| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
| |
The build and deployment tools have been modified to support creating
a basic Tomcat instance to run TPS. New configuration and template
files for TPS have been copied from another Tomcat subsystem. The TPS
functionality itself will be added in future patches.
Ticket #526
|
| |
|
|
|
|
| |
* TRAC Ticket #606 - add restart / start at boot info to pkispawn man page
* TRAC Ticket #610 - Document limitation in using GUI install
* TRAC Ticket #629 - Package ownership of '/usr/share/pki/etc/' directory
|
| |
|
|
|
|
|
|
| |
Replace try-except with with construct in python code in applicable
places where there is no exception handling required. Also added
finally block to close resources opened in a try except block.
Ticket #560
|
| |
|
|
|
|
|
|
|
| |
If pki_skip_configuration=True, then do not display the installation
summary. And, display client database details only when
pki_client_database_purge=False. Also replace \t with spaces in the
print messages.
Ticket #599
|
| |
|
|
|
|
|
|
|
|
|
| |
Previously the server certificate name was partially hard-coded as
"Server-Cert cert-[PKI_INSTANCE_NAME]". Now in Tomcat-based subsystems
it can be fully configured using pki_ssl_server_nickname parameter.
In Apache-based subsystems it's left unchanged.
Unused serverCertNick.conf files have been removed.
Ticket #631
|
| |
|
|
|
| |
The CA_PORT variable has been renamed into PKI_CA_PORT for
consistency.
|
| |
|
|
|
| |
The CA_HOST variable has been renamed into PKI_CA_HOSTNAME
for consistency.
|
| |
|
|
|
| |
The PKI_SUBSYSTEM_DIR variable is redundant and can be replaced
with PKI_SUBSYSTEM_TYPE.
|
| |
|
|
|
| |
The PKI_INSTANCE_ID variable has been renamed into PKI_INSTANCE_NAME
for consistency.
|
| |
|
|
|
| |
The SERVER_NAME and PKI_MACHINE_NAME variables have been renamed
into PKI_HOSTNAME for consistency.
|
| |
|
|
|
| |
The PORT and UNSECURE_PORT variables in RA and TPS has been renamed
into PKI_UNSECURE_PORT to match the Tomcat-based subsystems.
|
| |
|
|
|
|
|
| |
Raise an exception on error so that it can be handled by the
caller.
Ticket #562
|
| |
|
|
|
|
| |
Recently the JNI_JAR_DIR was moved into /usr/share/pki/etc/pki.conf.
A new upgrade script has been added to remove the unused JNI_JAR_DIR
from /etc/pki/pki.conf.
|
| |
|
|
|
|
|
|
|
|
| |
The upgrade framework has been modified to support backup and restore
functionality. A new method backup(filename) has been added to save
a file into a backup folder. The CLI's have been modified to accept
a --revert parameter which will restore the backup files one version
at a time.
Ticket #583
|
| |
|
|
|
|
|
|
|
|
| |
The JNI_JAR_DIR is supposed to be architecture-specific but the
pki-base package is architecture-neutral. So, to ensure it has the
correct value, the variable will be set at post installation.
Also, to simplify the upgrade process, the variable has been moved
from /etc/pki/pki.conf into /usr/share/pki/etc/pki.conf. The build,
deployment, startup, and upgrade scripts have been modified
accordingly.
|
| |
|
|
|
|
|
|
|
|
| |
When setting up clones or non-CA subsystems, pkispawn checks if
the security domain is accessible and if the user can log in.
These calls invoke REST URIs, which are not available on older
subsystems. To support these subsystems, we need to attempt the
older legacy servlets if the REST APIs are not available.
Ticket #604
|
| |
|
|
|
| |
The pki.server module has been fixed to include the module name
of the PKIException.
|
| |
|
|
|
| |
The pki.server module has been fixed to include the module name
of the BASE_DIR.
|
| |
|
|
|
|
|
|
|
|
| |
A new upgrade scriptlet has been added to add JNI_JAR_DIR into
pki.conf. The code to manipulate property files has been refactored
from PKIUpgradeTracker into a separate PropertyFile class to allow
reuse.
The pki-base package has been modified to deliver a default pki.conf
in /usr/share/pki/etc and copy it into /etc/pki if it doesn't exist.
|
| |
|
|
|
|
|
|
| |
The PKIServerUpgrader.get_current_version() incorrectly returns None
if there is no instance on the system. It has been modified to return
the target version so that no upgrade operation will occur.
Bugzilla #957690
|
| |
|
|
|
|
| |
Update kraconnector-delete call to use -c for database password.
Update get-install-token call to specify instance certdb. Removed
--ignore-untrusted directives on both. Update man page.
|
| |
|
|
|
|
|
|
| |
The code used by pkispawn and pkidestroy has been modified to ignore
certificate validity warnings/errors that happens during installation.
The instanceCreationMode is now redundant and has been removed from
ClientConfig.
|
| |
|
|
|
| |
The default folder for to store user files in the home directory
has been changed from .pki to .dogtag.
|
| |
|
|
|
|
|
|
| |
The log file is not very useful without the level of logging.
If you have occasion to go to the log file, then you want to
see all the gory details, This of course is valid for pkidestroy too.
Also removed an unneeded import introduced by mistake.
|
| |
|
|
|
|
|
| |
Print the stacktrace to the log file if there is an error while
executing pkispawn.
Ticket #592
|
| |
|
|
|
|
|
|
|
|
| |
The upgrade framework has been split into base and server upgrade
frameworks since they will be run automatically by different RPM
packages during upgrade. The base upgrade framework will upgrade
the system configuration. The server upgrade framework will upgrade
the instances and subsystems.
Ticket #544
|
| |
|
|
|
|
|
| |
The pki.conf has been moved into the base/common folder to match
the RPM package.
Ticket #553
|
| |
|
|
|
|
|
|
|
| |
After configuration is done, the JSON result can have only one system
cert (in case of clone installation). But the code expects a list of
certs rather than a single cert. So when there is only one certificate
it is added to a list and processed.
Ticket #593
|
| |
|
|
|
|
| |
Do not log the installation information after completion of
installation in pkispawn because, when run in verbose mode,
All the information is printed twice in an unordered way.
|
| |
|
|
|
|
|
|
|
|
| |
D9 instances run on tomcat6, which does not have support for the
autheticator and realm. We are not supporting the REST operations
on D9 style instances. They will need to be migrated.
The migration framework has been modified to process d9 or d10
style instances, and a migration script has been added to add the new
servlet to existing d9 instances.
|
| |
|
|
|
|
| |
This patch adds support for random certificate serial numbers.
Bug 912554.
|
| |
|
|
|
|
|
|
| |
Add a retry mechanism to pkispawn/pkidestroy when they could not
acquire semanage transaction lock while setting/deleting selinux
contexts.
Ticket #470
|
| |
|
|
|
|
|
| |
Print the command to get the status of a subsystem and the URL to
access after installation.
Ticket #514
|
| |
|
|
|
|
|
| |
Remove the sensitive parameters before archiving the user
configurations in the archive file.
Ticket #566
|
| |
|
|
|
|
|
|
|
|
|
| |
The upgrade framework has been modified to use pki.conf to track
system upgrade, tomcat.conf to track instance upgrade, and CS.cfg
to track subsystem upgrade.
The preop.product.version in CS.cfg has been renamed into
cms.product.version and is now used to track upgrade.
Ticket #544
|
| |
|
|
|
|
|
| |
Some common constants and methods in pki.upgrade have been moved
into the pki module.
Ticket #544
|
| |
|
|
|
|
|
| |
Modified code to use this interface by default. Added required
migration script code.
Ticket 546
|
| |
|
|
| |
Ticket 546
|
| |
|
|
|
|
|
| |
An upgrade script has been added to update the context.xml to
configure the random number generator.
Ticket #545
|
| |
|
|
|
|
|
|
| |
A new Python library has been added to provide a framework to develop
upgrade scriptlets. A new CLI has been added to execute the upgrade
scriptlets.
Ticket #544
|
| |
|
|
|
|
|
|
| |
Remove all the declarations, definitions and invocations of respawn()
method in the deploment scripts. Remove the -u update option in pkispawn
script.
Ticket #542
|
|
|
The base/deploy folder has been renamed to base/server to match the
package name. The pki.conf has been moved into pki-base package.
Ticket #553, #564
|
