freeipa.git/install/tools/ipa-dns-install, branch views

Add a KRA to IPA

2014-08-22T07:59:31+00:00

This patch adds the capability of installing a Dogtag KRA
to an IPA instance.  With this patch,  a KRA is NOT configured
by default when ipa-server-install is run.  Rather, the command
ipa-kra-install must be executed on an instance on which a Dogtag
CA has already been configured.

The KRA shares the same tomcat instance and DS instance as the
Dogtag CA.  Moreover, the same admin user/agent (and agent cert) can
be used for both subsystems.  Certmonger is also confgured to
monitor the new subsystem certificates.

To create a clone KRA, simply execute ipa-kra-install 
on a replica on which a Dogtag CA has already been replicated.
ipa-kra-install will use the security domain to detect whether the
system being installed is a replica, and will error out if a needed
replica file is not provided.

The install scripts have been refactored somewhat to minimize
duplication of code.  A new base class dogtagintance.py has
been introduced containing code that is common to KRA and CA
installs.  This will become very useful when we add more PKI
subsystems.

The KRA will install its database as a subtree of o=ipaca,
specifically o=ipakra,o=ipaca.  This means that replication
agreements created to replicate CA data will also replicate KRA
data.  No new replication agreements are required.

Added dogtag plugin for KRA.  This is an initial commit providing
the basic vault functionality needed for vault.  This plugin will
likely be modified as we create the code to call some of these
functions.

Part of the work for: https://fedorahosted.org/freeipa/ticket/3872

The uninstallation option in ipa-kra-install is temporarily disabled.

Reviewed-By: Rob Crittenden 
Reviewed-By: Petr Viktorin

ipaplatform: Move paths from installers to paths module

2014-06-26T07:22:21+00:00

Part of: https://fedorahosted.org/freeipa/ticket/4052

Reviewed-By: Petr Viktorin

admin tools: Log IPA version

2014-05-27T10:08:55+00:00

Add the IPA version, and vendor version if applicable, to the beginning
of admintool logs -- both framework and indivitual tools that don't yet
use the framework.
This will make debugging easier.

https://fedorahosted.org/freeipa/ticket/4219

Reviewed-By: Alexander Bokovoy

Use /usr/bin/python2

2014-01-03T08:46:05+00:00

Part of the effort to port FreeIPA to Arch Linux,
where Python 3 is the default.

FreeIPA hasn't been ported to Python 3, so the code must be modified to
run /usr/bin/python2

https://fedorahosted.org/freeipa/ticket/3438

Updated by pviktori@redhat.com

Remove --no-serial-autoincrement

2013-10-11T07:47:59+00:00

Deprecate this option and do not offer it in installation tools.
Without this option enabled, advanced DNS features like DNSSEC
would not work.

https://fedorahosted.org/freeipa/ticket/3962

Remove support for IPA deployments with no persistent search

2013-08-09T10:14:42+00:00

Drops the code from ipa-server-install, ipa-dns-install and the
BindInstance itself. Also changed ipa-upgradeconfig script so
that it does not set zone_refresh to 0 on upgrades, as the option
is deprecated.

https://fedorahosted.org/freeipa/ticket/3632

Print newline after receiving EOF in installutils.read_password.

2013-07-24T08:00:03+00:00

Use private ccache in ipa install tools

2013-06-05T10:27:45+00:00

All installers that handle Kerberos auth, have been altered to use
private ccache, that is ipa-server-install, ipa-dns-install,
ipa-replica-install, ipa-ca-install.

https://fedorahosted.org/freeipa/ticket/3666

Remove some uses of raw python-ldap

2013-03-01T15:59:46+00:00

Part of the work for: https://fedorahosted.org/freeipa/ticket/2660

Remove some unused imports

2013-03-01T15:59:42+00:00

Remove all unused LDAP-related imports, plus some other ones.

This should make it easier to quickly check what uses which LDAP wrapper