summaryrefslogtreecommitdiffstats
path: root/base/deploy/src
Commit message (Collapse)AuthorAgeFilesLines
* Renamed base/deploy to base/server.Endi Sukma Dewata2013-04-0919-7301/+0
| | | | | | | The base/deploy folder has been renamed to base/server to match the package name. The pki.conf has been moved into pki-base package. Ticket #553, #564
* Separate folder for python deployment engine source code.Abhishek Koneru2013-04-037-22/+22
| | | | | | | | Place the python deployment source code and the python deployment scriptlets in two seperate folders base/deploy/src/engine and /base/deploy/src/scriptlets in the project. Ticket #521
* Change timeout from number of tries to total time.Abhishek Koneru2013-04-021-6/+7
| | | | | | | | Change the current implementation of time out as number of tries to, the total time for trying to get the status of the Tomcat. Ticket #563
* Remove unnecessary log in pkidestroy.Abhishek Koneru2013-03-271-1/+0
|
* Change how the password is passed to pkidestroy.Abhishek Koneru2013-03-261-8/+11
| | | | | | | | | Removed the -w <security domain password> option for pkidestroy. Added the -W <security domain password file> option which takes a file containing the password as input. It is an optional parameter. Added required information in pkidestroy. Ticket #502
* Handle the Keyboard interrupt gracefully.Abhishek Koneru2013-03-262-0/+16
| | | | | | | | Catch the KeyboardInterrupt (Ctrl-C) input during the execution of pkispawn and pkidestroy and display a proper message to user rather than a stacktrace. Ticket #536
* Refactor installation code to remove dependency on jythonAde Lee2013-03-2111-934/+710
| | | | | | | | | | | | | Connection is now made to the installation servlet through a python client using JSON. The code to construct the ConfgurationRequest and parse the results has been moved to pkihelper.py, and configuration.py no longer calls a separate jython process to create the Configuration object and parse the results. The jython code has therefore been removed. Also added status servlet to other java subsystems, to be tested prior to starting configuration. Trac Ticket 532
* Replaced Tomcat's random number generator.Endi Sukma Dewata2013-03-191-2/+16
| | | | | | | | | | By default Tomcat relies on /dev/random as a random number generator to generate the session ID's. Under certain conditions /dev/random may block, which will block Tomcat as well. To solve the problem all webapps in Tomcat have been configured to use the random number generator provided by JSS. Ticket #524
* Bugzilla Bug #919476 - pkispawn crashes due to dangling symlink to jss4.jarMatthew Harmsen2013-03-081-6/+5
|
* Added security domain info validation.Endi Sukma Dewata2013-03-073-42/+94
| | | | | | | | | The installer script has been modified to validate security domain info in both interactive and silent installation. A basic Python API has been added to access the REST interface. Ticket #473
* Added DS info validation.Endi Sukma Dewata2013-03-072-16/+116
| | | | | | | The installer script has been modified to validate DS info in both interactive and silent installation. Ticket #472
* Patch to escape interpolations for parameters having '%' in their values.Abhishek Koneru2013-03-071-0/+2
| | | | | | Ticket #493 - Changes done to bypass interpolation for using a % as part of a value. All occurences of % will be replaced by a %% in interactive pkispawn/pkidestroy. If a file is passed, then the values with a '%' need to have an escape character %
* PKI theme changesMatthew Harmsen2013-03-051-8/+8
| | | | | | | | * Correct PKI Theme for RA and TPS: ** TRAC Ticket #517 - Clean up theme dependencies * Make PKI Theme optional for CA, KRA, OCSP, TKS: ** Bugzilla Bug #916134 - unresolved dependency in pki-server: pki-server-theme ** TRAC Ticket #518 - Remove UI dependencies from pkispawn . . .
* Added authentication method validation.Endi Sukma Dewata2013-02-192-7/+0
| | | | | | | | | | | | | | | A new mechanism has been added to specify the authentication methods that can be used to invoke the REST methods. The AuthMethodMapping annotation maps each REST method to a list of allowed authentication methods. When a client calls a REST method, the AuthMethodInterceptor will intercept the call and verify that the client uses an allowed authentication method. Most REST methods that require authentication have been configured to require client certificate authentication. Authentication using username and password will only be used to get the installation token from security domain. Ticket #477
* Change pkidestroy to get an install token and use admin interface to updateAde Lee2013-02-115-144/+257
| | | | security domain.
* Added interactive subsystem installation.Endi Sukma Dewata2013-02-046-137/+344
| | | | | | | | | | The pkispawn has been modified such that the configuration file and subsystem type are optional. The pkidestroy has been modified such that the instance name and subsystem type are optional. If any of these options are not specified they will enter an interactive mode. Ticket #380
* Fixed CLI 'cert-find' clientAuth FQDN hostname issueMatthew Harmsen2013-01-251-0/+1
| | | | * TRAC Ticket #488 - Dogtag 10: Fix CLI 'cert-find' clientAuth issue
* Resolved Trac Ticket 367 - pkidestroy does not remove connectorAde Lee2013-01-153-21/+167
| | | | | | | | | | | * Added RESTful servlet to add/remove a KRA connector from the CA. * Modified ACL to allow KRA subsystem user to remove connector. * Modified connector code to allow the connector to be replaced without a server restart. * Added functionality to pki CLI to add/remove connector * Added code to pkidestroy to remove the connector (using both pki CLI and sslget) When the issues with pki connection are resolved, we will use that method instead. * Modified sslget to accept HTTP return codes != 200. In this case, we were returning 204 - which is perfectly legitimate.
* Use tomcatjss 7.1.0 and fix weird errno=0 exceptionMatthew Harmsen2013-01-071-1/+7
| | | | | | * TRAC Ticket #469 - Dogtag 10: Fix tomcatjss issue in pki-core.spec and dogtag-pki.spec . . . * TRAC Ticket #468 - pkispawn throws exception
* Make admin cert p12 file location configurableAde Lee2012-12-192-59/+7
| | | | | Ticket 437. Also moved a bunch of client path parameters to default.cfg template file.
* pkispawn modified to not relabel when selinux is disabledAde Lee2012-12-193-2/+25
| | | | Ticket 393
* Revert to using default config file for pkidestroyAde Lee2012-12-183-12/+2
| | | | | | | | Previously, we archived the default config file when an instance was created, and used that file in running pkidestroy. We plan to replace this mechanism in favor of actually reading the instance's config files. For now, we return to using the standard default config template, so that we can change it without breaking pkidestroy.
* Hardcode setting of resteasy-lib for instanceAde Lee2012-12-181-0/+2
| | | | | | | | | | Tomcat in f17 expects the file under /etc/sysconfig/foo to be a set of environment variables being set, and parses it that way. We recently added some logic to source the global pki.conf file. This works in f18, but breaks instance startup in f17. While this works in f18, its an indication that we are using the tomcat config file incorrectly. Reverting to hardcoding resteasy lib.
* interpolate more pathsAde Lee2012-12-183-243/+9
|
* interpolated jarsAde Lee2012-12-181-300/+8
|
* interpolation for paths part 1Ade Lee2012-12-181-137/+1
|
* Removed duplicate pki_instance_id parameter.Ade Lee2012-12-184-51/+51
| | | | Ticket 435
* Parameterizing RESTEasy paths.Endi Sukma Dewata2012-12-066-117/+60
| | | | | | | | | The paths to RESTEasy jar files have been modified such that it can be configured globally at build time using the spec file to support different distributions, and at deployment time using a system-wide configuration in /etc/pki/pki.conf. Ticket #422, #423.
* Implemented ability to utilize an external CAMatthew Harmsen2012-12-067-52/+134
| | | | * TRAC Ticket #231 - Dogtag 10: Update PKI Deployment to handle external CA
* Archiving default deployment configuration.Endi Sukma Dewata2012-12-047-137/+194
| | | | | | | | | | | The default deployment configuration has been renamed and moved to /etc/pki/default.cfg to make it more accessible to users. The pkispawn has been modified to archive the default deployment configuration along with the user-provided configuration in the registry. The pkidestroy will now use both archived configuration files to ensure proper removal of the subsystem. Ticket #399
* Run restorecon on top-level log directoryNathan Kinder2012-12-041-0/+1
| | | | | | | | | | | We currently run a restorecon on the instance log directory, but not on the top level log directory. Restorecon is required for the top level log directory since pkispawn creates it. Without running a restorecon, it gets the label of the parent directory (var_log_t) instead of consulting the fcontext rule in the base policy and using pki_var_log_t. Ticket #431
* Interpolation correction patch based on review commentsAde Lee2012-12-044-41/+14
|
* Use interpolation to build default parametersAde Lee2012-12-044-688/+51
| | | | | | This patch replaces the code in pkiparser with defaults that are built up using ConfigParser interpolation. The patch gets most (but not all) default parameters.
* I18n for ProfileList.template.Endi Sukma Dewata2012-12-032-22/+38
| | | | | | | | | | | | | The messages in ProfileList.template in CA EE has been extracted into a properties file which can be translated separately. The original messages in the template have been marked as follows: <span class="message" name="...key...">...message...</span> When the page is loaded into the browser, the original message will be replaced with the translated messages. Ticket #406
* Change the structure of the client directory.Ade Lee2012-12-033-14/+15
| | | | | We need to keep the admin cert and p12 file in case the client directory is purged.
* Common User: pkispawn changesAde Lee2012-12-032-149/+51
|
* Replaced links of scriptlets with lists.Endi Sukma Dewata2012-11-302-32/+10
| | | | | | | | | Previously the deployment tools used symbolic links to determine the scriplets to execute and their order. The code has been changed such that now the scriplets are listed as parameters (spawn_scriplets and destroy_scriplets) in the configuration file. Ticket #403
* Simplified the configuration file using defaults.Endi Sukma Dewata2012-11-304-10/+17
| | | | | | | | | | | | | | Previously to create a subsystem the admin would have to copy the entire default deployment configuration, which contains many parameters, and then customize it. Now the deployment code has been changed such that the default config file will be used to provide the default values, so the admin will only need to provide the non-default parameters, thus reducing the size of the file. Sample configuration files are provided in /usr/share/pki/ deployment/config. Ticket #399
* Reorganized sensitive parameters.Endi Sukma Dewata2012-11-3011-96/+101
| | | | | | | | | | | | | | | Previously sensitive parameters are stored in the Sensitive section in the configuration file, separate from the hierarchical structure used by non-sensitive parameters. To allow defining multiple subsystems in a single configuration file the sensitive and non-sensitive parameters have been reorganized into the same hierarchical structure. To maintain the security a new meta-parameter has been added to list all sensitive parameter names. This way the deployment code will know whether a parameter is sensitive, which then will mask the value before displaying it to the screen or storing it in a log file. Ticket #399
* Fixed default security domain user.Endi Sukma Dewata2012-11-301-18/+39
| | | | | | | | | The deployment code has been modified such that if the security domain user is not specified it will use the CA admin uid, or Common uid, if it is defined. Otherwise it will use the default "caadmin". Ticket #399
* Refactored pkiparser.py into PKIConfigParser.Endi Sukma Dewata2012-11-304-2239/+2244
| | | | | | | The code in pkiparser.py has been converted into PKIConfigParser class to facilitate further improvements. Ticket #399
* Link to resteasy-base on rhel systems when running pkispawnalee-91Ade Lee2012-11-213-12/+28
|
* Reorganized CA, KRA, OCSP, TKS templates.Endi Sukma Dewata2012-11-121-8/+3
| | | | | | | | | | | All remaining theme files for Tomcat subsystems which include the templates and JS files have been moved from the theme folder at <subsystem>-ui/shared/webapps/<subsystem> into the subsystem webapp folder at base/<subsystem>/shared/webapps/<subsystem>. The deployment tools have been updated to use the new location. Ticket #407
* Reorganized common templates.Endi Sukma Dewata2012-11-122-44/+11
| | | | | | | The common templates have moved from common-ui into base/common. The deployment tools have been updated to use the new location. Ticket #407
* Updated tools to deploy combined images and CSS files.Endi Sukma Dewata2012-11-112-67/+36
| | | | | | | | | | | The pkispawn and pkicreate have been updated to deploy the combined images and CSS files from the common-ui into /pki/images and /pki/css. The common Velocity templates and JavaScript files still need to be deployed from the <subsystem>-ui packages into each subsystem. Ticket #328
* Fix issue with pki_external being referenced for non-CAAde Lee2012-11-101-3/+7
| | | | | This fixes an error in a previous commit which breaks creation and removal of non-CA subsystems
* removed dry_run from pkispawnAde Lee2012-11-1012-1108/+724
| | | | Ticket 411
* Remove unused respawn code.Ade Lee2012-11-109-400/+0
| | | | Ticket 412
* Move default location for client certificate databaseMatthew Harmsen2012-11-091-2/+2
| | | | | | * TRAC Ticket #395 - Dogtag 10: Add a Tomcat 7 runtime requirement to 'pki-server' * TRAC Ticket #398 - Move default location for client certificate database
* Enable Subordinate CAMatthew Harmsen2012-11-084-16/+30
| | | | * TRAC Ticket #185 - Dogtag 10: Update PKI Deployment to handle subordinate CA
generated by cgit (git 2.34.1) at 2026-01-10 21:10:29 +0000