summaryrefslogtreecommitdiffstats
path: root/install/tools/ipa-replica-install
Commit message (Collapse)AuthorAgeFilesLines
...
* Let replicas install without DNSMartin Kosek2012-01-131-0/+9
| | | | | | | | | | | | | | | | | Let ipa-replica-prepare and ipa-replica-install work without proper DNS records as records in /etc/hosts are sufficient for DS replication. 1) ipa-replica-prepare now just checks if the replica hostname is resolvable (DNS records are not required). It is now able to prepare a replica file even when the replica IP address is present in /etc/hosts only. 2) ipa-replica-install is now able to proceed when the hostname is not resolvable. It uses an IP address passed in a new option --ip-address to create a record in /etc/hosts in the same way as ipa-server-install does. https://fedorahosted.org/freeipa/ticket/2139
* Fix LDAP updates in ipa-replica-installMartin Kosek2012-01-131-1/+1
| | | | | | | | ipalib API needs to be bootstrapped in 'installer' context otherwise LDAP update plugins don't get initialized and ipa-replica-install crashes. https://fedorahosted.org/freeipa/ticket/2139
* Prevent service restart failures in ipa-replica-installMartin Kosek2012-01-131-5/+16
| | | | | | | | | | Call restart() methods of appropriate services instead of calling the system service restart command directly as service() method has a capability to wait until the service is fully up. Without this patch ipa-replica-install crashed on F-16 because krb5kdc service was started before dirsrv service was fully up. https://fedorahosted.org/freeipa/ticket/2139
* ticket 2022 - modify codebase to utilize IPALogManager, obsoletes loggingJohn Dennis2011-11-231-10/+11
| | | | | | | | | | | | change default_logger_level to debug in configure_standard_logging add new ipa_log_manager module, move log_mgr there, also export root_logger from log_mgr. change all log_manager imports to ipa_log_manager and change log_manager.root_logger to root_logger. add missing import for parse_log_level()
* Don't check for 389-instances.Rob Crittenden2011-11-161-19/+0
| | | | | | | | | | We no longer need to enforce that no 389-ds instances exist on an IPA server. Checking that the ports exist should be enough. This used to be one mechanism we used to check to see if IPA was already installed. We have a better mechanism now. https://fedorahosted.org/freeipa/ticket/1735
* Replication: Adjust replica installation to omit processing memberof ↵JR Aquino2011-11-141-1/+0
| | | | | | | | | | | | | computations https://fedorahosted.org/freeipa/ticket/1794 If the master does not yet support the total update list feature we still run the memberof fixup task and not fail to replicate due to the new attribute not being settable. Jointly-developed-with: Simo Sorce <ssorce@redhat.com> Jointly-developed-with: Nathank Kinder <nkinder@redhat.com>
* Improve ipa-replica-prepare DNS checkMartin Kosek2011-10-061-2/+2
| | | | | | | | | | | | | Currently, verify_fqdn() function raises RuntimeError for every problem with the hostname. This makes it difficult for tools like ipa-replica-prepare to behave differently for a subset of raised errors (for example to be able to create a DNS record for new replica when verify_fqdn() reports a lookup error). Implement own exceptions for verify_fqdn() that they can be safely used to distinguish the error type. https://fedorahosted.org/freeipa/ticket/1899
* replica-prepare: anonymous binds may be disallowedSimo Sorce2011-10-061-1/+2
| | | | Fixes: https://fedorahosted.org/freeipa/ticket/1900
* Install tools crash when password prompt is interruptedMartin Kosek2011-10-061-0/+2
| | | | | | | | | When getpass.getpass() function is interrupted via CTRL+D, EOFError exception is thrown. Most of the install tools are not prepared for this event and crash with this exception. Make sure that it is handled properly and nice error message is printed. https://fedorahosted.org/freeipa/ticket/1916
* Add a function for formatting network locations of the form host:port for ↵Jan Cholasta2011-10-051-3/+3
| | | | | | | | | use in URLs. If the host part is a literal IPv6 address, it must be enclosed in square brackets (RFC 2732). ticket 1869
* Remove checks for ds-replication pluginMartin Kosek2011-09-221-3/+1
| | | | | | | The replication plugin is no longer shipped as a separate package. Remove the code checking its existence. https://fedorahosted.org/freeipa/ticket/1815
* Convert installation tools to platform-independent access to system servicesAlexander Bokovoy2011-09-131-6/+7
| | | | http://fedorahosted.org/freeipa/ticket/1605
* Improve man pages structureMartin Kosek2011-09-071-22/+32
| | | | | | | | | | | | | | | | There are too many options in ipa-*-install scripts which makes it difficult to read. This patch adds subsections to install script online help and man pages to improve readability. No option has been changed. To further improve man pages: 1) All man pages were changed to have the same header and top-center title to provide united look. 2) Few typos in man pages have been fixed https://fedorahosted.org/freeipa/ticket/1687
* install: We do not need a kpasswd keytab anymoreSimo Sorce2011-08-311-2/+0
| | | | | | We now use MIT's kadmin instead of our old ipa_kpasswd daemon. kadmind knows how to fetch the keys directly from the database and doesn't need a keytab on the filesystem.
* install: We do not need a ldap password anymoreSimo Sorce2011-08-311-2/+1
| | | | | | | Our new ipa-kdb driver access ldap via ldapi:// and EXTERNAL auth and doesn't need a bind password anymore. Fixes: https://fedorahosted.org/freeipa/ticket/1743
* Add option to install without the automatic redirect to the Web UI.Jan Cholasta2011-08-181-3/+5
| | | | ticket 1570
* Re-arrange CA configuration code to reduce the number of restarts.Rob Crittenden2011-08-031-3/+0
| | | | | | | | Ade Lee from the dogtag team looked at the configuration code and determined that a number of restarts were not needed and recommended re-arranging other code to reduce the number of restarts to one. https://fedorahosted.org/freeipa/ticket/1555
* Clean up of IP address checks in install scripts.Jan Cholasta2011-07-191-2/+2
| | | | | | Fixes ipa-dns-install incorrect warning. ticket 1486
* Fix creation of reverse DNS zones.Jan Cholasta2011-07-151-17/+23
| | | | | | | | | | | | | Create reverse DNS zone for /24 IPv4 subnet and /64 IPv6 subnet by default instead of using the netmask from the --ip-address option. Custom reverse DNS zone can be specified using new --reverse-zone option, which replaces the old --ip-address netmask way of creating reverse zones. The reverse DNS zone name is printed to the user during the install. ticket 1398
* Make dogtag an optional (and default un-) installed component in a replica.Rob Crittenden2011-06-231-130/+21
| | | | | | | | | | | | | | A dogtag replica file is created as usual. When the replica is installed dogtag is optional and not installed by default. Adding the --setup-ca option will configure it when the replica is installed. A new tool ipa-ca-install will configure dogtag if it wasn't configured when the replica was initially installed. This moves a fair bit of code out of ipa-replica-install into installutils and cainstance to avoid duplication. https://fedorahosted.org/freeipa/ticket/1251
* Let the framework be able to override the hostname.Rob Crittenden2011-06-231-0/+1
| | | | | | | | | | | | | | | | | | The hostname is passed in during the server installation. We should use this hostname for the resulting server as well. It was being discarded and we always used the system hostname value. Important changes: - configure ipa_hostname in sssd on masters - set PKI_HOSTNAME so the hostname is passed to dogtag installer - set the hostname when doing ldapi binds This also reorders some things in the dogtag installer to eliminate an unnecessary restart. We were restarting the service twice in a row with very little time in between and this could result in a slew of reported errors, though the server installed ok. ticket 1052
* Fix IPA install for secure umaskMartin Kosek2011-06-211-12/+16
| | | | | | | | Make sure that IPA can be installed with root umask set to secure value 077. ipa-server-install was failing in DS configuration phase when dirsrv tried to read boot.ldif created during installation. https://fedorahosted.org/freeipa/ticket/1282
* Improve IP address handling in IPA option parserMartin Kosek2011-06-191-1/+1
| | | | | | | | | | | Implements a way to pass match_local and parse_netmask parameters to IP option checker. Now, there is just one common option type "ip" with new optional attributes "ip_local" and "ip_netmask" which can be used to pass IP address validation parameters. https://fedorahosted.org/freeipa/ticket/1333
* Connection check program for replica installationMartin Kosek2011-06-081-0/+40
| | | | | | | | | | | | | | | | | | | | | | | | | | When connection between a master machine and future replica is not sane, the replica installation may fail unexpectedly with inconvenient error messages. One common problem is misconfigured firewall. This patch adds a program ipa-replica-conncheck which tests the connection using the following procedure: 1) Execute the on-replica check testing the connection to master 2) Open required ports on local machine 3) Ask user to run the on-master part of the check OR run it automatically: a) kinit to master as default admin user with given password b) run the on-master part using ssh 4) When master part is executed, it checks connection back to the replica and prints the check result This program is run by ipa-replica-install as mandatory part. It can, however, be skipped using --skip-conncheck option. ipa-replica-install now requires password for admin user to run the command on remote master. https://fedorahosted.org/freeipa/ticket/1107
* Honor netmask in DNS reverse zone setup.Jan Cholasta2011-05-301-2/+4
| | | | ticket 910
* Parse netmasks in IP addresses passed to server install.Jan Cholasta2011-05-301-1/+5
| | | | ticket 1212
* Fix reverse zone creation in ipa-replica-prepareMartin Kosek2011-05-271-16/+1
| | | | | | | | | When a new reverse zone was created in ipa-replica-prepare (this may happen when a new replica is from different subnet), the master DNS address was corrupted by invalid A/AAAA record. This caused problems for example in installing replica. https://fedorahosted.org/freeipa/ticket/1223
* Properly handle --no-reverse being passed on the CLI in interactive modeRob Crittenden2011-05-121-3/+7
| | | | | | | If installing in interactive mode and --no-reverse is passed then the reverse zone was still being created. ticket 1152
* IPA replica is not started after the rebootMartin Kosek2011-04-281-0/+3
| | | | https://fedorahosted.org/freeipa/ticket/1191
* Replica installation fails for self-signed serverMartin Kosek2011-03-301-1/+2
| | | | | | | When IPA server was configured as self-signed (--selfsign option) the replica always failed to install. https://fedorahosted.org/freeipa/ticket/1122
* Fix SELinux errors caused by enabling TLS on dogtag 389-ds instance.Rob Crittenden2011-03-151-19/+7
| | | | | | | | | | | | | | | | This fixes 2 AVCS: * One because we are enabling port 7390 because an SSL port must be defined to use TLS On 7389. * We were symlinking to the main IPA 389-ds NSS certificate databsae. Instead generate a separate NSS database and certificate and have certmonger track it separately I also noticed some variable inconsistency in cainstance.py. Everywhere else we use self.fqdn and that was using self.host_name. I found it confusing so I fixed it. ticket 1085
* Use TLS for dogtag replication agreements.Rob Crittenden2011-03-101-2/+24
| | | | | | | | Configure the dogtag 389-ds instance with SSL so we can enable TLS for the dogtag replication agreements. The NSS database we use is a symbolic link to the IPA 389-ds instance. ticket 1060
* Need to restart the dogtag 388-ds instance before using it.Rob Crittenden2011-03-031-0/+17
| | | | | | | | | | | Restart the 389-ds instance to ensure all schema is loaded that dogtag may have installed as files. According to bug https://bugzilla.redhat.com/show_bug.cgi?id=680984 this it is only needed on clones. ticket 1024
* IPA replica/server install does not check for a clientMartin Kosek2011-03-031-0/+5
| | | | | | | | | | | When IPA replica or server is configured it does not check for possibly installed client. This will cause the installation to fail in the very end. This patch adds a check for already configured client and suggests removing it before server/replica installation. https://fedorahosted.org/freeipa/ticket/1002
* Use a common group for all DS instancesSimo Sorce2011-01-311-7/+29
| | | | | | | | Also remove the option to choose a user. It is silly to keep it, when you can't choose the group nor the CA directory user. Fixes: https://fedorahosted.org/freeipa/ticket/851
* Don't perform some API self-tests in production mode for performance reasonsRob Crittenden2011-01-281-0/+1
| | | | | | | | | | | | The API does a fair number of self tests and locking to assure that the registered commands are consistent and will work. This does not need to be done on a production system and adds additional overhead causing somewhere between a 30 and 50% decrease in performance. Because makeapi is executed when a build is done ensure that it is executed in developer mode to ensure that the framework is ok. ticket 751
* Fix assorted bugs found by pylintJakub Hrozek2011-01-251-2/+2
|
* Create DNS records as early as possibleSimo Sorce2011-01-251-4/+15
| | | | Fixes: https://fedorahosted.org/freeipa/ticket/833
* Always add DNS records when installing a replicaSimo Sorce2011-01-251-3/+21
| | | | | | | Even if the replica is not running a DNS server other replicas might. So if the DNS container is present, then try to add DNS records. Fixes: https://fedorahosted.org/freeipa/ticket/824
* Populate shared tree with replica related valuesSimo Sorce2011-01-251-0/+1
| | | | Fixes: https://fedorahosted.org/freeipa/ticket/820
* Use GSSAPI for replicationSimo Sorce2011-01-141-1/+2
| | | | | | | Uses a temporary simple replication agreement over SSL to init the tree. Then once all principals have been created switches replication to GSSAPI. Fixes: https://fedorahosted.org/freeipa/ticket/690
* Remove unused random password in replica install scriptSimo Sorce2011-01-141-2/+0
|
* Create the reverse zone by defaultJakub Hrozek2011-01-071-1/+13
| | | | | | A new option to specify reverse zone creation for unattended installs https://fedorahosted.org/freeipa/ticket/678
* Allow ipa-dns-install to configure DNS on a replica.Simo Sorce2011-01-071-0/+2
| | | | Fixes: https://fedorahosted.org/freeipa/ticket/645
* Change FreeIPA license to GPLv3+Jakub Hrozek2010-12-201-5/+5
| | | | | | | | | | The changes include: * Change license blobs in source files to mention GPLv3+ not GPLv2 only * Add GPLv3+ license text * Package COPYING not LICENSE as the license blobs (even the old ones) mention COPYING specifically, it is also more common, I think https://fedorahosted.org/freeipa/ticket/239
* Clarify ipa-replica-install error messageJakub Hrozek2010-12-201-2/+2
|
* Make the IPA installer IPv6 friendlyJakub Hrozek2010-12-201-6/+13
| | | | | | | | | Notable changes include: * parse AAAA records in dnsclient * also ask for AAAA records when verifying FQDN * do not use functions that are not IPv6 aware - notably socket.gethostbyname() The complete list of functions was taken from http://www.akkadia.org/drepper/userapi-ipv6.html section "Interface Checklist"
* Verify that the replication plugin exists before setting up replicas.Rob Crittenden2010-12-171-0/+3
| | | | ticket 502
* Add krb5-pkinit-openssl as a Requires on ipa-server packageRob Crittenden2010-12-161-9/+0
| | | | ticket 599
* Fix Install using dogtag.Simo Sorce2010-12-101-0/+5
| | | | | | | The CA is installed before DS so we need to wait until DS is actually installed to be able to ldap_enable the CA instance. Fixes: https://fedorahosted.org/freeipa/ticket/612
generated by cgit (git 2.34.1) at 2024-05-27 18:46:45 +0000