From 35eb6086ef5dfab92d3bcf1a486d80e22628ced0 Mon Sep 17 00:00:00 2001 From: Ade Lee Date: Thu, 11 Oct 2012 09:16:34 -0400 Subject: changes to remind folks not to use pkicreate/pkiremove --- base/setup/pkicreate | 181 ++------------------------------------------------- base/setup/pkiremove | 5 +- 2 files changed, 8 insertions(+), 178 deletions(-) (limited to 'base') diff --git a/base/setup/pkicreate b/base/setup/pkicreate index b83fd870c..506e766ef 100755 --- a/base/setup/pkicreate +++ b/base/setup/pkicreate @@ -668,101 +668,9 @@ sub usage ### USAGE: CA, KRA, OCSP, or TKS subsystem instance creation (Tomcat) ### ############################################################################### -pkicreate -pki_instance_root= # Instance root directory - # destination - - -pki_instance_name= # Unique PKI subsystem - # instance name - - -subsystem_type= # Subsystem type - # [ca | kra | ocsp | tks] - - ##################################################################### - ### SELECT separate secure ports for AGENT, EE, and ADMIN: ### - ##################################################################### - - -agent_secure_port= # Agent secure port - - -ee_secure_port= # EE secure port - - -admin_secure_port= # Admin secure port - - ##################################################################### - ### ... and a client auth EE port, required for CAs only ### - ##################################################################### - - -ee_secure_client_auth_port= - # EE secure client authentication port - - ##################################################################### - ### OR SELECT a single secure port shared by AGENT,EE and ADMIN ### - ### ### - ### WARNING: Use of a single shared secure port has been ### - ### DEPRECATED! Use 'port separation' in conjunction ### - ### with 'port forwarding' to emulate this behavior. ### - ##################################################################### - - -secure_port= # Secure port - # (shared by Agent, - # EE, and Admin) - - ##################################################################### - ### END secure port SELECTION ### - ##################################################################### - - -unsecure_port= # Unsecure port - - -tomcat_server_port= # Unique port for each - # Tomcat instance - - ##################################################################### - ### proxy configuration ### - ### if -enable_proxy is set, ajp_port, proxy_secure_port, and ### - ### proxy_unsecure_port are also set. ### - ##################################################################### - - [-enable_proxy] #enable proxy configuration - [-ajp_port=] #AJP port, default 9447 - - [-proxy_secure_port=] # Proxy secure port, - # default 443 - - [-proxy_unsecure_port=] # Proxy unsecure port, - # default 80 - - ##################################################################### - ### END proxy configuration ### - ##################################################################### - - [-user=] # User ownership - # (must ALSO specify - # group ownership) - # - # [Default=pkiuser] - - [-group=] # Group ownership - # (must ALSO specify - # user ownership) - # - # [Default=pkiuser] - - [-redirect conf=] # Redirection of - # 'conf' directory - - [-redirect logs=] # Redirection of - # 'logs' directory - - [-verbose] # Print out liberal info - # during 'pkicreate'. - # Specify multiple times - # to increase verbosity. - - [-dry_run] # Do not perform any actions. - # Just report what would have - # been done. - - [-help] # Print out this screen - +As of Dogtag 10, pkicreate is no longer supported for the creation of CA, KRA, +OCSP and TKS subsystems. To create instances of these subsystems, use +pkispawn instead. ############################################################################### ### USAGE: RA or TPS subsystem instance creation (Apache) ### @@ -823,88 +731,11 @@ pkicreate -pki_instance_root= # Instance root directory ############################################################################### ### EXAMPLES: ### -### PKI (Tomcat) subsystem instance creation of a CA ### -### PKI (Tomcat) subsystem instance creation of a Subordinate CA ### -### PKI (Tomcat) subsystem instance creation of a KRA ### -### PKI (Tomcat) subsystem instance creation of an OCSP ### -### PKI (Tomcat) subsystem instance creation of a TKS ### ### PKI (Apache) subsystem instance creation of an RA ### ### PKI (Apache) subsystem instance creation of a TPS ### ### PKI (Apache) subsystem instance creation of a second TPS ### ############################################################################### -pkicreate -pki_instance_root=/var/lib \ - -pki_instance_name=pki-ca \ - -subsystem_type=ca \ - -agent_secure_port=9443 \ - -ee_secure_port=9444 \ - -ee_secure_client_auth_port=9446 \ - -admin_secure_port=9445 \ - -unsecure_port=9180 \ - -tomcat_server_port=9701 \ - -user=pkiuser \ - -group=pkiuser \ - -redirect conf=/etc/pki-ca \ - -redirect logs=/var/log/pki-ca \ - -verbose - -pkicreate -pki_instance_root=/var/lib \ - -pki_instance_name=pki-subca \ - -subsystem_type=ca \ - -agent_secure_port=9543 \ - -ee_secure_port=9544 \ - -ee_secure_client_auth_port=9546 \ - -admin_secure_port=9545 \ - -unsecure_port=9580 \ - -tomcat_server_port=9801 \ - -user=pkiuser \ - -group=pkiuser \ - -redirect conf=/etc/pki-subca \ - -redirect logs=/var/log/pki-subca \ - -verbose - -pkicreate -pki_instance_root=/var/lib \ - -pki_instance_name=pki-kra \ - -subsystem_type=kra \ - -agent_secure_port=10443 \ - -ee_secure_port=10444 \ - -admin_secure_port=10445 \ - -unsecure_port=10180 \ - -tomcat_server_port=10701 \ - -user=pkiuser \ - -group=pkiuser \ - -redirect conf=/etc/pki-kra \ - -redirect logs=/var/log/pki-kra \ - -verbose - -pkicreate -pki_instance_root=/var/lib \ - -pki_instance_name=pki-ocsp \ - -subsystem_type=ocsp \ - -agent_secure_port=11443 \ - -ee_secure_port=11444 \ - -admin_secure_port=11445 \ - -unsecure_port=11180 \ - -tomcat_server_port=11701 \ - -user=pkiuser \ - -group=pkiuser \ - -redirect conf=/etc/pki-ocsp \ - -redirect logs=/var/log/pki-ocsp \ - -verbose - -pkicreate -pki_instance_root=/var/lib \ - -pki_instance_name=pki-tks \ - -subsystem_type=tks \ - -agent_secure_port=13443 \ - -ee_secure_port=13444 \ - -admin_secure_port=13445 \ - -unsecure_port=13180 \ - -tomcat_server_port=13701 \ - -user=pkiuser \ - -group=pkiuser \ - -redirect conf=/etc/pki-tks \ - -redirect logs=/var/log/pki-tks \ - -verbose - pkicreate -pki_instance_root=/var/lib \ -pki_instance_name=pki-ra \ -subsystem_type=ra \ @@ -1043,11 +874,7 @@ sub parse_arguments } ## Mandatory "-subsystem_type=s" option - if ($subsystem_type ne $CA && - $subsystem_type ne $KRA && - $subsystem_type ne $OCSP && - $subsystem_type ne $TKS && - $subsystem_type ne $RA && + if ($subsystem_type ne $RA && $subsystem_type ne $TPS) { usage(); emit("Illegal value => $subsystem_type : for -subsystem_type!\n", diff --git a/base/setup/pkiremove b/base/setup/pkiremove index ca81cb09e..3b4ab63b5 100755 --- a/base/setup/pkiremove +++ b/base/setup/pkiremove @@ -168,9 +168,12 @@ Usage: pkiremove -pki_instance_root= # Instance root [-dry_run] # Do not perform any actions. # Just report what would have been done. -Example: pkiremove -pki_instance_root=/var/lib -pki_instance_name=pki-ca +Example: pkiremove -pki_instance_root=/var/lib -pki_instance_name=pki-tps IMPORTANT: Must be run as root! +IMPORTANT: pkiremove should only be used to remove instances which were created + using pkicreate. Instances created using pkispawn should be removed + using pkidestroy. EOF return; } -- cgit