freeipa.git/install/tools/ipa-replica-install, branch testing FreeIPA project Make dogtag an optional (and default un-) installed component in a replica. 2011-06-23T23:04:33+00:00 Rob Crittenden rcritten@redhat.com 2011-06-17T20:47:39+00:00 8a32bb3746802a29b2655e4ad2cbbba8481e1eaf A dogtag replica file is created as usual. When the replica is installed dogtag is optional and not installed by default. Adding the --setup-ca option will configure it when the replica is installed. A new tool ipa-ca-install will configure dogtag if it wasn't configured when the replica was initially installed. This moves a fair bit of code out of ipa-replica-install into installutils and cainstance to avoid duplication. https://fedorahosted.org/freeipa/ticket/1251 
A dogtag replica file is created as usual. When the replica is installed
dogtag is optional and not installed by default. Adding the --setup-ca
option will configure it when the replica is installed.

A new tool ipa-ca-install will configure dogtag if it wasn't configured
when the replica was initially installed.

This moves a fair bit of code out of ipa-replica-install into
installutils and cainstance to avoid duplication.

https://fedorahosted.org/freeipa/ticket/1251
Let the framework be able to override the hostname. 2011-06-23T06:11:34+00:00 Rob Crittenden rcritten@redhat.com 2011-06-23T06:06:49+00:00 8810758c11df8afb5fb7ddf97a71c55a431edfd2 The hostname is passed in during the server installation. We should use this hostname for the resulting server as well. It was being discarded and we always used the system hostname value. Important changes: - configure ipa_hostname in sssd on masters - set PKI_HOSTNAME so the hostname is passed to dogtag installer - set the hostname when doing ldapi binds This also reorders some things in the dogtag installer to eliminate an unnecessary restart. We were restarting the service twice in a row with very little time in between and this could result in a slew of reported errors, though the server installed ok. ticket 1052 
The hostname is passed in during the server installation. We should use
this hostname for the resulting server as well. It was being discarded
and we always used the system hostname value.

Important changes:
- configure ipa_hostname in sssd on masters
- set PKI_HOSTNAME so the hostname is passed to dogtag installer
- set the hostname when doing ldapi binds

This also reorders some things in the dogtag installer to eliminate an
unnecessary restart. We were restarting the service twice in a row with
very little time in between and this could result in a slew of reported
errors, though the server installed ok.

ticket 1052
Fix IPA install for secure umask 2011-06-22T03:45:00+00:00 Martin Kosek mkosek@redhat.com 2011-06-17T12:19:45+00:00 b227208d010bf88a11c46149ac5844c4a55ab9ad Make sure that IPA can be installed with root umask set to secure value 077. ipa-server-install was failing in DS configuration phase when dirsrv tried to read boot.ldif created during installation. https://fedorahosted.org/freeipa/ticket/1282 
Make sure that IPA can be installed with root umask set to secure
value 077. ipa-server-install was failing in DS configuration phase
when dirsrv tried to read boot.ldif created during installation.

https://fedorahosted.org/freeipa/ticket/1282
Improve IP address handling in IPA option parser 2011-06-20T00:06:21+00:00 Martin Kosek mkosek@redhat.com 2011-06-16T08:47:11+00:00 d9808498a82fa8662e5bc1bc1fca4d175fe9447c Implements a way to pass match_local and parse_netmask parameters to IP option checker. Now, there is just one common option type "ip" with new optional attributes "ip_local" and "ip_netmask" which can be used to pass IP address validation parameters. https://fedorahosted.org/freeipa/ticket/1333 
Implements a way to pass match_local and parse_netmask parameters
to IP option checker.

Now, there is just one common option type "ip" with new optional
attributes "ip_local" and "ip_netmask" which can be used to
pass IP address validation parameters.

https://fedorahosted.org/freeipa/ticket/1333
Connection check program for replica installation 2011-06-08T07:29:52+00:00 Martin Kosek mkosek@redhat.com 2011-05-22T17:17:07+00:00 241ee334defda108e22855331d5d9a14f261ce16 When connection between a master machine and future replica is not sane, the replica installation may fail unexpectedly with inconvenient error messages. One common problem is misconfigured firewall. This patch adds a program ipa-replica-conncheck which tests the connection using the following procedure: 1) Execute the on-replica check testing the connection to master 2) Open required ports on local machine 3) Ask user to run the on-master part of the check OR run it automatically: a) kinit to master as default admin user with given password b) run the on-master part using ssh 4) When master part is executed, it checks connection back to the replica and prints the check result This program is run by ipa-replica-install as mandatory part. It can, however, be skipped using --skip-conncheck option. ipa-replica-install now requires password for admin user to run the command on remote master. https://fedorahosted.org/freeipa/ticket/1107 
When connection between a master machine and future replica is not
sane, the replica installation may fail unexpectedly with
inconvenient error messages. One common problem is misconfigured
firewall.

This patch adds a program ipa-replica-conncheck which tests the
connection using the following procedure:

1) Execute the on-replica check testing the connection to master
2) Open required ports on local machine
3) Ask user to run the on-master part of the check OR run it
   automatically:
     a) kinit to master as default admin user with given password
     b) run the on-master part using ssh
4) When master part is executed, it checks connection back to
   the replica and prints the check result

This program is run by ipa-replica-install as mandatory part. It
can, however, be skipped using --skip-conncheck option.
ipa-replica-install now requires password for admin user to run
the command on remote master.

https://fedorahosted.org/freeipa/ticket/1107
Honor netmask in DNS reverse zone setup. 2011-05-30T11:37:03+00:00 Jan Cholasta jcholast@redhat.com 2011-05-27T18:29:33+00:00 db78f362358862c5225f8d3b83ecc2a88d47e45b ticket 910 
ticket 910
Parse netmasks in IP addresses passed to server install. 2011-05-30T11:36:26+00:00 Jan Cholasta jcholast@redhat.com 2011-05-27T18:17:22+00:00 80b4b3d44bbbe745e644b56c5371ef5f4cda6600 ticket 1212 
ticket 1212
Fix reverse zone creation in ipa-replica-prepare 2011-05-27T16:00:47+00:00 Martin Kosek mkosek@redhat.com 2011-05-27T15:05:45+00:00 17c3f9e84efcbeb3b5ae1de83d799974de3bb078 When a new reverse zone was created in ipa-replica-prepare (this may happen when a new replica is from different subnet), the master DNS address was corrupted by invalid A/AAAA record. This caused problems for example in installing replica. https://fedorahosted.org/freeipa/ticket/1223 
When a new reverse zone was created in ipa-replica-prepare (this
may happen when a new replica is from different subnet), the master
DNS address was corrupted by invalid A/AAAA record. This caused
problems for example in installing replica.

https://fedorahosted.org/freeipa/ticket/1223
Properly handle --no-reverse being passed on the CLI in interactive mode 2011-05-12T13:18:25+00:00 Rob Crittenden rcritten@redhat.com 2011-05-11T20:49:43+00:00 2b45be23e427040b667a1e705019354087149d14 If installing in interactive mode and --no-reverse is passed then the reverse zone was still being created. ticket 1152 
If installing in interactive mode and --no-reverse is passed then the
reverse zone was still being created.

ticket 1152
IPA replica is not started after the reboot 2011-04-28T07:52:53+00:00 Martin Kosek mkosek@redhat.com 2011-04-26T08:39:29+00:00 9f701781490e8544761eca464db528228021931e https://fedorahosted.org/freeipa/ticket/1191 
https://fedorahosted.org/freeipa/ticket/1191