Please review and provide an ACK for the attached patch. This patch attempts to continue implementation of the PKI Deployment Framework based upon the revised filesystem layout documented here: * http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment#CA_.2F_KRA_.2F_... The following patch adds/corrects functionality of the existing PKI Deployment Framework including (but not limited to): * Massaged logic to comply with PKI subsystems running within a shared instance * Developed code to take advantage of a single shared NSS security database model * Completed the following two 'scriptlets': o Dogtag 10: Python 'slot_assignment.py' Installation Scriptlet (https://fedorahosted.org/pki/ticket/146) o Dogtag 10: Python 'security_databases.py' Installation Scriptlet (https://fedorahosted.org/pki/ticket/136) * Created several additional PKI deployment helper utilities. After being installed on a FRESH system, this code can be tested by running the following command-line examples (as 'root' or 'sudo'): * mkdir /tmp/pki * sudo pkispawn -s CA -p /tmp/pki -v --dry_run * sudo pkispawn -s CA -p /tmp/pki -v * sudo pkispawn -s CA -p /tmp/pki -u -v --dry_run * sudo pkispawn -s CA -p /tmp/pki -u -v * sudo pkidestroy -s CA -p /tmp/pki -v --dry_run * sudo pkidestroy -s CA -p /tmp/pki -v For the most part, this code ONLY affects the un-released 'pki-deploy' package, so check-in of these changes should not harm the existing source in any way. The exceptions to this are changes to the following three previously existing files: * base/ca/shared/conf/CS.cfg.in * base/ra/apache/conf/httpd.conf * base/tps/apache/conf/httpd.conf and the addition of the following new qqfour files to account for the eventual move to Tomcat 7: * base/ca/shared/conf/tomcat.conf * base/kra/shared/conf/tomcat.conf * base/ocsp/shared/conf/tomcat.conf * base/tks/shared/conf/tomcat.conf Thanks in advance, -- Matt