[Pki-devel] [PATCH] 158 - add interactive install for the tomcat tps
Ade Lee
alee at redhat.com
Fri Sep 20 16:10:29 UTC 2013
acked by Endi. pushed to master.
On Fri, 2013-09-20 at 09:11 -0400, Ade Lee wrote:
> Ok, made the suggested changes. New patch attached.
>
> The current output now looks like this:
>
> Subsystem (CA/KRA/OCSP/TKS/TPS) [CA]: TPS
>
> Tomcat:
> Instance [pki-tomcat]:
> HTTP port [8080]:
> Secure HTTP port [8443]:
> AJP port [8009]:
> Management port [8005]:
>
> Administrator:
> Username [tpsadmin]:
> Password:
> Verify password:
> Import certificate (Yes/No) [Y]?
> Import certificate from [/root/.dogtag/pki-tomcat/ca_admin.cert]:
> Export certificate to [/root/.dogtag/pki-tomcat/tps_admin.cert]:
>
> Directory Server:
> Hostname [vm-132.idm.lab.bos.redhat.com]:
> Port [389]: 55389
> Bind DN [cn=Directory Manager]:
> Password:
> Base DN [o=pki-tomcat-TPS]:
> Base DN already exists. Overwrite (Yes/No/Quit)? Yes
>
> Security Domain:
> Hostname [vm-132.idm.lab.bos.redhat.com]:
> Secure HTTP port [8443]:
> Name: domain 0917 take 2
> Username [caadmin]:
> Password:
>
> External Servers:
> CA URL [https://vm-132.idm.lab.bos.redhat.com:8443]:
> TKS URL [https://vm-132.idm.lab.bos.redhat.com:8443]:
> Enable server side key generation (Yes/No) [No]? Yes
> KRA URL [https://vm-132.idm.lab.bos.redhat.com:8443]:
>
> Authentication Database:
> Hostname [vm-132.idm.lab.bos.redhat.com]:
> Port [389]:
> Base DN: dc=redhat,dc=com
>
> Begin installation (Yes/No/Quit)?
>
> All good?
>
> Ade
>
> On Thu, 2013-09-19 at 17:16 -0500, Endi Sukma Dewata wrote:
> > On 9/19/2013 1:13 PM, Ade Lee wrote:
> > > This patch adds interactive install for the tomcat tps.
> > >
> > > Please review,
> > > Ade
> >
> > Some issues:
> >
> > 1. The following line doesn't assign the result to the status variable:
> >
> > parser.get_server_status('tks', 'pki_tks_uri')
> >
> > 2. My TPS installation failed to create the database. I'm still
> > investigating the problem.
> >
> >
> > There are some minor visual issues, please see if they make sense. This
> > is the current pkispawn output:
> >
> > TPS Parameters:
> > CA URI [https://localhost:8443]:
> > TKS URI [https://localhost:8443]:
> > Enable Server Side Key Generation (Yes/No)? y
> > DRM URI [https://localhost:8443]:
> > Authentication Database Hostname [localhost]:
> > Authentication Database Port [389]:
> > Authentication Database Base DN: dc=example,dc=com
> > Begin installation (Yes/No/Quit)?
> >
> > 3. Instead of "TPS Parameters" we can use "Token Processing Service" or
> > "External Servers".
> >
> > 4. The "Authentication Database" could also be put into a separate
> > section to avoid repetitions.
> >
> > 5. To be consistent the questions shouldn't use capital letters unless
> > it's the beginning of the sentence, in abbreviations or names. So in
> > this case the questions should say:
> >
> > Enable server-side key generation
> > Authentication database hostname
> > Authentication database port
> > Authentication database base DN
> >
> > 6. The "Enable server-side key generation" question probably should have
> > a default value of "N". This way someone trying out TPS can continue
> > with minimal configuration.
> >
> > 7. There has been an unresolved issue about the usage of KRA vs DRM.
> > However, since pkispawn has consistently use KRA in its output, we
> > should use that instead of DRM.
> >
> > 8. It's probably better to use "URL" or "location" instead of "URI"
> > since the value has to point to an actual location, not just a name. We
> > probably have been using URI incorrectly in the code.
> >
> > 9. There should be a single blank line between the last question and
> > "Begin installation" to signify the end of questions.
> >
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list