[Pki-devel] [PATCH] RHCS 8.1 - SAN Multi-Host Patches [20130413]
Ade Lee
alee at redhat.com
Mon Apr 15 15:09:15 UTC 2013
Couple of small points:
In CAInfoPanel.pm, KRAInfoPanel.pm, TKSInfoPanel.pm (for TPS), and
CAInfoPanel (for RA):
* You add a comment about a code path that is no longer used. This is
actually a bug in pkisilent. Basically, we should be using - or have
the ability to use this option. Otherwise, we effectively only use the
first URL in the list when selecting CA, KRA, etc. Therefore I would
NOT put in this comment. We may even want to add a BZ to make TPS and
RA use this option.
* In the functions, get_secure_*_port_domain_xml and
get_secure_*_host_from domain_xml, you should break to exit the loop
once a match is made. Also, there is an unused counter variable $count
that should be removed.
Other than these issues, ACK.
Ade
On Sat, 2013-04-13 at 23:14 -0700, Matthew Harmsen wrote:
> Please review the attached patches which seek to implement 'Bugzilla
> Bug #902956 - [RFE] Cert System 8.1 - Provide automated option for IP
> separated configuration' for RHCS 8.1.
>
> Three new patches (two which are revisions to the previous patches,
> and one which represents a simple recursive diffs between the two
> 'pki' trees which contain the code changes) have been attached which
> address the remaining issues.
> * This version of the code has been tested utilizing the
> following configuration:
> * pki-ip-host (installation host - RHEL 5.9 x86_64)
> * pki-ca-agent (CA agent interface - virtual IP)
> * pki-ca-ee (CA EE interface - virtual IP)
> * pki-ca-ee-ca (CA EE clientauth interface -
> virtual IP)
> * pki-ca-admin (CA admin interface - virtual IP)
> * pki-kra-agent (KRA agent interface - virtual
> IP)
> * pki-kra-ee (KRA EE interface - virtual IP)
> * pki-kra-admin (KRA admin interface - virtual
> IP)
> * pki-rhel6 (RHDS 9.1 - RHEL 6.3 x86_64 which uses a
> different domain)
> * Tests utilizing the browser GUI interface have been tested
> successfully for the following PKI subsystems:
> * CA using four VIPs
> * KRA using three VIPs
> * OCSP (was never tested, but is strongly believed to
> work since the batch 'pkisilent' worked successfully)
> * TKS using 'pki-ip-host' as the address for all three
> hosts
> * RA connecting to this CA
> * TPS connecting to this CA, KRA, and TKS
> * Tests utilizing new 'pkisilent' batch process templates, the
> following PKI subsystems have been tested successfully:
> * CA using four VIPs
> * KRA using three VIPs
> * OCSP using 'pki-ip-host' as the address for all three
> hosts
> * TKS using 'pki-ip-host' as the address for all three
> hosts
> * RA failed to connect to this CA (Bugzilla Bug #951891
> filed)
> * TPS connecting to this CA, KRA, and TKS
> * Bugs have been filed for all remaining issues (many of which
> may be addressable during the Q/E test cycle):
> * Bugzilla Bug #224770 - Apply "use strict" methodology
> to "pkicommon/pkicreate/pkiremove/pkicomplete" . . .
> * Bugzilla Bug #951886 - Refactor
> 'get_port_configuration_mode()' in 'pkicommon'
> * Bugzilla Bug #951887 - Use of unlabelled SELinux ports
> on VIPs to support 'IP Separation'
> * Bugzilla Bug #951890 - Include default EE clientauth
> port (9446) in pki-selinux policy
> * Bugzilla Bug #951891 - 'silent_ra_to_ip_port.template'
> fails to configure an RA successfully
> * Bugzilla Bug #910175 - [DOC] Cert System 8.1 - IP Port
> Separation Configuration Mode (additional material has
> been added to this bug)
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list