pki-bot
commented
4 years ago Comment from vakwetu (@vakwetu) at 2012-07-27 19:51:52
These are the parameters that we need to overwrite in IPA installs. As such they need to be added as a first priority, IPA will take the remaining defaults as specified. Most of these are already present.
replacevars = {
"pki_proxy_http_port": "80",
"pki_proxy_https_port": "443",
"pki_client_database_path": self.ca_agent_db,
"pki_client_database_password": self.admin_password,
"pki_client_database_purge": "False"
"pki_client_pkcs12_path": "/root/ca-agent.p12"
"pki_client_pkcs12_password": self.admin_password,
"pki_security_domain_name": self.domain_name,
"pki_admin_email": "root@localhost",
"pki_admin_password": self.admin_password,
"pki_admin_nickname": "ipa-ca-agent",
"pki_admin_subject_dn": "CN=ipa-ca-agent,%s" % self.subject_base,
"pki_ds_ldap_port": str(self.ds_port),
"pki_ds_password": self.dm_password,
"pki_ds_base_dn": self.basedn,
"pki_ds_database": "ipaca",
"pki_backup_keys": "True",
"pki_backup_password": self.admin_password,
"pki_backup_file": "/root/cacert.p12"
"pki_subsystem_subject_dn": \
"CN=CA Subsystem,%s" % self.subject_base,
"pki_ocsp_signing_subject_dn": \
"CN=OCSP Subsystem,%s" % self.subject_base,
"pki_ssl_server_subject_dn": \
"CN=%s,%s" % (self.fqdn, self.subject_base),
"pki_audit_signing_subject_dn": \
"CN=CA Audit,%s" % self.subject_base,
"pki_ca_signing_subject_dn": \
"CN=Certificate Authority,%s" % self.subject_base
}
if (self.clone):
cafile = self.pkcs12_info[0]
shutil.copy(cafile, "/tmp/ca.p12")
pent = pwd.getpwnam(PKI_USER)
os.chown("/tmp/ca.p12", pent.pw_uid, pent.pw_gid )
clone_vars = {
"pki_clone_pkcs12_password": self.dm_password,
"pki_clone": "True",
"pki_clone_pkcs12_path": "/tmp/ca.p12",
"pki_security_domain_hostname" : self.master_host,
"pki_security_domain_https_port", "443",
"pki_security_domain_password", self.admin_password,
"pki_clone_replication_security": "SSL",
"pki_clone_uri": \
"https://%s" % ipautil.format_netloc(self.master_host, 443)
}
replacevars.update(clone_vars)
if self.external == 1:
external_vars = {
"pki_external": "True",
"pki_external_csr_path": self.csr_file
}
replacevars.update(external_vars)
elif self.external == 2:
external_vars = {
"pki_external": "True",
"pki_external_ca_cert_path": self.cert_file,
"pki_external_ca_cert_chain_path": self.cert_chain_file,
"pki_external_step_two": "True"
}
replacevars.update(external_vars)
This issue was migrated from Pagure Issue #270. Originally filed by mharmsen (@mharmsen) on 2012-07-26 23:11:31:
This ticket exists for the express purpose of identifying any parameters which need to be added to the 'pkideployment.cfg'.
Thus far, the following parameters have been identified and need to be added (based upon values found in pki-silent):