summaryrefslogtreecommitdiffstats
path: root/base/deploy
Commit message (Collapse)AuthorAgeFilesLines
* Renamed base/deploy to base/server.Endi Sukma Dewata2013-04-0936-10944/+0
| | | | | | | The base/deploy folder has been renamed to base/server to match the package name. The pki.conf has been moved into pki-base package. Ticket #553, #564
* Separate folder for python deployment engine source code.Abhishek Koneru2013-04-038-29/+29
| | | | | | | | Place the python deployment source code and the python deployment scriptlets in two seperate folders base/deploy/src/engine and /base/deploy/src/scriptlets in the project. Ticket #521
* Remove pki_backup_password from examples in pkispwan.Abhishek Koneru2013-04-028-15/+0
| | | | | | | | Since pki_backup_password depends on pki_backup_keys to be true, it is misleading to mention only pki_backup_password in the man page. It is removed from the examples in the man page. Ticket #465
* Change timeout from number of tries to total time.Abhishek Koneru2013-04-022-7/+8
| | | | | | | | Change the current implementation of time out as number of tries to, the total time for trying to get the status of the Tomcat. Ticket #563
* Remove unnecessary log in pkidestroy.Abhishek Koneru2013-03-271-1/+0
|
* Change how the password is passed to pkidestroy.Abhishek Koneru2013-03-262-8/+17
| | | | | | | | | Removed the -w <security domain password> option for pkidestroy. Added the -W <security domain password file> option which takes a file containing the password as input. It is an optional parameter. Added required information in pkidestroy. Ticket #502
* Handle the Keyboard interrupt gracefully.Abhishek Koneru2013-03-262-0/+16
| | | | | | | | Catch the KeyboardInterrupt (Ctrl-C) input during the execution of pkispawn and pkidestroy and display a proper message to user rather than a stacktrace. Ticket #536
* Add information about interactive mode in pkispawn.Abhishek Koneru2013-03-252-4/+91
| | | | | | | | Updated pkispawn/pkidestroy manpages with the steps involved during the Interactive mode installation. A brief description of all the parameters asked during the installation is provided. Ticket #471
* Minor fixes to pkispawn man page.Abhishek Koneru2013-03-228-3/+101
| | | | | | | | | Updating the sample configuration file entries in default CA and subordinate CA installation. Added sample configuration files for each installation type mentioned in the man page. Tickets #509, #525
* Refactor installation code to remove dependency on jythonAde Lee2013-03-2113-937/+711
| | | | | | | | | | | | | Connection is now made to the installation servlet through a python client using JSON. The code to construct the ConfgurationRequest and parse the results has been moved to pkihelper.py, and configuration.py no longer calls a separate jython process to create the Configuration object and parse the results. The jython code has therefore been removed. Also added status servlet to other java subsystems, to be tested prior to starting configuration. Trac Ticket 532
* Replaced Tomcat's random number generator.Endi Sukma Dewata2013-03-191-2/+16
| | | | | | | | | | By default Tomcat relies on /dev/random as a random number generator to generate the session ID's. Under certain conditions /dev/random may block, which will block Tomcat as well. To solve the problem all webapps in Tomcat have been configured to use the random number generator provided by JSS. Ticket #524
* Bugzilla Bug #919476 - pkispawn crashes due to dangling symlink to jss4.jarMatthew Harmsen2013-03-111-5/+1
| | | | * Additional fix for Fedora 19+
* Bugzilla Bug #919476 - pkispawn crashes due to dangling symlink to jss4.jarMatthew Harmsen2013-03-083-8/+9
|
* Added security domain info validation.Endi Sukma Dewata2013-03-074-58/+94
| | | | | | | | | The installer script has been modified to validate security domain info in both interactive and silent installation. A basic Python API has been added to access the REST interface. Ticket #473
* Added DS info validation.Endi Sukma Dewata2013-03-072-16/+116
| | | | | | | The installer script has been modified to validate DS info in both interactive and silent installation. Ticket #472
* Patch to escape interpolations for parameters having '%' in their values.Abhishek Koneru2013-03-071-0/+2
| | | | | | Ticket #493 - Changes done to bypass interpolation for using a % as part of a value. All occurences of % will be replaced by a %% in interactive pkispawn/pkidestroy. If a file is passed, then the values with a '%' need to have an escape character %
* PKI theme changesMatthew Harmsen2013-03-052-8/+10
| | | | | | | | * Correct PKI Theme for RA and TPS: ** TRAC Ticket #517 - Clean up theme dependencies * Make PKI Theme optional for CA, KRA, OCSP, TKS: ** Bugzilla Bug #916134 - unresolved dependency in pki-server: pki-server-theme ** TRAC Ticket #518 - Remove UI dependencies from pkispawn . . .
* Added authentication method validation.Endi Sukma Dewata2013-02-192-7/+0
| | | | | | | | | | | | | | | A new mechanism has been added to specify the authentication methods that can be used to invoke the REST methods. The AuthMethodMapping annotation maps each REST method to a list of allowed authentication methods. When a client calls a REST method, the AuthMethodInterceptor will intercept the call and verify that the client uses an allowed authentication method. Most REST methods that require authentication have been configured to require client certificate authentication. Authentication using username and password will only be used to get the installation token from security domain. Ticket #477
* Change pkidestroy to get an install token and use admin interface to updateAde Lee2013-02-115-144/+257
| | | | security domain.
* Added interactive subsystem installation.Endi Sukma Dewata2013-02-049-145/+355
| | | | | | | | | | The pkispawn has been modified such that the configuration file and subsystem type are optional. The pkidestroy has been modified such that the instance name and subsystem type are optional. If any of these options are not specified they will enter an interactive mode. Ticket #380
* Fixed CLI 'cert-find' clientAuth FQDN hostname issueMatthew Harmsen2013-01-251-0/+1
| | | | * TRAC Ticket #488 - Dogtag 10: Fix CLI 'cert-find' clientAuth issue
* Resolved Trac Ticket 367 - pkidestroy does not remove connectorAde Lee2013-01-153-21/+167
| | | | | | | | | | | * Added RESTful servlet to add/remove a KRA connector from the CA. * Modified ACL to allow KRA subsystem user to remove connector. * Modified connector code to allow the connector to be replaced without a server restart. * Added functionality to pki CLI to add/remove connector * Added code to pkidestroy to remove the connector (using both pki CLI and sslget) When the issues with pki connection are resolved, we will use that method instead. * Modified sslget to accept HTTP return codes != 200. In this case, we were returning 204 - which is perfectly legitimate.
* Use tomcatjss 7.1.0 and fix weird errno=0 exceptionMatthew Harmsen2013-01-073-3/+9
| | | | | | * TRAC Ticket #469 - Dogtag 10: Fix tomcatjss issue in pki-core.spec and dogtag-pki.spec . . . * TRAC Ticket #468 - pkispawn throws exception
* TRAC Ticket #271 - Dogtag 10: Fix 'status' command in 'pkidaemon' . . .Matthew Harmsen2012-12-192-31/+183
|
* fix typo in default.cfgAde Lee2012-12-191-1/+1
|
* Man page addition for parameter pki_client_admin_cert_p12Ade Lee2012-12-191-0/+4
|
* Make admin cert p12 file location configurableAde Lee2012-12-193-61/+18
| | | | | Ticket 437. Also moved a bunch of client path parameters to default.cfg template file.
* pkispawn modified to not relabel when selinux is disabledAde Lee2012-12-193-2/+25
| | | | Ticket 393
* Punctuation and formatting changes in man pagesAde Lee2012-12-183-55/+68
| | | | Changes provided by Deon Lackey.
* Revert to using default config file for pkidestroyAde Lee2012-12-183-12/+2
| | | | | | | | Previously, we archived the default config file when an instance was created, and used that file in running pkidestroy. We plan to replace this mechanism in favor of actually reading the instance's config files. For now, we return to using the standard default config template, so that we can change it without breaking pkidestroy.
* Hardcode setting of resteasy-lib for instanceAde Lee2012-12-182-0/+3
| | | | | | | | | | Tomcat in f17 expects the file under /etc/sysconfig/foo to be a set of environment variables being set, and parses it that way. We recently added some logic to source the global pki.conf file. This works in f18, but breaks instance startup in f17. While this works in f18, its an indication that we are using the tomcat config file incorrectly. Reverting to hardcoding resteasy lib.
* interpolate more pathsAde Lee2012-12-184-250/+63
|
* interpolated jarsAde Lee2012-12-182-300/+94
|
* interpolation for paths part 1Ade Lee2012-12-182-139/+73
|
* Removed duplicate pki_instance_id parameter.Ade Lee2012-12-186-76/+71
| | | | Ticket 435
* More edits to man pages including spell checking provided via 'aspell'.Matthew Harmsen2012-12-103-124/+159
|
* Revised 'pki_default.cfg5' man page.Matthew Harmsen2012-12-071-18/+179
|
* Added man pages.Matthew Harmsen2012-12-064-0/+432
| | | | | * TRAC Ticket #315 - Man pages for pkispawn/pkidestroy. * Added place-holders for 'pki.1' and 'pki_default.cfg.5' man pages.
* Parameterizing RESTEasy paths.Endi Sukma Dewata2012-12-069-129/+84
| | | | | | | | | The paths to RESTEasy jar files have been modified such that it can be configured globally at build time using the spec file to support different distributions, and at deployment time using a system-wide configuration in /etc/pki/pki.conf. Ticket #422, #423.
* Implemented ability to utilize an external CAMatthew Harmsen2012-12-067-52/+134
| | | | * TRAC Ticket #231 - Dogtag 10: Update PKI Deployment to handle external CA
* Modified section on sample.cfgAde Lee2012-12-051-1/+1
|
* Archiving default deployment configuration.Endi Sukma Dewata2012-12-049-137/+201
| | | | | | | | | | | The default deployment configuration has been renamed and moved to /etc/pki/default.cfg to make it more accessible to users. The pkispawn has been modified to archive the default deployment configuration along with the user-provided configuration in the registry. The pkidestroy will now use both archived configuration files to ensure proper removal of the subsystem. Ticket #399
* Run restorecon on top-level log directoryNathan Kinder2012-12-041-0/+1
| | | | | | | | | | | We currently run a restorecon on the instance log directory, but not on the top level log directory. Restorecon is required for the top level log directory since pkispawn creates it. Without running a restorecon, it gets the label of the parent directory (var_log_t) instead of consulting the fcontext rule in the base policy and using pki_var_log_t. Ticket #431
* Interpolation correction patch based on review commentsAde Lee2012-12-045-75/+57
|
* Use interpolation to build default parametersAde Lee2012-12-045-754/+139
| | | | | | This patch replaces the code in pkiparser with defaults that are built up using ConfigParser interpolation. The patch gets most (but not all) default parameters.
* I18n for ProfileList.template.Endi Sukma Dewata2012-12-032-22/+38
| | | | | | | | | | | | | The messages in ProfileList.template in CA EE has been extracted into a properties file which can be translated separately. The original messages in the template have been marked as follows: <span class="message" name="...key...">...message...</span> When the page is loaded into the browser, the original message will be replaced with the translated messages. Ticket #406
* Change the structure of the client directory.Ade Lee2012-12-033-14/+15
| | | | | We need to keep the admin cert and p12 file in case the client directory is purged.
* Common User: pkispawn changesAde Lee2012-12-033-149/+55
|
* Replaced links of scriptlets with lists.Endi Sukma Dewata2012-11-304-154/+35
| | | | | | | | | Previously the deployment tools used symbolic links to determine the scriplets to execute and their order. The code has been changed such that now the scriplets are listed as parameters (spawn_scriplets and destroy_scriplets) in the configuration file. Ticket #403
* Simplified the configuration file using defaults.Endi Sukma Dewata2012-11-307-18/+26
| | | | | | | | | | | | | | Previously to create a subsystem the admin would have to copy the entire default deployment configuration, which contains many parameters, and then customize it. Now the deployment code has been changed such that the default config file will be used to provide the default values, so the admin will only need to provide the non-default parameters, thus reducing the size of the file. Sample configuration files are provided in /usr/share/pki/ deployment/config. Ticket #399
generated by cgit (git 2.34.1) at 2026-01-11 21:17:38 +0000