[Pki-devel] [PATCH] PKI Deployment Framework

Matthew Harmsen mharmsen at redhat.com
Sat May 5 03:47:33 UTC 2012 

Please review and provide an ACK for the attached patch.

This patch attempts to continue implementation of the PKI Deployment 
Framework based upon the revised filesystem layout documented here:

  * http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment#CA_.2F_KRA_.2F_OCSP_.2F_RA_.2F_TKS_.2F_TPS

The following patch adds/corrects functionality of the existing PKI 
Deployment Framework including (but not limited to):

  * Massaged logic to comply with PKI subsystems running within
    a shared instance
  * Developed code to take advantage of a single shared NSS security
    database model
  * Completed the following two 'scriptlets':
      o Dogtag 10: Python 'slot_assignment.py' Installation Scriptlet
        (https://fedorahosted.org/pki/ticket/146)
      o Dogtag 10: Python 'security_databases.py' Installation Scriptlet
        (https://fedorahosted.org/pki/ticket/136)
  * Created several additional PKI deployment helper utilities.

After being installed on a FRESH system, this code can be tested by 
running the following command-line examples (as 'root' or 'sudo'):

  * mkdir /tmp/pki
  * sudo pkispawn -s CA -p /tmp/pki -v --dry_run
  * sudo pkispawn -s CA -p /tmp/pki -v
  * sudo pkispawn -s CA -p /tmp/pki -u -v --dry_run
  * sudo pkispawn -s CA -p /tmp/pki -u -v
  * sudo pkidestroy -s CA -p /tmp/pki -v --dry_run
  * sudo pkidestroy -s CA -p /tmp/pki -v

For the most part, this code ONLY affects the un-released 'pki-deploy' 
package, so check-in of these changes should not harm the existing 
source in any way.

The exceptions to this are changes to the following three previously 
existing files:

  * base/ca/shared/conf/CS.cfg.in
  * base/ra/apache/conf/httpd.conf
  * base/tps/apache/conf/httpd.conf

and the addition of the following new qqfour files to account for the 
eventual move to Tomcat 7:

  * base/ca/shared/conf/tomcat.conf
  * base/kra/shared/conf/tomcat.conf
  * base/ocsp/shared/conf/tomcat.conf
  * base/tks/shared/conf/tomcat.conf

Thanks in advance,
-- Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20120504/33bb49fe/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-PKI-Deployment-Scriptlets.patch
Type: text/x-patch
Size: 168611 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20120504/33bb49fe/attachment.bin>

More information about the Pki-devel mailing list