commit 2d92a69d7f211eabc1c59714036ef1aba4fc1fd4
Author: Ade Lee <[email protected]>
Date: Thu Jun 2 12:20:20 2016 -0400
Add option to modify ajp_host to pkispawn
This allows IPA to handle the case of a pure ipv6
environment in which the ipv4 loopback interface is
not available.
Ticket 1717From 2d92a69d7f211eabc1c59714036ef1aba4fc1fd4 Mon Sep 17 00:00:00 2001
From: Ade Lee <[email protected]>
Date: Thu, 2 Jun 2016 12:20:20 -0400
Subject: [PATCH] Add option to modify ajp_host to pkispawn
This allows IPA to handle the case of a pure ipv6
environment in which the ipv4 loopback interface is
not available.
Ticket 1717
---
base/server/config/pkislots.cfg | 1 +
base/server/etc/default.cfg | 1 +
base/server/man/man5/pki_default.cfg.5 | 4 ++++
base/server/python/pki/server/deployment/pkiparser.py | 2 ++
base/server/tomcat7/conf/server.xml | 2 +-
base/server/tomcat8/conf/server.xml | 2 +-
6 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/base/server/config/pkislots.cfg b/base/server/config/pkislots.cfg
index 926527599cee5f0de80746bb56e075e0a3e90def..473b0da4e0b85bcd266cb64eebfc9b575c552f28 100644
--- a/base/server/config/pkislots.cfg
+++ b/base/server/config/pkislots.cfg
@@ -7,6 +7,7 @@ PKI_ADMIN_SECURE_PORT_CONNECTOR_NAME_SLOT=[PKI_ADMIN_SECURE_PORT_CONNECTOR_NAME]
PKI_ADMIN_SECURE_PORT_SERVER_COMMENT_SLOT=[PKI_ADMIN_SECURE_PORT_SERVER_COMMENT]
PKI_AGENT_CLIENTAUTH_SLOT=[PKI_AGENT_CLIENTAUTH]
PKI_AGENT_SECURE_PORT_SLOT=[PKI_AGENT_SECURE_PORT]
+PKI_AJP_HOST_SLOT=[PKI_AJP_HOST]
PKI_AJP_PORT_SLOT=[PKI_AJP_PORT]
PKI_AJP_REDIRECT_PORT_SLOT=[PKI_AJP_REDIRECT_PORT]
PKI_CA_HOSTNAME_SLOT=[PKI_CA_HOSTNAME]
diff --git a/base/server/etc/default.cfg b/base/server/etc/default.cfg
index b2a24900023cb6af7972756624812bee0de751e4..2cb887d09f9dfef7484df6aa796147bc2691f2ed 100644
--- a/base/server/etc/default.cfg
+++ b/base/server/etc/default.cfg
@@ -196,6 +196,7 @@ pki_subsystem_registry_link=%(pki_subsystem_path)s/registry
## are MUTUALLY EXCLUSIVE entities!!! ##
###############################################################################
[Tomcat]
+pki_ajp_host=127.0.0.1
pki_ajp_port=8009
pki_server_pkcs12_path=
pki_server_pkcs12_password=
diff --git a/base/server/man/man5/pki_default.cfg.5 b/base/server/man/man5/pki_default.cfg.5
index edb338edfaff6ebe81d10b91b9b187d83d0da209..9be34983ace847248a1cca386d29a9d6bd88c121 100644
--- a/base/server/man/man5/pki_default.cfg.5
+++ b/base/server/man/man5/pki_default.cfg.5
@@ -84,6 +84,10 @@ Secure and unsecure ports. Defaults to standard Tomcat ports 8443 and 8080, res
.IP
Ports for Tomcat subsystems. Defaults to standard Tomcat ports of 8009 and 8005, respectively.
.TP
+.B pki_ajp_host
+.IP
+Host on which to listen for AJP requests. Defaults to 127.0.0.1 to listen to local traffic only.
+.TP
.B pki_proxy_http_port, pki_proxy_https_port, pki_enable_proxy
.IP
Ports for an Apache proxy server. Certificate Server instances can be run behind an Apache proxy server, which will communicate with the Tomcat instance through the AJP port. See the Red Hat Certificate System documentation at https://access.redhat.com/knowledge/docs/Red_Hat_Certificate_System/ for details.
diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py
index 4d6e0185e1ec55d523cdee764f1d61e5e9e454f9..fb569d0d7042ec514888f15a9e9d76c25879b9e8 100644
--- a/base/server/python/pki/server/deployment/pkiparser.py
+++ b/base/server/python/pki/server/deployment/pkiparser.py
@@ -800,6 +800,8 @@ class PKIConfigParser:
self.mdict['pki_https_port']
self.mdict['PKI_AJP_PORT_SLOT'] = \
self.mdict['pki_ajp_port']
+ self.mdict['PKI_AJP_HOST_SLOT'] = \
+ self.mdict['pki_ajp_host']
self.mdict['PKI_AJP_REDIRECT_PORT_SLOT'] = \
self.mdict['pki_https_port']
self.mdict['PKI_CA_HOSTNAME_SLOT'] = \
diff --git a/base/server/tomcat7/conf/server.xml b/base/server/tomcat7/conf/server.xml
index eb4ef8e5fde6a051cdf870d15c00abe479600d55..db43378941c3a30251c34930cdd574c2a7f01c7b 100644
--- a/base/server/tomcat7/conf/server.xml
+++ b/base/server/tomcat7/conf/server.xml
@@ -214,7 +214,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown)
<!-- Define an AJP 1.3 Connector on port [PKI_AJP_PORT] -->
[PKI_OPEN_AJP_PORT_COMMENT]
- <Connector port="[PKI_AJP_PORT]" protocol="AJP/1.3" redirectPort="[PKI_AJP_REDIRECT_PORT]" address="127.0.0.1" />
+ <Connector port="[PKI_AJP_PORT]" protocol="AJP/1.3" redirectPort="[PKI_AJP_REDIRECT_PORT]" address="[PKI_AJP_HOST]" />
[PKI_CLOSE_AJP_PORT_COMMENT]
diff --git a/base/server/tomcat8/conf/server.xml b/base/server/tomcat8/conf/server.xml
index 9148d15b5c39323783cd8cacd1a71752a851ec95..a9d338fa1fb6b2e8b09da98de0b0e89aac1f1d36 100644
--- a/base/server/tomcat8/conf/server.xml
+++ b/base/server/tomcat8/conf/server.xml
@@ -242,7 +242,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown)
<Connector port="[PKI_AJP_PORT]"
protocol="AJP/1.3"
redirectPort="[PKI_AJP_REDIRECT_PORT]"
- address="127.0.0.1" />
+ address="[PKI_AJP_HOST]" />
[PKI_CLOSE_AJP_PORT_COMMENT]
--
2.4.3
_______________________________________________
Pki-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/pki-devel
