From 7a6b89591732f872db38821c00ec3ce89ef57e7a Mon Sep 17 00:00:00 2001
From: Ade Lee <alee@redhat.com>
Date: Mon, 13 Aug 2012 14:01:02 -0400
Subject: Changes to get TPS and RA running on dogtag 10

Added systemd scripts for RA and TPS.  Modified init scripts
and configuration files to use correct directives for httpd 2.4.
TPS and RA subsystems are now installable using pkicreate
---
 base/tps/CMakeLists.txt                       | 18 ++++++++++++++
 base/tps/apache/conf/httpd.conf               | 35 +++++++++------------------
 base/tps/apache/conf/perl.conf                |  6 ++---
 base/tps/lib/systemd/system/pki-tpsd.target   |  6 +++++
 base/tps/lib/systemd/system/pki-tpsd@.service | 12 +++++++++
 base/tps/setup/pkidaemon_registry             |  2 +-
 base/tps/setup/registry_instance              |  2 +-
 7 files changed, 52 insertions(+), 29 deletions(-)
 create mode 100644 base/tps/lib/systemd/system/pki-tpsd.target
 create mode 100644 base/tps/lib/systemd/system/pki-tpsd@.service

(limited to 'base/tps')

diff --git a/base/tps/CMakeLists.txt b/base/tps/CMakeLists.txt
index 96d23fefa..10c4d8efd 100644
--- a/base/tps/CMakeLists.txt
+++ b/base/tps/CMakeLists.txt
@@ -43,6 +43,19 @@ add_subdirectory(tools)
 add_subdirectory(doc)
 add_subdirectory(setup)
 
+# install systemd scripts
+install(
+    FILES
+        lib/systemd/system/pki-tpsd.target
+        lib/systemd/system/pki-tpsd@.service
+    DESTINATION
+        ${SYSTEMD_LIB_INSTALL_DIR}
+    PERMISSIONS
+        OWNER_EXECUTE OWNER_WRITE OWNER_READ
+        GROUP_EXECUTE GROUP_READ
+        WORLD_EXECUTE WORLD_READ
+)
+
 # install init script
 install(
     FILES
@@ -206,3 +219,8 @@ install(
         ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/docroot/tps/admin/console/js
 )
 
+install(
+    DIRECTORY
+    DESTINATION
+        ${SYSTEMD_ETC_INSTALL_DIR}/pki-tpsd.target.wants
+)
diff --git a/base/tps/apache/conf/httpd.conf b/base/tps/apache/conf/httpd.conf
index 372066afc..a9410849c 100644
--- a/base/tps/apache/conf/httpd.conf
+++ b/base/tps/apache/conf/httpd.conf
@@ -78,7 +78,7 @@ ServerRoot "[SERVER_ROOT]"
 # identification number when it starts.
 #
 <IfModule !mpm_netware.c>
-PidFile run/[PKI_INSTANCE_ID].pid
+PidFile /var/run/pki/tps/[PKI_INSTANCE_ID].pid
 </IfModule>
 
 #
@@ -232,8 +232,13 @@ Listen [PORT]
 # LoadModule foo_module modules/mod_foo.so
 #
 
-# Required modules for command 'Order':
+# MPM worker module is a loadable module as of 2.4
+LoadModule mpm_worker_module /etc/httpd/modules/mod_mpm_worker.so
+
+LoadModule authz_core_module /etc/httpd/modules/mod_authz_core.so
 [FORTITUDE_AUTH_MODULES]
+# Module for User and Group
+LoadModule unixd_module /etc/httpd/modules/mod_unixd.so
 # Required module for command 'UserDir':
 LoadModule userdir_module [FORTITUDE_LIB_DIR]/modules/mod_userdir.so
 # Required module for command 'DirectoryIndex':
@@ -398,8 +403,7 @@ DocumentRoot "[SERVER_ROOT]/docroot"
 #
 # Controls who can get stuff from this server.
 #
-    Order allow,deny
-    Allow from all
+    Require all granted
 
 </Directory>
 
@@ -448,8 +452,7 @@ AccessFileName .htaccess
 # viewed by Web clients. 
 #
 <Files ~ "^\.ht">
-    Order allow,deny
-    Deny from all
+    Require all denied
 </Files>
 
 #
@@ -458,17 +461,6 @@ AccessFileName .htaccess
 #
 TypesConfig conf/mime.types
 
-#
-# DefaultType is the default MIME type the server will use for a document
-# if it cannot otherwise determine one, such as from filename extensions.
-# If your server contains mostly text or HTML documents, "text/plain" is
-# a good value.  If most of your content is binary, such as applications
-# or images, you may want to use "application/octet-stream" instead to
-# keep browsers from trying to display binary files as though they are
-# text.
-#
-DefaultType text/plain
-
 #
 # The mod_mime_magic module allows the server to use various hints from the
 # contents of the file itself to determine its type.  The MIMEMagicFile
@@ -596,8 +588,7 @@ Alias /icons/ "[SERVER_ROOT]/icons/"
 <Directory "[SERVER_ROOT]/icons">
     Options Indexes MultiViews
     AllowOverride None
-    Order allow,deny
-    Allow from all
+    Require all granted
 </Directory>
 
 #
@@ -610,8 +601,7 @@ AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|ru))?(/.*)?$ "[SERVER_ROOT]/manual$1
 <Directory "[SERVER_ROOT]/manual">
     Options Indexes
     AllowOverride None
-    Order allow,deny
-    Allow from all
+    Require all granted
 
     <Files *.html>
         SetHandler type-map
@@ -646,8 +636,7 @@ ScriptAlias /cgi-bin/ "[SERVER_ROOT]/cgi-bin/"
 <Directory "[SERVER_ROOT]/cgi-bin">
     AllowOverride None
     Options ExecCGI
-    Order allow,deny
-    Allow from all
+    Require all granted
 </Directory>
 
 #
diff --git a/base/tps/apache/conf/perl.conf b/base/tps/apache/conf/perl.conf
index feb51e860..a1a98c6a0 100644
--- a/base/tps/apache/conf/perl.conf
+++ b/base/tps/apache/conf/perl.conf
@@ -58,13 +58,11 @@ PerlSetEnv PKI_ROOT [SERVER_ROOT]
 <Location /tps/admin/console/config/wizard>
    SetHandler perl-script
    PerlHandler PKI::TPS::Wizard
-   Order deny,allow
-   Allow from all
+   Require all granted
 </Location>
 
 <Location /tps/admin/console/config/login>
    SetHandler perl-script
    PerlHandler PKI::TPS::Login
-   Order deny,allow
-   Allow from all
+   Require all granted
 </Location>
diff --git a/base/tps/lib/systemd/system/pki-tpsd.target b/base/tps/lib/systemd/system/pki-tpsd.target
new file mode 100644
index 000000000..37c693b08
--- /dev/null
+++ b/base/tps/lib/systemd/system/pki-tpsd.target
@@ -0,0 +1,6 @@
+[Unit]
+Description=PKI Token Processing Server
+After=syslog.target network.target
+
+[Install]
+WantedBy=multi-user.target
diff --git a/base/tps/lib/systemd/system/pki-tpsd@.service b/base/tps/lib/systemd/system/pki-tpsd@.service
new file mode 100644
index 000000000..6a0d6a343
--- /dev/null
+++ b/base/tps/lib/systemd/system/pki-tpsd@.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=PKI Token Processing Server %i
+After=pki-tpsd.target
+BindTo=pki-tpsd.target
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/pkicontrol start tps %i
+ExecStop=/usr/bin/pkicontrol stop tps %i
+
+[Install]
+WantedBy=multi-user.target
diff --git a/base/tps/setup/pkidaemon_registry b/base/tps/setup/pkidaemon_registry
index 6c13a4955..b74c84317 100644
--- a/base/tps/setup/pkidaemon_registry
+++ b/base/tps/setup/pkidaemon_registry
@@ -62,7 +62,7 @@ export RESTART_SERVER
 # available, but does not work with some modules (such as PHP).
 # The service must be stopped before changing this variable.
 #
-PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd.worker
+PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd
 export PKI_HTTPD
 
 #
diff --git a/base/tps/setup/registry_instance b/base/tps/setup/registry_instance
index a77b75f4f..cb907eb61 100644
--- a/base/tps/setup/registry_instance
+++ b/base/tps/setup/registry_instance
@@ -59,7 +59,7 @@ export RESTART_SERVER
 # available, but does not work with some modules (such as PHP).
 # The service must be stopped before changing this variable.
 #
-PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd.worker
+PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd
 export PKI_HTTPD
 
 #
-- 
cgit