summaryrefslogtreecommitdiffstats
path: root/base/server/upgrade
Commit message (Collapse)AuthorAgeFilesLines
* Added upgrade script for keepAliveTimeout.Endi S. Dewata2017-06-024-0/+71
| | | | | | | | | An upgrade script has been added to set the keepAliveTimeout attribute for the Secure connector in the server.xml. https://pagure.io/dogtagpki/issue/2687 Change-Id: Ia61ed49d0ffc26d4bb44738c71fc663bde37fb1d
* Add upgrade script that adds KRA wrapping paramsFraser Tweedale2017-04-281-0/+78
| | | | | | Part of: https://pagure.io/dogtagpki/issue/1408 Change-Id: Iaa1c2c3b6f7de178bd38c2b5b8df57a2a99f64b1
* Add authn manager that reuses auth token from sessionFraser Tweedale2017-04-192-0/+55
| | | | | | | | | | | | | | | | | | To process a cert request immediately (rather than having it queued as pending), the user must be authenticated *by the profile*; auth tokens from the main authentication system are not used. For external authentication support it is possible that the external authentication is sufficient to authenticate use of a problem; especially when the profile uses componenets like ExternalProcessConstraint to perform validation of the cert request against external sources of information. To support this use case, add the SessionAuthentication profile authenticator, which merely reuses the IAuthToken from the session context, if present. Part of: https://pagure.io/dogtagpki/issue/1359
* Add ExternalProcessConstraint for request validationFraser Tweedale2017-04-191-0/+67
| | | | | | | | | | Add the ExternalProcessConstraint profile policy constraint class. It can be configured to execute an arbitrary program that performs additional request validation, rejecting the request if it terminates with a nonzero exit status. Information about the request is conveyed in the subprocess' environment. Part of: https://pagure.io/dogtagpki/issue/1359
* Add upgrade script to add CommonNameToSANDefault pluginFraser Tweedale2017-02-091-0/+67
| | | | Part of: https://fedorahosted.org/pki/ticket/1710
* Fixed MergePKIWebapps upgrade script.Endi S. Dewata2017-02-041-5/+7
| | | | | | | The MergePKIWebapps upgrade script has been modified to ensure that the old deployment descriptors exist before deleting them. https://fedorahosted.org/pki/ticket/2582
* Merged /pki webapps.Endi S. Dewata2017-01-301-0/+79
| | | | | | | | | | | | | | | | | | | Previously the /pki webapp was only added if the theme was present during installation, and there were separate webapps for /pki/admin and /pki/js. If the theme was installed later, the /pki webapp had to be configured manually. To simplify the installation and to support other developments (e.g. login banner), the /pki webapp will always be added during installation regardless of theme, and the /pki/admin and /pki/js webapps are merged into /pki webapp. When the theme package is installed, it will create links in /pki webapp so the theme files will become available without additional configuration. An upgrade script has been added to merge the /pki webapp in existing instances. https://fedorahosted.org/pki/ticket/2582
* Added upgrade script to update AJP loopback address.Endi S. Dewata2017-01-201-0/+62
| | | | | | | | An upgrade script has been added to replace IPv4- and IPv6-specific AJP loopback address with a more generic "localhost" in existing instances. https://fedorahosted.org/pki/ticket/2570
* Removed FixSELinuxContexts upgrade script.Endi S. Dewata2016-09-072-36/+0
| | | | | | | | | | The FixSELinuxContexts upgrade script has been removed temporarily due to a problem importing selinux library during RPM upgrade. The FixDeploymentDescriptor script number has been changed accordingly. https://fedorahosted.org/pki/ticket/2452
* Added upgrade script to fix deployment descriptors.Endi S. Dewata2016-08-261-0/+110
| | | | | | | | An upgrade script has been added to fix missing deployment descriptors or deployment descriptors that are pointing to non-existent or empty folders. https://fedorahosted.org/pki/ticket/2439
* Fixed SELinux contexts.Endi S. Dewata2016-07-281-0/+36
| | | | | | | | | | The deployment tool has been modified to set up SELinux contexts after all instance files have been created to ensure they have the correct contexts. An upgrade script has been added to fix existing instances. https://fedorahosted.org/pki/ticket/2421
* Added upgrade scripts to fix server library.Endi S. Dewata2016-07-282-0/+50
| | | | | | | | An upgrade script has been added to replace the <instance>/common in existing instances with a link to /usr/share/pki/server/common which contains links to server dependencies. https://fedorahosted.org/pki/ticket/2403
* Added upgrade script to fix JAVA_HOME.Endi S. Dewata2016-06-173-0/+107
| | | | https://fedorahosted.org/pki/ticket/2363
* Fixed Java dependency.Endi S. Dewata2016-06-172-2/+2
| | | | | | | | | | The code has been modified to use the JAVA_HOME path specified in the pki.conf. The spec file has been modified to depend specifically on OpenJDK 1.8.0 and to provide the default JAVA_HOME path for the pki.conf. https://fedorahosted.org/pki/ticket/2363
* Add migration script for realm changes in registry.cfgAde Lee2016-05-091-0/+80
| | | | Part of Ticket 2041
* Fix flake8 / PEP 8 violationsChristian Heimes2016-01-251-0/+1
| | | | https://fedorahosted.org/pki/ticket/1738
* Allow encoded slashes in HTTP pathsFraser Tweedale2016-01-211-0/+37
| | | | | | | | | | | | | | Properly formed GET-based OCSP requests can contain URL-encoded slashes in the HTTP path[1] but our Tomcat configuration does not permit this (returns 400 Bad Request). Change catalina.properties to allow URL-encoded slashes in HTTP paths. [1] https://tools.ietf.org/html/rfc6960#appendix-A.1 Also add an upgrade script to update catalina.properties in existing instances. Fixes: https://fedorahosted.org/pki/ticket/1658
* Py3 compatibility: encode output of subprocess callChristian Heimes2015-08-172-2/+6
| | | | | | | | | In Python 3 subprocess.Popen() and check_out() return bytes. The rest of PKI expects text, so the output has to be decoded. - ascii for dnsdomainname - sys.getfilesystemencoding() for paths - utf-8 for the rest
* Py3 compatibility: write XML as encoded bytesChristian Heimes2015-08-176-16/+16
| | | | | Python 3 treats serialized XML as encoded bytes. etree must encode XML to UTF-8 and write it to a file opened in binary mode.
* Py3 modernization: misc manual fixesChristian Heimes2015-08-171-2/+3
| | | | | | | | | | | | | | | | | | | | | | Python 3's exception class has no message attribute. e.message can either be replaced with string representation of e or e.args[0]. Use print(line, end='') instead of sys.stdout.write(). With end='' no new line is appended. Use six.reraise() to reraise an exception. Remove sys.exc_clear() as it is no longer available in Python 3. Conditionally import shutil.WindowsError. Use six.move to import correct modules / function like quote, urlparse and configparser. Silence some pylint warnings. pylint doesn't understand six.moves magic and emits a import-error warning. Add additional tox envs to check for Python 3 compatibility.
* Py3 modernization: libmodernize.fixes.fix_importChristian Heimes2015-08-1725-0/+25
| | | | | | | | | | | | | | Enforce absolute imports or explicit relative imports. Python 3 no longer supports implicit relative imports, that is unqualified imports from a module's directory. In order to load a module from the same directory inside a package, use from . import module The future feature 'from __future__ import absolute_import' ensures that pki uses absolute imports on Python 2, too. See https://www.python.org/dev/peps/pep-0328/
* Make pki PEP 8 compatibleChristian Heimes2015-08-1417-90/+165
| | | | | | | | | | | | | | | | | | | Large portions of the patch was automatically created with autopep8: find base/ -name '*.py' | xargs autopep8 --in-place --ignore E309 \ --aggressive find base/common/upgrade base/server/upgrade -type f -and \ -not -name .gitignore | autopep8 --in-place --ignore E309 --aggressive autopep8 --in-place --ignore E309 --aggressive \ base/common/sbin/pki-upgrade \ base/server/sbin/pkispawn \ base/server/sbin/pkidestroy \ base/server/sbin/pki-server \ base/server/sbin/pki-server-upgrade About two dozent violations were fixed manually. https://fedorahosted.org/pki/ticket/708
* remove more inaccessible URLs from server.xmlMatthew Harmsen2015-08-071-0/+2
| | | | | | | - PKI TRAC Ticket #1443 - pkidaemon status tomcat list URLs under PKI subsystems which are not accessible - PKI TRAC Ticket #1518 - OCSP ee url returned by pkidaemon status tomcat shows an error page
* TPS add phone home URLs to pkidaemon status message.Jack Magne2015-07-161-0/+112
| | | | | | Ticket # 1466 . Also remove some needless copies of server.xml from the code.
* Renamed deprecated pylint 'disable-msg' to 'disable'.Matthew Harmsen2015-07-141-1/+1
|
* Disable 'W1401' anomalous-backslash-in-string pylint warning for regexMatthew Harmsen2015-07-131-0/+1
| | | | expressions used by system call to 'sed'.
* remove inaccessible URLs from server.xmlMatthew Harmsen2015-07-131-0/+40
| | | | | - PKI TRAC Ticket #1443 - pkidaemon status tomcat list URLs under PKI subsystems which are not accessible
* Run pylint on upgrade scriptsChristian Heimes2015-06-1623-36/+35
| | | | | | | pylint-build-scan.sh doesn't checked the upgrader's Python files yet. This patch adds the common and server upgrade scripts to pylint-build-scan.sh. It also fixes a couple of pylint violations, mostly missing calls to __init__().
* Add new KRA audit events to KRA's CS.cfgChristian Heimes2015-06-161-0/+72
| | | | | | | The patch implements an updater, that adds the new KRA signed audit events (#1160) to KRA's CS.cfg. https://fedorahosted.org/pki/ticket/1382
* Update: fix CS.cfg permissionsFraser Tweedale2015-06-161-0/+1
| | | | | The 10.2.3/02-FixBindPWPrompt upgrade scriptlet leaves CS.cfg owned by root. chown CS.cfg to the instance owner.
* Upgrade: add scriptlet to fix nuxwdog listener classFraser Tweedale2015-06-161-0/+36
|
* Upgrade: check file exists before chowningFraser Tweedale2015-06-161-1/+2
| | | | | | Dogtag entered a state where an upgrade script failed before it was trying to chown a file that didn't exist. Add a check that the file exists.
* Refactored upgrade scripts.Endi S. Dewata2015-05-119-186/+35
| | | | | | | The upgrade scripts have been modified to use the uid and gid provided by PKIInstance object. https://fedorahosted.org/pki/ticket/1341
* Ticket 1295 Upgrade script for - CA: OCSP via GET does not workChristina Fu2015-05-051-0/+79
|
* Remove duplicate prompt on nuxwdog startupAde Lee2015-04-231-0/+49
|
* Added upgrade script to fix instance work folder ownership.Endi S. Dewata2015-04-081-0/+57
| | | | | | | | The <instance>/work/Catalina/localhost/pki folder was owned by root in Dogtag 10.0.x but now should be owned by pkiuser. An upgrade script has been added to fix the ownership. https://fedorahosted.org/pki/ticket/802
* Updated Resteasy and Jackson dependenciesEndi S. Dewata2015-02-031-0/+60
| | | | | | | | | | In Fedora 22 the Resteasy package has been split into several subpackages. The pki-core.spec has been modified to depend on more specific Resteasy packages which depend only on Jackson 1.x. The classpaths and various scripts have been modified to remove unused references to Jackson 2.x. https://fedorahosted.org/pki/ticket/1254
* Added server management CLI.Endi S. Dewata2015-01-281-0/+56
| | | | | | | | | | | | | A new pki-server CLI has been added to manage the instances and subsystems using the server management library. This CLI manages the system files directly, so it can only be run locally on the server by the system administrator. The autoDeploy setting in server.xml has been enabled by default. An upgrade script has been added to enable the autoDeploy setting in existing instances. https://fedorahosted.org/pki/ticket/1183
* Moved web application deployment locations.Endi S. Dewata2015-01-281-0/+119
| | | | | | | | | | | | | Currently web applications are deployed into Host's appBase (i.e. <instance>/webapps). To allow better control of individual subsystem deployments, the web applications have to be moved out of the appBase so that the autoDeploy can work properly later. This patch moves the common web applications to <instance>/ common/webapps and subsystem web applications to <instance>/ <subsystem>/webapps. An upgrade script has been added to update existing deployments. https://fedorahosted.org/pki/ticket/1183
* Ticket 1198 Bugzilla 1158410 add TLS range support to server.xml by default ↵Christina Fu2014-11-241-0/+102
| | | | and upgrade
* Updated version to 10.2.1-0.1.Endi S. Dewata2014-10-271-0/+4
| | | | https://fedorahosted.org/pki/ticket/1191
* Added idempotent 01-MoveWebApplicationContextFile migration scriptAde Lee2014-09-193-0/+108
| | | | Added to 10.1.1 to be consistent with 10.1 branch.
* Added missing upgrade folders.Endi S. Dewata2014-08-271-0/+4
| | | | | | The current upgrade framework requires that all supported versions to upgrade from to have corresponding upgrade folders even though they might be empty. New empty folders have been added for 10.1.1.
* Removed config path from web.xml.Endi S. Dewata2014-03-171-0/+80
| | | | | | | | | | | | | | | | | | | | | Previously the CMSStartServlet always requires a cfgPath parameter pointing to the CS.cfg location. By default the parameter points to <instance>/conf/<subsystem>/CS.cfg unless it's manually changed by the admin after installation. Recently the servlet has been modified such that if the parameter is not specified it will generate the default path automatically. So it is no longer necessary to keep the cfgPath parameter in the web.xml templates because it will point to the same location. This patch removes the cfgPath parameters from all web.xml templates. This way newly created subsystems will not have this parameter, which will help direct deployment in the future. An upgrade script has been added to remove the parameter from existing instances if it points to the default location. If the parameter points to a different location that means the subsystem has been customized so it will not be changed. Ticket #748, #499
* Reorganized REST service classes.Endi S. Dewata2014-02-281-0/+74
| | | | | | | | The REST service classes have been moved into org.dogtagpki.server namespace. A new upgrade script has been added to update existing instances. Ticket #114
* Upgraded RESTEasy client library.Endi S. Dewata2014-02-271-0/+76
| | | | | | | | | | The Dogtag client library has been modified to use RESTEasy 3.0 client library. A new upgrade script has been added to update existing servers. The JAXB annotation in ResourceMessage has been modified to require explicit property mapping. Ticket #554
* Added upgrade script to replace Jettison with Jackson.Endi S. Dewata2014-02-061-0/+136
| | | | | | | A new upgrade script has been added to replace Jettison links with Jackson links in Tomcat's common library. Ticket #817
* Moved web application context file.Endi S. Dewata2013-12-163-11/+101
| | | | | | | | | | | | | | The location of web application context file has been changed from <instance>/webapps/<name>/META-INF/context.xml into <instance>/conf/Catalina/localhost/<name>.xml. This will eventually allow deploying the web application directly from the shared folder. A new upgrade script has been added to move the context files in the existing instances. Ticket #499
* Add migration scripts to fix registry file and ownershipAde Lee2013-11-202-0/+121
| | | | | | | | | | | | Migration scripts have been added to update the registry file for tomcat instances to use PKI_INSTANCE_NAME instead of PKI_INSTANCE_ID. File ownershipof the registry file and log files is also fixed. Also removed unused lock file logic in operations startup script. This is for migration from 10.0 -> 10.1 Ticket 805
* Replaced auth.properties with acl.properties.Endi S. Dewata2013-11-202-8/+9
| | | | | | | | | | | | | | The ACL mapping files have been renamed from auth.properties to acl.properties to match the actual content and moved into the subsystem conf folder. The authentication method mapping files have been extracted from the interceptor into actual files. The ACLInterceptor and AuthMethodInterceptors have been modified to read the default mapping first, then overwrite it with custom mapping if it exists in the subsystem folder. The UpdateAuthzProperties upgrade script has been replaced with RemoveAuthProperties that will remove the old auth.properties.
generated by cgit (git 2.34.1) at 2024-07-06 20:28:07 +0000