Bug 458337
Summary: | Provide separate listening ports for CS | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Retired] Dogtag Certificate System | Reporter: | Jack Magne <jmagne> | ||||||||||
Component: | Other | Assignee: | Matthew Harmsen <mharmsen> | ||||||||||
Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> | ||||||||||
Severity: | medium | Docs Contact: | |||||||||||
Priority: | urgent | ||||||||||||
Version: | 1.0 | CC: | alee, awnuk, benl, bob.lord, cfu, jmagne, mharmsen | ||||||||||
Target Milestone: | --- | ||||||||||||
Target Release: | --- | ||||||||||||
Hardware: | All | ||||||||||||
OS: | Linux | ||||||||||||
Whiteboard: | |||||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||||
Doc Text: | Story Points: | --- | |||||||||||
Clone Of: | Environment: | ||||||||||||
Last Closed: | 2009-07-22 23:29:32 UTC | Type: | --- | ||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||
Documentation: | --- | CRM: | |||||||||||
Verified Versions: | Category: | --- | |||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||
Embargoed: | |||||||||||||
Bug Depends On: | |||||||||||||
Bug Blocks: | 443788 | ||||||||||||
Attachments: |
|
Description
Jack Magne
2008-08-07 17:17:22 UTC
Created attachment 313719 [details]
Fix for port separation
+ mharmsen attachment (id=313719) SUGGESTIONS for pkicreate: (1) change the comment at the top from this: # -secure_port=9543 || -agent_secure_port=9543 # -ee_secure_port=9544 # -admin_secure_port=9545 to something like this: # -secure_port=9543 || -agent_secure_port=9543 # -ee_secure_port=9544 # -admin_secure_port=9545 (2) change the "emit()" calls to be more specific; for example, change this: emit( "Failed to delete directory for port separation ...\n" ); to something like this: emit( "Failed to delete directory $ee_base_ui_instance_dir for port separation ...\n" ); (3) align ALL code that required indenting; for example, change: - # create instance symlink to "osutil.jar" - $result = create_symbolic_link( $osutil_jar_symlink_path, + $result = create_symbolic_link( $osutil_jar_symlink_path, $osutil_jar_file_path ); to: - # create instance symlink to "osutil.jar" - $result = create_symbolic_link( $osutil_jar_symlink_path, - $osutil_jar_file_path ); + $result = create_symbolic_link( $osutil_jar_symlink_path, + $osutil_jar_file_path ); SUGGESTIONS for CMSEngine: (1) Align the code that is inside the for() loop to be uniform. Sending pki-ca.spec Transmitting file data . Committed revision 85. Sending pki-common.spec Transmitting file data . Committed revision 86. Sending pki-setup.spec Transmitting file data . Committed revision 87. Sending pki-tks.spec Transmitting file data . Committed revision 88 Sending pki-ocsp.spec Transmitting file data . Committed revision 89. Sending pki-kra.spec Transmitting file data . Committed revision 90. Sending web.xml Transmitting file data . Committed revision 91. Sending velocity.properties Transmitting file data . Committed revision 92. Sending server.xml Transmitting file data . Committed revision 93. Sending MainPageServlet.java Transmitting file data . Committed revision 94. Sending CMSEngine.java Transmitting file data . Committed revision 95. Sending pkicreate Transmitting file data . Committed revision 96. Sending pkicommon Transmitting file data . Committed revision 97. Sending velocity.properties Sending web.xml Transmitting file data .. Committed revision 98. Sending server.xml Transmitting file data . Committed revision 99. Sending velocity.properties Sending web.xml Transmitting file data .. Committed revision 100. Sending server.xml Transmitting file data . Committed revision 103. The remainder of this bug is simply to create default instances using the port-separated logic for CA, DRM, OCSP, and TKS. From Ade Lee's email: Here are the ports currently defined in selinux for the default instance. I've actually chosen to not define these in the pki-selinux rpm for the future and just have the startup scripts define them. But they are defined in the current rhel 5.3 selinux reference policy rpm - so we should just use them. pki_ca 9180 (non-ssl), 9701 (tomcat),9443 (ssl), 9444, 9445 pki_kra 10180 (non-ssl), 10701 (tomcat), 10443 (ssl), 10444, 10445 pki_ocsp 11180 (non-ssl), 11701 (tomcat), 11443(ssl), 11444, 11445 pki_ra 12888 (non-ssl), 12889 (ssl) pki_tks 13180 (non-ssl), 13701 (tomcat), 13443(ssl), 13444, 13445 pki_tps 7888 (non-ssl), 7889 (ssl) Additionally, Bugzilla Bug #485859 specifies the following additional ports: pki_ra 12890 (non_clientauth_ssl) pki-tps 7890 (non_clientauth_ssl) Created attachment 333112 [details]
PKI ports for default CA, DRM, OCSP, and TKS instances
attachment (id=333112) +awnuk % svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^? M dogtag/ca/pki-ca.spec M dogtag/tks/pki-tks.spec M dogtag/ocsp/pki-ocsp.spec M dogtag/kra/pki-kra.spec M base/ca/setup/postinstall M base/tks/setup/postinstall M base/ocsp/setup/postinstall M base/kra/setup/postinstall % svn commit Sending base/ca/setup/postinstall Sending base/kra/setup/postinstall Sending base/ocsp/setup/postinstall Sending base/tks/setup/postinstall Sending dogtag/ca/pki-ca.spec Sending dogtag/kra/pki-kra.spec Sending dogtag/ocsp/pki-ocsp.spec Sending dogtag/tks/pki-tks.spec Transmitting file data ........ Committed revision 244. Re-opening bug to provide NEW default security domain port in initial CS.cfg files. Created attachment 333424 [details]
Base diffs
Created attachment 333425 [details]
Dogtag diffs
Attachments (id=333424,id=333425) +jmagne. pki/base: % svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^? M ca/shared/conf/CS.cfg M common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java M common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java M common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java M common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java M common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java M common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java M tks/shared/conf/CS.cfg M ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm M ra/lib/perl/PKI/RA/wizard.pm M ra/lib/perl/PKI/RA/Login.pm M ra/lib/perl/PKI/RA/SecurityDomainPanel.pm M ocsp/shared/conf/CS.cfg M tps/lib/perl/PKI/TPS/DisplayCertChainPanel.pm M tps/lib/perl/PKI/TPS/wizard.pm M tps/lib/perl/PKI/TPS/Login.pm M tps/lib/perl/PKI/TPS/SecurityDomainPanel.pm M kra/shared/conf/CS.cfg % svn commit Sending base/ca/shared/conf/CS.cfg Sending base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java Sending base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java Sending base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java Sending base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java Sending base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java Sending base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java Sending base/kra/shared/conf/CS.cfg Sending base/ocsp/shared/conf/CS.cfg Sending base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm Sending base/ra/lib/perl/PKI/RA/Login.pm Sending base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm Sending base/ra/lib/perl/PKI/RA/wizard.pm Sending base/tks/shared/conf/CS.cfg Sending base/tps/lib/perl/PKI/TPS/DisplayCertChainPanel.pm Sending base/tps/lib/perl/PKI/TPS/Login.pm Sending base/tps/lib/perl/PKI/TPS/SecurityDomainPanel.pm Sending base/tps/lib/perl/PKI/TPS/wizard.pm Transmitting file data .................. Committed revision 259. pki/dogtag: % svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^? M tps-ui/shared/docroot/tps/admin/console/config/securitydomainloginpanel.vm M tps-ui/dogtag-pki-tps-ui.spec M ca/pki-ca.spec M common/pki-common.spec M tks/pki-tks.spec M ra/pki-ra.spec M common-ui/dogtag-pki-common-ui.spec M common-ui/shared/admin/console/config/securitydomainloginpanel.vm M ocsp/pki-ocsp.spec M tps/pki-tps.spec M kra/pki-kra.spec M ra-ui/shared/docroot/ra/admin/console/config/securitydomainloginpanel.vm M ra-ui/dogtag-pki-ra-ui.spec % svn commit Sending dogtag/ca/pki-ca.spec Sending dogtag/common/pki-common.spec Sending dogtag/common-ui/dogtag-pki-common-ui.spec Sending dogtag/common-ui/shared/admin/console/config/securitydomainloginpanel.vm Sending dogtag/kra/pki-kra.spec Sending dogtag/ocsp/pki-ocsp.spec Sending dogtag/ra/pki-ra.spec Sending dogtag/ra-ui/dogtag-pki-ra-ui.spec Sending dogtag/ra-ui/shared/docroot/ra/admin/console/config/securitydomainloginpanel.vm Sending dogtag/tks/pki-tks.spec Sending dogtag/tps/pki-tps.spec Sending dogtag/tps-ui/dogtag-pki-tps-ui.spec Sending dogtag/tps-ui/shared/docroot/tps/admin/console/config/securitydomainloginpanel.vm Transmitting file data ............. Committed revision 260. Verified with 06/03 nightly build. [root@sigma ~]# service pki-ca status ; service pki-kra status ; service pki-ocsp status ; service pki-tks status ; service pki-tps status; pki-ca (pid 6954) is running ... Unsecure Port = http://sigma.dsdev.sjc.redhat.com:9180/ca/ee/ca Secure Agent Port = https://sigma.dsdev.sjc.redhat.com:9443/ca/agent/ca Secure EE Port = https://sigma.dsdev.sjc.redhat.com:9444/ca/ee/ca Secure Admin Port = https://sigma.dsdev.sjc.redhat.com:9445/ca/services PKI Console Port = pkiconsole https://sigma.dsdev.sjc.redhat.com:9445/ca Tomcat Port = 9701 (for shutdown) pki-kra (pid 8992) is running ... Unsecure Port = http://sigma.dsdev.sjc.redhat.com:10180/kra/ee/kra Secure Agent Port = https://sigma.dsdev.sjc.redhat.com:10443/kra/agent/kra Secure EE Port = https://sigma.dsdev.sjc.redhat.com:10444/kra/ee/kra Secure Admin Port = https://sigma.dsdev.sjc.redhat.com:10445/kra/services PKI Console Port = pkiconsole https://sigma.dsdev.sjc.redhat.com:10445/kra Tomcat Port = 10701 (for shutdown) pki-ocsp (pid 9930) is running ... Unsecure Port = http://sigma.dsdev.sjc.redhat.com:11180/ocsp/ee/ocsp Secure Agent Port = https://sigma.dsdev.sjc.redhat.com:11443/ocsp/agent/ocsp Secure EE Port = https://sigma.dsdev.sjc.redhat.com:11444/ocsp/ee/ocsp Secure Admin Port = https://sigma.dsdev.sjc.redhat.com:11445/ocsp/services PKI Console Port = pkiconsole https://sigma.dsdev.sjc.redhat.com:11445/ocsp Tomcat Port = 11701 (for shutdown) pki-tks (pid 8035) is running ... Unsecure Port = http://sigma.dsdev.sjc.redhat.com:13180/tks/ee/tks Secure Agent Port = https://sigma.dsdev.sjc.redhat.com:13443/tks/agent/tks Secure EE Port = https://sigma.dsdev.sjc.redhat.com:13444/tks/ee/tks Secure Admin Port = https://sigma.dsdev.sjc.redhat.com:13445/tks/services PKI Console Port = pkiconsole https://sigma.dsdev.sjc.redhat.com:13445/tks Tomcat Port = 13701 (for shutdown) pki-tps (pid 12118) is running ... Unsecure Port = http://sigma.dsdev.sjc.redhat.com:7888/cgi-bin/so/enroll.cgi (ESC Security Officer Enrollment) Unsecure Port = http://sigma.dsdev.sjc.redhat.com:7888/cgi-bin/home/index.cgi (ESC Phone Home) Secure Clientauth Port = https://sigma.dsdev.sjc.redhat.com:7889/cgi-bin/sow/welcome.cgi (ESC Security Officer Workstation) Secure Clientauth Port = https://sigma.dsdev.sjc.redhat.com:7889/tus (TPS Roles - Operator/Administrator/Agent) Secure Non-Clientauth Port = https://sigma.dsdev.sjc.redhat.com:7890/cgi-bin/so/enroll.cgi (ESC Security Officer Enrollment) Secure Non-Clientauth Port = https://sigma.dsdev.sjc.redhat.com:7890/cgi-bin/home/index.cgi (ESC Phone Home) [root@sigma ~]# |