From 9c879d5feea84bb90faf77c0c68fd57325c5b5b5 Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Wed, 28 Nov 2012 13:12:24 -0500 Subject: Simplified the configuration file using defaults. Previously to create a subsystem the admin would have to copy the entire default deployment configuration, which contains many parameters, and then customize it. Now the deployment code has been changed such that the default config file will be used to provide the default values, so the admin will only need to provide the non-default parameters, thus reducing the size of the file. Sample configuration files are provided in /usr/share/pki/ deployment/config. Ticket #399 --- base/deploy/CMakeLists.txt | 11 +- base/deploy/config/deployment.cfg | 255 +++++++++++++++++++++ base/deploy/config/pkideployment.cfg | 255 --------------------- base/deploy/config/sample.cfg | 6 + .../deploy/src/scriptlets/infrastructure_layout.py | 4 +- base/deploy/src/scriptlets/pkiconfig.py | 11 +- base/deploy/src/scriptlets/pkimessages.py | 2 +- base/deploy/src/scriptlets/pkiparser.py | 10 +- 8 files changed, 281 insertions(+), 273 deletions(-) create mode 100644 base/deploy/config/deployment.cfg delete mode 100644 base/deploy/config/pkideployment.cfg create mode 100644 base/deploy/config/sample.cfg diff --git a/base/deploy/CMakeLists.txt b/base/deploy/CMakeLists.txt index 9838b0343..26abe5346 100644 --- a/base/deploy/CMakeLists.txt +++ b/base/deploy/CMakeLists.txt @@ -56,15 +56,10 @@ install( ) install( - FILES - config/pkideployment.cfg - config/pkislots.cfg + DIRECTORY + config DESTINATION - ${DATA_INSTALL_DIR}/deployment/config - PERMISSIONS - OWNER_WRITE OWNER_READ - GROUP_READ - WORLD_READ + ${DATA_INSTALL_DIR}/deployment ) find_package(PythonInterp REQUIRED) diff --git a/base/deploy/config/deployment.cfg b/base/deploy/config/deployment.cfg new file mode 100644 index 000000000..133d4e993 --- /dev/null +++ b/base/deploy/config/deployment.cfg @@ -0,0 +1,255 @@ +############################################################################### +## Default Configuration: ## +## ## +## This section contains meta-parameters that determine how the PKI ## +## configuration should work. ## +############################################################################### +[DEFAULT] + +# The sensitive_parameters contains a list of parameters which may contain +# sensitive information which must not be displayed to the console nor stored +# in log files for security reasons. +sensitive_parameters= + pki_admin_password + pki_backup_password + pki_client_database_password + pki_client_pin + pki_client_pkcs12_password + pki_clone_pkcs12_password + pki_ds_password + pki_one_time_pin + pki_pin + pki_security_domain_password + pki_token_password + +############################################################################### +## Common Configuration: ## +## ## +## Values in this section are common to more than one PKI subsystem, and ## +## contain required information which MAY be overridden by users as ## +## necessary. ## +## ## +## NOTE: Default values will be generated for any and all required ## +## 'common' data values which are left undefined. ## +############################################################################### +[Common] +pki_admin_cert_request_type=crmf +pki_admin_domain_name= +pki_admin_dualkey=False +pki_admin_email= +pki_admin_keysize=2048 +pki_admin_name= +pki_admin_nickname= +pki_admin_password= +pki_admin_subject_dn= +pki_admin_uid= +pki_audit_group=pkiaudit +pki_audit_signing_key_algorithm=SHA256withRSA +pki_audit_signing_key_size=2048 +pki_audit_signing_key_type=rsa +pki_audit_signing_nickname= +pki_audit_signing_signing_algorithm=SHA256withRSA +pki_audit_signing_subject_dn= +pki_audit_signing_token= +pki_backup_keys=False +pki_backup_password= +pki_client_database_dir= +pki_client_database_password= +pki_client_database_purge=True +pki_client_dir= +pki_client_pkcs12_password= +pki_ds_base_dn= +pki_ds_bind_dn=cn=Directory Manager +pki_ds_database= +pki_ds_hostname= +pki_ds_ldap_port=389 +pki_ds_ldaps_port=636 +pki_ds_password= +pki_ds_remove_data=True +pki_ds_secure_connection=False +pki_group=pkiuser +pki_issuing_ca= +pki_restart_configured_instance=True +pki_security_domain_hostname= +pki_security_domain_https_port=8443 +pki_security_domain_name= +pki_security_domain_password= +pki_security_domain_user= +pki_skip_configuration=False +pki_skip_installation=False +pki_ssl_server_key_algorithm=SHA256withRSA +pki_ssl_server_key_size=2048 +pki_ssl_server_key_type=rsa +pki_ssl_server_nickname= +pki_ssl_server_subject_dn= +pki_ssl_server_token= +pki_subsystem_key_algorithm=SHA256withRSA +pki_subsystem_key_size=2048 +pki_subsystem_key_type=rsa +pki_subsystem_nickname= +pki_subsystem_subject_dn= +pki_subsystem_token= +pki_token_name=internal +pki_token_password= +pki_user=pkiuser + +############################################################################### +## Apache Configuration: ## +## ## +## Values in this section are common to PKI subsystems that run ## +## as an instance of 'Apache' (RA and TPS subsystems), and contain ## +## required information which MAY be overridden by users as necessary. ## +############################################################################### +[Apache] +pki_instance_name=pki-apache +pki_http_port=80 +pki_https_port=443 + +############################################################################### +## Tomcat Configuration: ## +## ## +## Values in this section are common to PKI subsystems that run ## +## as an instance of 'Tomcat' (CA, KRA, OCSP, and TKS subsystems ## +## including 'Clones', 'Subordinate CAs', and 'External CAs'), and contain ## +## required information which MAY be overridden by users as necessary. ## +## ## +## PKI CLONES: To specify a 'CA Clone', a 'KRA Clone', an 'OCSP Clone', ## +## or a 'TKS Clone', change the value of 'pki_clone' ## +## from 'False' to 'True'. ## +## ## +## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## +## are MUTUALLY EXCLUSIVE entities!!! ## +############################################################################### +[Tomcat] +pki_ajp_port=8009 +pki_clone=False +pki_clone_pkcs12_password= +pki_clone_pkcs12_path= +pki_clone_replicate_schema=True +pki_clone_replication_master_port= +pki_clone_replication_clone_port= +pki_clone_replication_security=None +pki_clone_uri= +pki_enable_java_debugger=False +pki_enable_proxy=False +pki_http_port=8080 +pki_https_port=8443 +pki_instance_name=pki-tomcat +pki_proxy_http_port=80 +pki_proxy_https_port=443 +pki_security_manager=true +pki_tomcat_server_port=8005 + +############################################################################### +## CA Configuration: ## +## ## +## Values in this section are common to CA subsystems including 'PKI CAs', ## +## 'Cloned CAs', 'Subordinate CAs', and 'External CAs', and contain ## +## required information which MAY be overridden by users as necessary. ## +## ## +## EXTERNAL CAs: To specify an 'External CA', change the value ## +## of 'pki_external' from 'False' to 'True'. ## +## ## +## SUBORDINATE CAs: To specify a 'Subordinate CA', change the value ## +## of 'pki_subordinate' from 'False' to 'True'. ## +## ## +## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## +## are MUTUALLY EXCLUSIVE entities!!! ## +############################################################################### +[CA] +pki_ca_signing_key_algorithm=SHA256withRSA +pki_ca_signing_key_size=2048 +pki_ca_signing_key_type=rsa +pki_ca_signing_nickname= +pki_ca_signing_signing_algorithm=SHA256withRSA +pki_ca_signing_subject_dn= +pki_ca_signing_token= +pki_external=False +pki_external_ca_cert_chain_path= +pki_external_ca_cert_path= +pki_external_csr_path= +pki_external_step_two=False +pki_ocsp_signing_key_algorithm=SHA256withRSA +pki_ocsp_signing_key_size=2048 +pki_ocsp_signing_key_type=rsa +pki_ocsp_signing_nickname= +pki_ocsp_signing_signing_algorithm=SHA256withRSA +pki_ocsp_signing_subject_dn= +pki_ocsp_signing_token= +pki_subordinate=False +pki_subsystem=CA +pki_subsystem_name= + +############################################################################### +## KRA Configuration: ## +## ## +## Values in this section are common to KRA subsystems ## +## including 'PKI KRAs' and 'Cloned KRAs', and contain ## +## required information which MAY be overridden by users as necessary. ## +############################################################################### +[KRA] +pki_storage_key_algorithm=SHA256withRSA +pki_storage_key_size=2048 +pki_storage_key_type=rsa +pki_storage_nickname= +pki_storage_signing_algorithm=SHA256withRSA +pki_storage_subject_dn= +pki_storage_token= +pki_subsystem=KRA +pki_subsystem_name= +pki_transport_key_algorithm=SHA256withRSA +pki_transport_key_size=2048 +pki_transport_key_type=rsa +pki_transport_nickname= +pki_transport_signing_algorithm=SHA256withRSA +pki_transport_subject_dn= +pki_transport_token= + +############################################################################### +## OCSP Configuration: ## +## ## +## Values in this section are common to OCSP subsystems ## +## including 'PKI OCSPs' and 'Cloned OCSPs', and contain ## +## required information which MAY be overridden by users as necessary. ## +############################################################################### +[OCSP] +pki_ocsp_signing_key_algorithm=SHA256withRSA +pki_ocsp_signing_key_size=2048 +pki_ocsp_signing_key_type=rsa +pki_ocsp_signing_nickname= +pki_ocsp_signing_signing_algorithm=SHA256withRSA +pki_ocsp_signing_subject_dn= +pki_ocsp_signing_token= +pki_subsystem=OCSP +pki_subsystem_name= + +############################################################################### +## RA Configuration: ## +## ## +## Values in this section are common to PKI RA subsystems, and contain ## +## required information which MAY be overridden by users as necessary. ## +############################################################################### +[RA] +pki_subsystem=RA +pki_subsystem_name= + +############################################################################### +## TKS Configuration: ## +## ## +## Values in this section are common to TKS subsystems ## +## including 'PKI TKSs' and 'Cloned TKSs', and contain ## +## required information which MAY be overridden by users as necessary. ## +############################################################################### +[TKS] +pki_subsystem=TKS +pki_subsystem_name= + +############################################################################### +## TPS Configuration: ## +## ## +## Values in this section are common to PKI TPS subsystems, and contain ## +## required information which MAY be overridden by users as necessary. ## +############################################################################### +[TPS] +pki_subsystem=TPS +pki_subsystem_name= diff --git a/base/deploy/config/pkideployment.cfg b/base/deploy/config/pkideployment.cfg deleted file mode 100644 index 133d4e993..000000000 --- a/base/deploy/config/pkideployment.cfg +++ /dev/null @@ -1,255 +0,0 @@ -############################################################################### -## Default Configuration: ## -## ## -## This section contains meta-parameters that determine how the PKI ## -## configuration should work. ## -############################################################################### -[DEFAULT] - -# The sensitive_parameters contains a list of parameters which may contain -# sensitive information which must not be displayed to the console nor stored -# in log files for security reasons. -sensitive_parameters= - pki_admin_password - pki_backup_password - pki_client_database_password - pki_client_pin - pki_client_pkcs12_password - pki_clone_pkcs12_password - pki_ds_password - pki_one_time_pin - pki_pin - pki_security_domain_password - pki_token_password - -############################################################################### -## Common Configuration: ## -## ## -## Values in this section are common to more than one PKI subsystem, and ## -## contain required information which MAY be overridden by users as ## -## necessary. ## -## ## -## NOTE: Default values will be generated for any and all required ## -## 'common' data values which are left undefined. ## -############################################################################### -[Common] -pki_admin_cert_request_type=crmf -pki_admin_domain_name= -pki_admin_dualkey=False -pki_admin_email= -pki_admin_keysize=2048 -pki_admin_name= -pki_admin_nickname= -pki_admin_password= -pki_admin_subject_dn= -pki_admin_uid= -pki_audit_group=pkiaudit -pki_audit_signing_key_algorithm=SHA256withRSA -pki_audit_signing_key_size=2048 -pki_audit_signing_key_type=rsa -pki_audit_signing_nickname= -pki_audit_signing_signing_algorithm=SHA256withRSA -pki_audit_signing_subject_dn= -pki_audit_signing_token= -pki_backup_keys=False -pki_backup_password= -pki_client_database_dir= -pki_client_database_password= -pki_client_database_purge=True -pki_client_dir= -pki_client_pkcs12_password= -pki_ds_base_dn= -pki_ds_bind_dn=cn=Directory Manager -pki_ds_database= -pki_ds_hostname= -pki_ds_ldap_port=389 -pki_ds_ldaps_port=636 -pki_ds_password= -pki_ds_remove_data=True -pki_ds_secure_connection=False -pki_group=pkiuser -pki_issuing_ca= -pki_restart_configured_instance=True -pki_security_domain_hostname= -pki_security_domain_https_port=8443 -pki_security_domain_name= -pki_security_domain_password= -pki_security_domain_user= -pki_skip_configuration=False -pki_skip_installation=False -pki_ssl_server_key_algorithm=SHA256withRSA -pki_ssl_server_key_size=2048 -pki_ssl_server_key_type=rsa -pki_ssl_server_nickname= -pki_ssl_server_subject_dn= -pki_ssl_server_token= -pki_subsystem_key_algorithm=SHA256withRSA -pki_subsystem_key_size=2048 -pki_subsystem_key_type=rsa -pki_subsystem_nickname= -pki_subsystem_subject_dn= -pki_subsystem_token= -pki_token_name=internal -pki_token_password= -pki_user=pkiuser - -############################################################################### -## Apache Configuration: ## -## ## -## Values in this section are common to PKI subsystems that run ## -## as an instance of 'Apache' (RA and TPS subsystems), and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[Apache] -pki_instance_name=pki-apache -pki_http_port=80 -pki_https_port=443 - -############################################################################### -## Tomcat Configuration: ## -## ## -## Values in this section are common to PKI subsystems that run ## -## as an instance of 'Tomcat' (CA, KRA, OCSP, and TKS subsystems ## -## including 'Clones', 'Subordinate CAs', and 'External CAs'), and contain ## -## required information which MAY be overridden by users as necessary. ## -## ## -## PKI CLONES: To specify a 'CA Clone', a 'KRA Clone', an 'OCSP Clone', ## -## or a 'TKS Clone', change the value of 'pki_clone' ## -## from 'False' to 'True'. ## -## ## -## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## -## are MUTUALLY EXCLUSIVE entities!!! ## -############################################################################### -[Tomcat] -pki_ajp_port=8009 -pki_clone=False -pki_clone_pkcs12_password= -pki_clone_pkcs12_path= -pki_clone_replicate_schema=True -pki_clone_replication_master_port= -pki_clone_replication_clone_port= -pki_clone_replication_security=None -pki_clone_uri= -pki_enable_java_debugger=False -pki_enable_proxy=False -pki_http_port=8080 -pki_https_port=8443 -pki_instance_name=pki-tomcat -pki_proxy_http_port=80 -pki_proxy_https_port=443 -pki_security_manager=true -pki_tomcat_server_port=8005 - -############################################################################### -## CA Configuration: ## -## ## -## Values in this section are common to CA subsystems including 'PKI CAs', ## -## 'Cloned CAs', 'Subordinate CAs', and 'External CAs', and contain ## -## required information which MAY be overridden by users as necessary. ## -## ## -## EXTERNAL CAs: To specify an 'External CA', change the value ## -## of 'pki_external' from 'False' to 'True'. ## -## ## -## SUBORDINATE CAs: To specify a 'Subordinate CA', change the value ## -## of 'pki_subordinate' from 'False' to 'True'. ## -## ## -## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## -## are MUTUALLY EXCLUSIVE entities!!! ## -############################################################################### -[CA] -pki_ca_signing_key_algorithm=SHA256withRSA -pki_ca_signing_key_size=2048 -pki_ca_signing_key_type=rsa -pki_ca_signing_nickname= -pki_ca_signing_signing_algorithm=SHA256withRSA -pki_ca_signing_subject_dn= -pki_ca_signing_token= -pki_external=False -pki_external_ca_cert_chain_path= -pki_external_ca_cert_path= -pki_external_csr_path= -pki_external_step_two=False -pki_ocsp_signing_key_algorithm=SHA256withRSA -pki_ocsp_signing_key_size=2048 -pki_ocsp_signing_key_type=rsa -pki_ocsp_signing_nickname= -pki_ocsp_signing_signing_algorithm=SHA256withRSA -pki_ocsp_signing_subject_dn= -pki_ocsp_signing_token= -pki_subordinate=False -pki_subsystem=CA -pki_subsystem_name= - -############################################################################### -## KRA Configuration: ## -## ## -## Values in this section are common to KRA subsystems ## -## including 'PKI KRAs' and 'Cloned KRAs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[KRA] -pki_storage_key_algorithm=SHA256withRSA -pki_storage_key_size=2048 -pki_storage_key_type=rsa -pki_storage_nickname= -pki_storage_signing_algorithm=SHA256withRSA -pki_storage_subject_dn= -pki_storage_token= -pki_subsystem=KRA -pki_subsystem_name= -pki_transport_key_algorithm=SHA256withRSA -pki_transport_key_size=2048 -pki_transport_key_type=rsa -pki_transport_nickname= -pki_transport_signing_algorithm=SHA256withRSA -pki_transport_subject_dn= -pki_transport_token= - -############################################################################### -## OCSP Configuration: ## -## ## -## Values in this section are common to OCSP subsystems ## -## including 'PKI OCSPs' and 'Cloned OCSPs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[OCSP] -pki_ocsp_signing_key_algorithm=SHA256withRSA -pki_ocsp_signing_key_size=2048 -pki_ocsp_signing_key_type=rsa -pki_ocsp_signing_nickname= -pki_ocsp_signing_signing_algorithm=SHA256withRSA -pki_ocsp_signing_subject_dn= -pki_ocsp_signing_token= -pki_subsystem=OCSP -pki_subsystem_name= - -############################################################################### -## RA Configuration: ## -## ## -## Values in this section are common to PKI RA subsystems, and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[RA] -pki_subsystem=RA -pki_subsystem_name= - -############################################################################### -## TKS Configuration: ## -## ## -## Values in this section are common to TKS subsystems ## -## including 'PKI TKSs' and 'Cloned TKSs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[TKS] -pki_subsystem=TKS -pki_subsystem_name= - -############################################################################### -## TPS Configuration: ## -## ## -## Values in this section are common to PKI TPS subsystems, and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[TPS] -pki_subsystem=TPS -pki_subsystem_name= diff --git a/base/deploy/config/sample.cfg b/base/deploy/config/sample.cfg new file mode 100644 index 000000000..6e9530334 --- /dev/null +++ b/base/deploy/config/sample.cfg @@ -0,0 +1,6 @@ +[Common] +pki_admin_password= +pki_backup_password= +pki_client_pkcs12_password= +pki_ds_password= +pki_security_domain_password= diff --git a/base/deploy/src/scriptlets/infrastructure_layout.py b/base/deploy/src/scriptlets/infrastructure_layout.py index e79fa8bfe..8eed598cd 100644 --- a/base/deploy/src/scriptlets/infrastructure_layout.py +++ b/base/deploy/src/scriptlets/infrastructure_layout.py @@ -40,7 +40,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): extra=config.PKI_INDENTATION_LEVEL_1) # NOTE: It was determined that since the "pkidestroy" command # relies upon a symbolic link to a replica of the original - # "pkideployment.cfg" configuration file used by the + # deployment configuration file used by the # "pkispawn" command of an instance, it is necessary to # create any required instance and subsystem directories # in this top-level "infrastructure_layout" scriptlet @@ -50,7 +50,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # # establish the top-level infrastructure, instance, and subsystem # registry directories for storage of a copy of the original - # "pkideployment.cfg" configuration file used to spawn this instance, + # deployment configuration file used to spawn this instance, # and save a copy of this file util.directory.create(master['pki_registry_path']) util.directory.create(master['pki_instance_type_registry_path']) diff --git a/base/deploy/src/scriptlets/pkiconfig.py b/base/deploy/src/scriptlets/pkiconfig.py index 004366216..35c80a5f7 100644 --- a/base/deploy/src/scriptlets/pkiconfig.py +++ b/base/deploy/src/scriptlets/pkiconfig.py @@ -99,9 +99,14 @@ PKI_DEPLOYMENT_DEFAULT_APACHE_SERVICE_NAME = "apache" PKI_DEPLOYMENT_DEFAULT_TOMCAT_SERVICE_NAME = "tomcat" PKI_DEPLOYMENT_DEFAULT_APACHE_INSTANCE_NAME = "pki-apache" PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME = "pki-tomcat" -PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE = "pkideployment.cfg" + +PKI_DEPLOYMENT_CONFIGURATION_DIR =\ + "/usr/share/pki/deployment/config" +PKI_DEPLOYMENT_CONFIGURATION_FILE = "deployment.cfg" +PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE =\ + PKI_DEPLOYMENT_CONFIGURATION_DIR + "/" + PKI_DEPLOYMENT_CONFIGURATION_FILE PKI_DEPLOYMENT_SLOTS_CONFIGURATION_FILE =\ - "/usr/share/pki/deployment/config/pkislots.cfg" + PKI_DEPLOYMENT_CONFIGURATION_DIR + "/pkislots.cfg" # subtypes of PKI subsystems PKI_DEPLOYMENT_CLONED_PKI_SUBSYSTEM = "Cloned" @@ -155,7 +160,7 @@ def str2bool(string): # and 'wait_to_attach_an_external_java_debugger(master)' functions, # change 'pki_enable_java_debugger=False' to # 'pki_enable_java_debugger=True' in the appropriate -# 'pkideployment.cfg' configuration file. +# deployment configuration file. def prepare_for_an_external_java_debugger(instance): print print PKI_DEPLOYMENT_INTERRUPT_BANNER diff --git a/base/deploy/src/scriptlets/pkimessages.py b/base/deploy/src/scriptlets/pkimessages.py index cec154c0a..dbfb8e1f7 100644 --- a/base/deploy/src/scriptlets/pkimessages.py +++ b/base/deploy/src/scriptlets/pkimessages.py @@ -114,7 +114,7 @@ PKIDESTROY_EPILOG =\ "REMINDER:\n\n"\ " The default PKI instance path will be calculated and placed in front\n"\ " of the mandatory '-i ' parameter, and the values that reside\n"\ -" in a copy of the 'pkideployment.cfg' file that was most recently used\n"\ +" in deployment configuration file that was most recently used\n"\ " by this instance's 'pkispawn' (or 'pkispawn -u') command will be\n"\ " utilized by 'pkidestroy' to remove this instance.\n\n"\ " Finally, if an optional '-p ' is defined, this value WILL be\n"\ diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py index 438b23bd7..d05870e04 100644 --- a/base/deploy/src/scriptlets/pkiparser.py +++ b/base/deploy/src/scriptlets/pkiparser.py @@ -178,7 +178,7 @@ class PKIConfigParser: deployed_pki_subsystem_path + "/" +\ "registry" + "/" +\ config.pki_subsystem.lower() + "/" +\ - config.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE + config.PKI_DEPLOYMENT_CONFIGURATION_FILE # always verify that configuration file exists if not os.path.exists(config.pkideployment_cfg) or\ not os.path.isfile(config.pkideployment_cfg): @@ -222,7 +222,9 @@ class PKIConfigParser: self.pki_config = ConfigParser.ConfigParser() # Make keys case-sensitive! self.pki_config.optionxform = str - self.pki_config.read(config.pkideployment_cfg) + self.pki_config.read([ + config.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE, + config.pkideployment_cfg]) config.pki_default_dict = self.pki_config.defaults() pkilogging.sensitive_parameters = config.pki_default_dict['sensitive_parameters'].split() config.pki_common_dict = dict(self.pki_config._sections['Common']) @@ -2309,11 +2311,11 @@ class PKIConfigParser: # Finalization name/value pairs config.pki_master_dict['pki_deployment_cfg_replica'] =\ os.path.join(config.pki_master_dict['pki_subsystem_registry_path'], - config.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE) + config.PKI_DEPLOYMENT_CONFIGURATION_FILE) config.pki_master_dict['pki_deployment_cfg_spawn_archive'] =\ config.pki_master_dict['pki_subsystem_archive_log_path'] + "/" +\ "spawn" + "_" +\ - config.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE + "." +\ + config.PKI_DEPLOYMENT_CONFIGURATION_FILE + "." +\ config.pki_master_dict['pki_timestamp'] config.pki_master_dict['pki_deployment_cfg_respawn_archive'] =\ config.pki_master_dict['pki_subsystem_archive_log_path'] + "/" +\ -- cgit