summaryrefslogtreecommitdiffstats
path: root/install/tools/ipa-server-install
Commit message (Collapse)AuthorAgeFilesLines
* Fixed in ipa-server-install help and man pageJan Zeleny2011-02-181-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/831
* Refresh state data before removing the dirsrv user, fixes uninstall.Rob Crittenden2011-02-071-0/+1
| | | | | | | | | The state is read only at initialization time. This works ok when individual services remove their state data but when worked upon again at the top-level it still has the full state in memory, so when the state file is re-written all of the data that was removed is re-added. ticket 916
* ipa-server-install inconsistent capitalizationMartin Kosek2011-02-031-3/+3
| | | | | | | | | A cosmetic patch to IPA server installation output aimed to make capitalization in installer output consistent. Several installation tasks started with a lowercase letter and several installation task steps started with an uppercase letter. https://fedorahosted.org/freeipa/ticket/776
* Fix installing with an external CA and wait for dogtag to come upRob Crittenden2011-02-011-10/+40
| | | | | | | | | | | | | | | | | | | | | There wasn't an exception in the "is the server already installed" check for a two-stage CA installation. Made the installer slightly more robust. We create a cache file of answers so the next run won't ask all the questions again. This cache is removed when the installation is complete. Previously nothing would work if the installer was run more than once, this should be fixed now. The cache is encrypted using the DM password. The second problem is that the tomcat6 init script returns control before the web apps are up. Add a small loop in our restart method to wait for the 9180 port to be available. This also adds an additional restart to ensure that nonces are disabled. ticket 835 revise
* Use a common group for all DS instancesSimo Sorce2011-01-311-53/+49
| | | | | | | | Also remove the option to choose a user. It is silly to keep it, when you can't choose the group nor the CA directory user. Fixes: https://fedorahosted.org/freeipa/ticket/851
* Don't perform some API self-tests in production mode for performance reasonsRob Crittenden2011-01-281-0/+1
| | | | | | | | | | | | The API does a fair number of self tests and locking to assure that the registered commands are consistent and will work. This does not need to be done on a production system and adds additional overhead causing somewhere between a 30 and 50% decrease in performance. Because makeapi is executed when a build is done ensure that it is executed in developer mode to ensure that the framework is ok. ticket 751
* Make the -u option optional in unattended modeSimo Sorce2011-01-241-8/+11
| | | | Fixes: https://fedorahosted.org/freeipa/ticket/836
* Remove trailing spaceSimo Sorce2011-01-241-1/+1
|
* Create the reverse zone by defaultJakub Hrozek2011-01-071-2/+12
| | | | | | A new option to specify reverse zone creation for unattended installs https://fedorahosted.org/freeipa/ticket/678
* Allow ipa-dns-install to install with just admin credentialsSimo Sorce2011-01-071-1/+0
| | | | | | | Do this by creating a common way to attach to the ldap server for each instance. Fixes: https://fedorahosted.org/freeipa/ticket/686
* Make sure that the messagebus service is started.Rob Crittenden2011-01-041-0/+2
| | | | | | | This will prevent certmonger failures. On very minimal installs it seems that messagebus is not always started. ticket 528
* Ask for reverse zone creation only when --setup-bind is specifiedJakub Hrozek2010-12-221-1/+3
|
* Change FreeIPA license to GPLv3+Jakub Hrozek2010-12-201-5/+5
| | | | | | | | | | The changes include: * Change license blobs in source files to mention GPLv3+ not GPLv2 only * Add GPLv3+ license text * Package COPYING not LICENSE as the license blobs (even the old ones) mention COPYING specifically, it is also more common, I think https://fedorahosted.org/freeipa/ticket/239
* Make the IPA installer IPv6 friendlyJakub Hrozek2010-12-201-12/+15
| | | | | | | | | Notable changes include: * parse AAAA records in dnsclient * also ask for AAAA records when verifying FQDN * do not use functions that are not IPv6 aware - notably socket.gethostbyname() The complete list of functions was taken from http://www.akkadia.org/drepper/userapi-ipv6.html section "Interface Checklist"
* Add krb5-pkinit-openssl as a Requires on ipa-server packageRob Crittenden2010-12-161-5/+0
| | | | ticket 599
* Fix Install using dogtag.Simo Sorce2010-12-101-2/+9
| | | | | | | The CA is installed before DS so we need to wait until DS is actually installed to be able to ldap_enable the CA instance. Fixes: https://fedorahosted.org/freeipa/ticket/612
* Move Selfsigned CA creation out of dsinstanceSimo Sorce2010-12-101-4/+9
| | | | | | | | This allows us to have the CA ready to serve out certs for any operation even before the dsinstance is created. The CA is independent of the dsinstance anyway. Also fixes: https://fedorahosted.org/freeipa/ticket/544
* Introduce ipa control script that reads configuration off ldapSimo Sorce2010-12-101-0/+4
| | | | | | | | | | | This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
* Move ntp configuration up top.Simo Sorce2010-12-091-9/+10
| | | | | | | Also move down some dsinstance related operation close to other dsinstance operations. Fixes: https://fedorahosted.org/freeipa/ticket/595
* Give back smaller and more readable ranges by default.Simo Sorce2010-12-071-5/+6
| | | | | | | Instead of allocating a completely random start between 1M and 2G and a range of 1M values, give 10000 possible 200k ranges. They all start at a 200k boundary so they generate more readable IDs, at least until there arent't too many users/replicas involved.
* Do not create reverse zone by defaultJakub Hrozek2010-12-021-1/+2
| | | | | | | Prompt for creation of reverse zone, with the default for unattended installations being False. https://fedorahosted.org/freeipa/ticket/418
* Verify the --ip-address option when setting up DNS.Rob Crittenden2010-11-241-0/+2
| | | | | | | | | There was a corner case where the value of --ip-address was never verified if you were also setting up DNS. Added this bit of information to the man page too. ticket 399
* id ranges: change DNA configurationSimo Sorce2010-11-221-5/+16
| | | | | | | | | | | | | Change the way we specify the id ranges to force uid and gid ranges to always be the same. Add option to specify a maximum id. Change DNA configuration to use shared ranges so that masters and replicas can actually share the same overall range in a safe way. Configure replicas so that their default range is depleted. This will force them to fetch a range portion from the master on the first install. fixes: https://fedorahosted.org/freeipa/ticket/198
* Use sys.exit to quit scriptsJakub Hrozek2010-11-221-20/+12
| | | | | | | Instead of print and return, use sys.exit() to quit scripts with an error message and a non zero return code. https://fedorahosted.org/freeipa/ticket/425
* Automatically disable pkinit when not supportedSimo Sorce2010-11-191-0/+4
|
* Log interactive options in install scriptsJakub Hrozek2010-11-191-0/+7
|
* Add support for configuring KDC certs for PKINITSimo Sorce2010-11-181-1/+35
| | | | | This patch adds support only for the selfsign case. Replica support is also still missing at this stage.
* Use Realm as certs subject base nameSimo Sorce2010-11-181-6/+8
| | | | Also use the realm name as nickname for the CA certificate
* Use a different user for dogtag DS instanceRob Crittenden2010-11-121-1/+8
| | | | | | Also shut down all services before starting uninstall. ticket 349
* Log script options to logfileJakub Hrozek2010-11-091-9/+14
| | | | | | | | Uses a new subclass IPAOptionParser in scripts instead of OptionParser from the standard python library. IPAOptionParser uses its own IPAOption class to store options, which adds a new 'sensitive' attribute. https://fedorahosted.org/freeipa/ticket/393
* install-script: Do not ask to remove DNS dataSimo Sorce2010-10-071-19/+3
| | | | | | | | When we uninstall we wipe out the entire LDAP database, so it doesn't really make mush sense to try to also remove single entries from it. This avoids the --uninstall procedure to fail because the DM password is not available or the LDAP server is down, and we are just trying to cleanup everything.
* Remove spurious error in server uninstaller about client uninstall failure.Rob Crittenden2010-09-241-1/+2
| | | | | | This was meant to catch the case where the client wasn't configured and it missed the most obvious one: the client was installed and is now uninstalled.
* Add new DNS install argument for setting the zone mgr e-mail addr.Rob Crittenden2010-09-231-1/+3
| | | | ticket 125
* Fix certmonger errors when doing a client or server uninstall.Rob Crittenden2010-09-091-2/+3
| | | | | | | | | | | | | | | | This started with the client uninstaller returning a 1 when not installed. There was no way to tell whether the uninstall failed or the client simply wasn't installed which caused no end of grief with the installer. This led to a lot of certmonger failures too, either trying to stop tracking a non-existent cert or not handling an existing tracked certificate. I moved the certmonger code out of the installer and put it into the client/server shared ipapython lib. It now tries a lot harder and smarter to untrack a certificate. ticket 142
* This patch removes the existing UI functionality, as a prep for adding the ↵Adam Young2010-07-291-14/+0
| | | | Javascript based ui.
* Create default HBAC rule allowing any user to access any host from any hostRob Crittenden2010-05-051-2/+5
| | | | | | | | | This is to make initial installation and testing easier. Use the --no_hbac_allow option on the command-line to disable this when doing an install. To remove it from a running server do: ipa hbac-del allow_all
* Make the installer/uninstaller more aware of its stateRob Crittenden2010-05-031-8/+6
| | | | | | | | | | | | | | We have had a state file for quite some time that is used to return the system to its pre-install state. We can use that to determine what has been configured. This patch: - uses the state file to determine if dogtag was installed - prevents someone from trying to re-install an installed server - displays some output when uninstalling - re-arranges the ipa_kpasswd installation so the state is properly saved - removes pkiuser if it was added by the installer - fetches and installs the CA on both masters and clients
* Fix a couple of syntax errors in the installer.Rob Crittenden2010-04-271-2/+5
| | | | I meant to push these along with the original patch but pushed the wrong one.
* Replace a new instance of IPAdmin use in ipa-server-install.Pavel Zuna2010-04-271-8/+11
|
* Connect to the ldap during the uninstallationMartin Nagy2010-04-231-8/+28
| | | | | | We need to ask the user for a password and connect to the ldap so the bind uninstallation procedure can remove old records. This is of course only helpful if one has more than one IPA server configured.
* Fix installing IPA with an external CARob Crittenden2010-04-231-4/+18
| | | | | | | | - cache all interactive answers - set non-interactive to True for the second run so nothing is asked - convert boolean values that are read in - require absolute paths for the external CA and signed cert files - fix the invocation message for the second ipa-server-install run
* Use ldap2 instead of legacy LDAP code from v1 in installer scripts.Pavel Zuna2010-04-191-13/+11
|
* Better customize the message regarding the CA based on the install options.Rob Crittenden2010-03-191-5/+10
| | | | | | | | | | There are now 3 cases: - Install a dogtag CA and issue server certs using that - Install a selfsign CA and issue server certs using that - Install using either dogtag or selfsign and use the provided PKCS#12 files for the server certs. The installed CA will still be used by the cert plugin to issue any server certs.
* Retrieve the LDAP schema using kerberos credentials.Rob Crittenden2010-03-171-0/+1
| | | | This is required so we can disable anonymous access in 389-ds.
* Proper use of set up vs setup (verb vs noun)Rob Crittenden2010-03-161-3/+3
| | | | Resolves #529787
* Make the CA a required component and configured by default.Rob Crittenden2010-03-021-26/+11
| | | | | | | | To install IPA without dogtag use the --selfsign option. The --ca option is now deprecated. 552995
* Fix sample IPA command example at end of installationRob Crittenden2010-02-031-1/+1
| | | | Resolves #531455
* Remove some configuration files we create upon un-installationRob Crittenden2010-01-281-1/+6
| | | | | This is particularly important for Apache since we'd leave the web server handling unconfigured locations.
* Move some functions from ipa-server-install into installutilsMartin Nagy2010-01-211-54/+1
| | | | | We will need these functions in the new upcoming ipa-dns-install command.
* Only add an NTP SRV record if we really are setting up NTPMartin Nagy2010-01-211-1/+1
| | | | | | | The sample bind zone file that is generated if we don't use --setup-dns is also changed. Fixes #500238
generated by cgit (git 2.34.1) at 2024-05-18 15:10:16 +0000