM=SHA512withRSA +KRA1_SSL_SERVER_TOKEN=Internal +KRA1_SSL_SERVER_NICKNAME=subca1sslservercert +KRA1_SSL_SERVER_CERT_SUBJECT_NAME="cn=`hostname`, O=Redhat" KRA1_ADMIN_USER="kra1admin" KRA1_ADMIN_PASSWORD="Secret123" KRA1_ADMIN_EMAIL="example@redhat.com" @@ -115,8 +120,6 @@ KRA1_DB_SUFFIX="dc=pki-kra1" KRA1_LDAP_INSTANCE_NAME=pki-kra1-ldap KRA1_CLIENT_PKCS12_PASSWORD="Secret123" KRA1_BACKUP_PASSWORD="Secret123" -#KRA1_BACKUP_FILE_NAME param is not effective, always created in defaut location, bug to be filed. -KRA1_BACKUP_FILE_NAME="/opt/rhqa_pki/kra_backup.p12" ####### End KRA1 params######## ###### KRA 2 params used by topology 5 and 6#### @@ -146,6 +149,14 @@ KRA2_STORAGE_SIGNING_ALGORITHM=SHA512withRSA KRA2_STORAGE_TOKEN="Internal" KRA2_STORAGE_NICKNAME="kra2storagecert" KRA2_STORAGE_SUBJECT_DN="cn=PKI KRA2 STORAGE CERT,O=redhat" +KRA2_SSL_SERVER_KEY_TYPE=rsa +KRA2_SSL_SERVER_KEY_SIZE=2048 +KRA2_SSL_SERVER_KEY_ALGORITHM=SHA512withRSA +KRA2_SSL_SERVER_SIGNING_ALGORITHM=SHA512withRSA +KRA2_SSL_SERVER_TOKEN=Internal +KRA2_SSL_SERVER_NICKNAME=subca2sslservercert +KRA2_SSL_SERVER_CERT_SUBJECT_NAME="cn=`hostname`, O=Redhat" + KRA2_TRANSPORT_KEY_TYPE="rsa" KRA2_TRANSPORT_KEY_SIZE=2048 KRA2_TRANSPORT_KEY_ALGORITHM=SHA512withRSA @@ -166,8 +177,6 @@ KRA2_DB_SUFFIX="dc=pki-kra2" KRA2_LDAP_INSTANCE_NAME=pki-kra2-ldap KRA2_CLIENT_PKCS12_PASSWORD="Secret123" KRA2_BACKUP_PASSWORD="Secret123" -#KRA2_BACKUP_FILE_NAME param is not effective, always created in defaut location, bug to be filed. -KRA2_BACKUP_FILE_NAME="/opt/rhqa_pki/kra_backup.p12" ############## End KRA 2 Params###### ############# KRA3 Params used by QUICKINSTALL and topology1 ############ @@ -204,6 +213,14 @@ KRA3_TRANSPORT_SIGNING_ALGORITHM=SHA512withRSA KRA3_TRANSPORT_TOKEN="Internal" KRA3_TRANSPORT_NICKNAME="kra3transportcert" KRA3_TRANSPORT_SUBJECT_DN="cn=PKI KRA1 TRANSPORT CERT" + +KRA3_SSL_SERVER_KEY_TYPE=rsa +KRA3_SSL_SERVER_KEY_SIZE=2048 +KRA3_SSL_SERVER_KEY_ALGORITHM=SHA512withRSA +KRA3_SSL_SERVER_SIGNING_ALGORITHM=SHA512withRSA +KRA3_SSL_SERVER_TOKEN=Internal +KRA3_SSL_SERVER_NICKNAME="Server-Cert cert-pki-RootCA" +KRA3_SSL_SERVER_CERT_SUBJECT_NAME="cn=`hostname`, O=Redhat" KRA3_ADMIN_USER="kra3admin" KRA3_ADMIN_EMAIL="example@redhat.com" KRA3_ADMIN_DUAL_KEY=True @@ -216,8 +233,6 @@ KRA3_DB_SUFFIX="dc=pki-kra3" KRA3_LDAP_INSTANCE_NAME=pki-kra3-ldap KRA3_CLIENT_PKCS12_PASSWORD="Secret123" KRA3_BACKUP_PASSWORD="Secret123" -#KRA3_BACKUP_FILE_NAME param is not effective, always created in defaut location, bug to be filed. -KRA3_BACKUP_FILE_NAME="/opt/rhqa_pki/backup.p12" KRA3_ADMIN_PASSWORD="Secret123" ######### KRA3 Params################ @@ -248,6 +263,14 @@ OCSP1_SIGNING_SIGNING_ALGORITHM=SHA512withRSA OCSP1_SIGNING_TOKEN="Internal" OCSP1_SIGNING_CERT_NICKNAME="ocsp1signingcert" OCSP1_SIGNING_SUBJECT_DN="cn=PKI OCSP1 SIGNING CERT,O=redhat" + +OCSP1_SSL_SERVER_KEY_TYPE=rsa +OCSP1_SSL_SERVER_KEY_SIZE=2048 +OCSP1_SSL_SERVER_KEY_ALGORITHM=SHA512withRSA +OCSP1_SSL_SERVER_SIGNING_ALGORITHM=SHA512withRSA +OCSP1_SSL_SERVER_TOKEN=Internal +OCSP1_SSL_SERVER_NICKNAME=subca1sslservercert +OCSP1_SSL_SERVER_CERT_SUBJECT_NAME="cn=`hostname`, O=Redhat" OCSP1_ADMIN_USER="ocsp1admin" OCSP1_ADMIN_PASSWORD="Secret123" OCSP1_ADMIN_EMAIL="example@redhat.com" @@ -260,8 +283,6 @@ OCSP1_LDAP_PORT=1602 OCSP1_DB_SUFFIX="dc=pki-ocsp1" OCSP1_LDAP_INSTANCE_NAME=pki-ocsp1-ldap OCSP1_BACKUP_PASSWORD="Secret123" -#OCSP1_BACKUP_FILE_NAME param is not effective, always created in defaut location, bug to be filed. -OCSP1_BACKUP_FILE_NAME="/opt/rhqa_pki/ocsp_backup.p12" OCSP1_CLIENT_PKCS12_PASSWORD="Secret123" ###### End OCSP1 Params ######### @@ -285,6 +306,14 @@ OCSP2_AUDIT_SIGNING_SIGNING_ALGORITHM=SHA512withRSA OCSP2_AUDIT_SIGNING_TOKEN=Internal OCSP2_AUDIT_SIGNING_CERT_NICKNAME="ocspa2uditsigningcert" OCSP2_AUDIT_SIGNING_SUBJECT_DN="CN=PKI OCSP2 AUDIT Signing Certificate, O=Redhat" + +OCSP2_SSL_SERVER_KEY_TYPE=rsa +OCSP2_SSL_SERVER_KEY_SIZE=2048 +OCSP2_SSL_SERVER_KEY_ALGORITHM=SHA512withRSA +OCSP2_SSL_SERVER_SIGNING_ALGORITHM=SHA512withRSA +OCSP2_SSL_SERVER_TOKEN=Internal +OCSP2_SSL_SERVER_NICKNAME=subca2sslservercert +OCSP2_SSL_SERVER_CERT_SUBJECT_NAME="cn=`hostname`, O=Redhat" OCSP2_SIGNING_KEY_TYPE="rsa" OCSP2_SIGNING_KEY_SIZE=2048 OCSP2_SIGNING_KEY_ALGORITHM=SHA512withRSA @@ -304,8 +333,6 @@ OCSP2_LDAP_PORT=1602 OCSP2_DB_SUFFIX="dc=pki-ocsp2" OCSP2_LDAP_INSTANCE_NAME=pki-ocsp2-ldap OCSP2_BACKUP_PASSWORD="Secret123" -#OCSP2_BACKUP_FILE_NAME param is not effective, always created in defaut location, bug to be filed. -OCSP2_BACKUP_FILE_NAME="/opt/rhqa_pki/ocsp_backup.p12" OCSP2_CLIENT_PKCS12_PASSWORD="Secret123" ##### End OCSP2 Params ########## @@ -329,6 +356,13 @@ OCSP3_AUDIT_SIGNING_SIGNING_ALGORITHM=SHA512withRSA OCSP3_AUDIT_SIGNING_TOKEN=Internal OCSP3_AUDIT_SIGNING_CERT_NICKNAME="ocsp3auditsigningcert" OCSP3_AUDIT_SIGNING_SUBJECT_DN="CN=PKI OCSP3 AUDIT Signing Certificate, O=Redhat" +OCSP3_SSL_SERVER_KEY_TYPE=rsa +OCSP3_SSL_SERVER_KEY_SIZE=2048 +OCSP3_SSL_SERVER_KEY_ALGORITHM=SHA512withRSA +OCSP3_SSL_SERVER_SIGNING_ALGORITHM=SHA512withRSA +OCSP3_SSL_SERVER_TOKEN=Internal +OCSP3_SSL_SERVER_NICKNAME="Server-Cert cert-pki-RootCA" +OCSP3_SSL_SERVER_CERT_SUBJECT_NAME="cn=`hostname`, O=Redhat" OCSP3_SIGNING_KEY_TYPE="rsa" OCSP3_SIGNING_KEY_SIZE=2048 OCSP3_SIGNING_KEY_ALGORITHM=SHA512withRSA @@ -348,8 +382,6 @@ OCSP3_LDAP_PORT=1602 OCSP3_DB_SUFFIX="dc=pki-ocsp3" OCSP3_LDAP_INSTANCE_NAME=pki-ocsp3-ldap OCSP3_BACKUP_PASSWORD="Secret123" -#OCSP3_BACKUP_FILE_NAME param is not effective, always created in defaut location, bug to be filed. -OCSP3_BACKUP_FILE_NAME="/opt/rhqa_pki/ocsp_backup.p12" OCSP3_CLIENT_PKCS12_PASSWORD="Secret123" ########End OCSP3 Params##### @@ -366,6 +398,14 @@ TKS1_AUDIT_SIGNING_SIGNING_ALGORITHM=SHA512withRSA TKS1_AUDIT_SIGNING_TOKEN=Internal TKS1_AUDIT_SIGNING_CERT_NICKNAME="tks1auditsigningcert" TKS1_AUDIT_SIGNING_SUBJECT_DN="CN=PKI TKS1 AUDIT Signing Certificate, O=Redhat" + +TKS1_SSL_SERVER_KEY_TYPE=rsa +TKS1_SSL_SERVER_KEY_SIZE=2048 +TKS1_SSL_SERVER_KEY_ALGORITHM=SHA512withRSA +TKS1_SSL_SERVER_SIGNING_ALGORITHM=SHA512withRSA +TKS1_SSL_SERVER_TOKEN=Internal +TKS1_SSL_SERVER_NICKNAME="Server-Cert cert-pki-RootCA" +TKS1_SSL_SERVER_CERT_SUBJECT_NAME="cn=`hostname`, O=Redhat" TKS1_SUBSYSTEM_KEY_TYPE="rsa" TKS1_SUBSYSTEM_KEY_SIZE=2048 TKS1_SUBSYSTEM_KEY_ALGORITHM=SHA512withRSA @@ -385,8 +425,6 @@ TKS1_LDAP_PORT=1603 TKS1_LDAP_INSTANCE_NAME=pki-tks1-ldap TKS1_DB_SUFFIX="dc=pki-tks1" TKS1_BACKUP_PASSWORD="Secret123" -#TKS1_BACKUP_FILE_NAME param is not effective, always created in defaut location, bug to be filed. -TKS1_BACKUP_FILE_NAME="/opt/rhqa_pki/tks_backup.p12" TKS1_CLIENT_PKCS12_PASSWORD="Secret123" ########End TKS Params####### @@ -403,6 +441,13 @@ TKS2_AUDIT_SIGNING_SIGNING_ALGORITHM=SHA512withRSA TKS2_AUDIT_SIGNING_TOKEN=Internal TKS2_AUDIT_SIGNING_CERT_NICKNAME="tks2aditsigningcert" TKS2_AUDIT_SIGNING_SUBJECT_DN="CN=PKI TKS2 AUDIT Signing Certificate, O=Redhat" +TKS2_SSL_SERVER_KEY_TYPE=rsa +TKS2_SSL_SERVER_KEY_SIZE=2048 +TKS2_SSL_SERVER_KEY_ALGORITHM=SHA512withRSA +TKS2_SSL_SERVER_SIGNING_ALGORITHM=SHA512withRSA +TKS2_SSL_SERVER_TOKEN=Internal +TKS2_SSL_SERVER_NICKNAME="tks2sslservercert" +TKS2_SSL_SERVER_CERT_SUBJECT_NAME="cn=`hostname`, O=Redhat" TKS2_SUBSYSTEM_KEY_TYPE="rsa" TKS2_SUBSYSTEM_KEY_SIZE=2048 TKS2_SUBSYSTEM_KEY_ALGORITHM=SHA512withRSA @@ -421,8 +466,6 @@ TKS2_LDAP_PORT=1603 TKS2_LDAP_INSTANCE_NAME=pki-tks2-ldap TKS2_DB_SUFFIX="dc=pki-tks2" TKS2_BACKUP_PASSWORD="Secret123" -#TKS2_BACKUP_FILE_NAME param is not effective, always created in defaut location, bug to be filed. -TKS2_BACKUP_FILE_NAME="/opt/rhqa_pki/tks_backup.p12" TKS2_ADMIN_PASSWORD="Secret123" TKS2_CLIENT_PKCS12_PASSWORD=Secret123 ####### End TKS2 Params ###### @@ -490,7 +533,7 @@ SUBCA1_OCSP_SIGNING_KEY_SIZE=2048 SUBCA1_OCSP_SIGNING_KEY_ALGORITHM=SHA512withRSA SUBCA1_OCSP_SIGNING_SIGNING_ALGORITHM=SHA512withRSA SUBCA1_OCSP_SIGNING_TOKEN=Internal -SUBCA1_OCSP_SIGNING_NICKNAME=caocspsigningcert +SUBCA1_OCSP_SIGNING_NICKNAME=subcaocspsigningcert SUBCA1_OCSP_SIGNING_CERT_SUBJECT_NAME="cn=PKI CA OCSP Signing Certificate, O=redhat" SUBCA1_OCSP_SIGNING_KEY_TYPE=rsa SUBCA1_AUDIT_SIGNING_KEY_TYPE=rsa @@ -500,13 +543,13 @@ SUBCA1_AUDIT_SIGNING_SIGNING_ALGORITHM=SHA512withRSA SUBCA1_AUDIT_SIGNING_TOKEN=Internal SUBCA1_AUDIT_SIGNING_NICKNAME=subcaauditsigningcert SUBCA1_AUDIT_SIGNING_CERT_SUBJECT_NAME="cn=PKI SUBCA1 Audit Signing Certificate, O=redhat" -#SUBCA1_SSL_SERVER_KEY_TYPE=rsa -#SUBCA1_SSL_SERVER_KEY_SIZE=2048 -#SUBCA1_SSL_SERVER_KEY_ALGORITHM=SHA512withRSA -#SUBCA1_SSL_SERVER_SIGNING_ALGORITHM=SHA512withRSA -#SUBCA1_SSL_SERVER_TOKEN=Internal -#SUBCA1_SSL_SERVER_NICKNAME=subcasslservercert -#SUBCA1_SSL_SERVER_CERT_SUBJECT_NAME="cn=PKI SUBCA1 SSL Server Cert,O=redhat" +SUBCA1_SSL_SERVER_KEY_TYPE=rsa +SUBCA1_SSL_SERVER_KEY_SIZE=2048 +SUBCA1_SSL_SERVER_KEY_ALGORITHM=SHA512withRSA +SUBCA1_SSL_SERVER_SIGNING_ALGORITHM=SHA512withRSA +SUBCA1_SSL_SERVER_TOKEN=Internal +SUBCA1_SSL_SERVER_NICKNAME=subca1sslservercert +SUBCA1_SSL_SERVER_CERT_SUBJECT_NAME="cn=`hostname`,O=redhat" SUBCA1_SECURITY_DOMAIN_PASSWORD=Secret123 SUBCA1_DS_HOSTNAME=localhost SUBCA1_LDAP_PORT=2100 @@ -518,8 +561,6 @@ SUBCA1_REMOVE_DATA=True SUBCA1_DB_SUFFIX=dc=pki-subca SUBCA1_BACKUP=True SUBCA1_BACKUP_PASSWORD=Secret123 -#SUBCA1_BACKUP_FILE_NAME param not effective, bug to be filed -SUBCA1_BACKUP_FILE_NAME="/opt/rhqa_pki/ca_backup.p12" SUBCA1_CERTDB_DIR=$SUBCA1_CLIENT_DIR/db SUBCA1_CERTDB_DIR_PASSWORD=Secret123 SUBCA1_CLIENT_DB_PURGE=True @@ -567,7 +608,7 @@ SUBCA2_OCSP_SIGNING_KEY_SIZE=2048 SUBCA2_OCSP_SIGNING_KEY_ALGORITHM=SHA512withRSA SUBCA2_OCSP_SIGNING_SIGNING_ALGORITHM=SHA512withRSA SUBCA2_OCSP_SIGNING_TOKEN=Internal -SUBCA2_OCSP_SIGNING_NICKNAME=caocspsigningcert2 +SUBCA2_OCSP_SIGNING_NICKNAME=subcaocspsigningcert2 SUBCA2_OCSP_SIGNING_CERT_SUBJECT_NAME="cn=PKI SUBCA2 OCSP Signing Certificate, O=redhat" SUBCA2_OCSP_SIGNING_KEY_TYPE=rsa SUBCA2_AUDIT_SIGNING_KEY_TYPE=rsa @@ -577,13 +618,13 @@ SUBCA2_AUDIT_SIGNING_SIGNING_ALGORITHM=SHA512withRSA SUBCA2_AUDIT_SIGNING_TOKEN=Internal SUBCA2_AUDIT_SIGNING_NICKNAME=subcaauditsigningcert SUBCA2_AUDIT_SIGNING_CERT_SUBJECT_NAME="cn=PKI SUBCA2 Audit Signing Certificate, O=redhat" -#SUBCA2_SSL_SERVER_KEY_TYPE=rsa -#SUBCA2_SSL_SERVER_KEY_SIZE=2048 -#SUBCA2_SSL_SERVER_KEY_ALGORITHM=SHA512withRSA -#SUBCA2_SSL_SERVER_SIGNING_ALGORITHM=SHA512withRSA -#SUBCA2_SSL_SERVER_TOKEN=Internal -#SUBCA2_SSL_SERVER_NICKNAME=subca2sslservercert -#SUBCA2_SSL_SERVER_CERT_SUBJECT_NAME="cn=PKI SUBCA2 SSL Server Cert,O=redhat" +SUBCA2_SSL_SERVER_KEY_TYPE=rsa +SUBCA2_SSL_SERVER_KEY_SIZE=2048 +SUBCA2_SSL_SERVER_KEY_ALGORITHM=SHA512withRSA +SUBCA2_SSL_SERVER_SIGNING_ALGORITHM=SHA512withRSA +SUBCA2_SSL_SERVER_TOKEN=Internal +SUBCA2_SSL_SERVER_NICKNAME=subca2sslservercert +SUBCA2_SSL_SERVER_CERT_SUBJECT_NAME="cn=`hostname`,O=redhat" SUBCA2_SECURITY_DOMAIN_PASSWORD=Secret123 SUBCA2_DS_HOSTNAME=localhost SUBCA2_LDAP_PORT=3300 @@ -594,14 +635,12 @@ SUBCA2_REMOVE_DATA=True SUBCA2_DB_SUFFIX=dc=pki-subca2 SUBCA2_BACKUP=True SUBCA2_BACKUP_PASSWORD=Secret123 -SUBCA2_BACKUP_FILE_NAME="/opt/rhqa_pki/ca_backup.p12" SUBCA2_CERTDB_DIR=$SUBCA2_CLIENT_DIR/db SUBCA2_CERTDB_DIR_PASSWORD=Secret123 SUBCA2_CLIENT_DB_PURGE=True ######## End of SUBCA2 params ####### ##### CLONE generic params ######### -CLONE1_TOMCAT_INSTANCE_NAME="pki-clone" CLONE1_USER=pkiuser CLONE1_GROUP=pkiuser CLONE1_GROUP_AUDIT=pkiaudit @@ -614,6 +653,7 @@ CLONE_ADMIN_IMPORT_CERT=True CLIENT_PKCS12_DIR=/tmp/pkcs ##### CLONE_CA1 params ############ +CLONE_CA1_TOMCAT_INSTANCE_NAME=clone1 CLONE_CA1_SECURE_PORT=30002 CLONE_CA1_UNSECURE_PORT=30009 CLONE_CA1_AJP_PORT=30004 @@ -623,6 +663,13 @@ CLONE_CA1_TOKEN_PASSWORD="Secret123" CLONE_CA1_CLIENT_PKCS12_PASSWORD=Secret123 CLONE_CA1_ADMIN_PASSWORD=Secret123 CLONE_CA1_CLIENT_DIR=/tmp/clone1 +CLONE_CA1_SSL_SERVER_KEY_TYPE=rsa +CLONE_CA1_SSL_SERVER_KEY_SIZE=2048 +CLONE_CA1_SSL_SERVER_KEY_ALGORITHM=SHA512withRSA +CLONE_CA1_SSL_SERVER_SIGNING_ALGORITHM=SHA512withRSA +CLONE_CA1_SSL_SERVER_TOKEN=Internal +CLONE_CA1_SSL_SERVER_NICKNAME=cloneca1sslservercert +CLONE_CA1_SSL_SERVER_CERT_SUBJECT_NAME="cn=`hostname`,O=redhat" CLONE_CA1_ADMIN_USER=clonecaadmin CLONE_CA1_ADMIN_EMAIL=example@redhat.com CLONE_CA1_ADMIN_DUAL_KEY=True @@ -639,6 +686,11 @@ CLONE_CA1_REMOVE_DATA=True ##### End of CLONE_CA1 params ####### ##### CLONE_KRA1 params -- used by QUICKINSTALL, topology 1 and 8 ######## +CLONE_KRA1_TOMCAT_INSTANCE_NAME=clone1 +CLONE_KRA1_SECURE_PORT=30002 +CLONE_KRA1_UNSECURE_PORT=30009 +CLONE_KRA1_AJP_PORT=30004 +CLONE_KRA1_TOMCAT_SERVER_PORT=30005 CLONE_KRA1_ADMIN_USER=clonekraadmin CLONE_KRA1_ADMIN_EMAIL=example@redhat.com CLONE_KRA1_ADMIN_DUAL_KEY=True @@ -651,11 +703,25 @@ CLONE_KRA1_DS_HOSTNAME=localhost CLONE_KRA1_LDAP_PORT=2110 CLONE_KRA1_LDAP_INSTANCE_NAME=pki-clonekra1 CLONE_KRA1_SECURE_CONN=False -CLONE_KRA1_REMOVE_DATA=True +CLONE_KRA1_REMOVE_DATA=True +CLONE_KRA1_SSL_SERVER_KEY_TYPE=rsa +CLONE_KRA1_SSL_SERVER_KEY_SIZE=2048 +CLONE_KRA1_SSL_SERVER_KEY_ALGORITHM=SHA512withRSA +CLONE_KRA1_SSL_SERVER_SIGNING_ALGORITHM=SHA512withRSA +CLONE_KRA1_SSL_SERVER_TOKEN=Internal +CLONE_KRA1_SSL_SERVER_NICKNAME=cloneca1sslservercert +CLONE_KRA1_SSL_SERVER_CERT_SUBJECT_NAME="cn=`hostname`,O=redhat" ##### End of CLONE_KRA1 params ####### + ##### CLONE_OCSP1 params -- used by QUICKINSTALL, topology 1 and 8 ######### + +CLONE_OCSP1_TOMCAT_INSTANCE_NAME=clone1 +CLONE_OCSP1_SECURE_PORT=30002 +CLONE_OCSP1_UNSECURE_PORT=30009 +CLONE_OCSP1_AJP_PORT=30004 +CLONE_OCSP1_TOMCAT_SERVER_PORT=30005 CLONE_OCSP1_ADMIN_USER=cloneocspadmin CLONE_OCSP1_ADMIN_EMAIL=example@redhat.com CLONE_OCSP1_ADMIN_DUAL_KEY=True @@ -669,9 +735,22 @@ CLONE_OCSP1_LDAP_PORT=2400 CLONE_OCSP1_LDAP_INSTANCE_NAME=pki-cloneocsp1 CLONE_OCSP1_SECURE_CONN=False CLONE_OCSP1_REMOVE_DATA=True +CLONE_OCSP1_SSL_SERVER_KEY_TYPE=rsa +CLONE_OCSP1_SSL_SERVER_KEY_SIZE=2048 +CLONE_OCSP1_SSL_SERVER_KEY_ALGORITHM=SHA512withRSA +CLONE_OCSP1_SSL_SERVER_SIGNING_ALGORITHM=SHA512withRSA +CLONE_OCSP1_SSL_SERVER_TOKEN=Internal +CLONE_OCSP1_SSL_SERVER_NICKNAME=cloneca1sslservercert +CLONE_OCSP1_SSL_SERVER_CERT_SUBJECT_NAME="cn=`hostname`,O=redhat" ###### End of CLONE_OCSP1 ####### ###### CLONE_TKS1 params -- used by QUICKINSTALL and topology 1 ######### + +CLONE_TKS1_TOMCAT_INSTANCE_NAME=clone1 +CLONE_TKS1_SECURE_PORT=30002 +CLONE_TKS1_UNSECURE_PORT=30009 +CLONE_TKS1_AJP_PORT=30004 +CLONE_TKS1_TOMCAT_SERVER_PORT=30005 CLONE_TKS1_ADMIN_USER=clonetksadmin CLONE_TKS1_ADMIN_EMAIL=example@redhat.com CLONE_TKS1_ADMIN_DUAL_KEY=True @@ -685,6 +764,13 @@ CLONE_TKS1_LDAP_PORT=2700 CLONE_TKS1_LDAP_INSTANCE_NAME=pki-clonetks1 CLONE_TKS1_SECURE_CONN=False CLONE_TKS1_REMOVE_DATA=True +CLONE_TKS1_SSL_SERVER_KEY_TYPE=rsa +CLONE_TKS1_SSL_SERVER_KEY_SIZE=2048 +CLONE_TKS1_SSL_SERVER_KEY_ALGORITHM=SHA512withRSA +CLONE_TKS1_SSL_SERVER_SIGNING_ALGORITHM=SHA512withRSA +CLONE_TKS1_SSL_SERVER_TOKEN=Internal +CLONE_TKS1_SSL_SERVER_NICKNAME=cloneca1sslservercert +CLONE_TKS1_SSL_SERVER_CERT_SUBJECT_NAME="cn=`hostname`,O=redhat" ##### End of CLONE_TKS1 params ###### @@ -772,13 +858,13 @@ CLONE_TKS2_DS_HOSTNAME=localhost ######## End of CLONE_TKS2 params ####### -export CLONE_CA1_LDAP_INSTANCE_NAME CLONE_TKS1_LDAP_INSTANCE_NAME CLONE_OCSP1_LDAP_INSTANCE_NAME CLONE_KRA1_LDAP_INSTANCE_NAME CLONE1_GROUP_AUDIT CLONE1_CERTDB_DIR_PASSWORD CLONE1_TOMCAT_INSTANCE_NAME CLONE_KRA1_ADMIN_USER CLONE_KRA1_ADMIN_EMAIL CLONE_KRA1_ADMIN_DUAL_KEY CLONE_KRA1_ADMIN_KEY_SIZE CLONE_KRA1_ADMIN_KEY_TYPE CLONE_KRA1_ADMIN_SUBJECT_DN CLONE_KRA1_ADMIN_CERT_NICKNAME CLONE_ADMIN_IMPORT_CERT CLONE_KRA1_DS_HOSTNAME CLONE_KRA1_LDAP_PORT CLONE_KRA1_SECURE_CONN CLONE_KRA1_REMOVE_DATA CLONE_OCSP1_ADMIN_USER CLONE_OCSP1_ADMIN_EMAIL CLONE_OCSP1_ADMIN_DUAL_KEY CLONE_OCSP1_ADMIN_KEY_SIZE CLONE_OCSP1_ADMIN_KEY_TYPE CLONE_OCSP1_ADMIN_SUBJECT_DN CLONE_OCSP1_ADMIN_CERT_NICKNAME CLONE_OCSP1_ADMIN_PASSWORD CLONE_OCSP1_DS_HOSTNAME CLONE_OCSP1_LDAP_PORT CLONE_OCSP1_SECURE_CONN CLONE_OCSP1_REMOVE_DATA CLONE_TKS1_ADMIN_USER CLONE_TKS1_ADMIN_EMAIL CLONE_TKS1_ADMIN_DUAL_KEY CLONE_TKS1_ADMIN_KEY_SIZE CLONE_TKS1_ADMIN_KEY_TYPE CLONE_TKS1_ADMIN_SUBJECT_DN CLONE_TKS1_ADMIN_CERT_NICKNAME CLONE_TKS1_ADMIN_PASSWORD CLONE_TKS1_DS_HOSTNAME CLONE_TKS1_LDAP_PORT CLONE_TKS1_SECURE_CONN CLONE_TKS1_REMOVE_DATA ROOTCA_SUBSYSTEM_KEY_TYPE ROOTCA_SUBYSTEM_KEY_SIZE ROOTCA_SUBSYSTEM_KEY_ALGORITHM ROOTCA_SUBSYSTEM_SIGNING_ALGORITHM ROOTCA_SUBSYSTEM_TOKEN ROOTCA_SUBSYTEM_NICKNAME ROOTCA_SUBSYSTEM_SUBJECT_DN +export CLONE_CA1_LDAP_INSTANCE_NAME CLONE_TKS1_LDAP_INSTANCE_NAME CLONE_OCSP1_LDAP_INSTANCE_NAME CLONE_KRA1_LDAP_INSTANCE_NAME CLONE1_GROUP_AUDIT CLONE1_CERTDB_DIR_PASSWORD CLONE_CA1_TOMCAT_INSTANCE_NAME CLONE_KRA1_ADMIN_USER CLONE_KRA1_ADMIN_EMAIL CLONE_KRA1_ADMIN_DUAL_KEY CLONE_KRA1_ADMIN_KEY_SIZE CLONE_KRA1_ADMIN_KEY_TYPE CLONE_KRA1_ADMIN_SUBJECT_DN CLONE_KRA1_ADMIN_CERT_NICKNAME CLONE_ADMIN_IMPORT_CERT CLONE_KRA1_DS_HOSTNAME CLONE_KRA1_LDAP_PORT CLONE_KRA1_SECURE_CONN CLONE_KRA1_REMOVE_DATA CLONE_OCSP1_ADMIN_USER CLONE_OCSP1_ADMIN_EMAIL CLONE_OCSP1_ADMIN_DUAL_KEY CLONE_OCSP1_ADMIN_KEY_SIZE CLONE_OCSP1_ADMIN_KEY_TYPE CLONE_OCSP1_ADMIN_SUBJECT_DN CLONE_OCSP1_ADMIN_CERT_NICKNAME CLONE_OCSP1_ADMIN_PASSWORD CLONE_OCSP1_DS_HOSTNAME CLONE_OCSP1_LDAP_PORT CLONE_OCSP1_SECURE_CONN CLONE_OCSP1_REMOVE_DATA CLONE_TKS1_ADMIN_USER CLONE_TKS1_ADMIN_EMAIL CLONE_TKS1_ADMIN_DUAL_KEY CLONE_TKS1_ADMIN_KEY_SIZE CLONE_TKS1_ADMIN_KEY_TYPE CLONE_TKS1_ADMIN_SUBJECT_DN CLONE_TKS1_ADMIN_CERT_NICKNAME CLONE_TKS1_ADMIN_PASSWORD CLONE_TKS1_DS_HOSTNAME CLONE_TKS1_LDAP_PORT CLONE_TKS1_SECURE_CONN CLONE_TKS1_REMOVE_DATA ROOTCA_SUBSYSTEM_KEY_TYPE ROOTCA_SUBYSTEM_KEY_SIZE ROOTCA_SUBSYSTEM_KEY_ALGORITHM ROOTCA_SUBSYSTEM_SIGNING_ALGORITHM ROOTCA_SUBSYSTEM_TOKEN ROOTCA_SUBSYTEM_NICKNAME ROOTCA_SUBSYSTEM_SUBJECT_DN export ROOTCA_OCSP_SIGNING_KEY_SIZE ROOTCA_OCSP_SIGNING_KEY_ALGORITHM ROOTCA_OCSP_SIGNING_SIGNING_ALGORITHM ROOTCA_OCSP_SIGNING_TOKEN ROOTCA_OCSP_SIGNING_NICKNAME ROOTCA_OCSP_SIGNING_CERT_SUBJECT_NAME ROOTCA_AUDIT_SIGNING_KEY_TYPE ROOTCA_AUDIT_SIGNING_KEY_SIZE ROOTCA_AUDIT_SIGNING_KEY_ALGORITHM ROOTCA_AUDIT_SIGNING_SIGNING_ALGORITHM ROOTCA_AUDIT_SIGNING_TOKEN ROOTCA_AUDIT_SIGNING_NICKNAME ROOTCA_AUDIT_SIGNING_CERT_SUBJECT_NAME ROOTCA_SUBSYSTEM_NAME ROOTCA_AUDIT_SIGNING_CERT_SUBJECT_NAME ROOTCA_KEY_ALGORITHM ROOTCA_OCSP_SIGNING_CERT_SUBJECT_NAME ROOTCA_OCSP_SIGNING_ALGORITHM LDAP_BASEDN LDAP_ADMIN_PW ROOTCA_SUBSYSTEM_CERT_SUBJECT_NAME XMLSTARLET_PATH JACOCO_PATH ROOTCA_TOMCAT_INSTANCE_NAME ROOTCA_SECURE_PORT ROOTCA_UNSECURE_PORT ROOTCA_AJP_PORT ROOTCA_TOMCAT_SERVER_PORT USER GROUP ROOTCA_ADMIN_USER GROUP_AUDIT ROOTCA_TOKEN_NAME ROOTCA_TOKEN_PASSWORD ROOTCA_CLIENT_PKCS12_PASSWORD ROOTCA_ADMIN_PASSWORD ROOTCA_KEY_TYPE ROOTCA_KEY_SIZE ROOTCA_SIGNING_ALGORITHM ROOTCA_SIGNING_SIGNING_ALGORITHM ROOTCA_SIGNING_TOKEN ROOTCA_SIGNING_NICKNAME ROOTCA_SIGNING_CERT_SUBJECT_NAME ROOTCA_ADMIN_EMAIL ROOTCA_ADMIN_DUAL_KEY ROOTCA_ADMIN_KEY_SIZE ROOTCA_ADMIN_KEY_TYPE ROOTCA_ADMIN_SUBJECT_DN ROOTCA_ADMIN_CERT_NICKNAME ROOTCA_ADMIN_IMPORT_CERT ROOTCA_CLIENT_DIR CLONE_TOMCAT_INSTANCE_NAME CLONE_CA1_SECURE_PORT CLONE_CA1_UNSECURE_PORT CLONE_CA1_AJP_PORT CLONE_CA1_TOMCAT_SERVER_PORT CLONE_USER ROOTCA_ADMIN_CERT_SUBJECT_NAME -export CLONE_GROUP CLONE_GROUP_AUDIT CLONE_CA1_TOKEN_NAME CLONE_CA1_TOKEN_PASSWORD CLONE_CA1_CLIENT_PKCS12_PASSWORD CLONE_CA1_ADMIN_PASSWORD CLONE_CA1_DS_PASSWORD CLONE_CA1_LDAP_PORT REPLICATE_SCHEMA REPLICATION_SEC CLONE1_CERTDB_DIR_PASSWORD CLONE2_CERTDB_DIR_PASSWORD CLONE_CA1_CLIENT_DIR CLONE_CA1_ADMIN_USER CLONE_CA1_ADMIN_EMAIL CLONE_CA1_ADMIN_DUAL_KEY CLONE_CA1_ADMIN_KEY_SIZE CLONE_CA1_ADMIN_KEY_TYPE CLONE_CA1_ADMIN_SUBJECT_DN CLONE_CA1_ADMIN_CERT_NICKNAME CLONE_CA1_ADMIN_IMPORT_CERT CLONE_CA1_SUBSYSTEM_KEY_TYPE CLONE_CA1_DS_HOSTNAME CLONE_CA1_LDAP_PORT CLONE1_LDAP_ROOTDN CLONE1_LDAP_ROOTDNPWD CLONE2_LDAP_ROOTDN CLONE2_LDAP_ROOTDNPWD CLONE_CA1_SECURE_CONN CLONE_CA1_REMOVE_DATA SUBCA1_TOMCAT_INSTANCE_NAME SUBCA1_SECURE_PORT SUBCA1_UNSECURE_PORT SUBCA1_AJP_PORT SUBCA1_TOMCAT_SERVER_PORT SUBCA1_USER SUBCA1_GROUP SUBCA1_GROUP_AUDIT SUBCA1_TOKEN_NAME SUBCA1_TOKEN_PASSWORD SUBCA1_CLIENT_PKCS12_PASSWORD SUBCA1_ADMIN_PASSWORD SUBCA1_LDAP_ROOTDNPWD SUBCA1_CLIENT_DIR SUBCA1_ADMIN_USER SUBCA1_ADMIN_USER SUBCA1_ADMIN_EMAIL SUBCA1_ADMIN_DUAL_KEY SUBCA1_ADMIN_KEY_SIZE SUBCA1_ADMIN_KEY_TYPE SUBCA1_ADMIN_SUBJECT_DN SUBCA1_ADMIN_CERT_NICKNAME SUBCA1_ADMIN_IMPORT_CERT SUBCA1_SUBSYSTEM_KEY_TYPE SUBCA1_SUBYSTEM_KEY_SIZE SUBCA1_SUBSYSTEM_KEY_ALGORITHM SUBCA1_SUBSYSTEM_SIGNING_ALGORITHM SUBCA1_SUBSYSTEM_TOKEN SUBCA1_SUBSYTEM_NICKNAME SUBCA1_SUBSYSTEM_SUBJECT_DN SUBCA1_KEY_TYPE SUBCA1_KEY_SIZE SUBCA1_SIGNING_ALGORITHM SUBCA1_SIGNING_SIGNING_ALGORITHM SUBCA1_SIGNING_TOKEN SUBCA1_SIGNING_NICKNAME SUBCA1_OCSP_SIGNING_KEY_SIZE SUBCA1_OCSP_SIGNING_KEY_ALGORITHM SUBCA1_OCSP_SIGNING_SIGNING_ALGORITHM SUBCA1_OCSP_SIGNING_TOKEN SUBCA1_OCSP_SIGNING_NICKNAME SUBCA1_OCSP_SIGNING_CERT_SUBJECT_NAME SUBCA1_AUDIT_SIGNING_KEY_TYPE SUBCA1_AUDIT_SIGNING_KEY_SIZE SUBCA1_AUDIT_SIGNING_KEY_ALGORITHM SUBCA1_AUDIT_SIGNING_SIGNING_ALGORITHM SUBCA1_AUDIT_SIGNING_TOKEN SUBCA1_AUDIT_SIGNING_NICKNAME SUBCA1_AUDIT_SIGNING_CERT_SUBJECT_NAME SUBCA1_SIGNING_CERT_SUBJECT_NAME SUBCA1_SECURE_PORT SUBCA1_ADMIN_USER SUBCA1_SECURITY_DOMAIN_PASSWORD SUBCA1_DOMAIN SUBCA1_DS_HOSTNAME SUBCA1_LDAP_PORT SUBCA1_DB_SUFFIX SUBCA1_LDAP_ROOTDN SUBCA1_SECURE_CONN SUBCA1_REMOVE_DATA SUBCA1_BACKUP SUBCA1_BACKUP_PASSWORD SUBCA1_BACKUP_FILE_NAME SUBCA1_CERTDB_DIR SUBCA1_CERTDB_DIR_PASSWORD SUBCA1_CLIENT_DB_PURGE SUBCA1_RESTART_INSTANCE SUBCA1_SKIP_CONFIG SUBCA1_SKIP_INSTALL SUBCA1_ENABLE_ACCESS_LOG SUBCA1_ENABLE_JAVA_DEBUG SUBCA1_SECURITY_MANAGER +export CLONE_GROUP CLONE_GROUP_AUDIT CLONE_CA1_TOKEN_NAME CLONE_CA1_TOKEN_PASSWORD CLONE_CA1_CLIENT_PKCS12_PASSWORD CLONE_CA1_ADMIN_PASSWORD CLONE_CA1_DS_PASSWORD CLONE_CA1_LDAP_PORT REPLICATE_SCHEMA REPLICATION_SEC CLONE1_CERTDB_DIR_PASSWORD CLONE2_CERTDB_DIR_PASSWORD CLONE_CA1_CLIENT_DIR CLONE_CA1_ADMIN_USER CLONE_CA1_ADMIN_EMAIL CLONE_CA1_ADMIN_DUAL_KEY CLONE_CA1_ADMIN_KEY_SIZE CLONE_CA1_ADMIN_KEY_TYPE CLONE_CA1_ADMIN_SUBJECT_DN CLONE_CA1_ADMIN_CERT_NICKNAME CLONE_CA1_ADMIN_IMPORT_CERT CLONE_CA1_SUBSYSTEM_KEY_TYPE CLONE_CA1_DS_HOSTNAME CLONE_CA1_LDAP_PORT CLONE1_LDAP_ROOTDN CLONE1_LDAP_ROOTDNPWD CLONE2_LDAP_ROOTDN CLONE2_LDAP_ROOTDNPWD CLONE_CA1_SECURE_CONN CLONE_CA1_REMOVE_DATA SUBCA1_TOMCAT_INSTANCE_NAME SUBCA1_SECURE_PORT SUBCA1_UNSECURE_PORT SUBCA1_AJP_PORT SUBCA1_TOMCAT_SERVER_PORT SUBCA1_USER SUBCA1_GROUP SUBCA1_GROUP_AUDIT SUBCA1_TOKEN_NAME SUBCA1_TOKEN_PASSWORD SUBCA1_CLIENT_PKCS12_PASSWORD SUBCA1_ADMIN_PASSWORD SUBCA1_LDAP_ROOTDNPWD SUBCA1_CLIENT_DIR SUBCA1_ADMIN_USER SUBCA1_ADMIN_USER SUBCA1_ADMIN_EMAIL SUBCA1_ADMIN_DUAL_KEY SUBCA1_ADMIN_KEY_SIZE SUBCA1_ADMIN_KEY_TYPE SUBCA1_ADMIN_SUBJECT_DN SUBCA1_ADMIN_CERT_NICKNAME SUBCA1_ADMIN_IMPORT_CERT SUBCA1_SUBSYSTEM_KEY_TYPE SUBCA1_SUBYSTEM_KEY_SIZE SUBCA1_SUBSYSTEM_KEY_ALGORITHM SUBCA1_SUBSYSTEM_SIGNING_ALGORITHM SUBCA1_SUBSYSTEM_TOKEN SUBCA1_SUBSYTEM_NICKNAME SUBCA1_SUBSYSTEM_SUBJECT_DN SUBCA1_KEY_TYPE SUBCA1_KEY_SIZE SUBCA1_SIGNING_ALGORITHM SUBCA1_SIGNING_SIGNING_ALGORITHM SUBCA1_SIGNING_TOKEN SUBCA1_SIGNING_NICKNAME SUBCA1_OCSP_SIGNING_KEY_SIZE SUBCA1_OCSP_SIGNING_KEY_ALGORITHM SUBCA1_OCSP_SIGNING_SIGNING_ALGORITHM SUBCA1_OCSP_SIGNING_TOKEN SUBCA1_OCSP_SIGNING_NICKNAME SUBCA1_OCSP_SIGNING_CERT_SUBJECT_NAME SUBCA1_AUDIT_SIGNING_KEY_TYPE SUBCA1_AUDIT_SIGNING_KEY_SIZE SUBCA1_AUDIT_SIGNING_KEY_ALGORITHM SUBCA1_AUDIT_SIGNING_SIGNING_ALGORITHM SUBCA1_AUDIT_SIGNING_TOKEN SUBCA1_AUDIT_SIGNING_NICKNAME SUBCA1_AUDIT_SIGNING_CERT_SUBJECT_NAME SUBCA1_SIGNING_CERT_SUBJECT_NAME SUBCA1_SECURE_PORT SUBCA1_ADMIN_USER SUBCA1_SECURITY_DOMAIN_PASSWORD SUBCA1_DOMAIN SUBCA1_DS_HOSTNAME SUBCA1_LDAP_PORT SUBCA1_DB_SUFFIX SUBCA1_LDAP_ROOTDN SUBCA1_SECURE_CONN SUBCA1_REMOVE_DATA SUBCA1_BACKUP SUBCA1_BACKUP_PASSWORD SUBCA1_CERTDB_DIR SUBCA1_CERTDB_DIR_PASSWORD SUBCA1_CLIENT_DB_PURGE SUBCA1_RESTART_INSTANCE SUBCA1_SKIP_CONFIG SUBCA1_SKIP_INSTALL SUBCA1_ENABLE_ACCESS_LOG SUBCA1_ENABLE_JAVA_DEBUG SUBCA1_SECURITY_MANAGER -export CLONE1_LDAP_ROOTDN CLIENT_DIR IMPORT_ADMIN_CERT_NONCA ROOTCA_BACKUP ROOTCA_BACKUP_PASSWORD ROOTCA_BACKUP_FILE_NAME CERTDB_DIR CERTDB_DIR_PASSWORD CLIENT_DB_PURGE ROOTCA_SECURITY_DOMAIN_PASSWORD LDAP_HOSTNAME ROOTCA_LDAP_PORT LDAP_ROOTDN LDAP_ROOTDNPWD ROOTCA_DB_SUFFIX SECURE_CONN REMOVE_DATA ROOTCA_LDAP_INSTANCE_NAME RESTART_INSTANCE SKIP_CONFIG SKIP_INSTALL ENABLE_ACCESS_LOG ENABLE_JAVA_DEBUG SECURITY_MANAGER CLIENT_PKCS12_DIR +export CLONE1_LDAP_ROOTDN CLIENT_DIR IMPORT_ADMIN_CERT_NONCA ROOTCA_BACKUP ROOTCA_BACKUP_PASSWORD CERTDB_DIR CERTDB_DIR_PASSWORD CLIENT_DB_PURGE ROOTCA_SECURITY_DOMAIN_PASSWORD LDAP_HOSTNAME ROOTCA_LDAP_PORT LDAP_ROOTDN LDAP_ROOTDNPWD ROOTCA_DB_SUFFIX SECURE_CONN REMOVE_DATA ROOTCA_LDAP_INSTANCE_NAME RESTART_INSTANCE SKIP_CONFIG SKIP_INSTALL ENABLE_ACCESS_LOG ENABLE_JAVA_DEBUG SECURITY_MANAGER CLIENT_PKCS12_DIR export CLONE_TKS2_LDAP_INSTANCE_NAME CLONE_OCSP2_LDAP_INSTANCE_NAME CLONE_KRA2_LDAP_INSTANCE_NAME CLONE_CA2_LDAP_INSTANCE_NAME CLONE_TKS2_LDAP_PORT CLONE_TKS2_SECURE_CONN CLONE_TKS2_REMOVE_DATA SUBCA2_LDAP_INSTANCE_NAME CLONE_CA2_LDAP_INSTANCE_NAME CLONE_KRA2_LDAP_INSTANCE_NAME CLONE_OCSP2_LDAP_INSTANCE_NAME CLONE_TKS2_LDAP_INSTANCE_NAME CLONE2_CA_TOMCAT_INSTANCE_NAME CLONE_CA2_SECURE_PORT CLONE_CA2_UNSECURE_PORT CLONE_CA2_AJP_PORT CLONE_CA2_TOMCAT_SERVER_PORT CLONE2_USER CLONE2_GROUP CLONE2_GROUP_AUDIT CLONE_CA2_TOKEN_NAME CLONE_CA2_TOKEN_PASSWORD CLONE_CA2_CLIENT_PKCS12_PASSWORD CLONE_CA2_ADMIN_PASSWORD CLONE2_LDAP_ROOTDNPWD CLONE_CA2_LDAP_PORT CLONE_CA2_CLIENT_DIR CLONE_CA2_ADMIN_USER CLONE_CA2_ADMIN_EMAIL CLONE_CA2_ADMIN_DUAL_KEY CLONE_CA2_ADMIN_KEY_SIZE CLONE_CA2_ADMIN_KEY_TYPE CLONE_CA2_ADMIN_SUBJECT_DN CLONE_CA2_ADMIN_CERT_NICKNAME CLONE_CA2_ADMIN_IMPORT_CERT CLONE_CA2_DS_HOSTNAME CLONE_CA2_SECURE_CONN CLONE_CA2_REMOVE_DATA SUBCA2_TOMCAT_INSTANCE_NAME SUBCA2_SECURE_PORT SUBCA2_UNSECURE_PORT SUBCA2_AJP_PORT SUBCA2_TOMCAT_SERVER_PORT SUBCA2_USER SUBCA2_GROUP SUBCA2_GROUP_AUDIT SUBCA2_TOKEN_NAME SUBCA2_TOKEN_PASSWORD SUBCA2_CLIENT_PKCS12_PASSWORD SUBCA2_ADMIN_PASSWORD SUBCA2_DS_PASSWORD SUBCA2_CLIENT_DIR SUBCA2_ADMIN_USER SUBCA2_ADMIN_EMAIL SUBCA2_ADMIN_DUAL_KEY SUBCA2_ADMIN_KEY_SIZE SUBCA2_ADMIN_KEY_TYPE SUBCA2_ADMIN_SUBJECT_DN SUBCA2_ADMIN_CERT_NICKNAME SUBCA2_ADMIN_IMPORT_CERT SUBCA2_SUBSYSTEM_KEY_TYPE SUBCA2_SUBYSTEM_KEY_SIZE SUBCA2_SUBSYSTEM_KEY_ALGORITHM SUBCA2_SUBSYSTEM_SIGNING_ALGORITHM SUBCA2_SUBSYSTEM_TOKEN SUBCA2_SUBSYTEM_NICKNAME SUBCA2_SUBSYSTEM_SUBJECT_DN SUBCA2_KEY_TYPE SUBCA2_KEY_SIZE SUBCA2_SIGNING_ALGORITHM SUBCA2_SIGNING_SIGNING_ALGORITHM SUBCA2_SIGNING_TOKEN SUBCA2_SIGNING_NICKNAME SUBCA2_OCSP_SIGNING_KEY_SIZE SUBCA2_OCSP_SIGNING_KEY_ALGORITHM SUBCA2_OCSP_SIGNING_SIGNING_ALGORITHM SUBCA2_OCSP_SIGNING_TOKEN SUBCA2_OCSP_SIGNING_NICKNAME SUBCA2_OCSP_SIGNING_CERT_SUBJECT_NAME SUBCA2_OCSP_SIGNING_KEY_TYPE SUBCA2_AUDIT_SIGNING_KEY_TYPE SUBCA2_AUDIT_SIGNING_KEY_SIZE SUBCA2_AUDIT_SIGNING_KEY_ALGORITHM SUBCA2_AUDIT_SIGNING_SIGNING_ALGORITHM SUBCA2_AUDIT_SIGNING_TOKEN SUBCA2_AUDIT_SIGNING_NICKNAME SUBCA2_AUDIT_SIGNING_CERT_SUBJECT_NAME SUBCA2_SIGNING_CERT_SUBJECT_NAME SUBCA2_SECURITY_DOMAIN_PASSWORD SUBCA2_DS_HOSTNAME SUBCA2_LDAP_PORT SUBCA2_LDAP_ROOTDN SUBCA2_LDAP_ROOTDNPWD SUBCA2_SECURE_CONN SUBCA2_REMOVE_DATA SUBCA2_DB_SUFFIX SUBCA2_BACKUP SUBCA2_BACKUP_PASSWORD SUBCA2_CERTDB_DIR_PASSWORD SUBCA2_CLIENT_DB_PURGE SUBCA2_RESTART_INSTANCE SUBCA2_SKIP_CONFIG SUBCA2_SKIP_INSTALL SUBCA2_ENABLE_ACCESS_LOG SUBCA2_ENABLE_JAVA_DEBUG SUBCA2_SECURITY_MANAGER CLONE_KRA2_ADMIN_USER CLONE_KRA2_ADMIN_EMAIL CLONE_KRA2_ADMIN_DUAL_KEY CLONE_KRA2_ADMIN_KEY_SIZE CLONE_KRA2_ADMIN_KEY_TYPE CLONE_KRA2_ADMIN_SUBJECT_DN CLONE_KRA2_ADMIN_CERT_NICKNAME CLONE_ADMIN_IMPORT_CERT CLONE_KRA2_DS_HOSTNAME CLONE_KRA2_LDAP_PORT CLONE_KRA2_SECURE_CONN CLONE_KRA2_REMOVE_DATA KRA_DB_SUFFIX OCSP_CLIENT_PKCS12_PASSWORD CLONE_OCSP2_ADMIN_USER CLONE_OCSP2_ADMIN_EMAIL CLONE_OCSP2_ADMIN_DUAL_KEY CLONE_OCSP2_ADMIN_KEY_SIZE CLONE_OCSP2_ADMIN_KEY_TYPE CLONE_OCSP2_ADMIN_SUBJECT_DN CLONE_OCSP2_ADMIN_CERT_NICKNAME CLONE_OCSP2_ADMIN_PASSWORD CLONE_OCSP2_DS_HOSTNAME CLONE_OCSP2_LDAP_PORT CLONE_OCSP2_SECURE_CONN CLONE_OCSP2_REMOVE_DATA CLIENT_PKCS12_PASSWORD CLONE_TKS2_ADMIN_USER CLONE_TKS2_ADMIN_EMAIL CLONE_TKS2_ADMIN_DUAL_KEY CLONE_TKS2_ADMIN_KEY_SIZE CLONE_TKS2_ADMIN_KEY_TYPE CLONE_TKS2_ADMIN_SUBJECT_DN CLONE_TKS2_ADMIN_CERT_NICKNAME CLONE_TKS2_ADMIN_PASSWORD CLONE_TKS2_DS_HOSTNAME @@ -796,3 +882,9 @@ export OCSP1_ADMIN_DUAL_KEY OCSP1_ADMIN_KEY_SIZE OCSP1_ADMIN_KEY_TYPE OCSP1_ADMI export KRA2_ADMIN_PASSWORD KRA1_ADMIN_KEY_TYPE KRA3_ADMIN_KEY_TYPE OCSP2_ADMIN_PASSWORD OCSP3_TOMCAT_INSTANCE_NAME OCSP3_SECURE_PORT OCSP3_UNSECURE_PORT OCSP3_AJP_PORT OCSP3_TOMCAT_SERVER_PORT OCSP3_SUBSYSTEM_KEY_TYPE OCSP3_SUBSYSTEM_KEY_SIZE OCSP3_SUBSYSTEM_KEY_ALGORITHM OCSP3_SUBSYSTEM_SIGNING_ALGORITHM OCSP3_SUBSYSTEM_TOKEN OCSP3_SUBSYSTEM_CERT_NICKNAME OCSP3_SUBSYSTEM_SUBJECT_DN OCSP3_AUDIT_SIGNING_KEY_TYPE OCSP3_AUDIT_SIGNING_KEY_SIZE OCSP3_AUDIT_SIGNING_KEY_ALGORITHM OCSP3_AUDIT_SIGNING_SIGNING_ALGORITHM OCSP3_AUDIT_SIGNING_TOKEN OCSP3_AUDIT_SIGNING_CERT_NICKNAME OCSP3_AUDIT_SIGNING_SUBJECT_DN OCSP3_INSTANCE_ID OCSP3_SIGNING_KEY_TYPE OCSP3_SIGNING_KEY_SIZE OCSP3_SIGNING_KEY_ALGORITHM OCSP3_SIGNING_SIGNING_ALGORITHM OCSP3_SIGNING_TOKEN OCSP3_SIGNING_CERT_NICKNAME OCSP3_SIGNING_SUBJECT_DN OCSP3_ADMIN_USER OCSP3_ADMIN_EMAIL OCSP3_ADMIN_DUAL_KEY OCSP3_ADMIN_KEY_SIZE OCSP3_ADMIN_KEY_TYPE OCSP3_ADMIN_SUBJECT_DN OCSP3_ADMIN_CERT_NICKNAME OCSP3_LDAP_PORT OCSP3_DB_SUFFIX OCSP3_LDAP_INSTANCE_NAME OCSP3_BACKUP_PASSWORD OCSP3_CLIENT_PKCS12_PASSWORD OCSP3_ADMIN_PASSWORD export KRA3_TOMCAT_INSTANCE_NAME KRA3_SECURE_PORT KRA3_UNSECURE_PORT KRA3_AJP_PORT KRA3_TOMCAT_SERVER_PORT KRA3_AUDIT_SIGNING_KEY_TYPE KRA3_AUDIT_SIGNING_KEY_SIZE KRA3_AUDIT_SIGNING_KEY_ALGORITHM KRA3_AUDIT_SIGNING_SIGNING_ALGORITHM KRA3_AUDIT_SIGNING_TOKEN KRA3_AUDIT_SIGNING_NICKNAME KRA3_AUDIT_SIGNING_SUBJECT_DN KRA3_SUBSYSTEM_KEY_TYPE KRA3_SUBYSTEM_KEY_SIZE KRA3_SUBSYSTEM_KEY_ALGORITHM KRA3_SUBSYSTEM_SIGNING_ALGORITHM KRA3_SUBSYSTEM_TOKEN KRA3_SUBSYTEM_NICKNAME KRA3_SUBSYSTEM_SUBJECT_DN KRA3_STORAGE_KEY_TYPE KRA3_STORAGE_KEY_SIZE KRA3_STORAGE_KEY_ALGORITHM KRA3_INSTANCE_ID KRA3_STORAGE_SIGNING_ALGORITHM KRA3_STORAGE_TOKEN KRA3_STORAGE_NICKNAME KRA3_STORAGE_SUBJECT_DN KRA3_TRANSPORT_KEY_TYPE KRA3_TRANSPORT_KEY_SIZE KRA3_TRANSPORT_KEY_ALGORITHM KRA3_TRANSPORT_SIGNING_ALGORITHM KRA3_TRANSPORT_TOKEN KRA3_TRANSPORT_NICKNAME KRA3_TRANSPORT_SUBJECT_DN KRA3_ADMIN_USER KRA3_ADMIN_EMAIL KRA3_ADMIN_DUAL_KEY KRA3_ADMIN_KEY_SIZE KRA3_ADMIN_SUBJECT_DN KRA3_ADMIN_CERT_NICKNAME KRA3_LDAP_PORT KRA3_DB_SUFFIX KRA3_LDAP_INSTANCE_NAME KRA3_CLIENT_PKCS12_PASSWORD KRA3_BACKUP_PASSWORD KRA3_ADMIN_PASSWORD + +export CLONE_KRA1_TOMCAT_INSTANCE_NAME CLONE_KRA1_SECURE_PORT CLONE_KRA1_UNSECURE_PORT CLONE_KRA1_AJP_PORT CLONE_KRA1_TOMCAT_SERVER_PORT CLONE_OCSP1_TOMCAT_INSTANCE_NAME CLONE_OCSP1_SECURE_PORT CLONE_OCSP1_UNSECURE_PORT CLONE_OCSP1_AJP_PORT CLONE_OCSP1_TOMCAT_SERVER_PORT CLONE_TKS1_TOMCAT_INSTANCE_NAME CLONE_TKS1_SECURE_PORT CLONE_TKS1_UNSECURE_PORT CLONE_TKS1_AJP_PORT CLONE_TKS1_TOMCAT_SERVER_PORT + +export ROOTCA_SSL_SERVER_KEY_TYPE ROOTCA_SSL_SERVER_KEY_SIZE ROOTCA_SSL_SERVER_KEY_ALGORITHM ROOTCA_SSL_SERVER_SIGNING_ALGORITHM ROOTCA_SSL_SERVER_TOKEN ROOTCA_SSL_SERVER_NICKNAME ROOTCA_SSL_SERVER_CERT_SUBJECT_NAME SUBCA2_SSL_SERVER_KEY_TYPE SUBCA2_SSL_SERVER_KEY_SIZE SUBCA2_SSL_SERVER_KEY_ALGORITHM SUBCA2_SSL_SERVER_SIGNING_ALGORITHM SUBCA2_SSL_SERVER_TOKEN SUBCA2_SSL_SERVER_NICKNAME SUBCA2_SSL_SERVER_CERT_SUBJECT_NAME SUBCA1_SSL_SERVER_KEY_TYPE SUBCA1_SSL_SERVER_KEY_SIZE SUBCA1_SSL_SERVER_KEY_ALGORITHM SUBCA1_SSL_SERVER_SIGNING_ALGORITHM SUBCA1_SSL_SERVER_TOKEN SUBCA1_SSL_SERVER_NICKNAME SUBCA1_SSL_SERVER_CERT_SUBJECT_NAME + +export KRA1_SSL_SERVER_KEY_TYPE KRA1_SSL_SERVER_KEY_SIZE KRA1_SSL_SERVER_KEY_ALGORITHM KRA1_SSL_SERVER_SIGNING_ALGORITHM KRA1_SSL_SERVER_TOKEN KRA1_SSL_SERVER_NICKNAME KRA1_SSL_SERVER_CERT_SUBJECT_NAME KRA2_SSL_SERVER_KEY_TYPE KRA2_SSL_SERVER_KEY_SIZE KRA2_SSL_SERVER_KEY_ALGORITHM KRA2_SSL_SERVER_SIGNING_ALGORITHM KRA2_SSL_SERVER_TOKEN KRA2_SSL_SERVER_NICKNAME KRA2_SSL_SERVER_CERT_SUBJECT_NAME KRA3_SSL_SERVER_KEY_TYPE KRA3_SSL_SERVER_KEY_SIZE KRA3_SSL_SERVER_KEY_ALGORITHM KRA3_SSL_SERVER_SIGNING_ALGORITHM KRA3_SSL_SERVER_TOKEN KRA3_SSL_SERVER_NICKNAME KRA3_SSL_SERVER_CERT_SUBJECT_NAME OCSP1_SSL_SERVER_KEY_TYPE OCSP1_SSL_SERVER_KEY_SIZE OCSP1_SSL_SERVER_KEY_ALGORITHM OCSP1_SSL_SERVER_SIGNING_ALGORITHM OCSP1_SSL_SERVER_TOKEN OCSP1_SSL_SERVER_NICKNAME OCSP1_SSL_SERVER_CERT_SUBJECT_NAME OCSP2_SSL_SERVER_KEY_TYPE OCSP2_SSL_SERVER_KEY_SIZE OCSP2_SSL_SERVER_KEY_ALGORITHM OCSP2_SSL_SERVER_SIGNING_ALGORITHM OCSP2_SSL_SERVER_TOKEN OCSP2_SSL_SERVER_NICKNAME OCSP2_SSL_SERVER_CERT_SUBJECT_NAME OCSP3_SSL_SERVER_KEY_TYPE OCSP3_SSL_SERVER_KEY_SIZE OCSP3_SSL_SERVER_KEY_ALGORITHM OCSP3_SSL_SERVER_SIGNING_ALGORITHM OCSP3_SSL_SERVER_TOKEN OCSP3_SSL_SERVER_NICKNAME OCSP3_SSL_SERVER_CERT_SUBJECT_NAME TKS1_SSL_SERVER_KEY_TYPE TKS1_SSL_SERVER_KEY_SIZE TKS1_SSL_SERVER_KEY_ALGORITHM TKS1_SSL_SERVER_SIGNING_ALGORITHM TKS1_SSL_SERVER_TOKEN TKS1_SSL_SERVER_NICKNAME TKS1_SSL_SERVER_CERT_SUBJECT_NAME CLONE_CA1_SSL_SERVER_KEY_TYPE CLONE_CA1_SSL_SERVER_KEY_SIZE CLONE_CA1_SSL_SERVER_KEY_ALGORITHM CLONE_CA1_SSL_SERVER_SIGNING_ALGORITHM CLONE_CA1_SSL_SERVER_TOKEN CLONE_CA1_SSL_SERVER_NICKNAME CLONE_CA1_SSL_SERVER_CERT_SUBJECT_NAME CLONE_KRA1_SSL_SERVER_KEY_TYPE CLONE_KRA1_SSL_SERVER_KEY_SIZE CLONE_KRA1_SSL_SERVER_KEY_ALGORITHM CLONE_KRA1_SSL_SERVER_SIGNING_ALGORITHM CLONE_KRA1_SSL_SERVER_TOKEN CLONE_KRA1_SSL_SERVER_NICKNAME CLONE_KRA1_SSL_SERVER_CERT_SUBJECT_NAME CLONE_OCSP1_SSL_SERVER_KEY_TYPE CLONE_OCSP1_SSL_SERVER_KEY_SIZE CLONE_OCSP1_SSL_SERVER_KEY_ALGORITHM CLONE_OCSP1_SSL_SERVER_SIGNING_ALGORITHM CLONE_OCSP1_SSL_SERVER_TOKEN CLONE_OCSP1_SSL_SERVER_NICKNAME CLONE_OCSP1_SSL_SERVER_CERT_SUBJECT_NAME CLONE_TKS1_SSL_SERVER_KEY_TYPE CLONE_TKS1_SSL_SERVER_KEY_SIZE CLONE_TKS1_SSL_SERVER_KEY_ALGORITHM CLONE_TKS1_SSL_SERVER_SIGNING_ALGORITHM CLONE_TKS1_SSL_SERVER_TOKEN CLONE_TKS1_SSL_SERVER_NICKNAME CLONE_TKS1_SSL_SERVER_CERT_SUBJECT_NAME diff --git a/tests/dogtag/topologies.sh b/tests/dogtag/topologies.sh index 3cd108ead..8eb7b5dc0 100755 --- a/tests/dogtag/topologies.sh +++ b/tests/dogtag/topologies.sh @@ -37,83 +37,7 @@ # Include tests . ./acceptance/quickinstall/rhcs-install.sh -run_rhcs_install_topo_1() -{ - rlPhaseStartTest "run_rhcs_install_topo_1 - install ROOTCA on Host1" - if [ "$(hostname)" = "$BEAKERMASTER" ]; then - local number=3 - local CA=ROOTCA - local TKS_number=1 - run_rhcs_install_packages - run_install_subsystem_RootCA - run_install_subsystem_kra $number $BEAKERMASTER $CA - run_install_subsystem_ocsp $number $BEAKERMASTER $CA - run_install_subsystem_tks $TKS_number $BEAKERMASTER $CA - pushd $CLIENT_PKCS12_DIR - if [ $(python --version 2>&1|awk '{print $2}'|cut -f1 -d.) -eq 2 ]; then - WEBMOD=SimpleHTTPServer; - else - WEBMOD=http.server; - fi - python -m $WEBMOD 8901 > /var/log/python_web_server.log 2>&1 & - KEYPID=$(ps -ef|grep "py[t]hon.*8901"|awk '{print $2}') - #run_test - rlLog "rhts-sync-set -s 'Master instances installed'" - rlRun "rhts-sync-set -s 'Master instances installed' -m $BEAKERMASTER" - run_rhcs_add_to_env "ROOTCA_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$ROOTCA_ADMIN_CERT_NICKNAME.p12" - fi - rlPhaseEnd - - rlPhaseStartTest "run_rhcs_install_topo_1 - install CLONE1 on Host2" - if [ "$(hostname)" = "$BEAKERCLONE1" ]; then - rlRun "rhts-sync-block -s 'Master instances installed' $BEAKERMASTER" - local CA=ROOTCA - local number=1 - local MASTER_KRA=KRA3 - local MASTER_OCSP=OCSP3 - if [ ! -d $CLIENT_PKCS12_DIR ]; then - mkdir -p $CLIENT_PKCS12_DIR - chmod 755 $CLIENT_PKCS12_DIR - fi - - pushd $CLIENT_PKCS12_DIR - wget -q http://$BEAKERMASTER:8901/ca_backup_keys.p12 - wget -q http://$BEAKERMASTER:8901/kra_backup_keys.p12 - wget -q http://$BEAKERMASTER:8901/ocsp_backup_keys.p12 - wget -q http://$BEAKERMASTER:8901/tks_backup_keys.p12 - rlRun "chmod 644 ca_backup_keys.p12 kra_backup_keys.p12 tks_backup_keys.p12 ocsp_backup_keys.p12" - rlRun "chcon 'system_u:object_r:pki_tomcat_cert_t:s0' ca_backup_keys.p12 kra_backup_keys.p12 tks_backup_keys.p12 ocsp_backup_keys.p12" - popd - rlLog "rhts-sync-set -s 'Files downloaded'" - rlRun "rhts-sync-set -s 'Files downloaded' -m $BEAKERCLONE1" - run_rhcs_install_packages - run_install_subsystem_cloneCA $number $BEAKERMASTER $CA - run_install_subsystem_cloneKRA $number $BEAKERMASTER $CA $MASTER_KRA - run_install_subsystem_cloneOCSP $number $BEAKERMASTER $CA $MASTER_OCSP - run_install_subsystem_cloneTKS $number $BEAKERMASTER $CA - fi - rlPhaseEnd - - rlPhaseStartTest "run_rhcs_install_topo_1 - install Subca1 on Host3" - if [ "$(hostname)" = "$BEAKERSUBCA1" ]; then - rlRun "rhts-sync-block -s 'Master instances installed' $BEAKERMASTER" - local CA=ROOTCA - local number=1 - run_rhcs_install_packages - run_install_subsystem_subca $number $BEAKERMASTER $CA - run_rhcs_add_to_env "SUBCA1_ADMIN_CERT_LOCATION" "$SUBCA1_CLIENT_DIR/$SUBCA1_ADMIN_CERT_NICKNAME.p12" - fi - rlPhaseEnd - - rlPhaseStartTest "cleanup" - if [ "$(hostname)" = "$BEAKERMASTER" ]; then - rlRun "rhts-sync-block -s 'Files downloaded' $BEAKERCLONE1" - kill -9 $KEYPID - popd - - fi - rlPhaseEnd -} +#####used for cleaning up environment variables##### run_rhcs_install_envcleanup() { @@ -133,6 +57,8 @@ run_rhcs_install_envcleanup() rlPhaseEnd } +#####add environment variables###### + run_rhcs_add_to_env() { local VAR1=$1 @@ -147,6 +73,8 @@ run_rhcs_add_to_env() . /opt/rhqa_pki/env.sh } +#######set environment variables###### + run_rhcs_install_set_vars() { # Initialize Global TESTCOUNT variable @@ -159,7 +87,7 @@ run_rhcs_install_set_vars() [ -n "$CLONE2" -a -z "$BEAKERCLONE2" ] && export BEAKERCLONE2="$CLONE2" [ -n "$SUBCA1" -a -z "$BEAKERSUBCA1" ] && export BEAKERSUBCA1="$SUBCA1" [ -n "$SUBCA2" -a -z "$BEAKERSUBCA2" ] && export BEAKERSUBCA2="$SUBCA2" - env > $IPATMP/dump-of-env.txt + #env > $IPATMP/dump-of-env.txt #if [ "$IPv6SETUP" = "TRUE" ]; then #rrtype="AAAA" @@ -188,6 +116,23 @@ run_rhcs_install_set_vars() rlPhaseEnd } +#######Quickinstall####### +#SubCA1 - RootCA - Clone CA1 +# /|\ +# / | \ +# / | \ +# / | \ +# KRA3 TKS1 OCSP3 +# | | | +#Clone KRA1 | Clone OCSP1 +# Clone TKS1 +############################################################ +##All the Master Instances are in one Tomcat Instance and### +##all the clone instances are in a separate instance with### +##the subca being in a third tomcat instance. Its a single## +##host test### +############################################################ + run_rhcs_install_quickinstall() { rlPhaseStartTest "run_rhcs_install_quickinstall - Install Master, Clone and SUBCA" @@ -216,6 +161,340 @@ run_rhcs_install_quickinstall() rlPhaseEnd } + +#######Topology 1####### +#SubCA1 - RootCA - Clone CA1 +# (H3) (H1) (H2) +# /|\ +# / | \ +# / | \ +# / | \ +# KRA3 TKS1 OCSP3 +# (H1) (H1) (H1) +# | | | +#Clone KRA1 | Clone OCSP1 +# (H2) (H2) +# Clone TKS1 +# (H2) +############################################################ +##All the Master Instances are in one Tomcat Instance and### +##all the clone instances are in a separate instance on a### +##different host with the subca instance on a third host### +############################################################ + +run_rhcs_install_topo_1() +{ + rlPhaseStartTest "run_rhcs_install_topo_1 - install ROOTCA on Host1" + if [ "$(hostname)" = "$BEAKERMASTER" ]; then + local number=3 + local CA=ROOTCA + local TKS_number=1 + run_rhcs_install_packages + run_install_subsystem_RootCA + run_install_subsystem_kra $number $BEAKERMASTER $CA + run_install_subsystem_ocsp $number $BEAKERMASTER $CA + run_install_subsystem_tks $TKS_number $BEAKERMASTER $CA + pushd $CLIENT_PKCS12_DIR + if [ $(python --version 2>&1|awk '{print $2}'|cut -f1 -d.) -eq 2 ]; then + WEBMOD=SimpleHTTPServer; + else + WEBMOD=http.server; + fi + python -m $WEBMOD 8901 > /var/log/python_web_server.log 2>&1 & + KEYPID=$(ps -ef|grep "py[t]hon.*8901"|awk '{print $2}') + #run_test + rlLog "rhts-sync-set -s 'Master instances installed'" + rlRun "rhts-sync-set -s 'Master instances installed' -m $BEAKERMASTER" + run_rhcs_add_to_env "ROOTCA_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$ROOTCA_ADMIN_CERT_NICKNAME.p12" + fi + rlPhaseEnd + + rlPhaseStartTest "run_rhcs_install_topo_1 - install CLONE1 on Host2" + if [ "$(hostname)" = "$BEAKERCLONE1" ]; then + rlRun "rhts-sync-block -s 'Master instances installed' $BEAKERMASTER" + local CA=ROOTCA + local number=1 + local MASTER_KRA=KRA3 + local MASTER_OCSP=OCSP3 + if [ ! -d $CLIENT_PKCS12_DIR ]; then + mkdir -p $CLIENT_PKCS12_DIR + chmod 755 $CLIENT_PKCS12_DIR + fi + + pushd $CLIENT_PKCS12_DIR + wget -q http://$BEAKERMASTER:8901/ca_backup_keys.p12 + wget -q http://$BEAKERMASTER:8901/kra_backup_keys.p12 + wget -q http://$BEAKERMASTER:8901/ocsp_backup_keys.p12 + wget -q http://$BEAKERMASTER:8901/tks_backup_keys.p12 + rlRun "chmod 644 ca_backup_keys.p12 kra_backup_keys.p12 tks_backup_keys.p12 ocsp_backup_keys.p12" + rlRun "chcon 'system_u:object_r:pki_tomcat_cert_t:s0' ca_backup_keys.p12 kra_backup_keys.p12 tks_backup_keys.p12 ocsp_backup_keys.p12" + popd + rlLog "rhts-sync-set -s 'Files downloaded'" + rlRun "rhts-sync-set -s 'Files downloaded' -m $BEAKERCLONE1" + run_rhcs_install_packages + run_install_subsystem_cloneCA $number $BEAKERMASTER $CA + run_install_subsystem_cloneKRA $number $BEAKERMASTER $CA $MASTER_KRA + run_install_subsystem_cloneOCSP $number $BEAKERMASTER $CA $MASTER_OCSP + run_install_subsystem_cloneTKS $number $BEAKERMASTER $CA + fi + rlPhaseEnd + + rlPhaseStartTest "run_rhcs_install_topo_1 - install Subca1 on Host3" + if [ "$(hostname)" = "$BEAKERSUBCA1" ]; then + rlRun "rhts-sync-block -s 'Master instances installed' $BEAKERMASTER" + local CA=ROOTCA + local number=1 + run_rhcs_install_packages + run_install_subsystem_subca $number $BEAKERMASTER $CA + run_rhcs_add_to_env "SUBCA1_ADMIN_CERT_LOCATION" "$SUBCA1_CLIENT_DIR/$SUBCA1_ADMIN_CERT_NICKNAME.p12" + fi + rlPhaseEnd + + rlPhaseStartTest "cleanup" + if [ "$(hostname)" = "$BEAKERMASTER" ]; then + rlRun "rhts-sync-block -s 'Files downloaded' $BEAKERCLONE1" + kill -9 $KEYPID + popd + + fi + rlPhaseEnd +} + + +#######Topology 2####### +# SubCA1 - RootCA +# (H2) (H1) +# / \ +# / \ +# / \ +# / \ +# KRA1 OCSP1 +# (H2) (H2) +############################################################ +##The root CA is on host 1, it has a SubCA on host 2######## +##The SubCA and the subsystems associated with it, viz. KRA# +##and OCSP are under the same tomcat instance############### +############################################################ +run_rhcs_install_topo_2() +{ + rlPhaseStartTest "run_rhcs_install_topo_2 - Install RootCA on Host1" + if [ "$(hostname)" = "$BEAKERMASTER" ]; then + run_rhcs_install_packages + run_install_subsystem_RootCA + rlRun "rhts-sync-set -s 'Master Instances Installed' -m $BEAKERMASTER" + run_rhcs_add_to_env "ROOTCA_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$ROOTCA_ADMIN_CERT_NICKNAME.p12" + fi + + rlPhaseEnd + rlPhaseStartTest "run_rhcs_install_topo_2 - Install SubCA1 on Host2" + if [ "$(hostname)" = "$BEAKERSUBCA1" ]; then + rlRun "rhts-sync-block -s 'Master Instances Installed' $BEAKERMASTER" + local number=1 + local CA=ROOTCA + local KRA_CA=SUBCA1 + local OCSP_CA=SUBCA1 + run_rhcs_install_packages + run_install_subsystem_subca $number $BEAKERMASTER $CA + run_install_subsystem_kra $number $BEAKERSUBCA1 $KRA_CA + run_install_subsystem_ocsp $number $BEAKERSUBCA1 $OCSP_CA + run_rhcs_add_to_env "SUBCA1_ADMIN_CERT_LOCATION" "$SUBCA1_CLIENT_DIR/$SUBCA1_ADMIN_CERT_NICKNAME.p12" + fi + rlPhaseEnd +} + + +#######Topology 3####### +# SubCA1 - RootCA - SUBCA2 +# (H2) (H1) (H3) +# / \ | +# / \ OCSP3 +# / \ (H1) +# / \ +# KRA1 OCSP1 +# (H2) (H2) +############################################################# +##The root CA and OCSP 3 is on host 1, it has a SubCA1 on#### +##host 2. The SubCA and the subsystems associated with it,### +##viz., KRA3 and OCSP3 are under the same tomcat instance#### +##also SUBCA2 is on host 3################################### +############################################################# + +run_rhcs_install_topo_3() +{ + rlPhaseStartTest "run_rhcs_install_topo_3 - Install RootCA on host 1" + if [ "$(hostname)" = "$BEAKERMASTER" ]; then + local number=3 + local CA=ROOTCA + run_rhcs_install_packages + run_install_subsystem_RootCA + run_install_subsystem_ocsp $number $BEAKERMASTER $CA + rlRun "rhts-sync-set -s 'Master Instances Installed' -m $BEAKERMASTER" + run_rhcs_add_to_env "ROOTCA_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$ROOTCA_ADMIN_CERT_NICKNAME.p12" + fi + rlPhaseEnd + rlPhaseStartTest "run_rhcs_install_topo_3 - Install SUBCA1 on Host 2" + if [ "$(hostname)" = "$BEAKERSUBCA1" ]; then + local CA=ROOTCA + local number=1 + local KRA_CA=SUBCA1 + local OCSP_CA=SUBCA1 + rlRun "rhts-sync-block -s 'Master Instances Installed' $BEAKERMASTER" + run_rhcs_install_packages + run_install_subsystem_subca $number $BEAKERMASTER $CA + run_install_subsystem_kra $number $BEAKERSUBCA1 $KRA_CA + run_install_subsystem_ocsp $number $BEAKERSUBCA1 $OCSP_CA + run_rhcs_add_to_env "SUBCA1_ADMIN_CERT_LOCATION" "$SUBCA1_CLIENT_DIR/$SUBCA1_ADMIN_CERT_NICKNAME.p12" + fi + rlPhaseEnd + rlPhaseStartTest "run_rhcs_install_topo_3 - Install SUBCA2 on Host 3" + if [ "$(hostname)" = "$BEAKERSUBCA2" ]; then + local CA=ROOTCA + local number=2 + rlRun "rhts-sync-block -s 'Master Instances Installed' -m $BEAKERMASTER" + run_rhcs_install_packages + run_install_subsystem_subca $number $BEAKERMASTER $CA + run_rhcs_add_to_env "SUBCA2_ADMIN_CERT_LOCATION" "$SUBCA2_CLIENT_DIR/$SUBCA2_ADMIN_CERT_NICKNAME.p12" + fi + rlPhaseEnd +} + + +#######Topology 4####### +# SubCA1 - RootCA - SubCA2 +# (H2) (H1) (H3) +# / \ +# / \ +# / \ +# / \ +# KRA1 OCSP1 +# (H2) (H2) + +############################################################# +##The root CA is on host 1, it has a SubCA1 on host 2######## +##The SubCA and the subsystems associated with it, viz. KRA3# +##and OCSP3 are under the same tomcat instance also SUBCA2### +##whose master is SUBCA1 is on a different host 3############ +############################################################# + +run_rhcs_install_topo_4() +{ + rlPhaseStartTest "run_rhcs_install_topo_4 - Install ROOTCA on Host 1" + if [ "$(hostname)" = "$BEAKERMASTER" ]; then + run_rhcs_install_packages + run_install_subsystem_RootCA + rlRun "rhts-syncs-set -s 'Master Instances Installed' -m $BEAKERMASTER" + run_rhcs_add_to_env "ROOTCA_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$ROOTCA_ADMIN_CERT_NICKNAME.p12" + fi + rlPhaseEnd + rlPhaseStartTest "run_rhcs_install_topo_4 - Install SUBCA1 on Host 2" + if [ "$(hostname)" = $BEAKERSUBCA1" ]; then + rlRun "rhts-syncs-block -s 'Master Instances Installed' $BEAKERMASTER" + local CA=ROOTCA + local number=1 + local KRA_CA=SUBCA1 + local OCSP_CA=SUBCA1 + run_rhcs_install_packages + run_install_subsystem_subca $number $BEAKERMASTER $CA + run_install_subsystem_kra $number $BEAKERSUBCA1 $KRA_CA + run_install_subsystem_ocsp $number $BEAKERSUBCA1 $OCSP_CA + rlRun "rhts-sync-set -s 'SUBCA1 Instances Installed' -m $BEAKERSUBCA1" + run_rhcs_add_to_env "SUBCA1_ADMIN_CERT_LOCATION" "$SUBCA1_CLIENT_DIR/$SUBCA1_ADMIN_CERT_NICKNAME.p12" + fi + + rlPhaseEnd + rlPhaseStartTest "run_rhcs_install_topo_4 - Install SUBCA2 on Host 3" + if [ "$(hostname)" = $BEAKERSUBCA2" ]; then + rlRun "rhts-syncs-block -s 'SUBCA1 Instances Installed' $BEAKERSUBCA1" + local CA=ROOTCA + local number=2 + run_rhcs_install_packages + run_install_subsystem_subca $number $BEAKERMASTER $CA + run_rhcs_add_to_env "SUBCA2_ADMIN_CERT_LOCATION" "$SUBCA2_CLIENT_DIR/$SUBCA2_ADMIN_CERT_NICKNAME.p12" + fi + rlPhaseEnd +} + + +#######Topology 5####### +# SubCA1 - RootCA - SUBCA2 +# (H2) (H1) (H3) +# / \ | / \ +# / \ OCSP3 / \ +# / \ (H1) / \ +# / \ / \ +# KRA1 OCSP1 KRA2 OCSP2 +# (H2) (H2) (H3) (H3) +############################################################### +##The root CA and OCSP3 is on host 1, it has a SubCA1 on####### +##host 2. The SubCA and the subsystems associated with it,viz.# +##KRA1 and OCSP1 are under the same tomcat instance and SUBCA2# +##and its subsytems are in one tomcat instance on host 3####### +############################################################### +run_rhcs_install_topo_5() +{ + rlPhaseStartTest "run_rhcs_install_topo_5 - Install ROOTCA Host 1" + if [ "$(hostname)" = "$BEAKERMASTER" ]; then + local CA=ROOTCA + local number=3 + run_rhcs_install_packages + run_install_subsystem_RootCA + run_install_subsystem_ocsp $number $BEAKERMASTER $CA + rlRun "rhts-syncs-set -s 'Master Instances Installed' -m $BEAKERMASTER" + run_rhcs_add_to_env "ROOTCA_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$ROOTCA_ADMIN_CERT_NICKNAME.p12" + fi + rlPhaseEnd + rlPhaseStartTest "run_rhcs_install_topo_5 - Install Subca1 on host 2" + if [ "$(hostname)" = $BEAKERSUBCA1" ]; then + rlRun "rhts-syncs-block -s 'Master Instances Installed' $BEAKERMASTER" + local CA=ROOTCA + local number=1 + local KRA_CA=SUBCA1 + local OCSP_CA=SUBCA1 + run_rhcs_install_packages + run_install_subsystem_subca $number $BEAKERMASTER $CA + run_install_subsystem_kra $number $BEAKERSUBCA1 $KRA_CA + run_install_subsystem_ocsp $number $BEAKERSUBCA1 $OCSP_CA + run_rhcs_add_to_env "SUBCA1_ADMIN_CERT_LOCATION" "$SUBCA1_CLIENT_DIR/$SUBCA1_ADMIN_CERT_NICKNAME.p12" + fi + rlPhaseEnd + + rlPhaseStartTest "run_rhcs_install_topo_5 - Install Subca2 on host 3" + if [ "$(hostname)" = $BEAKERSUBCA2" ]; then + rlRun "rhts-syncs-block -s 'Master Instances Installed' $BEAKERMASTER" + local CA=ROOTCA + local number=2 + local KRA_CA=SUBCA2 + local OCSP_CA=SUBCA2 + run_rhcs_install_packages + run_install_subsystem_subca $number $BEAKERMASTER $CA + run_install_subsystem_KRA $number $BEAKERSUBCA2 $KRA_CA + run_install_subsystem_OCSP $number $BEAKERSUBCA2 $OCSP_CA + run_rhcs_add_to_env "SUBCA2_ADMIN_CERT_LOCATION" "$SUBCA2_CLIENT_DIR/$SUBCA2_ADMIN_CERT_NICKNAME.p12" + fi + rlPhaseEnd +} + +#######Topology 6####### +# SubCA1 - RootCA +# (H2) (H1) +# /|\ | +# / | \ OCSP3 +# / | \ (H1) +# / | \ +# KRA1 | OCSP1 +# (H2) | (H2) +# SUBCA2 +# (H3) +# | +# KRA2 +# (H3) +############################################################# +##The root CA is on host 1, it has a SubCA1 on host 2######## +##The SubCA and the subsystems associated with it, viz. KRA3# +##and OCSP3 are under the same tomcat instance also SUBCA2### +##whose master is SUBCA1 is on a different host 3 with KRA2## +##in the same tomcat instance as SUBCA2###################### +############################################################# run_rhcs_install_topo_6() { rlPhaseStartTest "run_rhcs_install_topo_6 - Install ROOTCA on Host 1" @@ -265,6 +544,19 @@ run_rhcs_install_topo_6() } +#######Topology 7####### +# SubCA1 - RootCA +# (H2) (H1) +# | | +# | OCSP3 +# | (H1) +# | +# CLONECA1 +# (H3) +############################################################# +##The root CA is on host 1, it has a SubCA1 on host 2######## +##and the Clone CA whose master is SUBCA1 on host 3########## +############################################################# run_rhcs_install_topo_7() { rlPhaseStartTest "install_topo_7 - Install RootCA on Host1" @@ -331,6 +623,29 @@ run_rhcs_install_topo_7() } + + +#######Topology 8####### +# SubCA1 - RootCA +# (H2) (H1) +# /|\ | +# / | \ OCSP3 +# / | \ (H1) +# / | \ +# KRA1 | OCSP1 +# | | | +# CLONEKRA1 | CLONEOCSP1 +# (H3) | (H3) +# CLONECA1 +# (H3) +################################################################## +##The root CA and OCSP3 is on host 1, it has a SubCA1 on########## +##host 2. The SubCA and the subsystems associated with it, viz.### +##KRA1 and OCSP1 are under the same tomcat instance also CLONECA1# +##and its subsytems are in one tomcat instance on host 3########## +##master CA for CLONECA1 is SUBCA1, for cloneKRA1 is KRA1######### +##and for CloneOCSP1 is OCSP1##################################### +################################################################## run_rhcs_install_topo_8() { rlPhaseStartTest "run_rhcs_install_topo_8 - Install Master, Subca and Clone" @@ -408,152 +723,7 @@ run_rhcs_install_topo_8() } -run_rhcs_install_topo_2() -{ - rlPhaseStartTest "run_rhcs_install_topo_2 - Install RootCA on Host1" - if [ "$(hostname)" = "$BEAKERMASTER" ]; then - run_rhcs_install_packages - run_install_subsystem_RootCA - rlRun "rhts-sync-set -s 'Master Instances Installed' -m $BEAKERMASTER" - run_rhcs_add_to_env "ROOTCA_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$ROOTCA_ADMIN_CERT_NICKNAME.p12" - fi - - rlPhaseEnd - rlPhaseStartTest "run_rhcs_install_topo_2 - Install SubCA1 on Host2" - if [ "$(hostname)" = "$BEAKERSUBCA1" ]; then - rlRun "rhts-sync-block -s 'Master Instances Installed' $BEAKERMASTER" - local number=1 - local CA=ROOTCA - local KRA_CA=SUBCA1 - local OCSP_CA=SUBCA1 - run_rhcs_install_packages - run_install_subsystem_subca $number $BEAKERMASTER $CA - run_install_subsystem_kra $number $BEAKERSUBCA1 $KRA_CA - run_install_subsystem_ocsp $number $BEAKERSUBCA1 $OCSP_CA - run_rhcs_add_to_env "SUBCA1_ADMIN_CERT_LOCATION" "$SUBCA1_CLIENT_DIR/$SUBCA1_ADMIN_CERT_NICKNAME.p12" - fi - rlPhaseEnd -} - -run_rhcs_install_topo_3() -{ - rlPhaseStartTest "run_rhcs_install_topo_3 - Install RootCA on host 1" - if [ "$(hostname)" = "$BEAKERMASTER" ]; then - local number=3 - local CA=ROOTCA - run_rhcs_install_packages - run_install_subsystem_RootCA - run_install_subsystem_ocsp $number $BEAKERMASTER $CA - rlRun "rhts-sync-set -s 'Master Instances Installed' -m $BEAKERMASTER" - run_rhcs_add_to_env "ROOTCA_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$ROOTCA_ADMIN_CERT_NICKNAME.p12" - fi - rlPhaseEnd - rlPhaseStartTest "run_rhcs_install_topo_3 - Install SUBCA1 on Host 2" - if [ "$(hostname)" = "$BEAKERSUBCA1" ]; then - local CA=ROOTCA - local number=1 - local KRA_CA=SUBCA1 - local OCSP_CA=SUBCA1 - rlRun "rhts-sync-block -s 'Master Instances Installed' $BEAKERMASTER" - run_rhcs_install_packages - run_install_subsystem_subca $number $BEAKERMASTER $CA - run_install_subsystem_kra $number $BEAKERSUBCA1 $KRA_CA - run_install_subsystem_ocsp $number $BEAKERSUBCA1 $OCSP_CA - run_rhcs_add_to_env "SUBCA1_ADMIN_CERT_LOCATION" "$SUBCA1_CLIENT_DIR/$SUBCA1_ADMIN_CERT_NICKNAME.p12" - fi - rlPhaseEnd - rlPhaseStartTest "run_rhcs_install_topo2 - Install SUBCA2 on Host 3" - if [ "$(hostname)" = "$BEAKERSUBCA2" ]; then - local CA=ROOTCA - local number=2 - rlRun "rhts-sync-block -s 'Master Instances Installed' -m $BEAKERMASTER" - run_rhcs_install_packages - run_install_subsystem_subca $number $BEAKERMASTER $CA - run_rhcs_add_to_env "SUBCA2_ADMIN_CERT_LOCATION" "$SUBCA2_CLIENT_DIR/$SUBCA2_ADMIN_CERT_NICKNAME.p12" - fi - rlPhaseEnd -} -run_rhcs_install_topo_4() -{ - rlPhaseStartTest "run_rhcs_install_topo_4 - Install ROOTCA on Host 1" - if [ "$(hostname)" = "$BEAKERMASTER" ]; then - run_rhcs_install_packages - run_install_subsystem_RootCA - rlRun "rhts-syncs-set -s 'Master Instances Installed' -m $BEAKERMASTER" - run_rhcs_add_to_env "ROOTCA_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$ROOTCA_ADMIN_CERT_NICKNAME.p12" - fi - rlPhaseEnd - rlPhaseStartTest "run_rhcs_install_topo_4 - Install SUBCA1 on Host 2" - if [ "$(hostname)" = $BEAKERSUBCA1" ]; then - rlRun "rhts-syncs-block -s 'Master Instances Installed' $BEAKERMASTER" - local CA=ROOTCA - local number=1 - local KRA_CA=SUBCA1 - local OCSP_CA=SUBCA1 - run_rhcs_install_packages - run_install_subsystem_subca $number $BEAKERMASTER $CA - run_install_subsystem_kra $number $BEAKERSUBCA1 $KRA_CA - run_install_subsystem_ocsp $number $BEAKERSUBCA1 $OCSP_CA - rlRun "rhts-sync-set -s 'SUBCA1 Instances Installed' -m $BEAKERSUBCA1" - run_rhcs_add_to_env "SUBCA1_ADMIN_CERT_LOCATION" "$SUBCA1_CLIENT_DIR/$SUBCA1_ADMIN_CERT_NICKNAME.p12" - fi - - rlPhaseEnd - rlPhaseStartTest "run_rhcs_install_topo_4 - Install SUBCA2 on Host 3" - if [ "$(hostname)" = $BEAKERSUBCA2" ]; then - rlRun "rhts-syncs-block -s 'SUBCA1 Instances Installed' $BEAKERSUBCA1" - local CA=ROOTCA - local number=2 - run_rhcs_install_packages - run_install_subsystem_subca $number $BEAKERMASTER $CA - run_rhcs_add_to_env "SUBCA2_ADMIN_CERT_LOCATION" "$SUBCA2_CLIENT_DIR/$SUBCA2_ADMIN_CERT_NICKNAME.p12" - fi - rlPhaseEnd -} - -run_rhcs_install_topo_5() -{ - rlPhaseStartTest "run_rhcs_install_topo_5 - Install ROOTCA Host 1" - if [ "$(hostname)" = "$BEAKERMASTER" ]; then - local CA=ROOTCA - local number=3 - run_rhcs_install_packages - run_install_subsystem_RootCA - run_install_subsystem_ocsp $number $BEAKERMASTER $CA - rlRun "rhts-syncs-set -s 'Master Instances Installed' -m $BEAKERMASTER" - run_rhcs_add_to_env "ROOTCA_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$ROOTCA_ADMIN_CERT_NICKNAME.p12" - fi - rlPhaseEnd - rlPhaseStartTest "run_rhcs_install_topo_5 - Install Subca1 on host 2" - if [ "$(hostname)" = $BEAKERSUBCA1" ]; then - rlRun "rhts-syncs-block -s 'Master Instances Installed' $BEAKERMASTER" - local CA=ROOTCA - local number=1 - local KRA_CA=SUBCA1 - local OCSP_CA=SUBCA1 - run_rhcs_install_packages - run_install_subsystem_subca $number $BEAKERMASTER $CA - run_install_subsystem_kra $number $BEAKERSUBCA1 $KRA_CA - run_install_subsystem_ocsp $number $BEAKERSUBCA1 $OCSP_CA - run_rhcs_add_to_env "SUBCA1_ADMIN_CERT_LOCATION" "$SUBCA1_CLIENT_DIR/$SUBCA1_ADMIN_CERT_NICKNAME.p12" - fi - rlPhaseEnd - rlPhaseStartTest "run_rhcs_install_topo_5 - Install Subca2 on host 3" - if [ "$(hostname)" = $BEAKERSUBCA2" ]; then - rlRun "rhts-syncs-block -s 'Master Instances Installed' $BEAKERMASTER" - local CA=ROOTCA - local number=2 - local KRA_CA=SUBCA2 - local OCSP_CA=SUBCA2 - run_rhcs_install_packages - run_install_subsystem_subca $number $BEAKERMASTER $CA - run_install_subsystem_KRA $number $BEAKERSUBCA2 $KRA_CA - run_install_subsystem_OCSP $number $BEAKERSUBCA2 $OCSP_CA - run_rhcs_add_to_env "SUBCA2_ADMIN_CERT_LOCATION" "$SUBCA2_CLIENT_DIR/$SUBCA2_ADMIN_CERT_NICKNAME.p12" - fi - rlPhaseEnd -} run_rhcs_install_topo_9() { @@ -567,6 +737,7 @@ run_rhcs_install_topo_9() local SUBCA_number=1 local MASTER_KRA=KRA3 local MASTER_OCSP=OCSP3 + run_rhcs_edit_env run_rhcs_install_packages run_install_subsystem_RootCA run_install_subsystem_kra $number $BEAKERMASTER $CA @@ -579,7 +750,84 @@ run_rhcs_install_topo_9() run_install_subsystem_subca $SUBCA_number $BEAKERMASTER $CA run_rhcs_add_to_env "ROOTCA_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$ROOTCA_ADMIN_CERT_NICKNAME.p12" run_rhcs_add_to_env "SUBCA1_ADMIN_CERT_LOCATION" "$SUBCA1_CLIENT_DIR/$SUBCA1_ADMIN_CERT_NICKNAME.p12" - rlPhaseEnd } +run_rhcs_edit_env () +{ + rlPhaseStartTest "run_rhcs_edit_env - edit env.sh for different tomcat instances for every subsystem" + sed -i 's/^\(KRA3_TOMCAT_INSTANCE_NAME=\).*/\1rootkra/' /opt/rhqa_pki/env.sh + sed -i 's/^\(OCSP3_TOMCAT_INSTANCE_NAME=\).*/\1rootocsp/' /opt/rhqa_pki/env.sh + sed -i 's/^\(TKS1_TOMCAT_INSTANCE_NAME=\).*/\1roottks/' /opt/rhqa_pki/env.sh + sed -i 's/^\(CLONE_KRA1_TOMCAT_INSTANCE_NAME=\).*/\1clonekra1/' /opt/rhqa_pki/env.sh + sed -i 's/^\(CLONE_OCSP1_TOMCAT_INSTANCE_NAME=\).*/\1cloneocsp1/' /opt/rhqa_pki/env.sh + sed -i 's/^\(CLONE_TKS1_TOMCAT_INSTANCE_NAME=\).*/\1clonetks1/' /opt/rhqa_pki/env.sh + sed -i 's/^\(KRA3_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(OCSP3_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(TKS1_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(CLONE_KRA1_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(CLONE_OCSP1_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(CLONE_TKS1_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(KRA3_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(OCSP3_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(TKS1_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(CLONE_KRA1_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(CLONE_OCSP1_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(CLONE_TKS1_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(KRA3_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(OCSP3_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(TKS1_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(CLONE_KRA1_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(CLONE_OCSP1_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(CLONE_TKS1_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(KRA3_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(OCSP3_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(TKS1_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(CLONE_KRA1_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(CLONE_OCSP1_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(CLONE_TKS1_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + rlPhaseEnd + +} +######### Routine to get subsystem IDs ######## +get_rhcs_subsystem_id() +{ + rlPhaseStartTest "get_rhcs_subsystemid - i/p (ROLE and SUBSYSTEM) o/p (ENV_VAR)" + local ROLE=$1 + local SUB=$2 + if [ "$ROLE" = "MASTER" ]; then + local num=3 + local num_tks=1 + elif [ "$ROLE" = "SUBCA1" ]; then + local num=1 + elif [ "$ROLE" = "SUBCA2" ]; then + local num=2 + elif [ "$ROLE" = "CLONE1" ]; then + local num=1 + + elif [ "$ROLE" = "CLONE2" ]; then + local num=2 + fi + + if [ "$SUB" = "TKS" ]; then + local ENV_VAR=${SUB}${num_tks} + elif [ "$SUB" = "CA" ] && [ "$ROLE" = "MASTER" ]; then + local ENV_VAR=ROOTCA + elif [ "$SUB" = "CA" ] && [[ "$ROLE" = "SUBCA1" || "$ROLE" = "SUBCA2" ]]; then + local ENV_VAR=$ROLE + elif [ "$SUB" = "CA" ] && [[ "$ROLE" = "CLONE1" || "$ROLE" = "CLONE2" ]]; then + local ENV_VAR=CLONECA${num} + elif [ "$SUB" = "KRA" ] && [[ "$ROLE" = "CLONE1" || "$ROLE" = "CLONE2" ]]; then + local ENV_VAR=CLONEKRA${num} + + elif [ "$SUB" = "OCSP" ] && [[ "$ROLE" = "CLONE1" || "$ROLE" = "CLONE2" ]]; then + local ENV_VAR=CLONEOCSP${num} + + elif [ "$SUB" = "TKS" ] && [[ "$ROLE" = "CLONE1" || "$ROLE" = "CLONE2" ]]; then + local ENV_VAR=CLONETKS${num} + else + local ENV_VAR=${SUB}${num} + fi + run_rhcs_add_to_env "ENV_VAR" "$ENV_VAR" + rlPhaseEnd +} |