PKI Containerization

From Dogtag
(Redirected from PKI 10.8 Containerization)
Jump to: navigation, search


Currently PKI cannot run inside OpenShift due to the following issues:

  • pkispawn needs to run as root
  • OpenShift requires containers to run as non-root (except during initialization in Dockerfile)
  • pkispawn needs systemd for installation and runtime
  • OpenShift doesn't support systemd (except after running /usr/sbin/init at the end of Dockerfile)


Remove PKI's dependency on systemd for installation and runtime.


Convert the configuration servlets into CLIs that can run without starting the server:

  • pki-server config-init
  • pki-server db-setup
  • pki-server cert-setup
  • pki-server admin-setup
  • pki-server nssdb-backup
  • pki-server sd-setup
  • pki-server db-user-setup
  • pki-server config-finalize


Provide a CLI to run the server in the foreground:

  • pki-server run


  • Refactor installation code not to depend on CMSEngine.
  • Refactor configuration servlets into CLIs.
  • Update installation code to use the CLIs instead of servlets (without systemd).
  • Add CLI to run PKI server in the foreground (without systemd).
  • Create Dockerfile to call pkispawn and then run the server in the foreground.
  • Publish PKI server image on DockerHub.
  • Deploy PKI server on OpenShift for demo.

See Also