While debugging a CA 'clone' configuration, it was noticed that the EXAMPLE configuration file for a CA clone in the 'pkispawn' man page is incorrect. Rather than specifying:
[DEFAULT] pki_admin_password=password123 pki_client_pkcs12_password=password123 pki_ds_password=password123 pki_security_domain_password=password123 pki_security_domain_hostname=<master_ca_hostname> pki_security_domain_https_port=<master_ca_https_port> pki_security_domain_user=caadmin [CA] pki_clone=True pki_clone_pkcs12_password=password123 pki_clone_pkcs12_path=<path_to_pkcs12_file> pki_clone_replicate_schema=True pki_clone_uri=https://<master_ca_hostname>:<master_ca_https_port>
it should specify:
[DEFAULT] pki_admin_password=password123 pki_client_database_password=password123 pki_client_pkcs12_password=password123 pki_ds_password=password123 pki_security_domain_hostname=<master_ca_hostname> pki_security_domain_https_port=<master_ca_https_port> pki_security_domain_password=password123 [Tomcat] pki_clone=True pki_clone_pkcs12_password=password123 pki_clone_pkcs12_path=<path_to_pkcs12_file> pki_clone_uri=https://<master_ca_hostname>:<master_ca_https_port>
Optionally:
NOTE: As stated in the man page, these parameters reflect location of a master CA and cloned CA on separate machines. Should they co-exist on the same machine (e. g. - testing purposes), the config file would need to reflect this:
[DEFAULT] pki_admin_password=password123 pki_client_database_password=password123 pki_client_pkcs12_password=password123 pki_ds_password=password123 pki_ds_ldap_port=<unique port different from master> pki_ds_ldaps_port=<unique port different from master> pki_http_port=<unique port different from master> pki_https_port=<unique port different from master> pki_instance_name=<unique name different from master> pki_security_domain_hostname=<master_ca_hostname> pki_security_domain_https_port=<master_ca_https_port> pki_security_domain_password=password123 [Tomcat] pki_ajp_port=<unique port different from master> pki_clone=True pki_clone_pkcs12_password=password123 pki_clone_pkcs12_path=<path_to_pkcs12_file> pki_clone_uri=https://<master_ca_hostname>:<master_ca_https_port> pki_tomcat_server_port=<unique port different from master> [CA] pki_ds_base_dn=<identical value as master> pki_ds_database=<identical value as master>
proposed Milestone 10.2.1
PKI TRAC Ticket #870 - Consider changing default value of 'pki_clone_replicate_schema' variable blocks this ticket, as it may be necessary to reflect any changes in the 'pkispawn' man page.
Per CS/DS meeting of 08/04/2014: moving to Milestone 10.2.1
Proposed Milestone: 10.2.3 (per CS Meeting of 09/17/2014)
man page (complete earlier if possible)
Per Dogtag 10.2.X meeting of 01/14/2015: Milestone 10.2 Backlog
Fixed:
[alee@aleeredhat pki]$ git push origin master Counting objects: 57, done. Delta compression using up to 8 threads. Compressing objects: 100% (7/7), done. Writing objects: 100% (7/7), 1.21 KiB | 0 bytes/s, done. Total 7 (delta 5), reused 0 (delta 0) To ssh://vakwetu@git.fedorahosted.org/git/pki.git 16fe7df..a330715 master -> master
Metadata Update from @mharmsen: - Issue assigned to vakwetu - Issue set to the milestone: 10.2 Backlog
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1639
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.