summaryrefslogtreecommitdiffstats
path: root/ipaplatform
diff options
context:
space:
mode:
authorJan Cholasta <jcholast@redhat.com>2015-11-09 18:28:47 +0100
committerJan Cholasta <jcholast@redhat.com>2015-11-25 09:12:25 +0100
commitaeffe2da42734655cbaedb2c4d4f9e28bd2df1c0 (patch)
tree302b9ef0c8d4afbccc141f4f4b68a42295542cd8 /ipaplatform
parent5427e7a8c7216b0aa54159a668951d71fb009139 (diff)
downloadfreeipa-aeffe2da42734655cbaedb2c4d4f9e28bd2df1c0.tar.gz
freeipa-aeffe2da42734655cbaedb2c4d4f9e28bd2df1c0.tar.xz
freeipa-aeffe2da42734655cbaedb2c4d4f9e28bd2df1c0.zip
install: drop support for Dogtag 9
Dogtag 9 CA and CA DS install and uninstall code was removed. Existing Dogtag 9 CA and CA DS instances are disabled on upgrade. Creating a replica of a Dogtag 9 IPA master is still supported. https://fedorahosted.org/freeipa/ticket/5197 Reviewed-By: David Kupka <dkupka@redhat.com>
Diffstat (limited to 'ipaplatform')
-rw-r--r--ipaplatform/base/paths.py31
-rw-r--r--ipaplatform/base/services.py7
-rw-r--r--ipaplatform/redhat/services.py7
3 files changed, 11 insertions, 34 deletions
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index 6686bf07e..9ee488f9f 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -27,8 +27,6 @@ class BasePathNamespace(object):
BIN_FALSE = "/bin/false"
BIN_HOSTNAME = "/bin/hostname"
LS = "/bin/ls"
- PKICREATE = "/bin/pkicreate"
- PKISILENT = "/bin/pkisilent"
SH = "/bin/sh"
SYSTEMCTL = "/bin/systemctl"
TAR = "/bin/tar"
@@ -39,7 +37,6 @@ class BasePathNamespace(object):
ETC_DIRSRV = "/etc/dirsrv"
DS_KEYTAB = "/etc/dirsrv/ds.keytab"
ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE = "/etc/dirsrv/slapd-%s"
- ETC_SLAPD_PKI_IPA_DIR = "/etc/dirsrv/slapd-PKI-IPA"
ETC_FEDORA_RELEASE = "/etc/fedora-release"
GROUP = "/etc/group"
ETC_HOSTNAME = "/etc/hostname"
@@ -94,12 +91,11 @@ class BasePathNamespace(object):
OPENLDAP_LDAP_CONF = "/etc/openldap/ldap.conf"
PAM_LDAP_CONF = "/etc/pam_ldap.conf"
PASSWD = "/etc/passwd"
- ETC_PKI_CA_DIR = "/etc/pki-ca"
SYSTEMWIDE_IPA_CA_CRT = "/etc/pki/ca-trust/source/anchors/ipa-ca.crt"
IPA_P11_KIT = "/etc/pki/ca-trust/source/ipa.p11-kit"
NSS_DB_DIR = "/etc/pki/nssdb"
PKI_TOMCAT = "/etc/pki/pki-tomcat"
- PKI_TOMCAT_ALIAS_DIR = "/etc/pki/pki-tomcat/alias/"
+ PKI_TOMCAT_ALIAS_DIR = "/etc/pki/pki-tomcat/alias"
PKI_TOMCAT_PASSWORD_CONF = "/etc/pki/pki-tomcat/password.conf"
ETC_REDHAT_RELEASE = "/etc/redhat-release"
RESOLV_CONF = "/etc/resolv.conf"
@@ -116,7 +112,6 @@ class BasePathNamespace(object):
SYSCONFIG_AUTOFS = "/etc/sysconfig/autofs"
SYSCONFIG_DIRSRV = "/etc/sysconfig/dirsrv"
SYSCONFIG_DIRSRV_INSTANCE = "/etc/sysconfig/dirsrv-%s"
- SYSCONFIG_DIRSRV_PKI_IPA_DIR = "/etc/sysconfig/dirsrv-PKI-IPA"
SYSCONFIG_DIRSRV_SYSTEMD = "/etc/sysconfig/dirsrv.systemd"
SYSCONFIG_IPA_DNSKEYSYNCD = "/etc/sysconfig/ipa-dnskeysyncd"
SYSCONFIG_IPA_ODS_EXPORTER = "/etc/sysconfig/ipa-ods-exporter"
@@ -129,9 +124,7 @@ class BasePathNamespace(object):
SYSCONFIG_NTPD = "/etc/sysconfig/ntpd"
SYSCONFIG_ODS = "/etc/sysconfig/ods"
SYSCONFIG_PKI = "/etc/sysconfig/pki"
- SYSCONFIG_PKI_CA_DIR = "/etc/sysconfig/pki-ca"
SYSCONFIG_PKI_TOMCAT = "/etc/sysconfig/pki-tomcat"
- SYSCONFIG_PKI_CA_PKI_CA_DIR = "/etc/sysconfig/pki/ca/pki-ca"
SYSCONFIG_PKI_TOMCAT_PKI_TOMCAT_DIR = "/etc/sysconfig/pki/tomcat/pki-tomcat"
ETC_SYSTEMD_SYSTEM_DIR = "/etc/systemd/system/"
SYSTEMD_CERTMONGER_SERVICE = "/etc/systemd/system/multi-user.target.wants/certmonger.service"
@@ -146,7 +139,6 @@ class BasePathNamespace(object):
KRA_AGENT_PEM = "/etc/httpd/alias/kra-agent.pem"
CACERT_P12 = "/root/cacert.p12"
ROOT_IPA_CSR = "/root/ipa.csr"
- ROOT_TMP_CA_P12 = "/root/tmp-ca.p12"
NAMED_PID = "/run/named/named.pid"
IP = "/sbin/ip"
NOLOGIN = "/sbin/nologin"
@@ -178,12 +170,7 @@ class BasePathNamespace(object):
ODS_KSMUTIL = "/usr/bin/ods-ksmutil"
ODS_SIGNER = "/usr/sbin/ods-signer"
OPENSSL = "/usr/bin/openssl"
- PERL = "/usr/bin/perl"
PK12UTIL = "/usr/bin/pk12util"
- PKI_SETUP_PROXY = "/usr/bin/pki-setup-proxy"
- PKICREATE = "/usr/bin/pkicreate"
- PKIREMOVE = "/usr/bin/pkiremove"
- PKISILENT = "/usr/bin/pkisilent"
SETPASSWD = "/usr/bin/setpasswd"
SIGNTOOL = "/usr/bin/signtool"
SOFTHSM2_UTIL = "/usr/bin/softhsm2-util"
@@ -198,13 +185,11 @@ class BasePathNamespace(object):
BIND_LDAP_DNS_IPA_WORKDIR = "/var/named/dyndb-ldap/ipa/"
BIND_LDAP_DNS_ZONE_WORKDIR = "/var/named/dyndb-ldap/ipa/master/"
USR_LIB_DIRSRV = "/usr/lib/dirsrv"
- USR_LIB_SLAPD_PKI_IPA_DIR = "/usr/lib/dirsrv/slapd-PKI-IPA"
LIB_FIREFOX = "/usr/lib/firefox"
LIBSOFTHSM2_SO = "/usr/lib/pkcs11/libsofthsm2.so"
LIB_SYSTEMD_SYSTEMD_DIR = "/usr/lib/systemd/system/"
BIND_LDAP_SO_64 = "/usr/lib64/bind/ldap.so"
USR_LIB_DIRSRV_64 = "/usr/lib64/dirsrv"
- SLAPD_PKI_IPA = "/usr/lib64/dirsrv/slapd-PKI-IPA"
LIB64_FIREFOX = "/usr/lib64/firefox"
LIBSOFTHSM2_SO_64 = "/usr/lib64/pkcs11/libsofthsm2.so"
DOGTAG_IPA_CA_RENEW_AGENT_SUBMIT = "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit"
@@ -271,7 +256,6 @@ class BasePathNamespace(object):
SLAPD_INSTANCE_BACKUP_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s/bak/%s"
SLAPD_INSTANCE_DB_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s/db/%s"
SLAPD_INSTANCE_LDIF_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s/ldif"
- VAR_LIB_SLAPD_PKI_IPA_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-PKI-IPA"
VAR_LIB_IPA = "/var/lib/ipa"
IPA_CLIENT_SYSRESTORE = "/var/lib/ipa-client/sysrestore"
SYSRESTORE_INDEX = "/var/lib/ipa-client/sysrestore/sysrestore.index"
@@ -288,11 +272,16 @@ class BasePathNamespace(object):
STATEFILE_DIR = "/var/lib/ipa/sysupgrade"
VAR_LIB_KDCPROXY = "/var/lib/kdcproxy"
VAR_LIB_PKI_DIR = "/var/lib/pki"
- VAR_LIB_PKI_CA_DIR = "/var/lib/pki-ca"
- PKI_ALIAS_CA_P12 = "/var/lib/pki-ca/alias/ca.p12"
+ VAR_LIB_PKI_CA_ALIAS_DIR = "/var/lib/pki-ca/alias"
VAR_LIB_PKI_TOMCAT_DIR = "/var/lib/pki/pki-tomcat"
CA_BACKUP_KEYS_P12 = "/var/lib/pki/pki-tomcat/alias/ca_backup_keys.p12"
KRA_BACKUP_KEYS_P12 = "/var/lib/pki/pki-tomcat/alias/kra_backup_keys.p12"
+ CA_CS_CFG_PATH = "/var/lib/pki/pki-tomcat/conf/ca/CS.cfg"
+ CAJARSIGNINGCERT_CFG = (
+ "/var/lib/pki/pki-tomcat/ca/profiles/ca/caJarSigningCert.cfg")
+ CASIGNEDLOGCERT_CFG = (
+ "/var/lib/pki/pki-tomcat/ca/profiles/ca/caSignedLogCert.cfg")
+ KRA_CS_CFG_PATH = "/var/lib/pki/pki-tomcat/conf/kra/CS.cfg"
KRACERT_P12 = "/root/kracert.p12"
SAMBA_DIR = "/var/lib/samba/"
SSSD_DB = "/var/lib/sss/db"
@@ -304,7 +293,6 @@ class BasePathNamespace(object):
VAR_LOG_DIRSRV_INSTANCE_TEMPLATE = "/var/log/dirsrv/slapd-%s"
SLAPD_INSTANCE_ACCESS_LOG_TEMPLATE = "/var/log/dirsrv/slapd-%s/access"
SLAPD_INSTANCE_ERROR_LOG_TEMPLATE = "/var/log/dirsrv/slapd-%s/errors"
- VAR_LOG_SLAPD_PKI_IPA_DIR = "/var/log/dirsrv/slapd-PKI-IPA"
VAR_LOG_HTTPD_DIR = "/var/log/httpd"
IPABACKUP_LOG = "/var/log/ipabackup.log"
IPACLIENT_INSTALL_LOG = "/var/log/ipaclient-install.log"
@@ -321,9 +309,6 @@ class BasePathNamespace(object):
IPAUPGRADE_LOG = "/var/log/ipaupgrade.log"
KADMIND_LOG = "/var/log/kadmind.log"
MESSAGES = "/var/log/messages"
- PKI_CA_LOG_DIR = "/var/log/pki-ca"
- PKI_CA_INSTALL_LOG = "/var/log/pki-ca-install.log"
- PKI_CA_UNINSTALL_LOG = "/var/log/pki-ca-uninstall.log"
VAR_LOG_PKI_DIR = "/var/log/pki/"
TOMCAT_TOPLEVEL_DIR = "/var/log/pki/pki-tomcat"
TOMCAT_CA_DIR = "/var/log/pki/pki-tomcat/ca"
diff --git a/ipaplatform/base/services.py b/ipaplatform/base/services.py
index 6dcb26bb9..da2f1011e 100644
--- a/ipaplatform/base/services.py
+++ b/ipaplatform/base/services.py
@@ -41,16 +41,13 @@ from ipaplatform.paths import paths
wellknownservices = ['certmonger', 'dirsrv', 'httpd', 'ipa', 'krb5kdc',
'messagebus', 'nslcd', 'nscd', 'ntpd', 'portmap',
'rpcbind', 'kadmin', 'sshd', 'autofs', 'rpcgssd',
- 'rpcidmapd', 'pki_tomcatd', 'pki_cad', 'chronyd',
- 'domainname', 'named', 'ods_enforcerd', 'ods_signerd']
+ 'rpcidmapd', 'pki_tomcatd', 'chronyd', 'domainname',
+ 'named', 'ods_enforcerd', 'ods_signerd']
# The common ports for these services. This is used to wait for the
# service to become available.
wellknownports = {
- 'dirsrv@PKI-IPA.service': [7389],
- 'PKI-IPA': [7389],
'dirsrv': [389], # only used if the incoming instance name is blank
- 'pki-cad': [9180, 9443, 9444],
'pki-tomcatd@pki-tomcat.service': [8080, 8443],
'pki-tomcat': [8080, 8443],
'pki-tomcatd': [8080, 8443], # used if the incoming instance name is blank
diff --git a/ipaplatform/redhat/services.py b/ipaplatform/redhat/services.py
index 757908f95..0902215a5 100644
--- a/ipaplatform/redhat/services.py
+++ b/ipaplatform/redhat/services.py
@@ -58,11 +58,6 @@ redhat_system_units['rpcidmapd'] = 'nfs-idmap.service'
# code).
redhat_system_units['dirsrv'] = 'dirsrv@.service'
-# Our directory server instance for PKI is dirsrv@PKI-IPA.service
-redhat_system_units['pkids'] = 'dirsrv@PKI-IPA.service'
-# Old style PKI instance
-redhat_system_units['pki-cad'] = 'pki-cad@pki-ca.service'
-redhat_system_units['pki_cad'] = redhat_system_units['pki-cad']
# Our PKI instance is pki-tomcatd@pki-tomcat.service
redhat_system_units['pki-tomcatd'] = 'pki-tomcatd@pki-tomcat.service'
redhat_system_units['pki_tomcatd'] = redhat_system_units['pki-tomcatd']
@@ -284,7 +279,7 @@ def redhat_service_class_factory(name):
return RedHatIPAService(name)
if name == 'sshd':
return RedHatSSHService(name)
- if name in ('pki-cad', 'pki_cad', 'pki-tomcatd', 'pki_tomcatd'):
+ if name in ('pki-tomcatd', 'pki_tomcatd'):
return RedHatCAService(name)
if name == 'named':
return RedHatNamedService(name)
generated by cgit (git 2.34.1) at 2025-05-12 15:03:00 +0000