freeipa.git/install/tools, branch testing FreeIPA project Verify that the hostname is fully-qualified before accessing the service information in ipactl. 2011-06-24T05:23:14+00:00 Jan Cholasta jcholast@redhat.com 2011-06-24T14:56:25+00:00 3656d9be3cabc16511dafaed593d272ec068e4b3 Fail gracefully if the supplied hostname isn't fully-qualified in ipa-server-install. ticket 1035 
Fail gracefully if the supplied hostname isn't fully-qualified in
ipa-server-install.

ticket 1035
Make dogtag an optional (and default un-) installed component in a replica. 2011-06-23T23:04:33+00:00 Rob Crittenden rcritten@redhat.com 2011-06-17T20:47:39+00:00 8a32bb3746802a29b2655e4ad2cbbba8481e1eaf A dogtag replica file is created as usual. When the replica is installed dogtag is optional and not installed by default. Adding the --setup-ca option will configure it when the replica is installed. A new tool ipa-ca-install will configure dogtag if it wasn't configured when the replica was initially installed. This moves a fair bit of code out of ipa-replica-install into installutils and cainstance to avoid duplication. https://fedorahosted.org/freeipa/ticket/1251 
A dogtag replica file is created as usual. When the replica is installed
dogtag is optional and not installed by default. Adding the --setup-ca
option will configure it when the replica is installed.

A new tool ipa-ca-install will configure dogtag if it wasn't configured
when the replica was initially installed.

This moves a fair bit of code out of ipa-replica-install into
installutils and cainstance to avoid duplication.

https://fedorahosted.org/freeipa/ticket/1251
Let the framework be able to override the hostname. 2011-06-23T06:11:34+00:00 Rob Crittenden rcritten@redhat.com 2011-06-23T06:06:49+00:00 8810758c11df8afb5fb7ddf97a71c55a431edfd2 The hostname is passed in during the server installation. We should use this hostname for the resulting server as well. It was being discarded and we always used the system hostname value. Important changes: - configure ipa_hostname in sssd on masters - set PKI_HOSTNAME so the hostname is passed to dogtag installer - set the hostname when doing ldapi binds This also reorders some things in the dogtag installer to eliminate an unnecessary restart. We were restarting the service twice in a row with very little time in between and this could result in a slew of reported errors, though the server installed ok. ticket 1052 
The hostname is passed in during the server installation. We should use
this hostname for the resulting server as well. It was being discarded
and we always used the system hostname value.

Important changes:
- configure ipa_hostname in sssd on masters
- set PKI_HOSTNAME so the hostname is passed to dogtag installer
- set the hostname when doing ldapi binds

This also reorders some things in the dogtag installer to eliminate an
unnecessary restart. We were restarting the service twice in a row with
very little time in between and this could result in a slew of reported
errors, though the server installed ok.

ticket 1052
Fix IPA install for secure umask 2011-06-22T03:45:00+00:00 Martin Kosek mkosek@redhat.com 2011-06-17T12:19:45+00:00 b227208d010bf88a11c46149ac5844c4a55ab9ad Make sure that IPA can be installed with root umask set to secure value 077. ipa-server-install was failing in DS configuration phase when dirsrv tried to read boot.ldif created during installation. https://fedorahosted.org/freeipa/ticket/1282 
Make sure that IPA can be installed with root umask set to secure
value 077. ipa-server-install was failing in DS configuration phase
when dirsrv tried to read boot.ldif created during installation.

https://fedorahosted.org/freeipa/ticket/1282
Make data type of certificates more obvious/predictable internally. 2011-06-21T23:09:50+00:00 Rob Crittenden rcritten@redhat.com 2011-06-08T14:54:41+00:00 dd69c7dbe68e8f8674994a54ea913f2dd2e52c32 For the most part certificates will be treated as being in DER format. When we load a certificate we will generally accept it in any format but will convert it to DER before proceeding in normalize_certificate(). This also re-arranges a bit of code to pull some certificate-specific functions out of ipalib/plugins/service.py into ipalib/x509.py. This also tries to use variable names to indicate what format the certificate is in at any given point: dercert: DER cert: PEM nsscert: a python-nss Certificate object rawcert: unknown format ticket 32 
For the most part certificates will be treated as being in DER format.
When we load a certificate we will generally accept it in any format but
will convert it to DER before proceeding in normalize_certificate().

This also re-arranges a bit of code to pull some certificate-specific
functions out of ipalib/plugins/service.py into ipalib/x509.py.

This also tries to use variable names to indicate what format the certificate
is in at any given point:

dercert: DER
cert: PEM
nsscert: a python-nss Certificate object
rawcert: unknown format

ticket 32
The IP address provided to ipa-server-install must be local 2011-06-21T02:14:10+00:00 Rob Crittenden rcritten@redhat.com 2011-06-13T20:37:40+00:00 c329a54c093f856d129cf74528d24d13d1792326 Compare the configured interfaces with the supplied IP address and optional netmask to determine if the interface is available. https://fedorahosted.org/freeipa/ticket/1175 
Compare the configured interfaces with the supplied IP address and
optional netmask to determine if the interface is available.

https://fedorahosted.org/freeipa/ticket/1175
Improve IP address handling in IPA option parser 2011-06-20T00:06:21+00:00 Martin Kosek mkosek@redhat.com 2011-06-16T08:47:11+00:00 d9808498a82fa8662e5bc1bc1fca4d175fe9447c Implements a way to pass match_local and parse_netmask parameters to IP option checker. Now, there is just one common option type "ip" with new optional attributes "ip_local" and "ip_netmask" which can be used to pass IP address validation parameters. https://fedorahosted.org/freeipa/ticket/1333 
Implements a way to pass match_local and parse_netmask parameters
to IP option checker.

Now, there is just one common option type "ip" with new optional
attributes "ip_local" and "ip_netmask" which can be used to
pass IP address validation parameters.

https://fedorahosted.org/freeipa/ticket/1333
Add port 9443 to replica port checking 2011-06-15T15:22:10+00:00 Martin Kosek mkosek@redhat.com 2011-06-15T12:13:14+00:00 08d1b6da1a3e35417e3dd5deb877a9bf20dfcc82 Port 9443 (Agent secure port on PKI-CA) was missing. Additionaly, checked port descriptions case consistency fixed. https://fedorahosted.org/freeipa/ticket/1321 
Port 9443 (Agent secure port on PKI-CA) was missing. Additionaly,
checked port descriptions case consistency fixed.

https://fedorahosted.org/freeipa/ticket/1321
Improve DNS zone creation 2011-06-15T07:02:09+00:00 Martin Kosek mkosek@redhat.com 2011-06-01T12:51:06+00:00 f21508978511d40a60fbdaaa786bcc96f99578d5 When a new DNS zone is being created a local hostname is set as a nameserver of the new zone. However, when the zone is created during ipa-replica-prepare, the the current master/replica doesn't have to be an IPA server with DNS support. This would lead to DNS zones with incorrect NS records as they wouldn't point to a valid name server. Now, a list of all master servers with DNS support is retrieved during DNS zone creation and added as NS records for a new DNS zone. https://fedorahosted.org/freeipa/ticket/1261 
When a new DNS zone is being created a local hostname is set as a
nameserver of the new zone. However, when the zone is created
during ipa-replica-prepare, the the current master/replica doesn't
have to be an IPA server with DNS support. This would lead to DNS
zones with incorrect NS records as they wouldn't point to a valid
name server.

Now, a list of all master servers with DNS support is retrieved
during DNS zone creation and added as NS records for a new DNS
zone.

https://fedorahosted.org/freeipa/ticket/1261
Do better detection on status of CA DS instance when installing. 2011-06-13T04:15:14+00:00 Rob Crittenden rcritten@redhat.com 2011-06-10T19:28:46+00:00 9f72637b13c2001d1c7e8842f75347f9af74190e The conditional used to determine if thd CA 389-ds instance was already configured was rather poor so it was possible to pass command-line arguments in to confuse it. This would cause it to not be installed at all causing the dogtag installation to fail in a strange way. https://fedorahosted.org/freeipa/ticket/1244 
The conditional used to determine if thd CA 389-ds instance was already
configured was rather poor so it was possible to pass command-line
arguments in to confuse it. This would cause it to not be installed at
all causing the dogtag installation to fail in a strange way.

https://fedorahosted.org/freeipa/ticket/1244