[Pki-devel] [PATCH] PKI Deployment Framework
Matthew Harmsen
mharmsen at redhat.com
Sat May 5 03:47:33 UTC 2012
Please review and provide an ACK for the attached patch.
This patch attempts to continue implementation of the PKI Deployment
Framework based upon the revised filesystem layout documented here:
* http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment#CA_.2F_KRA_.2F_OCSP_.2F_RA_.2F_TKS_.2F_TPS
The following patch adds/corrects functionality of the existing PKI
Deployment Framework including (but not limited to):
* Massaged logic to comply with PKI subsystems running within
a shared instance
* Developed code to take advantage of a single shared NSS security
database model
* Completed the following two 'scriptlets':
o Dogtag 10: Python 'slot_assignment.py' Installation Scriptlet
(https://fedorahosted.org/pki/ticket/146)
o Dogtag 10: Python 'security_databases.py' Installation Scriptlet
(https://fedorahosted.org/pki/ticket/136)
* Created several additional PKI deployment helper utilities.
After being installed on a FRESH system, this code can be tested by
running the following command-line examples (as 'root' or 'sudo'):
* mkdir /tmp/pki
* sudo pkispawn -s CA -p /tmp/pki -v --dry_run
* sudo pkispawn -s CA -p /tmp/pki -v
* sudo pkispawn -s CA -p /tmp/pki -u -v --dry_run
* sudo pkispawn -s CA -p /tmp/pki -u -v
* sudo pkidestroy -s CA -p /tmp/pki -v --dry_run
* sudo pkidestroy -s CA -p /tmp/pki -v
For the most part, this code ONLY affects the un-released 'pki-deploy'
package, so check-in of these changes should not harm the existing
source in any way.
The exceptions to this are changes to the following three previously
existing files:
* base/ca/shared/conf/CS.cfg.in
* base/ra/apache/conf/httpd.conf
* base/tps/apache/conf/httpd.conf
and the addition of the following new qqfour files to account for the
eventual move to Tomcat 7:
* base/ca/shared/conf/tomcat.conf
* base/kra/shared/conf/tomcat.conf
* base/ocsp/shared/conf/tomcat.conf
* base/tks/shared/conf/tomcat.conf
Thanks in advance,
-- Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20120504/33bb49fe/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-PKI-Deployment-Scriptlets.patch
Type: text/x-patch
Size: 168611 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20120504/33bb49fe/attachment.bin>
More information about the Pki-devel
mailing list