[Pki-devel] [PATCH] RHCS 8.1 - SAN Multi-Host Patches [20130413]

Please review the attached patches which seek to implement '*Bugzilla Bug #902956* <https://bugzilla.redhat.com/show_bug.cgi?id=902956>-[RFE] Cert System 8.1 - Provide automated option for IP separated configuration' for RHCS 8.1. Three new patches (two which are revisions to the previous patches, and one which represents a simple recursive diffs between the two 'pki' trees which contain the code changes) have been attached whichaddress the remaining issues. * This version of the code has been tested utilizing the following configuration: o pki-ip-host (installation host - RHEL 5.9 x86_64) + pki-ca-agent (CA agent interface - virtual IP) + pki-ca-ee (CA EE interface- virtual IP) + pki-ca-ee-ca (CA EE clientauth interface- virtual IP) + pki-ca-admin (CA admin interface- virtual IP) + pki-kra-agent (KRA agent interface- virtual IP) + pki-kra-ee (KRA EE interface- virtual IP) + pki-kra-admin (KRA admin interface- virtual IP) o pki-rhel6 (RHDS 9.1 - RHEL 6.3 x86_64 which uses a different domain) * Tests utilizing the browser GUI interface have been tested successfully for the following PKI subsystems: o CA using four VIPs o KRA using three VIPs o OCSP (was never tested, but is strongly believed to work since the batch 'pkisilent' worked successfully) o TKS using 'pki-ip-host' as the address for all three hosts o RAconnecting to this CA o TPS connecting to this CA, KRA, and TKS * Tests utilizing new'pkisilent'batch process templates, the following PKI subsystems have been tested successfully: o CA using four VIPs o KRA using three VIPs o OCSPusing 'pki-ip-host' as the address for all three hosts o TKS using 'pki-ip-host' as the address for all three hosts o RA failed to connect to this CA (Bugzilla Bug #951891 filed) o TPS connecting to this CA, KRA, and TKS * Bugs have been filed for all remaining issues (many of which may be addressable duringthe Q/E test cycle): o *Bugzilla Bug #224770* <https://bugzilla.redhat.com/show_bug.cgi?id=224770>-Apply "use strict" methodology to "pkicommon/pkicreate/pkiremove/pkicomplete" . . . o *Bugzilla Bug #951886* <https://bugzilla.redhat.com/show_bug.cgi?id=951886>-Refactor 'get_port_configuration_mode()' in 'pkicommon' o *Bugzilla Bug #951887* <https://bugzilla.redhat.com/show_bug.cgi?id=951887>-Use of unlabelled SELinux ports on VIPs to support 'IP Separation' o *Bugzilla Bug #951890* <https://bugzilla.redhat.com/show_bug.cgi?id=951890>-Include default EE clientauth port (9446) in pki-selinux policy o *Bugzilla Bug #951891* <https://bugzilla.redhat.com/show_bug.cgi?id=951891>-'silent_ra_to_... fails to configure an RA successfully o *Bugzilla Bug #910175* <https://bugzilla.redhat.com/show_bug.cgi?id=910175>-[DOC] Cert System 8.1 - IP Port Separation Configuration Mode (additional material has been added to this bug)