Everyone,
It has been brought to my attention (and rightly so) that the
'pkideployment.cfg' file required by the 'pkispawn' executable is
confusing to use.
One suggestion was simply to rename the file from
'pkideployment.cfg' to something like 'pkideployment.cfg.template'
to denote that this is actually a template, and not an actual final
configuration file, and rely solely upon a well-written man page
(see TRAC Ticket #227 - Dogtag 10: Document
'pkideployment.cfg') which is not slated to be finished until
the final phase of the Dogtag 10 release. Not everyone likes this
suggestion.
Another suggestion was to create separate template files for all the
various "flavors"/"configurations", but I am not in favor of this
approach as it leads to a problem of keeping too much identical
information in sync across the various template files. A slight
alternative to this would be to create separate sectional files that
are pasted together to create a single configuration file (which in
my opinion is way too complicated for what should be a relatively
simple configuration file).
Therefore, I would like to suggest another alternative -- rather
than creating one or more "static" templates, I would like to
suggest the creation of a simple python script which generates a
configuration file suitable for the user's subsystem choice. For
example, this simple script could be used to generate a suitable
configuration file which could easily be edited by an end-user to
produce a 'pkideployment.cfg' configuration file to any one of the
following:
- CA
- KRA
- OCSP
- TKS
- RA
- TPS
- CA Clone
- KRA Clone
- OCSP Clone
- TKS Clone
- External CA (stage 1)
- External CA (stage 2)
- Subordinate CA
'TRAC Ticket #227 - Dogtag 10: Document
'pkideployment.cfg' will still be utilized to provide details
on what all of the various name/value pairs are used for (along with
both their resident default values as well as the computed default
values of keys which are purposefully left unassigned), as well as
provide detailed examples.
Please fill free to comment in response to this email and suggest
any other alternatives. If the alternative that I suggest here is
approved of, I am willing to writeup a brief design document for
such a 'pkispawn pkideployment.cfg' configuration file generator.
-- Matt