User should be able to do a default install without modifying config files:
pkispawn or pkispawn -h (would provide usage) pkispawn -D (would create a default instance containing all 4 subsystems, using pkideployment.cfg). In this case, the user would be prompted for passwords. pkispawn -D --generate_passwords would configure as above, would prompt for the DS password (and maybe the admin password), and would generate the remaining passwords.
To clarify, subsystem installation can be done interactively as follows:
% pkispawn Dogtag 10.0.0 Subsystem Installation ------------------------------------ Subsystem type (CA/KRA/OCSP/TKS): CA Instance name [pki-tomcat]: Port [8080]: Secure port [8443]: Admin username [caadmin]: Admin password: ***** Security domain name [EXAMPLE.COM]: Directory server hostname [localhost]: Directory server port [389]: Directory server suffix [o=pki-tomcat-CA]: Directory server bind DN [cn=Directory Manager]: Directory server password: ***** Installation complete.
Note: To simplify the process the passwords for client database, token, etc. will be identical to the admin password. It's possible to specify different passwords via config file.
Silent installation can be done with a config file:
% pkispawn -f ca.cfg Dogtag 10.0.0 Subsystem Installation ------------------------------------ Reading configuration file ca.cfg. Installation complete.
When installing additional subsystem, pkispawn will require security domain information:
% pkispawn Dogtag 10.0.0 Subsystem Installation ------------------------------------ Subsystem type (CA/KRA/OCSP/TKS): KRA Instance name [pki-tomcat]: Admin username [kraadmin]: Admin password: ***** Security domain hostname [localhost]: Security domain port [8443]: Security domain name [EXAMPLE.COM]: Security domain user [caadmin]: Security domain password: ***** Directory server hostname [localhost]: Directory server port [389]: Directory server suffix [o=pki-tomcat-KRA]: Directory server bind DN [cn=Directory Manager]: Directory server password: ***** Installation complete.
Removing the subsystem can be done interactively:
% pkidestroy Dogtag 10.0.0 Subsystem Removal ------------------------------- Subsystem type (CA/KRA/OCSP/TKS): KRA Instance name [pki-tomcat]: Removal complete.
Or silently:
% pkidestroy -s KRA Dogtag 10.0.0 Subsystem Removal ------------------------------- Removal complete.
master: 981ebcce84770c9d48e80fc9b5ffd2bbf8fd0816
Metadata Update from @vakwetu: - Issue assigned to edewata - Issue set to the milestone: 10.0.2
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/951
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.