[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Pki-devel] [PATCH] 261 -- patch for cloning man pag changes (ticket 1076)



Man page changes for Ticket 1076.

Please review,
Ade

>From 8fde7075b2a2497918eade91e78aa0ee303bb02c Mon Sep 17 00:00:00 2001
From: Ade Lee <alee redhat com>
Date: Mon, 13 Jul 2015 13:53:51 -0400
Subject: [PATCH] Man page updates for cloning

Ticket 1076
---
 base/server/man/man8/pkispawn.8 | 43 +++++++++++++++++++++++++++++++++++++----
 1 file changed, 39 insertions(+), 4 deletions(-)

diff --git a/base/server/man/man8/pkispawn.8 b/base/server/man/man8/pkispawn.8
index f480f9c45f84a32adc4ac833a88071525a44b0a2..4b6f2baa66be24c3e5c3707eaff991cb2600836f 100644
--- a/base/server/man/man8/pkispawn.8
+++ b/base/server/man/man8/pkispawn.8
@@ -299,7 +299,7 @@ pki_security_domain_hostname=<master_ca_hostname>
 pki_security_domain_https_port=<master_ca_https_port>
 pki_security_domain_user=caadmin
 
-[CA]
+[Tomcat]
 pki_clone=True
 pki_clone_pkcs12_password=\fIpassword123\fP
 pki_clone_pkcs12_path=<path_to_pkcs12_file>
@@ -326,7 +326,7 @@ clone# chown pkiuser: /backup_keys.p12
 clone# semanage -a -t pki_tomcat_cert_t /root/backup_keys.p12\fP
 .fi
 .PP
-.SS Installing a KRA or TKS clone (OCSP unsupported as of now)
+.SS Installing a KRA or TKS clone (OCSP and TPS unsupported as of now)
 \x'-1'\fBpkispawn \-s <subsystem> \-f myconfig.txt\fR
 .PP
 where subsystem is KRA or TKS and \fImyconfig.txt\fP contains the following text:
@@ -342,7 +342,7 @@ pki_security_domain_hostname=<master_ca_hostname>
 pki_security_domain_https_port=<master_ca_https_port>
 pki_security_domain_user=caadmin
 
-[KRA]
+[Tomcat]
 pki_clone=True
 pki_clone_pkcs12_password=\fIpassword123\fP
 pki_clone_pkcs12_path=<path_to_pkcs12_file>
@@ -353,7 +353,42 @@ pki_issuing_ca=https://<ca_hostname>:<ca_https_port>
 .PP
 As with a CA clone, a KRA or TKS clone uses the same certificates and basic configuration as the original subsystem. The configuration points to the original subsystem to copy its configuration. This example also assumes that the CA is on a remote machine and specifies the CA and security domain information.
 .PP
-The subsystem section is [KRA] or [TKS].
+The parameter \fBpki_clone_uri\fP should be modified to point to the required master (DRM or TKS).
+.SS Installing a clone CA on the same server (for testing)
+\x'-1'\fBpkispawn \-s CA \-f myconfig.txt\fR
+.PP
+where \fImyconfig.txt\fP contains the following text:
+.IP
+.nf
+[DEFAULT]
+pki_admin_password=password123
+pki_client_database_password=password123
+pki_client_pkcs12_password=password123
+pki_ds_password=password123
+pki_ds_ldap_port=<unique port different from master>
+pki_ds_ldaps_port=<unique port different from master>
+pki_http_port=<unique port different from master>
+pki_https_port=<unique port different from master>
+pki_instance_name=<unique name different from master>
+pki_security_domain_hostname=<master_ca_hostname>
+pki_security_domain_https_port=<master_ca_https_port>
+pki_security_domain_password=password123
+
+[Tomcat]
+pki_ajp_port=<unique port different from master>
+pki_clone=True
+pki_clone_pkcs12_password=password123
+pki_clone_pkcs12_path=<path_to_pkcs12_file>
+pki_clone_uri=https://<master_ca_hostname>:<master_ca_https_port>
+pki_tomcat_server_port=<unique port different from master>
+
+[CA]
+pki_ds_base_dn=<identical value as master>
+pki_ds_database=<identical value as master>
+.fi
+.PP
+For testing purposes, it is useful to configure cloned CAs which exist (with their internal databases) on the same host.  In this case, because both CA Tomcat instances are on the same host, they must have distinct ports.  Similarly, each CA must use a distinct directory server instance for its internal database.  Like the Tomcat instances, these are distinguished by distinct ports.  The suffix being replicated (\fBpki_ds_base\fP), however, must be the same for both master and clone.
+
 .SS Installing a subordinate CA
 \x'-1'\fBpkispawn \-s CA \-f myconfig.txt\fR
 .PP
-- 
1.9.3


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]