freeipa.git/install, branch 30gatepo FreeIPA project Get list of service from LDAP only at startup 2012-10-31T17:08:30+00:00 Simo Sorce ssorce@redhat.com 2012-10-12T19:58:02+00:00 d93b01eb4012ffffe78c31bc4307b2ad961ec383 We dump the list retriueved from LDAP at strstup in a temporary configuration file and always use that file afterwards. We check (possibly different) data from LDAP only at (re)start. This way we always shutdown exactly the services we started even if the list changed in the meanwhile (we avoid leaving a service running even if it was removed from LDAP as the admin decided it should not be started in future). This should also fix a problematic deadlock with systemd when we try to read the list of service from LDAP at shutdown. Simo. 
We dump the list retriueved from LDAP at strstup in a temporary configuration
file and always use that file afterwards.
We check (possibly different) data from LDAP only at (re)start.
This way we always shutdown exactly the services we started even if the list
changed in the meanwhile (we avoid leaving a service running even if it was
removed from LDAP as the admin decided it should not be started in future).

This should also fix a problematic deadlock with systemd when we try to read
the list of service from LDAP at shutdown.

Simo.
IPA Server check in ipa-replica-manage 2012-10-31T15:54:15+00:00 Tomas Babej tbabej@redhat.com 2012-10-02T13:15:33+00:00 e7c99e7d21f7923c92cf9dae9fd8c7d5ae4aa8cd When executing ipa-replica-manage connect to an master that raises NotFound error we now check if the master is at least IPA server. If so, we inform the user that it is probably foreign or previously deleted master. If not, we inform the user that the master is not an IPA server at all. https://fedorahosted.org/freeipa/ticket/3105 
When executing ipa-replica-manage connect to an master that raises
NotFound error we now check if the master is at least IPA server.
If so, we inform the user that it is probably foreign or previously
deleted master. If not, we inform the user that the master is not
an IPA server at all.

https://fedorahosted.org/freeipa/ticket/3105
Fixed incorrect link to browser config after session expiration 2012-10-24T07:17:26+00:00 Petr Vobornik pvoborni@redhat.com 2012-10-17T08:14:20+00:00 445744206b92787e82057ca56062076ccf9d7dfe Fixed typo in message placeholder. https://fedorahosted.org/freeipa/ticket/3187 
Fixed typo in message placeholder.

https://fedorahosted.org/freeipa/ticket/3187
ipa-replica-install: Use configured IPA DNS servers in forward/reverse resolution check 2012-10-23T22:40:37+00:00 Petr Viktorin pviktori@redhat.com 2012-10-19T16:22:33+00:00 e4853ebc5910a526c74cc422fd3c1806708bc7aa Previously, ipa-replica-install tried to check DNS resolution on the master being cloned. If that master was not a DNS server, the check failed. Change the check to query the first available configured DNS server. Log about the check before actually running it. Log in the case the check is skipped (no IPA DNS servers installed). https://fedorahosted.org/freeipa/ticket/3194 
Previously, ipa-replica-install tried to check DNS resolution on the master
being cloned. If that master was not a DNS server, the check failed.

Change the check to query the first available configured DNS server.

Log about the check before actually running it.
Log in the case the check is skipped (no IPA DNS servers installed).

https://fedorahosted.org/freeipa/ticket/3194
Improve error messages in ipa-replica-manage. 2012-10-23T18:11:50+00:00 Rob Crittenden rcritten@redhat.com 2012-10-17T15:54:14+00:00 6e1a8067093745704f9feca8598a61dfc63fe2cb Correctly handle case where we bind using GSSAPI with an unauthorized user. Remove extraneous except clause. We now have handle for LDAP errors. Make it explicit in a few places what server we can't connect to. When the remote replica is down and we are forcing its removal, remove a duplicate entry from the list of servers to remove. https://fedorahosted.org/freeipa/ticket/2871 
Correctly handle case where we bind using GSSAPI with an unauthorized user.

Remove extraneous except clause. We now have handle for LDAP errors.

Make it explicit in a few places what server we can't connect to.

When the remote replica is down and we are forcing its removal, remove
a duplicate entry from the list of servers to remove.

https://fedorahosted.org/freeipa/ticket/2871
Report ipa-upgradeconfig errors during RPM upgrade 2012-10-19T01:10:17+00:00 Martin Kosek mkosek@redhat.com 2012-10-17T11:05:24+00:00 a5ec992ed97d0f7c3c03ca6d1c54e2370d898526 Report errors just like with ipa-ldap-updater. These messages should warn user that some parts of the upgrades may have not been successful and he should follow up on them. Otherwise, user may not notice them at all. ipa-upgradeconfig now has a new --quiet option to make it output only error level log messages or higher. ipa-upgradeconfig run without options still pring INFO log messages as it can provide a clean overview about its actions (unlike ipa-ldap-updater). https://fedorahosted.org/freeipa/ticket/3157 
Report errors just like with ipa-ldap-updater. These messages should warn
user that some parts of the upgrades may have not been successful and
he should follow up on them. Otherwise, user may not notice them at all.

ipa-upgradeconfig now has a new --quiet option to make it output only error
level log messages or higher. ipa-upgradeconfig run without options still
pring INFO log messages as it can provide a clean overview about its
actions (unlike ipa-ldap-updater).

https://fedorahosted.org/freeipa/ticket/3157
Create reverse zone in unattended mode 2012-10-19T14:19:14+00:00 Martin Kosek mkosek@redhat.com 2012-10-19T13:34:49+00:00 62cce242247243e9656b10f587a31ed0459899ac Previous fix for ticket #3161 caused ipa-{server,dns}-install to skip creation of reverse zone when running in unattended mode. Make sure that reverse zone is created also in unattended mode (unless --no-reverse is specified). https://fedorahosted.org/freeipa/ticket/3161 
Previous fix for ticket #3161 caused ipa-{server,dns}-install to
skip creation of reverse zone when running in unattended mode. Make
sure that reverse zone is created also in unattended mode (unless
--no-reverse is specified).

https://fedorahosted.org/freeipa/ticket/3161
Simpler instructions to generate certificate 2012-10-19T12:30:06+00:00 Petr Vobornik pvoborni@redhat.com 2012-10-17T10:49:34+00:00 fed5bbd2989a20e1562598033791a0b03d2898be Instructions to generate certificate were simplified. New instructions: 1) Create a certificate database or use an existing one. To create a new database: # certutil -N -d <database path> 2) Create a CSR with subject CN=<hostname>,O=<realm>, for example: # certutil -R -d <database path> -a -g <key size> -s 'CN=dev.example.com,O=DEV.EXAMPLE.COM' 3) Copy and paste the CSR (from -----BEGIN NEW CERTIFICATE REQUEST----- to -----END NEW CERTIFICATE REQUEST-----) into the text area below: https://fedorahosted.org/freeipa/ticket/3056 
Instructions to generate certificate were simplified.

New instructions:

 1) Create a certificate database or use an existing one. To create a new database:
    # certutil -N -d <database path>
 2) Create a CSR with subject CN=<hostname>,O=<realm>, for example:
    # certutil -R -d <database path> -a -g <key size> -s 'CN=dev.example.com,O=DEV.EXAMPLE.COM'
 3) Copy and paste the CSR (from -----BEGIN NEW CERTIFICATE REQUEST----- to -----END NEW CERTIFICATE REQUEST-----) into the text area below:

https://fedorahosted.org/freeipa/ticket/3056
Don't configure a reverse zone if not desired in interactive installer. 2012-10-17T06:59:13+00:00 Rob Crittenden rcritten@redhat.com 2012-10-16T15:11:26+00:00 8222799b9137d8ec1cd6d7e6a7a036b77d4a59c8 A reverse zone was always configured in the interactive installer even if you answered "no" to the reverse zone question. The only way to not confiugre it was the --no-reverse option. https://fedorahosted.org/freeipa/ticket/3161 
A reverse zone was always configured in the interactive installer
even if you answered "no" to the reverse zone question. The only way
to not confiugre it was the --no-reverse option.

https://fedorahosted.org/freeipa/ticket/3161
Add uninstall command hints to ipa-*-install 2012-10-16T07:12:41+00:00 Nikolai Kondrashov Nikolai.Kondrashov@redhat.com 2012-09-10T11:11:40+00:00 92331c0074465b5c105973086467fa17a3d6d957 Add uninstall command to the uninstall instructions in the "already installed" responses of ipa-server-install, ipa-client-install and ipa-replica-install. https://fedorahosted.org/freeipa/ticket/3065 
Add uninstall command to the uninstall instructions in the "already
installed" responses of ipa-server-install, ipa-client-install and
ipa-replica-install.

https://fedorahosted.org/freeipa/ticket/3065