PKI 10.5 Installing TPS Clone - dogtagpki/pki GitHub Wiki
This document describes the process to clone TPS.
Use setup-ds.pl to create a DS instance:
$ setup-ds.pl --silent\ General.FullMachineName=`hostname`\ General.SuiteSpotUserID=nobody\ General.SuiteSpotGroup=nobody\ slapd.ServerPort=10389\ slapd.ServerIdentifier=pki-clone\ slapd.Suffix=dc=example,dc=com\ slapd.RootDN="cn=Directory Manager"\ slapd.RootDNPwd=Secret.123 Your new DS instance 'pki-clone' was successfully created. Exiting . . . Log file is '/tmp/setup7m5RoN.log'
The TPS system certificates can be exported using the following commands.
Copy the NSS database password into a file:
$ grep "internal=" /var/lib/pki/pki-tomcat/conf/password.conf | awk -F= '{print $2}' > internal.txt
Export all system certificates (including TPS system certificates) into a PKCS #12 file:
$ PKCS12Export -debug \ -d /var/lib/pki/pki-tomcat/alias \ -p internal.txt \ -o tps_backup_keys.p12 \ -w ~/.dogtag/pki-tomcat/ca/pkcs12_password.conf
Transfer the file to the clone. The clone will import only the certificates and keys needed by the clone.
Export TPS system certificates with the following command:
$ pki-server tps-clone-prepare --pkcs12-file pki-server.p12 --pkcs12-password Secret.123
Currently the TPS clone can only be installed using a deployment configuration file:
[TPS] [email protected] pki_admin_name=tpsadmin pki_admin_nickname=tpsadmin pki_admin_password=Secret.123 pki_admin_uid=tpsadmin pki_client_database_password=Secret.123 pki_client_database_purge=False pki_client_pkcs12_password=Secret.123 pki_ds_base_dn=dc=tps,dc=example,dc=com pki_ds_database=tps pki_ds_password=Secret.123 pki_security_domain_hostname=master.example.com pki_security_domain_https_port=8443 pki_security_domain_user=caadmin pki_security_domain_password=Secret.123 pki_clone=True pki_clone_replicate_schema=True pki_clone_uri=https://master.example.com:8443 # Dogtag 10.2 only pki_clone_pkcs12_path=/tmp/tps_backup_keys.p12 pki_clone_pkcs12_password=Secret.123 # Dogtag 10.3 only pki_server_pkcs12_path=pki-server.p12 pki_server_pkcs12_password=Secret.123 pki_authdb_basedn=dc=example,dc=com pki_authdb_port=389 pki_enable_server_side_keygen=True
Begin the installation:
$ pkispawn -v -f tpsclone.cfg -s TPS