-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME
145 lines (97 loc) · 3.35 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
README:
-------------
Project Name:
-------------
RHCS - Red Hat Certificate System
-----
About:
-----
This ansible playbook is written to setup all the subsystems(CA,KRA,OCSP,TKS and TPS).
These playbooks can setup the environment based on the topology specified in the runtime.
-------------
Requirements:
-------------
1. Ansible 2.0+ is needed for running these playbooks.
2. It can be downloaded from below mentioned ways:
> http://docs.ansible.com/ansible/intro_installation.html
> easy_install pip
> git clone git://github.com/ansible/ansible.git --recursive
> epel
EPEL installation can be easily done from your yum by putting it in the repo directory.
[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
3. Make sure to check ansible version after installation.This can be quickly done using
ansible --version
------
Usage:
------
ansible-playbook -i /tmp/test/pki-tests/ci/ansible/host pki.yml --extra-vars "topology=topology-02" -v
InCase, you are required to run any other topology let us say "topology-01" for shared instance, replace topology-02 with topology-01.
Topology_01:
-----------
All the subsystems shared common tomcat instance and default configuration attributes for installation.
Default values can be refered from "/etc/pki/default.cfg".
Topology_02:
-----------
LDAP is shared by all subsystems.
About Subsystem Installation:
1. CA ::
Ports Used:
https_port = 20443
http_port = 20080
ajp_port = 20009
tomcat_server_port = 20005
Security Domain:
security_domain_name = topo2_Foobarmaster.org
2. KRA ::
https_port = 21443
http_port = 21080
ajp_port = 21009
tomcat_server_port = 21005
4. TKS ::
https_port = 23443
http_port = 23080
ajp_port = 23009
tomcat_server_port = 23005
5. TPS ::
https_port = 25443
http_port = 25080
ajp_port = 25009
tomcat_server_port = 25005
6. LDAP ::
ServerIdentifier = topology-02_testingmaster
ds_password = Secret123
ds_ldap_port = 3389
client_database_password = Secret123
Topology_03
-----------
This topology installs CA,KRA,OCSP,TKS and TPS.
Topology_04
-----------
This topology installs CA,KRA,TKS and TPS.It doesn't install OCSP.
Topology_05
-----------
This topology install all subsystems and all point to their individual Ldaps.
Topology_ecc
------------
This topology installs ecc installation for CA,KRA and OCSP.
References:
-----------
1. http://docs.ansible.com/ansible/intro.html
2. http://docs.ansible.com/ansible/intro_installation.html
Executing role user creation tests:
-----------------------------
Role user creation has been separated from conftest.py now.
Role user creation is now in a separate test located in the "test_setup" directory at "cli" directory level.
Once you have setup subsystems using ansible, you can now proceed with role user creation.
In order to execute it run the following command from the test_setup directory:
py.test --multihost-config=mhc.yaml test_setup/test_create_role_users.py -vs
Depending on the topology installed, roles users will be created accordingly.
For example if we have installed topology 2 through ansible. The, role users
for discrete instances of CA, KRA, OCSP, TKS and TPS will be created.