freeipa.git/install/tools/ipa-replica-prepare, branch testing FreeIPA project Improve IP address handling in IPA option parser 2011-06-20T00:06:21+00:00 Martin Kosek mkosek@redhat.com 2011-06-16T08:47:11+00:00 d9808498a82fa8662e5bc1bc1fca4d175fe9447c Implements a way to pass match_local and parse_netmask parameters to IP option checker. Now, there is just one common option type "ip" with new optional attributes "ip_local" and "ip_netmask" which can be used to pass IP address validation parameters. https://fedorahosted.org/freeipa/ticket/1333 
Implements a way to pass match_local and parse_netmask parameters
to IP option checker.

Now, there is just one common option type "ip" with new optional
attributes "ip_local" and "ip_netmask" which can be used to
pass IP address validation parameters.

https://fedorahosted.org/freeipa/ticket/1333
Improve DNS zone creation 2011-06-15T07:02:09+00:00 Martin Kosek mkosek@redhat.com 2011-06-01T12:51:06+00:00 f21508978511d40a60fbdaaa786bcc96f99578d5 When a new DNS zone is being created a local hostname is set as a nameserver of the new zone. However, when the zone is created during ipa-replica-prepare, the the current master/replica doesn't have to be an IPA server with DNS support. This would lead to DNS zones with incorrect NS records as they wouldn't point to a valid name server. Now, a list of all master servers with DNS support is retrieved during DNS zone creation and added as NS records for a new DNS zone. https://fedorahosted.org/freeipa/ticket/1261 
When a new DNS zone is being created a local hostname is set as a
nameserver of the new zone. However, when the zone is created
during ipa-replica-prepare, the the current master/replica doesn't
have to be an IPA server with DNS support. This would lead to DNS
zones with incorrect NS records as they wouldn't point to a valid
name server.

Now, a list of all master servers with DNS support is retrieved
during DNS zone creation and added as NS records for a new DNS
zone.

https://fedorahosted.org/freeipa/ticket/1261
IPA installation with --no-host-dns fails 2011-06-10T06:29:14+00:00 Martin Kosek mkosek@redhat.com 2011-05-31T10:51:38+00:00 915235859cb67d4f350ff506b435586fd15505e7 --no-host-dns option should allow installing IPA server on a host without a DNS resolvable name. Update parse_ip_address and verify_ip_address functions has been changed not to return None and print error messages in case of an error, but rather let the Exception be handled by the calling routine. https://fedorahosted.org/freeipa/ticket/1246 
--no-host-dns option should allow installing IPA server on a host
without a DNS resolvable name.

Update parse_ip_address and verify_ip_address functions has been
changed not to return None and print error messages in case of
an error, but rather let the Exception be handled by the calling
routine.

https://fedorahosted.org/freeipa/ticket/1246
Fix forward zone creation in ipa-replica-prepare 2011-06-08T07:14:06+00:00 Martin Kosek mkosek@redhat.com 2011-05-30T12:47:31+00:00 8077b7ab938f436582b3985c1b6fd0ad90e8bb3d When a new forward zone is created in ipa-replica-prepare the master DNS address gets corrupted by invalid A/AAAA record. https://fedorahosted.org/freeipa/ticket/1260 
When a new forward zone is created in ipa-replica-prepare
the master DNS address gets corrupted by invalid A/AAAA record.

https://fedorahosted.org/freeipa/ticket/1260
Honor netmask in DNS reverse zone setup. 2011-05-30T11:37:03+00:00 Jan Cholasta jcholast@redhat.com 2011-05-27T18:29:33+00:00 db78f362358862c5225f8d3b83ecc2a88d47e45b ticket 910 
ticket 910
Parse netmasks in IP addresses passed to server install. 2011-05-30T11:36:26+00:00 Jan Cholasta jcholast@redhat.com 2011-05-27T18:17:22+00:00 80b4b3d44bbbe745e644b56c5371ef5f4cda6600 ticket 1212 
ticket 1212
Fix reverse zone creation in ipa-replica-prepare 2011-05-27T16:00:47+00:00 Martin Kosek mkosek@redhat.com 2011-05-27T15:05:45+00:00 17c3f9e84efcbeb3b5ae1de83d799974de3bb078 When a new reverse zone was created in ipa-replica-prepare (this may happen when a new replica is from different subnet), the master DNS address was corrupted by invalid A/AAAA record. This caused problems for example in installing replica. https://fedorahosted.org/freeipa/ticket/1223 
When a new reverse zone was created in ipa-replica-prepare (this
may happen when a new replica is from different subnet), the master
DNS address was corrupted by invalid A/AAAA record. This caused
problems for example in installing replica.

https://fedorahosted.org/freeipa/ticket/1223
Fix SELinux errors caused by enabling TLS on dogtag 389-ds instance. 2011-03-15T18:09:57+00:00 Rob Crittenden rcritten@redhat.com 2011-03-14T20:27:19+00:00 861d1bbdca4793fb45fb233d236d3793cc23da36 This fixes 2 AVCS: * One because we are enabling port 7390 because an SSL port must be defined to use TLS On 7389. * We were symlinking to the main IPA 389-ds NSS certificate databsae. Instead generate a separate NSS database and certificate and have certmonger track it separately I also noticed some variable inconsistency in cainstance.py. Everywhere else we use self.fqdn and that was using self.host_name. I found it confusing so I fixed it. ticket 1085 
This fixes 2 AVCS:

* One because we are enabling port 7390 because an SSL port must be
  defined to use TLS On 7389.
* We were symlinking to the main IPA 389-ds NSS certificate databsae.
  Instead generate a separate NSS database and certificate and have
  certmonger track it separately

I also noticed some variable inconsistency in cainstance.py. Everywhere
else we use self.fqdn and that was using self.host_name. I found it
confusing so I fixed it.

ticket 1085
Use ldapi: instead of unsecured ldap: in ipa core tools. 2011-03-03T19:04:34+00:00 Pavel Zuna pzuna@redhat.com 2011-02-15T19:11:27+00:00 64575a411b27dde7919406fdaf5bdec07c6645f3 The patch also corrects exception handling in some of the tools. Fix #874 
The patch also corrects exception handling in some of the tools.

Fix #874
Fix two problems with ipa-replica-prepare 2011-02-14T23:15:35+00:00 Rob Crittenden rcritten@redhat.com 2011-02-14T23:12:10+00:00 16b8d62968194a07e3811cac0b2886f9879a2c7e 1. Fix a unicode() problem creating the DNS entries 2. Fix a strange NSS error when generating the certificates against a dogtag server. The NSS errors are quite strange. When generating the first certificate nss_shutdown() fails because the database isn't initialized yet but nss_is_initialized() returned True. The second pass fails because something is in use. 
1. Fix a unicode() problem creating the DNS entries
2. Fix a strange NSS error when generating the certificates against
   a dogtag server.

The NSS errors are quite strange. When generating the first certificate
nss_shutdown() fails because the database isn't initialized yet but
nss_is_initialized() returned True. The second pass fails because
something is in use.