Since Dogtag 10 will encapsulate its various Java-based subsystems (CA, KRA, OCSP, TKS) under a single Tomcat 7 instance, the file system layout of files/directories used by Dogtag is changing to accomodate this.
If FreeIPA directly manipulates any of the Dogtag files/directories, it will need changes to accomodate the new layout (e. g. - FreeIPA currently accesses one of the profiles).
As a consequence of this new layout, the new installer in Dogtag 10 uses different commands:
- pkispawn which replaces (pkicreate/pkisilent), and - pkidestroy which replaces (pkiremove)
Since the installation options are supplied via a file now, FreeIPA will need to change the way it calls the Dogtag installer.
Design for these features are available at the following URL:
- http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment
Details will follow once this new layout and installation mechanism become available (targeted 8/1/2012 for F18).
A patch is on the list, but the changes need to be put in platform code so IPA can run with either Dogtag 9 or10.
This needs to be done for Fedora 18 as we don't want a big platform-specific patch for f18.
This is not the approach we are going to use. Talk to alee. He provided the patch that will be in F18 to use Dogtag 10 only. This is the current plan of record. This ticket needs to be closed as invalid.
master:[[br]] 4f76c14[[br]] 3dd31a8[[br]]
ipa-3-0:[[br]] 1d1c8b4[[br]] 5c293e4[[br]]
Additional fix to make ipa-replica-prepare work when dogtag 9 is upgraded to dogtag 10:
ipa-replica-prepare
master: 4bb4535[[BR]] ipa-3-0: 7c8130c
Metadata Update from @mharmsen: - Issue assigned to pviktori - Issue set to the milestone: FreeIPA 3.0 Beta 3
Login to comment on this ticket.