[PATCH] pki-vakwetu-0032-BZ-819111-non-existent-container breaks replication
by Ade Lee
We recently moved the replication user to ou=cmsuser, cn=config, rather
than simply cn=config. This breaks replication to older users. Code
has been added to the replication setup code to create the needed
container on the master server if it does not exist.
This is the fix for dogtag 10. A similar fix will be applied to dogtag
9.
Please review,
Ade
11 years, 11 months
[PATCH] PKI Deployment Framework
by Matthew Harmsen
Please review and provide an ACK for the attached patch.
This patch attempts to continue implementation of the PKI Deployment
Framework based upon the revised filesystem layout documented here:
* http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment#CA_.2F_KRA_.2F_...
The following patch adds/corrects functionality of the existing PKI
Deployment Framework including (but not limited to):
* Massaged logic to comply with PKI subsystems running within
a shared instance
* Developed code to take advantage of a single shared NSS security
database model
* Completed the following two 'scriptlets':
o Dogtag 10: Python 'slot_assignment.py' Installation Scriptlet
(https://fedorahosted.org/pki/ticket/146)
o Dogtag 10: Python 'security_databases.py' Installation Scriptlet
(https://fedorahosted.org/pki/ticket/136)
* Created several additional PKI deployment helper utilities.
After being installed on a FRESH system, this code can be tested by
running the following command-line examples (as 'root' or 'sudo'):
* mkdir /tmp/pki
* sudo pkispawn -s CA -p /tmp/pki -v --dry_run
* sudo pkispawn -s CA -p /tmp/pki -v
* sudo pkispawn -s CA -p /tmp/pki -u -v --dry_run
* sudo pkispawn -s CA -p /tmp/pki -u -v
* sudo pkidestroy -s CA -p /tmp/pki -v --dry_run
* sudo pkidestroy -s CA -p /tmp/pki -v
For the most part, this code ONLY affects the un-released 'pki-deploy'
package, so check-in of these changes should not harm the existing
source in any way.
The exceptions to this are changes to the following three previously
existing files:
* base/ca/shared/conf/CS.cfg.in
* base/ra/apache/conf/httpd.conf
* base/tps/apache/conf/httpd.conf
and the addition of the following new qqfour files to account for the
eventual move to Tomcat 7:
* base/ca/shared/conf/tomcat.conf
* base/kra/shared/conf/tomcat.conf
* base/ocsp/shared/conf/tomcat.conf
* base/tks/shared/conf/tomcat.conf
Thanks in advance,
-- Matt
11 years, 11 months
PATCH 0029 - RESTful servlet to configure system in a single servlet
by Ade Lee
Please review:
New RESTful servlet that does system configuration in a single servlet.
Installation code common to the panels and the installation servlet are extracted to a
ConfigurationUtils file. The panel code will be cleaned up to use the code in this
class in a later commit.
Contains restful client and test driver code. The test driver code should be modified
and placed in a junit/system test framework. Installation has been tested to work with
the following installations: master CA, clone CA, KRA, OCSP, TKS, subordinate CA, CA
signed by external CA (parts 1 and 2).
Ticket #155
Thanks,
Ade
11 years, 12 months
[PATCH] patches 30/31 to refactor installation panels
by Ade Lee
Common code has been moved to ConfigurationUtils. These patches
refactor the existing installation servlets to use that common code.
(So lots of now duplicate code being deleted). I think this makes the
code a lot simpler to follow.
In addition, a bunch of obsolete servlets have been removed in patch
31.
Installations have been tested in the following scenarios:
ca, clone ca, ca subordinate to external ca, kra, ocsp, tks.
The patches need to be rebased on top of patch 29 -- which I plan to
check in in any case.
Ade
11 years, 12 months