freeipa.git/install/tools/ipa-server-install, branch hbactester FreeIPA project Clean up of IP address checks in install scripts. 2011-07-19T10:30:47+00:00 Jan Cholasta jcholast@redhat.com 2011-07-18T11:36:47+00:00 c09f116f4331175b3fb01f0bd62e78ef47fab716 Fixes ipa-dns-install incorrect warning. ticket 1486 
Fixes ipa-dns-install incorrect warning.

ticket 1486
Use information from the certificate subject when setting the NSS nickname. 2011-07-18T02:14:24+00:00 Rob Crittenden rcritten@redhat.com 2011-07-11T21:39:30+00:00 2f650b60a4ce9c9b19a64b21ebe3051668efb4af There were a few places in the code where certs were loaded from a PKCS#7 file or a chain in a PEM file. The certificates got very generic nicknames. We can instead pull the subject from the certificate and use that as the nickname. https://fedorahosted.org/freeipa/ticket/1141 
There were a few places in the code where certs were loaded from a
PKCS#7 file or a chain in a PEM file. The certificates got very
generic nicknames.

We can instead pull the subject from the certificate and use that as
the nickname.

https://fedorahosted.org/freeipa/ticket/1141
Validate that the certificate subject base is in valid DN format. 2011-07-18T02:10:03+00:00 Rob Crittenden rcritten@redhat.com 2011-07-07T15:55:20+00:00 038089a0c9160221d17796b8d6fd6e4f1fb67850 https://fedorahosted.org/freeipa/ticket/1176 
https://fedorahosted.org/freeipa/ticket/1176
Fix creation of reverse DNS zones. 2011-07-15T14:42:16+00:00 Jan Cholasta jcholast@redhat.com 2011-07-11T08:14:53+00:00 881df73568a9638bba6a6d0ae2e715cf249f6fa4 Create reverse DNS zone for /24 IPv4 subnet and /64 IPv6 subnet by default instead of using the netmask from the --ip-address option. Custom reverse DNS zone can be specified using new --reverse-zone option, which replaces the old --ip-address netmask way of creating reverse zones. The reverse DNS zone name is printed to the user during the install. ticket 1398 
Create reverse DNS zone for /24 IPv4 subnet and /64 IPv6 subnet by
default instead of using the netmask from the --ip-address option.

Custom reverse DNS zone can be specified using new --reverse-zone
option, which replaces the old --ip-address netmask way of creating
reverse zones.

The reverse DNS zone name is printed to the user during the install.

ticket 1398
Verify that the hostname is fully-qualified before accessing the service information in ipactl. 2011-06-24T05:23:14+00:00 Jan Cholasta jcholast@redhat.com 2011-06-24T14:56:25+00:00 3656d9be3cabc16511dafaed593d272ec068e4b3 Fail gracefully if the supplied hostname isn't fully-qualified in ipa-server-install. ticket 1035 
Fail gracefully if the supplied hostname isn't fully-qualified in
ipa-server-install.

ticket 1035
Let the framework be able to override the hostname. 2011-06-23T06:11:34+00:00 Rob Crittenden rcritten@redhat.com 2011-06-23T06:06:49+00:00 8810758c11df8afb5fb7ddf97a71c55a431edfd2 The hostname is passed in during the server installation. We should use this hostname for the resulting server as well. It was being discarded and we always used the system hostname value. Important changes: - configure ipa_hostname in sssd on masters - set PKI_HOSTNAME so the hostname is passed to dogtag installer - set the hostname when doing ldapi binds This also reorders some things in the dogtag installer to eliminate an unnecessary restart. We were restarting the service twice in a row with very little time in between and this could result in a slew of reported errors, though the server installed ok. ticket 1052 
The hostname is passed in during the server installation. We should use
this hostname for the resulting server as well. It was being discarded
and we always used the system hostname value.

Important changes:
- configure ipa_hostname in sssd on masters
- set PKI_HOSTNAME so the hostname is passed to dogtag installer
- set the hostname when doing ldapi binds

This also reorders some things in the dogtag installer to eliminate an
unnecessary restart. We were restarting the service twice in a row with
very little time in between and this could result in a slew of reported
errors, though the server installed ok.

ticket 1052
Fix IPA install for secure umask 2011-06-22T03:45:00+00:00 Martin Kosek mkosek@redhat.com 2011-06-17T12:19:45+00:00 b227208d010bf88a11c46149ac5844c4a55ab9ad Make sure that IPA can be installed with root umask set to secure value 077. ipa-server-install was failing in DS configuration phase when dirsrv tried to read boot.ldif created during installation. https://fedorahosted.org/freeipa/ticket/1282 
Make sure that IPA can be installed with root umask set to secure
value 077. ipa-server-install was failing in DS configuration phase
when dirsrv tried to read boot.ldif created during installation.

https://fedorahosted.org/freeipa/ticket/1282
The IP address provided to ipa-server-install must be local 2011-06-21T02:14:10+00:00 Rob Crittenden rcritten@redhat.com 2011-06-13T20:37:40+00:00 c329a54c093f856d129cf74528d24d13d1792326 Compare the configured interfaces with the supplied IP address and optional netmask to determine if the interface is available. https://fedorahosted.org/freeipa/ticket/1175 
Compare the configured interfaces with the supplied IP address and
optional netmask to determine if the interface is available.

https://fedorahosted.org/freeipa/ticket/1175
Improve IP address handling in IPA option parser 2011-06-20T00:06:21+00:00 Martin Kosek mkosek@redhat.com 2011-06-16T08:47:11+00:00 d9808498a82fa8662e5bc1bc1fca4d175fe9447c Implements a way to pass match_local and parse_netmask parameters to IP option checker. Now, there is just one common option type "ip" with new optional attributes "ip_local" and "ip_netmask" which can be used to pass IP address validation parameters. https://fedorahosted.org/freeipa/ticket/1333 
Implements a way to pass match_local and parse_netmask parameters
to IP option checker.

Now, there is just one common option type "ip" with new optional
attributes "ip_local" and "ip_netmask" which can be used to
pass IP address validation parameters.

https://fedorahosted.org/freeipa/ticket/1333
Do better detection on status of CA DS instance when installing. 2011-06-13T04:15:14+00:00 Rob Crittenden rcritten@redhat.com 2011-06-10T19:28:46+00:00 9f72637b13c2001d1c7e8842f75347f9af74190e The conditional used to determine if thd CA 389-ds instance was already configured was rather poor so it was possible to pass command-line arguments in to confuse it. This would cause it to not be installed at all causing the dogtag installation to fail in a strange way. https://fedorahosted.org/freeipa/ticket/1244 
The conditional used to determine if thd CA 389-ds instance was already
configured was rather poor so it was possible to pass command-line
arguments in to confuse it. This would cause it to not be installed at
all causing the dogtag installation to fail in a strange way.

https://fedorahosted.org/freeipa/ticket/1244