freeipa.git/ipapython, branch adwork FreeIPA project Improve ipa-client-install debug output 2012-06-18T01:47:06+00:00 Petr Viktorin pviktori@redhat.com 2012-06-08T13:36:38+00:00 3e0116491f701222bd3941d0ad58feb7fe670ac4 The client does a fair bit of work when trying to validate the hostnames, do discovery and verify that the server it gets back is an IPA server. The debug logging around this was horrid with very little state information, duplicate log messages or just nothing at all. In many cases errors were printed only to stderr/stdout. This patch makes the logging and output go through the IPA log manager. It sets up logging so that INFO, WARNING, and ERROR messages show up on the console. If -d is given, DEBUG messages are also printed. All messages also go to the log file. The only exception is user input: prompts are only printed to the console, but if the user provides any information it is echoed in a DEBUG-level message. https://fedorahosted.org/freeipa/ticket/2553 
The client does a fair bit of work when trying to validate the hostnames,
do discovery and verify that the server it gets back is an IPA server.
The debug logging around this was horrid with very little state information,
duplicate log messages or just nothing at all.
In many cases errors were printed only to stderr/stdout.

This patch makes the logging and output go through the IPA log manager.
It sets up logging so that INFO, WARNING, and ERROR messages show up on the
console. If -d is given, DEBUG messages are also printed.
All messages also go to the log file.
The only exception is user input: prompts are only printed to the console,
but if the user provides any information it is echoed in a DEBUG-level
message.

https://fedorahosted.org/freeipa/ticket/2553
Store session cookie in ccache for cli users 2012-06-14T12:02:26+00:00 Rob Crittenden rcritten@redhat.com 2012-06-07T02:54:16+00:00 54135ecd9a96f59429cfd535f3add282b535d3e3 Try to use the URI /ipa/session/xml if there is a key in the kernel keyring. If there is no cookie or it turns out to be invalid (expired, whatever) then use the standard URI /ipa/xml. This in turn will create a session that the user can then use later. https://fedorahosted.org/freeipa/ticket/2331 
Try to use the URI /ipa/session/xml if there is a key in the kernel
keyring. If there is no cookie or it turns out to be invalid (expired,
whatever) then use the standard URI /ipa/xml. This in turn will create
a session that the user can then use later.

https://fedorahosted.org/freeipa/ticket/2331
Add sysupgrade state file 2012-06-11T01:23:10+00:00 Martin Kosek mkosek@redhat.com 2012-06-08T06:31:37+00:00 c856fb60737612781fab30760bceeb8bbf6312d9 When IPA package is being updated, some of the configuration files are also updated. Sometimes it may be useful to store upgrade meta information for next package upgrades. For example an information that some config file was already updated and we don't want to update it again if user purposedly reverted the change. This patch adds a new StateFile in /var/lib/ipa/sysupgrade which is capable of holding this information. New sysupgrade.py module was created to provide simple API to access the upgrade state information. 
When IPA package is being updated, some of the configuration files
are also updated. Sometimes it may be useful to store upgrade meta
information for next package upgrades. For example an information
that some config file was already updated and we don't want to
update it again if user purposedly reverted the change.

This patch adds a new StateFile in /var/lib/ipa/sysupgrade which
is capable of holding this information. New sysupgrade.py module
was created to provide simple API to access the upgrade state
information.
If SELinux is enabled ensure we also have restorecon. 2012-05-31T12:07:05+00:00 Rob Crittenden rcritten@redhat.com 2012-05-31T11:59:33+00:00 9e877585e213a9fccec8ff9b3dcb876b2ec65696 We don't have a specific requires on the policycoreutils package. It gets pulled in as a dependency on the server anyway, but checking there is like a belt and suspenders. On the client we don't require SELinux at all. If SELinux is enabled however we need to set things up properly. This is provided by the policycoreutils package so fail if that isn't available. https://fedorahosted.org/freeipa/ticket/2368 
We don't have a specific requires on the policycoreutils package. It
gets pulled in as a dependency on the server anyway, but checking
there is like a belt and suspenders.

On the client we don't require SELinux at all. If SELinux is enabled
however we need to set things up properly. This is provided by the
policycoreutils package so fail if that isn't available.

https://fedorahosted.org/freeipa/ticket/2368
Fix default_server configuration in ipapython.config 2012-05-24T11:59:23+00:00 Martin Kosek mkosek@redhat.com 2012-05-23T11:36:21+00:00 b26777c59d9c4442b0c9cd45a29a56d9f8236c2d When default server was being parsed from IPA's default.conf configuration file, the parsed server was not appended correctly to the default_server list. 
When default server was being parsed from IPA's default.conf
configuration file, the parsed server was not appended correctly to
the default_server list.
Replace DNS client based on acutil with python-dns 2012-05-24T11:55:56+00:00 Martin Kosek mkosek@redhat.com 2012-05-11T12:38:09+00:00 f1ed123caddd7525a0081c4a9de931cabdfda43f IPA client and server tool set used authconfig acutil module to for client DNS operations. This is not optimal DNS interface for several reasons: - does not provide native Python object oriented interface but but rather C-like interface based on functions and structures which is not easy to use and extend - acutil is not meant to be used by third parties besides authconfig and thus can break without notice Replace the acutil with python-dns package which has a feature rich interface for dealing with all different aspects of DNS including DNSSEC. The main target of this patch is to replace all uses of acutil DNS library with a use python-dns. In most cases, even though the larger parts of the code are changed, the actual functionality is changed only in the following cases: - redundant DNS checks were removed from verify_fqdn function in installutils to make the whole DNS check simpler and less error-prone. Logging was improves for the remaining checks - improved logging for ipa-client-install DNS discovery https://fedorahosted.org/freeipa/ticket/2730 https://fedorahosted.org/freeipa/ticket/1837 
IPA client and server tool set used authconfig acutil module to
for client DNS operations. This is not optimal DNS interface for
several reasons:
- does not provide native Python object oriented interface
  but but rather C-like interface based on functions and
  structures which is not easy to use and extend
- acutil is not meant to be used by third parties besides
  authconfig and thus can break without notice

Replace the acutil with python-dns package which has a feature rich
interface for dealing with all different aspects of DNS including
DNSSEC. The main target of this patch is to replace all uses of
acutil DNS library with a use python-dns. In most cases, even
though the larger parts of the code are changed, the actual
functionality is changed only in the following cases:
- redundant DNS checks were removed from verify_fqdn function
  in installutils to make the whole DNS check simpler and
  less error-prone. Logging was improves for the remaining
  checks
- improved logging for ipa-client-install DNS discovery

https://fedorahosted.org/freeipa/ticket/2730
https://fedorahosted.org/freeipa/ticket/1837
Remove duplicate and unused utility code 2012-05-09T09:54:20+00:00 Petr Viktorin pviktori@redhat.com 2012-04-18T15:22:35+00:00 f19218f7d87f5847d51f79b5d2850f90b0ae8407 IPA has some unused code from abandoned features (Radius, ipa 1.x user input, commant-line tab completion), as well as some duplicate utilities. This patch cleans up the utility modules. Duplicate code consolidated into ipapython.ipautil: {ipalib.util,ipaserver.ipautil,ipapython.ipautil}.realm_to_suffix {ipaserver,ipapython}.ipautil.CIDict (with style improvements from the ipaserver version) {ipapython.entity,ipaserver.ipautil}.utf8_encode_value {ipapython.entity,ipaserver.ipautil}.utf8_encode_values ipalib.util.get_fqdn was removed in favor of the same function in ipaserver.install.installutils Removed unused code: ipalib.util: load_plugins_in_dir import_plugins_subpackage make_repr (was imported but unused; also removed from tests) ipapython.ipautil: format_list parse_key_value_pairs read_pairs_file read_items_file user_input_plain AttributeValueCompleter ItemCompleter ipaserver.ipautil: get_gsserror (a different version exists in ipapython.ipautil) ipaserver.ipautil ended up empty and is removed entirely. https://fedorahosted.org/freeipa/ticket/2650 
IPA has some unused code from abandoned features (Radius, ipa 1.x user
input, commant-line tab completion), as well as some duplicate utilities.
This patch cleans up the utility modules.

Duplicate code consolidated into ipapython.ipautil:
    {ipalib.util,ipaserver.ipautil,ipapython.ipautil}.realm_to_suffix
    {ipaserver,ipapython}.ipautil.CIDict
            (with style improvements from the ipaserver version)
    {ipapython.entity,ipaserver.ipautil}.utf8_encode_value
    {ipapython.entity,ipaserver.ipautil}.utf8_encode_values

ipalib.util.get_fqdn was removed in favor of the same function in
ipaserver.install.installutils

Removed unused code:
    ipalib.util:
        load_plugins_in_dir
        import_plugins_subpackage
        make_repr (was imported but unused; also removed from tests)

    ipapython.ipautil:
        format_list
        parse_key_value_pairs
        read_pairs_file
        read_items_file
        user_input_plain
        AttributeValueCompleter
        ItemCompleter

    ipaserver.ipautil:
        get_gsserror (a different version exists in ipapython.ipautil)

ipaserver.ipautil ended up empty and is removed entirely.

https://fedorahosted.org/freeipa/ticket/2650
Configure certmonger to execute restart scripts on renewal. 2012-04-10T05:08:41+00:00 Rob Crittenden rcritten@redhat.com 2012-04-10T19:21:08+00:00 717bbcd2bf624ad68ea1cdf08216ab4f06e8bc4d certmonger now has the ability to execute a script when it renews a certificate. This can be used to automatically restart servers so the certificate doesn't expire in the running server. https://fedorahosted.org/freeipa/ticket/2050 
certmonger now has the ability to execute a script when it renews a
certificate. This can be used to automatically restart servers so
the certificate doesn't expire in the running server.

https://fedorahosted.org/freeipa/ticket/2050
Parse zone indices in IPv6 addresses in CheckedIPAddress. 2012-03-27T10:03:16+00:00 Jan Cholasta jcholast@redhat.com 2012-03-19T12:52:11+00:00 0024024897153d23ae446415612b7529ffb67fe2 If a zone index is present in an IPv6 address, it is ignored. ticket 2138 
If a zone index is present in an IPv6 address, it is ignored.

ticket 2138
Wait for child process to terminate after receiving SIGINT in ipautil.run. 2012-03-23T09:53:02+00:00 Jan Cholasta jcholast@redhat.com 2012-03-20T16:29:36+00:00 d9e8b9a3ed7b26e9cb6bb891cf0d5bb4fcd66dbf Do cleanup on KeyboardInterrupt rather than in custom SIGINT handler in ipa-replica-conncheck. https://fedorahosted.org/freeipa/ticket/2127 
Do cleanup on KeyboardInterrupt rather than in custom SIGINT handler in
ipa-replica-conncheck.

https://fedorahosted.org/freeipa/ticket/2127