freeipa.git/install/tools/ipa-replica-install, branch adwork FreeIPA project Move install script error handling to a common function 2012-05-31T12:37:27+00:00 Petr Viktorin pviktori@redhat.com 2012-05-31T12:34:09+00:00 0ca29fac9af4cd437a8536f28ffd25923ec3f8cd All of our install/admin scripts had a try/except block calling the main function and handling common exceptions. These were copy-pasted from each other and modified to various levels of sophistication. This refactors them out of installers to a single function, which includes a final pass/fail message for all of the scripts. Non-install scripts that set up the same log handler levels for stderr and log file are not changed, as it's not possible to log to only the logfile without changing the logger configuration. https://fedorahosted.org/freeipa/ticket/2071 
All of our install/admin scripts had a try/except block calling the
main function and handling common exceptions. These were copy-pasted
from each other and modified to various levels of sophistication.
This refactors them out of installers to a single function, which
includes a final pass/fail message for all of the scripts.

Non-install scripts that set up the same log handler levels for
stderr and log file are not changed, as it's not possible to log
to only the logfile without changing the logger configuration.

https://fedorahosted.org/freeipa/ticket/2071
If SELinux is enabled ensure we also have restorecon. 2012-05-31T12:07:05+00:00 Rob Crittenden rcritten@redhat.com 2012-05-31T11:59:33+00:00 9e877585e213a9fccec8ff9b3dcb876b2ec65696 We don't have a specific requires on the policycoreutils package. It gets pulled in as a dependency on the server anyway, but checking there is like a belt and suspenders. On the client we don't require SELinux at all. If SELinux is enabled however we need to set things up properly. This is provided by the policycoreutils package so fail if that isn't available. https://fedorahosted.org/freeipa/ticket/2368 
We don't have a specific requires on the policycoreutils package. It
gets pulled in as a dependency on the server anyway, but checking
there is like a belt and suspenders.

On the client we don't require SELinux at all. If SELinux is enabled
however we need to set things up properly. This is provided by the
policycoreutils package so fail if that isn't available.

https://fedorahosted.org/freeipa/ticket/2368
During replication installation see if an agreement already exists. 2012-05-17T15:12:45+00:00 Rob Crittenden rcritten@redhat.com 2012-05-16T22:11:11+00:00 4b539a41d9b562ed3372ea70fbb5d52c141a43f1 We were inferring that an agreement existed if the host was present as an IPA host. This was not enough if the replica installation failed early enough. https://fedorahosted.org/freeipa/ticket/2030 
We were inferring that an agreement existed if the host was present
as an IPA host. This was not enough if the replica installation failed
early enough.

https://fedorahosted.org/freeipa/ticket/2030
Remove duplicate and unused utility code 2012-05-09T09:54:20+00:00 Petr Viktorin pviktori@redhat.com 2012-04-18T15:22:35+00:00 f19218f7d87f5847d51f79b5d2850f90b0ae8407 IPA has some unused code from abandoned features (Radius, ipa 1.x user input, commant-line tab completion), as well as some duplicate utilities. This patch cleans up the utility modules. Duplicate code consolidated into ipapython.ipautil: {ipalib.util,ipaserver.ipautil,ipapython.ipautil}.realm_to_suffix {ipaserver,ipapython}.ipautil.CIDict (with style improvements from the ipaserver version) {ipapython.entity,ipaserver.ipautil}.utf8_encode_value {ipapython.entity,ipaserver.ipautil}.utf8_encode_values ipalib.util.get_fqdn was removed in favor of the same function in ipaserver.install.installutils Removed unused code: ipalib.util: load_plugins_in_dir import_plugins_subpackage make_repr (was imported but unused; also removed from tests) ipapython.ipautil: format_list parse_key_value_pairs read_pairs_file read_items_file user_input_plain AttributeValueCompleter ItemCompleter ipaserver.ipautil: get_gsserror (a different version exists in ipapython.ipautil) ipaserver.ipautil ended up empty and is removed entirely. https://fedorahosted.org/freeipa/ticket/2650 
IPA has some unused code from abandoned features (Radius, ipa 1.x user
input, commant-line tab completion), as well as some duplicate utilities.
This patch cleans up the utility modules.

Duplicate code consolidated into ipapython.ipautil:
    {ipalib.util,ipaserver.ipautil,ipapython.ipautil}.realm_to_suffix
    {ipaserver,ipapython}.ipautil.CIDict
            (with style improvements from the ipaserver version)
    {ipapython.entity,ipaserver.ipautil}.utf8_encode_value
    {ipapython.entity,ipaserver.ipautil}.utf8_encode_values

ipalib.util.get_fqdn was removed in favor of the same function in
ipaserver.install.installutils

Removed unused code:
    ipalib.util:
        load_plugins_in_dir
        import_plugins_subpackage
        make_repr (was imported but unused; also removed from tests)

    ipapython.ipautil:
        format_list
        parse_key_value_pairs
        read_pairs_file
        read_items_file
        user_input_plain
        AttributeValueCompleter
        ItemCompleter

    ipaserver.ipautil:
        get_gsserror (a different version exists in ipapython.ipautil)

ipaserver.ipautil ended up empty and is removed entirely.

https://fedorahosted.org/freeipa/ticket/2650
Improve user awareness about dnsconfig 2012-03-26T04:33:45+00:00 Martin Kosek mkosek@redhat.com 2012-03-15T12:51:59+00:00 52aa008b8719f4ea678efa8957794bb6dcd13893 Global DNS configuration is a nice tool to maintain a common DNS settings stored in LDAP which are then used for all enrolled IPA servers. However, the settings stored in LDAP override local settings in named.conf on DNS servers. This patch adds more information about global DNS configuration options in install scripts and DNS module help. https://fedorahosted.org/freeipa/ticket/2525 
Global DNS configuration is a nice tool to maintain a common DNS
settings stored in LDAP which are then used for all enrolled IPA
servers. However, the settings stored in LDAP override local
settings in named.conf on DNS servers.

This patch adds more information about global DNS configuration
options in install scripts and DNS module help.

https://fedorahosted.org/freeipa/ticket/2525
Refresh resolvers after DNS install 2012-03-12T02:11:41+00:00 Martin Kosek mkosek@redhat.com 2012-03-06T12:26:45+00:00 c956b3cd2ba12d87054909af3dce7d231f034240 Server framework calls acutil.res_send() to send DNS queries used for various DNS tests. However, once acutil is imported it does not change its list of configured resolvers even when /etc/resolv.conf is changed. This may lead to unexpected resolution issues. We should at least reload httpd when we change /etc/resolv.conf to point to FreeIPA nameserver to force a new import of acutil and thus workaround this bug until it is resolved in authconfig. https://fedorahosted.org/freeipa/ticket/2481 
Server framework calls acutil.res_send() to send DNS queries used
for various DNS tests. However, once acutil is imported it does
not change its list of configured resolvers even when
/etc/resolv.conf is changed. This may lead to unexpected
resolution issues.

We should at least reload httpd when we change /etc/resolv.conf to
point to FreeIPA nameserver to force a new import of acutil and
thus workaround this bug until it is resolved in authconfig.

https://fedorahosted.org/freeipa/ticket/2481
Configure ipa_memcached when a replica is installed. 2012-02-16T17:45:14+00:00 Rob Crittenden rcritten@redhat.com 2012-02-16T17:02:36+00:00 cf35dfa2bca2860aed795a30e05201a88c896a9e https://fedorahosted.org/freeipa/ticket/2401 
https://fedorahosted.org/freeipa/ticket/2401
Configure ssh and sshd during ipa-client-install. 2012-02-14T03:21:47+00:00 Jan Cholasta jcholast@redhat.com 2011-12-07T08:49:09+00:00 c00bf9e38afa4867f4ec397b260f2e467163096d For ssh, VerifyHostKeyDNS option is set to 'yes' if --ssh-trust-dns ipa-client-install option is used. For sshd, KerberosAuthentication, GSSAPIAuthentication and UsePAM options are enabled (this can be disabled using --no-sshd ipa-client-install option). ticket 1634 
For ssh, VerifyHostKeyDNS option is set to 'yes' if --ssh-trust-dns
ipa-client-install option is used.

For sshd, KerberosAuthentication, GSSAPIAuthentication and UsePAM
options are enabled (this can be disabled using --no-sshd
ipa-client-install option).

ticket 1634
Update host SSH public keys on the server during client install. 2012-02-14T03:21:43+00:00 Jan Cholasta jcholast@redhat.com 2011-12-07T08:40:51+00:00 c34f5fbc882b16baebc18d795511e8e1fc50668b This is done by calling host-mod to update the keys on IPA server and nsupdate to update DNS SSHFP records. DNS update can be disabled using --no-dns-sshfp ipa-client-install option. https://fedorahosted.org/freeipa/ticket/1634 
This is done by calling host-mod to update the keys on IPA server and nsupdate
to update DNS SSHFP records. DNS update can be disabled using --no-dns-sshfp
ipa-client-install option.

https://fedorahosted.org/freeipa/ticket/1634
Fix 'no-reverse' option description 2012-02-02T22:50:55+00:00 Ondrej Hamada ohamada@redhat.com 2012-01-31T14:16:56+00:00 2e860f6d070db3b2fe8799891c3e568ac48a1fac The description of 'no-reverse' option was fixed in both code and manpages of ipa-replica-install and ipa-dns-install. https://fedorahosted.org/freeipa/ticket/2161 
The description of 'no-reverse' option was fixed in both code and
manpages of ipa-replica-install and ipa-dns-install.

https://fedorahosted.org/freeipa/ticket/2161