| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
We need to keep the admin cert and p12 file in case the client directory
is purged.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously sensitive parameters are stored in the Sensitive section in
the configuration file, separate from the hierarchical structure used
by non-sensitive parameters. To allow defining multiple subsystems in
a single configuration file the sensitive and non-sensitive parameters
have been reorganized into the same hierarchical structure.
To maintain the security a new meta-parameter has been added to list
all sensitive parameter names. This way the deployment code will know
whether a parameter is sensitive, which then will mask the value before
displaying it to the screen or storing it in a log file.
Ticket #399
|
|
|
|
| |
Ticket 411
|
|
|
|
| |
Ticket 412
|
|
|
|
|
| |
* TRAC Ticket #286 - Dogtag 10: Create parameter for optionally allowing
a user to skip configuration . . .
|
|
|
|
| |
* TRAC Ticket #311 - Unable to deregister subsystem in merged instance
|
|
|
|
|
|
|
|
|
|
|
| |
* TRAC Ticket #266 - for non-master CA subsystems, pkidestroy needs to
contact the security domain to update the domain
* Made Fedora 17 rely upon tomcatjss 7.0.0 or later
* Changed Dogtag 10 build-time and runtime requirements for 'pki-deploy'
* Altered PKI Package Dependency Chain (top-to-bottom):
pki-ca, pki-kra, pki-ocsp, pki-tks --> pki-deploy --> pki-common
* Changed TPS to require a build-time dependency of 'httpd-devel >= 2.4.2'
* Clarified RPM build script's usage message
|
|
|
|
|
|
|
|
|
| |
* PKI TRAC Ticket #279 - Dogtag 10: Fix remaining 'cloning' issues in
'pkispawn' . . .
* PKI TRAC Ticket #280 - Dogtag 10: Fix remaining issues in 'pkidestroy'
related to deletion of more than one instance . . .
* PKI TRAC Ticket #281 - Dogtag 10: Fix 'pkidaemon'/'operations' issue to
handle individual instance . . .
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* TRAC Ticket #263 - Dogtag 10: Fix 'pkidestroy' problem of sporadically "not"
removing "/etc/sysconfig/{pki_instance_id}" . . .
* TRAC Ticket #264 - Dogtag 10: Enable various other subsystems for
configuration . . .
* TRAC Ticket #261 - Dogtag 10: Revisit command-line options of 'pkispawn' and
'pkidestroy' . . .
* TRAC Ticket #268 - Dogtag 10: Create a parameter for optional restart of
configured PKI instance . . .
* TRAC Ticket #270 - Dogtag 10: Add missing parameters to
'pkideployment.cfg' . . .
* TRAC Ticket #265 - Dogtag 10: Provide configurable options for PKI client
information . . .
* TRAC Ticket #275 - Dogtag 10: Add debug information (comments) to Tomcat 7
"logging.properties"
* TRAC Ticket #276 - Dogtag 10: Relocate all 'pin' data to the 'sensitive'
dictionary
* TRAC Ticket #277 - Dogtag 10: Create an 'archive' for 'manifest' and
'pkideployment.cfg' files
* TRAC Ticket #278 - Dogtag 10: Fix Miscellaneous PKI Deployment Scriptlet
Issues . . .
|
|
|
|
|
|
|
|
|
| |
Saved Admin Certificate, imported it into NSS client security databases, and
exported it to a PKCS #12 file such that it may be imported into a browser.
TRAC Ticket #221
Dogtag 10: Create a PKCS #12 file containing the Admin Certificate
(https://fedorahosted.org/pki/ticket/221)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Integration of Tomcat 7
* Introduction of dependency upon tomcatjss 7.0
* Removal of http filtering configuration mechanisms
* Introduction of additional slot substitution to
support revised filesystem layout
* Addition of 'pkiuser' uid:gid creation methods
* Inclusion of per instance '*.profile' files
* Introduction of configurable 'configurationRoot'
parameter
* Introduction of default configuration of 'log4j'
mechanism (alee)
* Modify web.xml to use new Application classes to
bootstrap servers (alee)
* Introduction of "Wrapper" logic to support
Tomcat 6 --> Tomcat 7 API change (jmagne)
* Added jython helper function to allow attaching
a remote java debugger (e. g. - eclipse)
|
|
|
|
|
|
|
| |
* Integration of Tomcat 7
* Addition of centralized 'pki-tomcatd' systemd functionality to the
PKI Deployment strategy
* Removal of 'pki_flavor' attribute
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Introduced concept of "admin-domain" originally as a
separate folder, and later incorporated this concept
into an optional instance prefix
* Revised definition of <pki_instance_id> to be identified
as "[<pki_admin_domain_name>-]<pki_instance_name>
* Changed NSS security database model from one shared
database by BOTH a single Tomcat AND single Apache instance
into one per Tomcat instance (shared by CA/KRA/OCSP/TKS) and
one per Apache instance (shared by RA/TPS)
* Altered Configuration 'scriptlet' to invoke Jython for
access to new Java configuration servlet
* Renamed various "scriptlets" to comply with this new layout
* Re-aligned code to account for revised layout documented at
http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment
|
|
* Completed the following six 'scriptlets':
* Dogtag 10: Python 'initialization.py' Installation Scriptlet
(https://fedorahosted.org/pki/ticket/147)
* Dogtag 10: Python 'instance_layout.py' Installation Scriptlet
(https://fedorahosted.org/pki/ticket/75)
* Dogtag 10: Python 'webserver_layout.py' Installation Scriptlet
(https://fedorahosted.org/pki/ticket/140)
* Dogtag 10: Python 'subsystem_layout.py' Installation Scriptlet
(https://fedorahosted.org/pki/ticket/141)
* Dogtag 10: Python 'war_explosion.py' Installation Scriptlet
(https://fedorahosted.org/pki/ticket/76)
* Dogtag 10: Python 'finalization.py' Installation Scriptlet
(https://fedorahosted.org/pki/ticket/148)
* Created numerous PKI deployment helper utilities.
* Augmented logging to provide indentation.
* Generated logic for installation 'manifest'.
* Tested logic using '--dry_run' option and '-p' prefix options.
* Per initial review, removed numerous "constants" and consolidated
logic into "master" dictionary.
* Corrected the following ticket:
* Dogtag 10: Fix 'build_dogtag_pki' script to account for 'pki-deploy' RPM
(https://fedorahosted.org/pki/ticket/138)
Resolves Bugzilla Bug #810047 - build_dogtag_pki fails with requirements
for pki-deploy
(https://bugzilla.redhat.com/show_bug.cgi?id=810047)
* Created the following three 'scriptlets' as 'NOT YET IMPLEMENTED'
place-holders:
* Dogtag 10: Python 'security_databases.py' Installation Scriptlet
(https://fedorahosted.org/pki/ticket/136)
* Dogtag 10: Python 'slot_assignment.py' Installation Scriptlet
(https://fedorahosted.org/pki/ticket/146)
* Dogtag 10: Python 'configuration.py' Configuration Scriptlet
(https://fedorahosted.org/pki/ticket/137)
|