freeipa.git/ipa-client/ipaclient, branch adwork FreeIPA project Improve autodiscovery logging 2012-06-18T01:47:06+00:00 Petr Viktorin pviktori@redhat.com 2012-06-13T15:44:06+00:00 8f051c978e2a3cf40ba6cc9c84652ae049d978ab Track the source of discovered values (e.g. from option, interactive, retrieved from DNS), and show it in the log in the configuration overview and on erorrs involving the value. Add additional log messages explaining the autodiscovery process. For domains the discovery tries to get LDAP SRV records from, log reasons explaining why the domain was chosen. Also, prevent the same domain from being searched multiple times. Add names for error codes, and show them in the log. Also, modernize the discovery code a bit: move away from the Java-style accessors, don't needlessly pre-declare variables, make IPADiscovery a new-style class. https://fedorahosted.org/freeipa/ticket/2553 
Track the source of discovered values (e.g. from option, interactive,
retrieved from DNS), and show it in the log in the configuration
overview and on erorrs involving the value.

Add additional log messages explaining the autodiscovery process.

For domains the discovery tries to get LDAP SRV records from, log
reasons explaining why the domain was chosen. Also, prevent the
same domain from being searched multiple times.

Add names for error codes, and show them in the log.

Also, modernize the discovery code a bit: move away from the
Java-style accessors, don't needlessly pre-declare variables, make
IPADiscovery a new-style class.

https://fedorahosted.org/freeipa/ticket/2553
Replace DNS client based on acutil with python-dns 2012-05-24T11:55:56+00:00 Martin Kosek mkosek@redhat.com 2012-05-11T12:38:09+00:00 f1ed123caddd7525a0081c4a9de931cabdfda43f IPA client and server tool set used authconfig acutil module to for client DNS operations. This is not optimal DNS interface for several reasons: - does not provide native Python object oriented interface but but rather C-like interface based on functions and structures which is not easy to use and extend - acutil is not meant to be used by third parties besides authconfig and thus can break without notice Replace the acutil with python-dns package which has a feature rich interface for dealing with all different aspects of DNS including DNSSEC. The main target of this patch is to replace all uses of acutil DNS library with a use python-dns. In most cases, even though the larger parts of the code are changed, the actual functionality is changed only in the following cases: - redundant DNS checks were removed from verify_fqdn function in installutils to make the whole DNS check simpler and less error-prone. Logging was improves for the remaining checks - improved logging for ipa-client-install DNS discovery https://fedorahosted.org/freeipa/ticket/2730 https://fedorahosted.org/freeipa/ticket/1837 
IPA client and server tool set used authconfig acutil module to
for client DNS operations. This is not optimal DNS interface for
several reasons:
- does not provide native Python object oriented interface
  but but rather C-like interface based on functions and
  structures which is not easy to use and extend
- acutil is not meant to be used by third parties besides
  authconfig and thus can break without notice

Replace the acutil with python-dns package which has a feature rich
interface for dealing with all different aspects of DNS including
DNSSEC. The main target of this patch is to replace all uses of
acutil DNS library with a use python-dns. In most cases, even
though the larger parts of the code are changed, the actual
functionality is changed only in the following cases:
- redundant DNS checks were removed from verify_fqdn function
  in installutils to make the whole DNS check simpler and
  less error-prone. Logging was improves for the remaining
  checks
- improved logging for ipa-client-install DNS discovery

https://fedorahosted.org/freeipa/ticket/2730
https://fedorahosted.org/freeipa/ticket/1837
Check through all LDAP servers in the domain during IPA discovery 2011-12-09T05:19:57+00:00 Alexander Bokovoy abokovoy@redhat.com 2011-12-07T12:40:46+00:00 790ffc42a8e9ebd549eebffdef05da28ee96e129 When discovering IPA LDAP servers through DNS records, look through all servers found until first success. A master might be not available or denied access but replica may succeed. Ticket #1827 https://fedorahosted.org/freeipa/ticket/1827 
When discovering IPA LDAP servers through DNS records, look through all
servers found until first success. A master might be not available or
denied access but replica may succeed.

Ticket #1827
https://fedorahosted.org/freeipa/ticket/1827
ticket 2022 - modify codebase to utilize IPALogManager, obsoletes logging 2011-11-23T08:36:18+00:00 John Dennis jdennis@redhat.com 2011-11-15T19:39:31+00:00 56401c1abe7d4c78650acfcd9bbe8c8edc1dac57 change default_logger_level to debug in configure_standard_logging add new ipa_log_manager module, move log_mgr there, also export root_logger from log_mgr. change all log_manager imports to ipa_log_manager and change log_manager.root_logger to root_logger. add missing import for parse_log_level() 
change default_logger_level to debug in configure_standard_logging

add new ipa_log_manager module, move log_mgr there, also export
root_logger from log_mgr.

change all log_manager imports to ipa_log_manager and change
log_manager.root_logger to root_logger.

add missing import for parse_log_level()
ipa-client-install hangs if the discovered server is unresponsive 2011-10-12T04:50:22+00:00 Martin Kosek mkosek@redhat.com 2011-10-12T08:55:08+00:00 17f247d6c2aef177c40a690f886b0773a88a6dfa Add a timeout to the wget call to cover a case when autodiscovered server does not response to our attempt to download ca.crt. Let user specify a different IPA server in that case. https://fedorahosted.org/freeipa/ticket/1960 
Add a timeout to the wget call to cover a case when autodiscovered
server does not response to our attempt to download ca.crt. Let
user specify a different IPA server in that case.

https://fedorahosted.org/freeipa/ticket/1960
Before kinit, try to sync time with the NTP servers of the domain we are joining 2011-10-06T09:16:41+00:00 Alexander Bokovoy abokovoy@redhat.com 2011-10-05T14:25:09+00:00 acb2c3106ad763a07eca6e0f6f6737c04f967bfe When running ipa-client-install on a system whose clock is not in sync with the master, kinit fails and enrollment is aborted. Manual checking of current time at the master and adjusting on the client-to-be is then needed. The patch tries to fetch SRV records for NTP servers of the domain we aim to join and runs ntpdate to get time synchronized. If no SRV records are found, sync with IPA server itself. If that fails, warn that time might be not in sync with KDC. https://fedorahosted.org/freeipa/ticket/1773 
When running ipa-client-install on a system whose clock is not in sync
with the master, kinit fails and enrollment is aborted. Manual checking
of current time at the master and adjusting on the client-to-be is then
needed.

The patch tries to fetch SRV records for NTP servers of the domain we aim
to join and runs ntpdate to get time synchronized. If no SRV records are
found, sync with IPA server itself.  If that fails, warn that time might
be not in sync with KDC.

https://fedorahosted.org/freeipa/ticket/1773
Setup and restore ntp configuration on the client side properly 2011-10-05T10:52:40+00:00 Alexander Bokovoy abokovoy@redhat.com 2011-10-04T10:56:12+00:00 f93d71409aa78c4e5c860405cdcc3bc6ffc49280 When setting up the client-side NTP configuration, make sure that /etc/ntp/step-tickers point to IPA NTP server as well. When restoring the client during ipa-client-install --uninstall, make sure NTP configuration is fully restored and NTP service is disabled if it was disabled before the installation. https://fedorahosted.org/freeipa/ticket/1770 
When setting up the client-side NTP configuration, make sure that /etc/ntp/step-tickers
point to IPA NTP server as well.
When restoring the client during ipa-client-install --uninstall, make sure NTP configuration
is fully restored and NTP service is disabled if it was disabled before the installation.

https://fedorahosted.org/freeipa/ticket/1770
Add a function for formatting network locations of the form host:port for use in URLs. 2011-10-05T08:58:25+00:00 Jan Cholasta jcholast@redhat.com 2011-09-30T08:09:55+00:00 12bfed37d4d22319e2cfadb5d9b460da7e748432 If the host part is a literal IPv6 address, it must be enclosed in square brackets (RFC 2732). ticket 1869 
If the host part is a literal IPv6 address, it must be enclosed in square
brackets (RFC 2732).

ticket 1869
ipa-client assumes a single namingcontext 2011-09-30T14:53:59+00:00 Martin Kosek mkosek@redhat.com 2011-09-30T14:52:30+00:00 00cffce6c2ba0121188326535d6c9cd244a4ae5b When LDAP server contains more that one suffixes, the ipa client installation does not detect it as IPA server and fails to install. Fix ipa server discovery so that it correctly searches all naming contexts for the IPA one. https://fedorahosted.org/freeipa/ticket/1868 
When LDAP server contains more that one suffixes, the ipa client
installation does not detect it as IPA server and fails to install.
Fix ipa server discovery so that it correctly searches all naming
contexts for the IPA one.

https://fedorahosted.org/freeipa/ticket/1868
ipa-client-install: Fix joining when LDAP access is restricted 2011-09-30T14:42:30+00:00 Simo Sorce ssorce@redhat.com 2011-09-28T20:31:38+00:00 8f2e3333952edcce8d27a4d8fc23386908819030 Fixes: https://fedorahosted.org/freeipa/ticket/1881 
Fixes: https://fedorahosted.org/freeipa/ticket/1881