XRDDEV-146 Remove support for global configuration V1

nordic-institute · Nov 19, 2018 · 89d81de · 89d81de
1 parent 57f73f7
commit 89d81de
Show file tree

Hide file tree

Showing 34 changed files with 41 additions and 3,963 deletions.
diff --git a/doc/Manuals/ug-cp_x-road_v6_configuration_proxy_manual.md b/doc/Manuals/ug-cp_x-road_v6_configuration_proxy_manual.md
@@ -70,7 +70,7 @@ See X-Road terms and abbreviations documentation \[[TA-TERMS](#Ref_TERMS)\].
 
 ### 1.3 References
 
-1. <a id="Ref_TERMS" class="anchor"></a>\[TA-TERMS\] X-Road Terms and Abbreviations. Document ID: [TA-TERMS](../terms_x-road_docs.md). 
+1. <a id="Ref_TERMS" class="anchor"></a>\[TA-TERMS\] X-Road Terms and Abbreviations. Document ID: [TA-TERMS](../terms_x-road_docs.md).
 
 ### 1.4 X-Road Configuration Proxy
 
@@ -136,11 +136,11 @@ LC_ALL=en_US.UTF-8
 To install the X-Road configuration proxy software, follow these steps.
 
 1. Add the X-Road package repository (reference data: 1.1), and the nginx and opendjdk repositories:
-   
+
            sudo apt-add-repository -y ppa:openjdk-r/ppa
            sudo apt-add-repository -y ppa:nginx/stable
            sudo apt-add-repository -y "deb https://artifactory.niis.org/xroad-release-deb trusty-current main"
-           
+
 2. Add the X-Road repository’s signing key to the list of trusted keys (reference data: 1.2):
 
             curl https://artifactory.niis.org/api/gpg/key/public | sudo apt-key add -
@@ -206,7 +206,7 @@ Parameter   | Type    | Default Value | Explanation
 ----------- | ------- |-------------- | ---------------------------------------
 *enabled*     | BOOLEAN | *true* | Indicates whether this device is enabled.
 *library*     | STRING  |      | The path to the pkcs#11 library of the device driver.
-*library_cant_create_os_threads* | BOOLEAN | *false* | Indicates whether application threads, which are executing calls to the pkcs#11 library, may not use native operating system calls to spawn new threads (in other words, the library’s code may not create its own threads). 
+*library_cant_create_os_threads* | BOOLEAN | *false* | Indicates whether application threads, which are executing calls to the pkcs#11 library, may not use native operating system calls to spawn new threads (in other words, the library’s code may not create its own threads).
 *os_locking_ok* | BOOLEAN | *false* | Indicates whether the pkcs#11 library may use the native operation system threading model for locking.
 *sign_verify_pin* | BOOLEAN | *false* | Indicates whether the PIN should be entered per signing operation.
 *token_id_format* | STRING | *{moduleType}{slotIndex}{serialNumber}{label}* | Specifies the identifier format used to uniquely identify a token. In certain high availability setups may need be constrained to support replicated tokens (eg. by removing the slot index part which may be diffirent for the token replicas).
@@ -271,7 +271,8 @@ Modify '/etc/xroad/conf.d/local.ini' to contain the following:
 ```ini
 [configuration-proxy]
 
-; Address of the webserver serving the distributed configuration address=<public or NAT address>
+; Address of the webserver serving the distributed configuration
+; address=<public or NAT address>
 ```
 
 The configuration of this parameter is necessary for generating a correctly formatted configuration anchor file that will need to be uploaded to central servers that should receive configurations mediated by this proxy, this process is described in detail in [3.4](#34-proxy-instance-configuration). There are several more system parameters that can be configured in '/etc/xroad/conf.d/local.ini' under the 'configuration-proxy' section, their descriptions and default values can be seen from the following table:

diff --git a/doc/Manuals/ug-syspar_x-road_v6_system_parameters.md b/doc/Manuals/ug-syspar_x-road_v6_system_parameters.md
@@ -1,6 +1,6 @@
 # X-Road: System Parameters User Guide
 
-Version: 2.36  
+Version: 2.37  
 Doc. ID: UG-SYSPAR
 
 | Date       | Version  | Description                                                                  | Author             |
@@ -46,6 +46,7 @@ Doc. ID: UG-SYSPAR
 | 18.10.2018 | 2.34     | Default value of the parameter *signer.client-timeout* set to 60000 | Petteri Kivimäki |
 | 25.10.2018 | 2.35     | Update note regarding supported cipher suites on RHEL 7 | Petteri Kivimäki |
 | 26.10.2018 | 2.36     | Added new parameter *module-manager-update-interval* | Petteri Kivimäki |
+| 08.11.2018 | 2.37     | Improved definition of *minimum-global-configuration-version* on the central server and configuration proxy | Ilkka Seppälä |
 
 ## Table of Contents
 
@@ -344,7 +345,7 @@ For instructions on how to change the parameter values, see section [Changing th
 | generated-conf-dir      | /var/lib/xroad/public                   | Absolute path to the directory where both the private and shared parameter files are created for distribution. |
 | internal-directory      | internalconf                            | Name of the signed internal configuration directory that is distributed to the configuration clients (security servers and/or configuration proxies) of this X-Road instance. |
 | trusted-anchors-allowed | false                                   | True if federation is allowed for this X-Road instance. |
-| minimum-global-configuration-version | 2                          | Minimum supported global configuration version on central server. Change this if old global configuration versions need to be supported. |
+| minimum-global-configuration-version | 2                          | The minimum supported global configuration version on the central server. This parameter is used if the central server needs to generate multiple versions of global configuration. Note that the support for global configuration V1 has been dropped in X-Road 6.20.0 and since that version the minimum value for this parameter is 2. |
 
 #### 4.1.3 Signer parameters: `[signer]`
 
@@ -394,7 +395,7 @@ This chapter describes the system parameters used by the X-Road configuration pr
 | signature-digest-algorithm-id  | SHA-512                                 | ID of the digest algorithm the configuration proxy uses when computing global configuration signatures.<br/>The possible values are<br/>-   SHA-256,<br/>-   SHA-384,<br/>-   SHA-512. |
 | hash-algorithm-uri             | http://www.w3.org/2001/04/xmlenc#sha512 | URI that identifies the algorithm the configuration proxy uses when calculating hash values for the global configuration files.<br/>The possible values are<br/>http://www.w3.org/2001/04/xmlenc#sha256,<br/>http://www.w3.org/2001/04/xmlenc#sha512 |
 | download-script                | /usr/share/xroad/scripts/download\_instance\_configuration.sh | Absolute path to the location of the script that initializes the global configuration download procedure. |
-| minimum-global-configuration-version | 2                                 | Minimum supported global configuration version on configuration proxy. Change this if old global configuration versions need to be supported. |
+| minimum-global-configuration-version | 2                                 | The minimum supported global configuration version on the configuration proxy. This parameter is used if the configuration proxy needs to distribute multiple versions of global configuration. Note that the support for global configuration V1 has been dropped in X-Road 6.20.0 and since that version the minimum value for this parameter is 2. |
 
 ### 5.2 Signer parameters: `[signer]`