summaryrefslogtreecommitdiffstats
path: root/base/deploy/etc/default.cfg
diff options
context:
space:
mode:
Diffstat (limited to 'base/deploy/etc/default.cfg')
-rw-r--r--base/deploy/etc/default.cfg74
1 files changed, 72 insertions, 2 deletions
diff --git a/base/deploy/etc/default.cfg b/base/deploy/etc/default.cfg
index f665bb8..56686c0 100644
--- a/base/deploy/etc/default.cfg
+++ b/base/deploy/etc/default.cfg
@@ -57,12 +57,12 @@ destroy_scriplets=
# case someone wants to override them in their config file.
#
# Tomcat instances:
-# pki_subsystem_name=pki_tomcat
+# pki_instance_name=pki_tomcat
# pki_https_port=8443
# pki_http_port=8080
#
# Apache instances:
-# pki_subsystem_name=pki_tomcat
+# pki_instance_name=pki_tomcat
# pki_https_port=443
# pki_http_port=80
@@ -113,6 +113,16 @@ pki_token_name=internal
pki_token_password=
pki_user=pkiuser
+# Paths:
+# These are used in the processing of pkispawn and are not supposed
+# to be overwritten by user configuration files.
+#
+pki_source_conf_path=/usr/share/pki/%{pki_subsystem_type}/conf
+pki_source_setup_path=/usr/share/pki/setup
+pki_source_server_path=/usr/share/pki/server/conf
+pki_source_cs_cfg=/usr/share/pki/%{pki_subsystem_type}/conf/CS.cfg
+pki_source_registry=/usr/share/pki/setup/pkidaemon_registry
+
###############################################################################
## Apache Configuration: ##
## ##
@@ -122,6 +132,19 @@ pki_user=pkiuser
###############################################################################
[Apache]
+# Paths
+# These are used in the processing of pkispawn and are not supposed
+# to be overwritten by user configuration files.
+#
+pki_systemd_service=/lib/systemd/system/pki-apached@.service
+pki_systemd_target=/lib/systemd/system/pki-apached.target
+pki_systemd_target_wants=/etc/systemd/system/pki-apached.target.wants
+pki_systemd_service_link=%(pki_systemd_target_wants)s/pki-apached@%(pki_instance_name)s.service
+pki_cgroup_systemd_service_path=/sys/fs/cgroup/systemd/system/%(pki_systemd_service)s
+pki_cgroup_systemd_service=%(pki_cgroup_systemd_service_path)s/%(pki_instance_name)s
+pki_cgroup_cpu_systemd_service_path=/sys/fs/cgroup/cpu\,cpuacct/system/%(pki_systemd_service)s
+pki_cgroup_cpu_systemd_service=%(pki_cgroup_cpu_systemd_service_path)s/%(pki_systemd_service)s
+
###############################################################################
## Tomcat Configuration: ##
## ##
@@ -154,6 +177,28 @@ pki_proxy_https_port=443
pki_security_manager=true
pki_tomcat_server_port=8005
+# Paths
+# These are used in the processing of pkispawn and are not supposed
+# to be overwritten by user configuration files.
+#
+pki_systemd_service=/lib/systemd/system/pki-tomcatd@.service
+pki_systemd_target=/lib/systemd/system/pki-tomcatd.target
+pki_systemd_target_wants=/etc/systemd/system/pki-tomcatd.target.wants
+pki_systemd_service_link=%(pki_systemd_target_wants)s/pki-tomcatd@%(pki_instance_name)s.service
+pki_cgroup_systemd_service_path=/sys/fs/cgroup/systemd/system/%(pki_systemd_service)s
+pki_cgroup_systemd_service=%(pki_cgroup_systemd_service_path)s/%(pki_instance_name)s
+pki_cgroup_cpu_systemd_service_path=/sys/fs/cgroup/cpu\,cpuacct/system/%(pki_systemd_service)s
+pki_cgroup_cpu_systemd_service=%(pki_cgroup_cpu_systemd_service_path)s/%(pki_systemd_service)s
+pki_tomcat_bin_path=/usr/share/tomcat/bin
+pki_tomcat_lib_path=/usr/share/tomcat/lib
+pki_tomcat_systemd=/usr/sbin/tomcat-sysd
+pki_source_catalina_properties=%(pki_source_server_path)s/catalina.properties
+pki_source_servercertnick_conf=%(pki_source_server_path)s/serverCertNick.conf
+pki_source_server_xml=%(pki_source_server_path)s/server.xml
+pki_source_context_xml=%(pki_source_server_path)s/context.xml
+pki_source_tomcat_conf=%(pki_source_server_path)s/tomcat.conf
+
+
###############################################################################
## CA Configuration: ##
## ##
@@ -206,6 +251,22 @@ pki_subsystem_name=CA %(pki_hostname)s %(pki_https_port)s
pki_subsystem_nickname=subsystemCert cert-%(pki_instance_name)s CA
pki_subsystem_subject_dn=cn=CA Subsystem Certificate,o=%(pki_security_domain_name)s
+# Paths
+# These are used in the processing of pkispawn and are not supposed
+# to be overwritten by user configuration files.
+#
+pki_source_emails=/usr/share/pki/ca/emails
+pki_source_flatfile_txt=%(pki_source_conf_path)s/flatfile.txt
+pki_source_profiles=/usr/share/pki/ca/profiles
+pki_source_proxy_conf=%(pki_source_conf_path)s/proxy.conf
+pki_source_registry_cfg=%(pki_source_conf_path)s/registry.cfg
+pki_source_admincert_profile=%(pki_source_conf_path)s/adminCert.profile
+pki_source_caauditsigningcert_profile=%(pki_source_conf_path)s/caAuditSigningCert.profile
+pki_source_cacert_profile=%(pki_source_conf_path)s/caCert.profile
+pki_source_caocspcert_profile=%(pki_source_conf_path)s/caOCSPCert.profile
+pki_source_servercert_profile=%(pki_source_conf_path)s/serverCert.profile
+pki_source_subsystemcert_profile=%(pki_source_conf_path)s/subsystemCert.profile
+
###############################################################################
## KRA Configuration: ##
@@ -244,6 +305,15 @@ pki_subsystem_name=KRA %(pki_hostname)s %(pki_https_port)s
pki_subsystem_nickname=subsystemCert cert-%(pki_instance_name)s KRA
pki_subsystem_subject_dn=cn=KRA Subsystem Certificate,o=%(pki_security_domain_name)s
+# Paths
+# These are used in the processing of pkispawn and are not supposed
+# to be overwritten by user configuration files.
+#
+pki_source_servercert_profile=%(pki_source_conf_path)s/serverCert.profile
+pki_source_storagecert_profile=%(pki_source_conf_path)s/storageCert.profile
+pki_source_subsystemcert_profile=%(pki_source_conf_path)s/subsystemCert.profile
+pki_source_transportcert_profile=%(pki_source_conf_path)s/transportCert.profile
+
###############################################################################
## OCSP Configuration: ##
## ##