Re: [Pki-devel] [PATCH] 113-117 changes to install scripts to move calls to admin interface

On 02/01/13 11:54, Ade Lee wrote: Alee, Sorry, but I require some additional information to properly test this patch for a CA and its clone using a single machine. Hopefully, I can address these issues relatively quickly tomorrow after obtaining your answers. I have pulled a new tree after the meeting this morning (which does not include the patches added at 3:49 P. M. by edewata), created a branch, applied all five of your changes, and built and installed the packages on a fresh x86_64 Fedora 18 system (e. g. - 'foobar.example.com'). In order to test the code, I would like to perform the following two tests using a single machine: 1. pkispawn using the new configuration servlet for both the CA and the CA Clone 2. pkispawn using the old GUI configuration (by specifying a DEFAULT value of pki_skip_configuration=True) for both CA and the CA Clone However, with the new interpolation model, I do not know every single value that needs to be overridden to have both the CA and CA Clone, as well as the two directory servers, on the same system. I have the following: * installed a default directory server instance (e. g. - foobar) running on port 389 * installed a CA (e. g. - default configuration specifying backup keys in order to create the CA clone): *[DEFAULT]* pki_admin_password=XXXXXXXX pki_backup_password=XXXXXXXX pki_client_pkcs12_password=XXXXXXXX pki_ds_password=XXXXXXXX pki_security_domain_password=XXXXXXXX pki_backup_keys=True * successfully configured a browser, requested, enrolled, and issued a test certificate * installed a second directory server instance (e. g. - foobar-clone) running on port 8389 * about to install a CA Clone using the following parameters: *[DEFAULT]* pki_admin_password=XXXXXXXX pki_client_pkcs12_password=XXXXXXXX pki_ds_password=XXXXXXXX pki_security_domain_password=XXXXXXXX pki_security_domain_hostname=foobar.example.com pki_security_domain_https_port=8443 pki_ds_ldap_port=8389 pki_ds_ldaps_port=8636 *[CA]* pki_ajp_port=17009 pki_clone=True pki_clone_pkcs12_password=XXXXXXXX pki_clone_pkcs12_path=/etc/pki/pki-tomcat/alias/ca_backup_keys.p12 pki_clone_replicate_schema=True pki_clone_replication_master_port= pki_clone_replication_clone_port= pki_clone_replication_security=None pki_clone_uri=http://foobar.example.com:8443 pki_http_port=17080 pki_https_port=17443 pki_instance_name=pki-tomcat-ca-clone pki_tomcat_server_port=17005 Questions: * Are the two tests specified above sufficient to test your patch, or do I need to check the other two test cases of mixing an old GUI configuration (CA) with new configuration servlet (CA clone), and vice-versa?(I believe that this code will require re-testing under a separated ports model for versions of the product earlier than Dogtag 10). * What parameter(s) do I need to add to the CA Clone configuration file under what sections to reference the 'foobar-clone' directory instance? * What value, if any, do I need to supply to the 'pki_clone_replication_master_port'? * What value, if any, do I need to supply to the 'pki_clone_replication_clone_port'? * Should I leave 'pki_clone_replication_security=None'? * Are there any other parameters that I am missing, and if so, under what section should they be defined? * Are there any parameters specified that contain incorrect values? * Are any parameters specified in the incorrect sections? Thanks in advance, -- Matt