summaryrefslogtreecommitdiffstats
path: root/install/tools
Commit message (Collapse)AuthorAgeFilesLines
* Add krb5-pkinit-openssl as a Requires on ipa-server packageRob Crittenden2010-12-162-14/+0
| | | | ticket 599
* managed entry hostgroup netgroup support ↵Jr Aquino2010-12-134-1/+269
| | | | https://fedorahosted.org/freeipa/ticket/543
* Pass the DM password when trying to delete a replica.Rob Crittenden2010-12-111-1/+1
| | | | | | | If the ticket is expired or otherwise unusable it should fall back to the DM password. It was prompted for correctly but wasn't being passed on. ticket 549
* Fixes for ipactl scriptSimo Sorce2010-12-101-20/+64
| | | | Fixes: https://fedorahosted.org/freeipa/ticket/613
* Fix Install using dogtag.Simo Sorce2010-12-102-2/+14
| | | | | | | The CA is installed before DS so we need to wait until DS is actually installed to be able to ldap_enable the CA instance. Fixes: https://fedorahosted.org/freeipa/ticket/612
* Move Selfsigned CA creation out of dsinstanceSimo Sorce2010-12-104-15/+15
| | | | | | | | This allows us to have the CA ready to serve out certs for any operation even before the dsinstance is created. The CA is independent of the dsinstance anyway. Also fixes: https://fedorahosted.org/freeipa/ticket/544
* Introduce ipa control script that reads configuration off ldapSimo Sorce2010-12-102-107/+211
| | | | | | | | | | | This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
* Split dsinstance configurationSimo Sorce2010-12-101-34/+25
| | | | | This is so that master and replica creation can perform different operations as they need slightly diffeent settings to be applied.
* Move ntp configuration up top.Simo Sorce2010-12-091-9/+10
| | | | | | | Also move down some dsinstance related operation close to other dsinstance operations. Fixes: https://fedorahosted.org/freeipa/ticket/595
* Make pkinit setup optional in ipa-replica-prepare too.Simo Sorce2010-12-082-5/+15
| | | | | | Also add fixes for ipa-replica-install as that had issues too. Fixes: https://fedorahosted.org/freeipa/ticket/527
* Give back smaller and more readable ranges by default.Simo Sorce2010-12-071-5/+6
| | | | | | | Instead of allocating a completely random start between 1M and 2G and a range of 1M values, give 10000 possible 200k ranges. They all start at a 200k boundary so they generate more readable IDs, at least until there arent't too many users/replicas involved.
* Do not create reverse zone by defaultJakub Hrozek2010-12-023-3/+6
| | | | | | | Prompt for creation of reverse zone, with the default for unattended installations being False. https://fedorahosted.org/freeipa/ticket/418
* Drop outdated install/tools/README and add QuickStart link to top READMERob Crittenden2010-12-021-67/+0
| | | | ticket 420
* Verify the --ip-address option when setting up DNS.Rob Crittenden2010-11-242-1/+3
| | | | | | | | | There was a corner case where the value of --ip-address was never verified if you were also setting up DNS. Added this bit of information to the man page too. ticket 399
* id ranges: change DNA configurationSimo Sorce2010-11-223-11/+25
| | | | | | | | | | | | | Change the way we specify the id ranges to force uid and gid ranges to always be the same. Add option to specify a maximum id. Change DNA configuration to use shared ranges so that masters and replicas can actually share the same overall range in a safe way. Configure replicas so that their default range is depleted. This will force them to fetch a range portion from the master on the first install. fixes: https://fedorahosted.org/freeipa/ticket/198
* Use sys.exit to quit scriptsJakub Hrozek2010-11-225-48/+27
| | | | | | | Instead of print and return, use sys.exit() to quit scripts with an error message and a non zero return code. https://fedorahosted.org/freeipa/ticket/425
* Automatically disable pkinit when not supportedSimo Sorce2010-11-191-0/+4
|
* Log interactive options in install scriptsJakub Hrozek2010-11-192-0/+10
|
* pkinit-replica: create certificates for replicas tooSimo Sorce2010-11-182-9/+90
| | | | | altough the kdc certificate name is not tied to the fqdn we create separate certs for each KDC so that renewal of each of them is done separately.
* Add support for configuring KDC certs for PKINITSimo Sorce2010-11-181-1/+35
| | | | | This patch adds support only for the selfsign case. Replica support is also still missing at this stage.
* Use Realm as certs subject base nameSimo Sorce2010-11-185-12/+14
| | | | Also use the realm name as nickname for the CA certificate
* Use a different user for dogtag DS instanceRob Crittenden2010-11-121-1/+8
| | | | | | Also shut down all services before starting uninstall. ticket 349
* Remove some more mod_python referencesJakub Hrozek2010-11-101-1/+1
|
* Fix NotFound exception in ipa-nis-manage.Rob Crittenden2010-11-091-2/+4
| | | | | | | | The signature of ldap2.get_entry() changed so normalize wasn't being handled properly so the basedn was always being appended causing our entry in cn=config to be not found. ticket 414
* Add some examples to ipa-replica-install.1Rob Crittenden2010-11-091-18/+39
| | | | ticket 290
* Log script options to logfileJakub Hrozek2010-11-094-23/+35
| | | | | | | | Uses a new subclass IPAOptionParser in scripts instead of OptionParser from the standard python library. IPAOptionParser uses its own IPAOption class to store options, which adds a new 'sensitive' attribute. https://fedorahosted.org/freeipa/ticket/393
* Remove ipa-fix-CVE-2008-3274, it isn't needed any more.Rob Crittenden2010-11-082-534/+0
| | | | ticket 331
* Remove reference to ipa_webguiJan Zeleny2010-11-031-1/+1
| | | | | Reference was removed from ipa-server-install(1) man page. Ticket: #330
* Include REPLICA_FILE in usage for ipa-replica-installRob Crittenden2010-10-131-1/+2
| | | | ticket 247
* Detect if DNS is already configured in IPA, or if IPA is not yet installed.Rob Crittenden2010-10-081-0/+5
| | | | | | | ipa-dns-manage could fail in very odd ways depending on the current configuration of the server. Handle things a bit better. ticket 210
* install-script: Do not ask to remove DNS dataSimo Sorce2010-10-071-19/+3
| | | | | | | | When we uninstall we wipe out the entire LDAP database, so it doesn't really make mush sense to try to also remove single entries from it. This avoids the --uninstall procedure to fail because the DM password is not available or the LDAP server is down, and we are just trying to cleanup everything.
* Remove spurious error in server uninstaller about client uninstall failure.Rob Crittenden2010-09-241-1/+2
| | | | | | This was meant to catch the case where the client wasn't configured and it missed the most obvious one: the client was installed and is now uninstalled.
* Properly handle CertificateOperationErrors in replication prepration.Rob Crittenden2010-09-241-2/+10
| | | | | | | The problem here was two-fold: the certs manager was raising an error it didn't know about and ipa-replica-prepare wasn't catching it. ticket 249
* Add new DNS install argument for setting the zone mgr e-mail addr.Rob Crittenden2010-09-234-4/+14
| | | | ticket 125
* Add missing man pageas for ipa-dns-install and ipa-upgradeconfig.Rob Crittenden2010-09-202-0/+81
| | | | tickets 130 and 131
* Have ipactl start named after the KDC, otherwise it will fail.Rob Crittenden2010-09-161-1/+1
|
* Add --no-host-dns argument to ipa-replica-installRob Crittenden2010-09-162-13/+19
| | | | | | | The server installer has this option, the replica installer should have it too. ticket 146
* Fix certmonger errors when doing a client or server uninstall.Rob Crittenden2010-09-091-2/+3
| | | | | | | | | | | | | | | | This started with the client uninstaller returning a 1 when not installed. There was no way to tell whether the uninstall failed or the client simply wasn't installed which caused no end of grief with the installer. This led to a lot of certmonger failures too, either trying to stop tracking a non-existent cert or not handling an existing tracked certificate. I moved the certmonger code out of the installer and put it into the client/server shared ipapython lib. It now tries a lot harder and smarter to untrack a certificate. ticket 142
* Make ipactl a lot smarter and have it manage named as well.Rob Crittenden2010-09-071-26/+71
| | | | ticket 138
* Enable compat plugin by default and configure netgroupsRob Crittenden2010-08-192-3/+16
| | | | | | | | | Move the netgroup compat configuration from the nis configuration to the existing compat configuration. Add a 'status' option to the ipa-copmat-manage tool. ticket 91
* Correct CA options in ipa-server-install manpageRob Crittenden2010-08-101-3/+3
|
* This patch removes the existing UI functionality, as a prep for adding the ↵Adam Young2010-07-291-14/+0
| | | | Javascript based ui.
* Fix ipa-compat-manage and ipa-nis-manageRob Crittenden2010-07-152-54/+100
| | | | | | | | | | | | | | | Neither of these was working properly, I assume due to changes in the ldap backend. The normalizer now appends the basedn if it isn't included and this was causing havoc with these utilities. After fixing the basics I found a few corner cases that I also addressed: - you can't/shouldn't disable compat if the nis plugin is enabled - we always want to load the nis LDAP update so we get the netgroup config - LDAPupdate.update() returns True/False, not an integer I took some time and fixed up some things pylint complained about too. Ticket #83
* Fall back to DM password if GSSAPI fails and make deleting more user-friendlyRob Crittenden2010-06-011-8/+38
| | | | | Try to be a bit more descriptive about why a deletion fails and generate a prettier error message.
* Query the remote server to see if this replica host already exists.Rob Crittenden2010-06-011-13/+23
| | | | | | If it does then the installation will fail trying to set up the keytabs, and not in a way that you say "aha, it's because the host is already enrolled."
* Add LDAP upgrade over ldapi support.Rob Crittenden2010-06-011-17/+25
| | | | | | | | | This disables all but the ldapi listener in DS so it will be quiet when we perform our upgrades. It is expected that any other clients that also use ldapi will be shut down by other already (krb5 and dns). Add ldapi as an option in ipaldap and add the beginning of pure offline support (e.g. direct editing of LDIF files).
* Create default HBAC rule allowing any user to access any host from any hostRob Crittenden2010-05-052-2/+8
| | | | | | | | | This is to make initial installation and testing easier. Use the --no_hbac_allow option on the command-line to disable this when doing an install. To remove it from a running server do: ipa hbac-del allow_all
* Make the installer/uninstaller more aware of its stateRob Crittenden2010-05-031-8/+6
| | | | | | | | | | | | | | We have had a state file for quite some time that is used to return the system to its pre-install state. We can use that to determine what has been configured. This patch: - uses the state file to determine if dogtag was installed - prevents someone from trying to re-install an installed server - displays some output when uninstalling - re-arranges the ipa_kpasswd installation so the state is properly saved - removes pkiuser if it was added by the installer - fetches and installs the CA on both masters and clients
* Fix a couple of syntax errors in the installer.Rob Crittenden2010-04-271-2/+5
| | | | I meant to push these along with the original patch but pushed the wrong one.
* Replace a new instance of IPAdmin use in ipa-server-install.Pavel Zuna2010-04-271-8/+11
|
generated by cgit (git 2.34.1) at 2024-11-12 01:17:23 +0000