[Freeipa-devel] Upgrading a machine to use the proxy.

Rob Crittenden rcritten at redhat.com
Wed Sep 14 20:46:40 UTC 2011


Adam Young wrote:
> To convert an older build where the PKI system wasn't proxied:
>
>
> awk '{print $0} /Define an AJP 1.3 Connector on port/ {print "<Connector
> port=\"9447\" protocol=\"AJP/1.3\" redirectPort=\"9444\" />}" }'
> /etc/pki-ca/server.xml > server.xml.new ; mv server.xml.new
> /etc/pki-ca/server.xml
>
> sed -e "s/\[PKI_MACHINE_NAME\]/$HOSTNAME/g" -e
> "s/\[PKI_AJP_PORT\]/9444/g" /usr/share/pki/ca/conf/proxy.conf >
> /etc/pki-ca/proxy.conf
>
>
> I've used the default ports here. Adjest is you've altered yours.
>
>
> IPA copies the proxy.conf file into /etc/httpd/conf.d and renames it.
> You can do the same thing by hand.
>
>
> I'm not sure if this should go into PKI or IPA.

Since these are dogtag configuration files I think dogtag needs to 
handle updating them.

rob




More information about the Freeipa-devel mailing list