From a3f7d585fed02fb8b0adaf46228f23bf1275c596 Mon Sep 17 00:00:00 2001
From: Ade Lee <alee@redhat.com>
Date: Tue, 4 Dec 2012 11:25:55 -0500
Subject: Interpolation correction patch based on review comments

---
 base/deploy/config/deployment.cfg | 77 ++++++++++++++++++++++-----------------
 1 file changed, 43 insertions(+), 34 deletions(-)

(limited to 'base/deploy/config/deployment.cfg')

diff --git a/base/deploy/config/deployment.cfg b/base/deploy/config/deployment.cfg
index 9eb930414..abd0fb441 100644
--- a/base/deploy/config/deployment.cfg
+++ b/base/deploy/config/deployment.cfg
@@ -1,5 +1,5 @@
 ###############################################################################
-##  Common Configuration:                                                    ##
+##  Default Configuration:                                                   ##
 ##                                                                           ##
 ##  Values in this section are common to more than one PKI subsystem, and    ##
 ##  contain required information which MAY be overridden by users as         ##
@@ -52,8 +52,21 @@ destroy_scriplets=
     infrastructure_layout
     finalization
 
+# By default, the following parameters will be set for Tomcat and Apache instances.
+# There is no reason to uncomment these.  They are provided for reference in 
+# case someone wants to override them in their config file.
+#
+# Tomcat instances:
+# pki_subsystem_name=pki_tomcat 
+# pki_https_port=8443
+# pki_http_port=8080
+#
+# Apache instances:
+# pki_subsystem_name=pki_tomcat
+# pki_https_port=443
+# pki_http_port=80
+
 pki_admin_cert_request_type=crmf
-pki_admin_domain_name=
 pki_admin_dualkey=False
 pki_admin_keysize=2048
 pki_admin_password=
@@ -77,15 +90,12 @@ pki_ds_password=
 pki_ds_remove_data=True
 pki_ds_secure_connection=False
 pki_group=pkiuser
-pki_http_port=%(default_http_port)s
-pki_https_port=%(default_https_port)s
 pki_instance_id=%(pki_instance_name)s
-pki_instance_name=%(default_instance_name)s
 pki_issuing_ca=
 pki_restart_configured_instance=True
-pki_security_domain_hostname=%(hostname)s
+pki_security_domain_hostname=%(pki_hostname)s
 pki_security_domain_https_port=8443
-pki_security_domain_name=%(dns_domainname)s Security Domain
+pki_security_domain_name=%(pki_dns_domainname)s Security Domain
 pki_security_domain_password=
 pki_security_domain_user=
 pki_skip_configuration=False
@@ -94,9 +104,8 @@ pki_ssl_server_key_algorithm=SHA256withRSA
 pki_ssl_server_key_size=2048
 pki_ssl_server_key_type=rsa
 pki_ssl_server_nickname=Server-Cert cert-%(pki_instance_id)s
-pki_ssl_server_subject_dn=cn=%(hostname)s,o=%(pki_security_domain_name)s
+pki_ssl_server_subject_dn=cn=%(pki_hostname)s,o=%(pki_security_domain_name)s
 pki_ssl_server_token=Internal Key Storage Token
-pki_subsystem=%(subsystem_type)s
 pki_subsystem_key_algorithm=SHA256withRSA
 pki_subsystem_key_size=2048
 pki_subsystem_key_type=rsa
@@ -166,7 +175,7 @@ pki_tomcat_server_port=8005
 pki_ca_signing_key_algorithm=SHA256withRSA
 pki_ca_signing_key_size=2048
 pki_ca_signing_key_type=rsa
-pki_ca_signing_nickname=caSigningCert cert-%(pki_instance_id)s %(pki_subsystem)s
+pki_ca_signing_nickname=caSigningCert cert-%(pki_instance_id)s CA
 pki_ca_signing_signing_algorithm=SHA256withRSA
 pki_ca_signing_subject_dn=cn=CA Signing Certificate,o=%(pki_security_domain_name)s
 pki_ca_signing_token=Internal Key Storage Token
@@ -179,22 +188,22 @@ pki_import_admin_cert=False
 pki_ocsp_signing_key_algorithm=SHA256withRSA
 pki_ocsp_signing_key_size=2048
 pki_ocsp_signing_key_type=rsa
-pki_ocsp_signing_nickname=ocspSigningCert cert-%(pki_instance_id)s %(pki_subsystem)s
+pki_ocsp_signing_nickname=ocspSigningCert cert-%(pki_instance_id)s CA
 pki_ocsp_signing_signing_algorithm=SHA256withRSA
 pki_ocsp_signing_subject_dn=cn=CA OCSP Signing Certificate,o=%(pki_security_domain_name)s
 pki_ocsp_signing_token=Internal Key Storage Token
 pki_subordinate=False
-pki_admin_email=%(pki_admin_name)s@%(dns_domainname)s
+pki_admin_email=%(pki_admin_name)s@%(pki_dns_domainname)s
 pki_admin_name=%(pki_admin_uid)s
-pki_admin_nickname=PKI Administrator for %(dns_domainname)s
+pki_admin_nickname=PKI Administrator for %(pki_dns_domainname)s
 pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
 pki_admin_uid=caadmin
-pki_audit_signing_nickname= auditSigningCert cert-%(pki_instance_id)s CA
+pki_audit_signing_nickname=auditSigningCert cert-%(pki_instance_id)s CA
 pki_audit_signing_subject_dn=cn=CA Audit Signing Certificate,o=%(pki_security_domain_name)s
 pki_ds_base_dn=o=%(pki_instance_id)s-CA
 pki_ds_database=%(pki_instance_name)s-CA
-pki_ds_hostname=%(hostname)s
-pki_subsystem_name=CA %(hostname)s %(pki_https_port)s
+pki_ds_hostname=%(pki_hostname)s
+pki_subsystem_name=CA %(pki_hostname)s %(pki_https_port)s
 pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s CA
 pki_subsystem_subject_dn=cn=CA Subsystem Certificate,o=%(pki_security_domain_name)s
 
@@ -222,17 +231,17 @@ pki_transport_nickname=transportCert cert-%(pki_instance_id)s KRA
 pki_transport_signing_algorithm=SHA256withRSA
 pki_transport_subject_dn=cn=DRM Transport Certificate,o=%(pki_security_domain_name)s
 pki_transport_token=Internal Key Storage Token
-pki_admin_email=%(pki_admin_name)s@%(dns_domainname)s
+pki_admin_email=%(pki_admin_name)s@%(pki_dns_domainname)s
 pki_admin_name=%(pki_admin_uid)s
-pki_admin_nickname=PKI Administrator for %(dns_domainname)s
-pki_admin_subject_dn=cn=PKI Administrator,,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
+pki_admin_nickname=PKI Administrator for %(pki_dns_domainname)s
+pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
 pki_admin_uid=kraadmin
-pki_audit_signing_nickname= auditSigningCert cert-%(pki_instance_id)s KRA
+pki_audit_signing_nickname=auditSigningCert cert-%(pki_instance_id)s KRA
 pki_audit_signing_subject_dn=cn=KRA Audit Signing Certificate,o=%(pki_security_domain_name)s
 pki_ds_base_dn=o=%(pki_instance_id)s-KRA
 pki_ds_database=%(pki_instance_name)s-KRA
-pki_ds_hostname=%(hostname)s
-pki_subsystem_name=KRA %(hostname)s %(pki_https_port)s
+pki_ds_hostname=%(pki_hostname)s
+pki_subsystem_name=KRA %(pki_hostname)s %(pki_https_port)s
 pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s KRA
 pki_subsystem_subject_dn=cn=KRA Subsystem Certificate,o=%(pki_security_domain_name)s
 
@@ -252,17 +261,17 @@ pki_ocsp_signing_nickname=ocspSigningCert cert-%(pki_instance_id)s OCSP
 pki_ocsp_signing_signing_algorithm=SHA256withRSA
 pki_ocsp_signing_subject_dn=cn=OCSP Signing Certificate,o=%(pki_security_domain_name)s
 pki_ocsp_signing_token=Internal Key Storage Token
-pki_admin_email=%(pki_admin_name)s@%(dns_domainname)s
+pki_admin_email=%(pki_admin_name)s@%(pki_dns_domainname)s
 pki_admin_name=%(pki_admin_uid)s
-pki_admin_nickname=PKI Administrator for %(dns_domainname)s
-pki_admin_subject_dn=cn=PKI Administrator,,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
+pki_admin_nickname=PKI Administrator for %(pki_dns_domainname)s
+pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
 pki_admin_uid=ocspadmin
-pki_audit_signing_nickname= auditSigningCert cert-%(pki_instance_id)s OCSP
+pki_audit_signing_nickname=auditSigningCert cert-%(pki_instance_id)s OCSP
 pki_audit_signing_subject_dn=cn=OCSP Audit Signing Certificate,o=%(pki_security_domain_name)s
 pki_ds_base_dn=o=%(pki_instance_id)s-OCSP
 pki_ds_database=%(pki_instance_name)s-OCSP
-pki_ds_hostname=%(hostname)s
-pki_subsystem_name=OCSP %(hostname)s %(pki_https_port)s
+pki_ds_hostname=%(pki_hostname)s
+pki_subsystem_name=OCSP %(pki_hostname)s %(pki_https_port)s
 pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s OCSP
 pki_subsystem_subject_dn=cn=OCSP Subsystem Certificate,o=%(pki_security_domain_name)s
 
@@ -283,17 +292,17 @@ pki_subsystem_subject_dn=cn=OCSP Subsystem Certificate,o=%(pki_security_domain_n
 ###############################################################################
 [TKS]
 pki_import_admin_cert=True
-pki_admin_email=%(pki_admin_name)s@%(dns_domainname)s
+pki_admin_email=%(pki_admin_name)s@%(pki_dns_domainname)s
 pki_admin_name=%(pki_admin_uid)s
-pki_admin_nickname=PKI Administrator for %(dns_domainname)s
-pki_admin_subject_dn=cn=PKI Administrator,,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
+pki_admin_nickname=PKI Administrator for %(pki_dns_domainname)s
+pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
 pki_admin_uid=tksadmin
-pki_audit_signing_nickname= auditSigningCert cert-%(pki_instance_id)s TKS
+pki_audit_signing_nickname=auditSigningCert cert-%(pki_instance_id)s TKS
 pki_audit_signing_subject_dn=cn=TKS Audit Signing Certificate,o=%(pki_security_domain_name)s
 pki_ds_base_dn=o=%(pki_instance_id)s-TKS
 pki_ds_database=%(pki_instance_name)s-TKS
-pki_ds_hostname=%(hostname)s
-pki_subsystem_name=TKS %(hostname)s %(pki_https_port)s
+pki_ds_hostname=%(pki_hostname)s
+pki_subsystem_name=TKS %(pki_hostname)s %(pki_https_port)s
 pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s TKS
 pki_subsystem_subject_dn=cn=TKS Subsystem Certificate,o=%(pki_security_domain_name)s
 
-- 
cgit