Fine-grained installation steps

[pki-bot]

This issue was migrated from Pagure Issue #2244. Originally filed by edewata (@edewata) on 2016-03-24 19:24:14:

• Assigned to nobody

---

Currently the customization that can be done during install is limited to the parameters that are supported by pkispawn. Sometimes it is necessary to modify some other files to change the behavior of the server during install, for example:

• changing debug level (ticket 1349)
• customizing certificate profile (ticket 2224)

Right now those changes have to be done in /usr/share/pki so pkispawn will pick up the changes during install. The problem is those files are not supposed to be modified directly since they are owned by the package and shared system-wide.

Rather than creating new pkispawn parameters for everything, it would be better to provide commands to run the installation in smaller steps, for example:

• pki-server instance-create will create the instance folder and copies the files from /usr/share/pki
• pki-server instance-start will start the instance
• pki-server instance-configure will call the configuration servlet

This way someone can run pki-server instance-create, customize the files in the new instance, then continue with the installation. The pkispawn will continue to work as before but it can be refactored to use the above commands.

[pki-bot]

Comment from edewata (@edewata) at 2016-04-27 22:09:19

Other tickets that might benefit from fine-grained installation steps:

• customizing serial number ranges (2278)
• migrating existing data (2279)
• customizing cipher list (1644)
• customizing access log (769)

As an alternative solution, the pkispawn can be enhanced to stop at/start from certain scriptlet. See the following example:

$ pkispawn -f ca.cfg -s CA --stop-at subsystem_layout     (copy instance files)
$ vi /var/lib/pki/pki-tomcat/conf/server.xml              (customize cipher list)
$ pkispawn -f ca.cfg -s CA --start-from subsystem_layout  (continue the installation)

In the above example the custom cipher list can be customized without having to add a new pkispawn property. It also allows other customization without additional changes in pkispawn.

[pki-bot]

Comment from edewata (@edewata) at 2016-05-06 01:45:39

Most of the above tickets can be addressed with the existing mechanism
(see http://pki.fedoraproject.org/wiki/Custom_Installation). The LDIF import feature will not be implemented in favor of post-install import. The fine-grained might still be required to support pre-install import (e.g. for restoring a backup) and other advanced customization.

[pki-bot]

Comment from edewata (@edewata) at 2016-06-15 04:19:30

Fine-grained installation steps would also help avoid restarting the installation from beginning (e.g. regenerating and re-signing the CSR): https://bugzilla.redhat.com/show_bug.cgi?id=1346433

[pki-bot]

Comment from edewata (@edewata) at 2017-02-27 14:04:30

Metadata Update from @edewata:

• Issue set to the milestone: 10.4

[pki-bot]

Comment from edewata (@edewata) at 2017-04-07 22:42:28

Metadata Update from @edewata:

• Custom field feature adjusted to ''
• Custom field proposedmilestone adjusted to ''
• Custom field proposedpriority adjusted to ''
• Custom field reviewer adjusted to ''
• Custom field version adjusted to ''
• Issue close_status updated to: None
• Issue set to the milestone: FUTURE (was: 10.4)