Hi,
the most important things are not the two or three servers. The most
important things are the (two) databases. The logical diversion works
like this
offline-db
----------
* ca
online-db
---------
* ra
* publi-gw
* SCEP
The installation should be divided into three parts:
* the servers (ca, ra and public)
* the common parts like libs, databaseconfiguration, images ...
* data-exchange (the directories inbound/ and outbound/)
So before I start with a recommendation I take a look on to the
directories OpenCA/ and RAServer/ which hold the configuration. They are
equal in the meaining of the directories except of the directories
inbound/ and outbound/.
What I would do is the following:
src/
common/
servers/
data-exchange/
common/ - like Robert described in an earlier mail
servers/ - all software which access the databases
data-exchange/ - the installation instructions for the directories which
are necessary for the dataexchange between the databases.
Robert Joop wrote:
> cgi-bin/cgi-public/conf/DB.conf.in and
> cgi-bin/cgi-raserver/conf/DB.conf.in are equal, shouldn't they be joined?
Yes, they should be joined and placed in the directory common/conf/.
> where does the rbac stuff fit in?
common/conf/rbac
So I would like the following:
src
servers
ca
ca.conf
cgi
htdocs
misc
ra
pub
ocsp
data-exchange
> common
> conf
> images
> lib
> modules
> scripts
Every server has only one file like ca.conf. The other
configurationfiles are unique for every server and can be placed in
src/common/conf therefore we don't need a directory conf/ for every
server. It is not important what we see behind a server. I think it's
only important that every server is only a method to manipulate or use a
database (which have at every time the same structure). This
interpretation allows the use of OpenCA as an Online-PKI too!
If we use /etc/openca as the default configurationdirectory then the
servers all work on the same database and we have an Online-PKI (except
of some functions which are handled actually by the import- and
export-functions like CRL-installation, LDAP-update and mailsending).
An open question for me is where should we place ca.conf? I would like
/etc/openca/server-conf(s)/ca.conf because every server uses another
name for it's configurationfile. (@conf_prefix@/server-conf(s)/)
So what do you think? Is the abstraction to radical?
Michael
--
-------------------------------------------------------------------
Michael Bell Email (private): [EMAIL PROTECTED]
Rechenzentrum - Datacenter Email: [EMAIL PROTECTED]
Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482
Unter den Linden 6 Fax: +49 (0)30-2093 2959
10099 Berlin
Germany [OpenCA Core Developer]
http://openca.sourceforge.net
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel
