Re: [Freeipa-devel] Upgrading a machine to use the proxy.
OK, here's something closer to releasable and written in Perl. This script will upgrade the proxy ports to 9444 by default, or allow you to override by setting the first parameter. enable_proxy_dogtag.pl Description: Perl program ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] Upgrading a machine to use the proxy.
Adam Young wrote:
To convert an older build where the PKI system wasn't proxied:
awk '{print $0} /Define an AJP 1.3 Connector on port/ {print Connector
port=\9447\ protocol=\AJP/1.3\ redirectPort=\9444\ /} }'
/etc/pki-ca/server.xml server.xml.new ; mv server.xml.new
/etc/pki-ca/server.xml
sed -e s/\[PKI_MACHINE_NAME\]/$HOSTNAME/g -e
s/\[PKI_AJP_PORT\]/9444/g /usr/share/pki/ca/conf/proxy.conf
/etc/pki-ca/proxy.conf
I've used the default ports here. Adjest is you've altered yours.
IPA copies the proxy.conf file into /etc/httpd/conf.d and renames it.
You can do the same thing by hand.
I'm not sure if this should go into PKI or IPA.
Since these are dogtag configuration files I think dogtag needs to
handle updating them.
rob
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] Upgrading a machine to use the proxy.
On 09/14/2011 04:46 PM, Rob Crittenden wrote:
Adam Young wrote:
To convert an older build where the PKI system wasn't proxied:
awk '{print $0} /Define an AJP 1.3 Connector on port/ {print Connector
port=\9447\ protocol=\AJP/1.3\ redirectPort=\9444\ /} }'
/etc/pki-ca/server.xml server.xml.new ; mv server.xml.new
/etc/pki-ca/server.xml
sed -e s/\[PKI_MACHINE_NAME\]/$HOSTNAME/g -e
s/\[PKI_AJP_PORT\]/9444/g /usr/share/pki/ca/conf/proxy.conf
/etc/pki-ca/proxy.conf
I've used the default ports here. Adjest is you've altered yours.
IPA copies the proxy.conf file into /etc/httpd/conf.d and renames it.
You can do the same thing by hand.
I'm not sure if this should go into PKI or IPA.
Since these are dogtag configuration files I think dogtag needs to
handle updating them.
Agree.
rob
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
---
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] Upgrading a machine to use the proxy.
To convert an older build where the PKI system wasn't proxied:
awk '{print $0} /Define an AJP 1.3 Connector on port/ {print
Connector port=\9447\ protocol=\AJP/1.3\ redirectPort=\9444\
/} }' /etc/pki-ca/server.xml server.xml.new ; mv server.xml.new
/etc/pki-ca/server.xml
sed -e s/\[PKI_MACHINE_NAME\]/$HOSTNAME/g -e
s/\[PKI_AJP_PORT\]/9444/g /usr/share/pki/ca/conf/proxy.conf
/etc/pki-ca/proxy.conf
I've used the default ports here. Adjest is you've altered yours.
IPA copies the proxy.conf file into /etc/httpd/conf.d and renames it.
You can do the same thing by hand.
I'm not sure if this should go into PKI or IPA.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
