summaryrefslogtreecommitdiffstats
path: root/install/tools
Commit message (Collapse)AuthorAgeFilesLines
* Ask for user confirmation in ipa-server-installMartin Kosek2011-12-071-6/+19
| | | | | | | | | | Summarize entered IPA server configuration so that user can examine it and stop the installation process in case of error. Before this patch, user had to know which question is the last one and check the values he entered in various places during the interactive wizard. https://fedorahosted.org/freeipa/ticket/1083
* activate CLDAPSumit Bose2011-12-061-2/+1
|
* Fix some pylint warningsSumit Bose2011-12-061-1/+1
|
* Add DNS service records for WindowsSumit Bose2011-11-302-1/+7
| | | | https://fedorahosted.org/freeipa/ticket/1939
* Make ipa-server-install clean after itselfMartin Kosek2011-11-291-9/+36
| | | | | | | | | | | | | | | ipa-server-install may create some files in the first phase of installation before the actual installation and configuring of services starts. If the installation is interrupted, these files may prevent installing the server again until IPA server is uninstalled. This may be confusing and annoying for the user. This patch safely recovers all known files that could be created in the first phase of the installation. No clean up is done if the actual installation has not started yet or the installation returned success. https://fedorahosted.org/freeipa/ticket/1980
* Add plugin framework to LDAP updates.Rob Crittenden2011-11-223-9/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | There are two reasons for the plugin framework: 1. To provide a way of doing manual/complex LDAP changes without having to keep extending ldapupdate.py (like we did with managed entries). 2. Allows for better control of restarts. There are two types of plugins, preop and postop. A preop plugin runs before any file-based updates are loaded. A postop plugin runs after all file-based updates are applied. A preop plugin may update LDAP directly or craft update entries to be applied with the file-based updates. Either a preop or postop plugin may attempt to restart the dirsrv instance. The instance is only restartable if ipa-ldap-updater is being executed as root. A warning is printed if a restart is requested for a non-root user. Plugins are not executed by default. This is so we can use ldapupdate to apply simple updates in commands like ipa-nis-manage. https://fedorahosted.org/freeipa/ticket/1789 https://fedorahosted.org/freeipa/ticket/1790 https://fedorahosted.org/freeipa/ticket/2032
* ticket 2022 - modify codebase to utilize IPALogManager, obsoletes loggingJohn Dennis2011-11-2314-138/+94
| | | | | | | | | | | | change default_logger_level to debug in configure_standard_logging add new ipa_log_manager module, move log_mgr there, also export root_logger from log_mgr. change all log_manager imports to ipa_log_manager and change log_manager.root_logger to root_logger. add missing import for parse_log_level()
* Don't check for 389-instances.Rob Crittenden2011-11-162-48/+2
| | | | | | | | | | We no longer need to enforce that no 389-ds instances exist on an IPA server. Checking that the ports exist should be enough. This used to be one mechanism we used to check to see if IPA was already installed. We have a better mechanism now. https://fedorahosted.org/freeipa/ticket/1735
* Fix ipa-managed-entries bind procedureMartin Kosek2011-11-161-7/+13
| | | | | | | | | Make sure that when Directory Manager password is entered, we directly do a simple bind instead of trying binding via GSSAPI. Also capture ldap.INVALID_CREDENTIALS exception and provide nice error message than crash. https://fedorahosted.org/freeipa/ticket/1927
* Replication: Adjust replica installation to omit processing memberof ↵JR Aquino2011-11-141-1/+0
| | | | | | | | | | | | | computations https://fedorahosted.org/freeipa/ticket/1794 If the master does not yet support the total update list feature we still run the memberof fixup task and not fail to replicate due to the new attribute not being settable. Jointly-developed-with: Simo Sorce <ssorce@redhat.com> Jointly-developed-with: Nathank Kinder <nkinder@redhat.com>
* Hosts file not updated when IP is passed as optionMartin Kosek2011-11-101-2/+4
| | | | | | | | | | | When an IPA server with unresolvable hostname is being installed, a hostname record must be inserted to /etc/hosts or the installation will fail. However, it is not inserted when IP address is passed as an option (--ip-address) and not interactively. This patch fixes this so that /etc/hosts record is inserted in both cases. https://fedorahosted.org/freeipa/ticket/2074
* Fix ipa-replica-conncheck port labelsMartin Kosek2011-11-041-2/+2
| | | | https://fedorahosted.org/freeipa/ticket/2057
* Fix ipa-server-install answer cacheMartin Kosek2011-11-031-39/+26
| | | | | | | | | | | | | Current Answer Cache storing mechanism is not ideal for storing non-trivial Python types like arrays, custom classes, etc. RawConfigParser just translates values to string, which are not correctly decoded when the Answer Cache is parsed and restored in the installer. This patch replaces RawConfigParser with Python's standard pickle module, which is a recommended way for serialization in Python. https://fedorahosted.org/freeipa/ticket/2054
* Fix ipa-managed-entries password option long formMartin Kosek2011-10-261-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/1913
* Add --zonemgr/--admin-mail validatorMartin Kosek2011-10-262-13/+3
| | | | | | | | | | | Do at least a basic validation of DNS zone manager mail address. Do not require '@' to be in the mail address as the SOA record stores this value without it and people may be used to configure it that way. '@' is always removed by the installer/dns plugin before the DNS zone is created. https://fedorahosted.org/freeipa/ticket/1966
* Add support for systemd environments and use it to support Fedora 16Alexander Bokovoy2011-10-241-1/+11
| | | | https://fedorahosted.org/freeipa/ticket/1192
* Add explicit instructions to ipa-replica-manage for winsync replicationRob Crittenden2011-10-141-2/+29
| | | | https://fedorahosted.org/freeipa/ticket/1946
* Check /etc/hosts file in ipa-server-installMartin Kosek2011-10-131-0/+22
| | | | | | | | There may already be a record in /etc/hosts for chosen IP address which may not be detected under some circumstances. Make sure that /etc/hosts is checked properly. https://fedorahosted.org/freeipa/ticket/1923
* Hostname used by IPA must be a system hostnameMartin Kosek2011-10-132-1/+24
| | | | | | | | | | | Make sure that the hostname IPA uses is a system hostname. If user passes a non-system hostname, update the network settings and system hostname in the same way that ipa-client-install does. This step should prevent various services failures which may not be ready to talk to IPA with non-system hostname. https://fedorahosted.org/freeipa/ticket/1931
* Check hostname resolution sanityMartin Kosek2011-10-131-1/+1
| | | | | | | | | Always check (even with --setup-dns or --no-host-dns) that if the host name or ip address resolves, it resolves to sane value. Otherwise report an error. Misconfigured /etc/hosts causing these errors could harm the installation later. https://fedorahosted.org/freeipa/ticket/1923
* Fix upgrades of selfsign serverRob Crittenden2011-10-111-0/+3
| | | | | | | In checking to see if the dogtag proxy configuration needed to be updated we didn't handle the case where dogtag isn't installed at all. https://fedorahosted.org/freeipa/ticket/1951
* Fix DNS permissions and membership in privilegesRob Crittenden2011-10-091-0/+1
| | | | | | | | | | | | | This resolves two issues: 1. The DNS acis lacked a prefix so weren't tied to permissions 2. The permissions were added before the privileges so the member values weren't calculated properly For updates we need to add in the members and recalculate memberof via a DS task. https://fedorahosted.org/freeipa/ticket/1898
* Execute pki proxy setup when server is upgraded if neededAdam Young2011-10-091-2/+21
|
* Improve ipa-replica-prepare DNS checkMartin Kosek2011-10-064-17/+12
| | | | | | | | | | | | | Currently, verify_fqdn() function raises RuntimeError for every problem with the hostname. This makes it difficult for tools like ipa-replica-prepare to behave differently for a subset of raised errors (for example to be able to create a DNS record for new replica when verify_fqdn() reports a lookup error). Implement own exceptions for verify_fqdn() that they can be safely used to distinguish the error type. https://fedorahosted.org/freeipa/ticket/1899
* replica-prepare: anonymous binds may be disallowedSimo Sorce2011-10-063-26/+31
| | | | Fixes: https://fedorahosted.org/freeipa/ticket/1900
* Install tools crash when password prompt is interruptedMartin Kosek2011-10-0613-9/+44
| | | | | | | | | When getpass.getpass() function is interrupted via CTRL+D, EOFError exception is thrown. Most of the install tools are not prepared for this event and crash with this exception. Make sure that it is handled properly and nice error message is printed. https://fedorahosted.org/freeipa/ticket/1916
* - note that PKCS#12 files also contain private keys, and that the "pkinit" ↵Nalin Dahyabhai2011-10-041-3/+6
| | | | options refer to the KDC's credentials
* Work around pkisilent bugs.Jan Cholasta2011-10-041-6/+25
| | | | | | | | | | | Check directory manager password and certificate subject base for invalid characters. (https://bugzilla.redhat.com/show_bug.cgi?id=658641) Shell-escape pkisilent command-line arguments. (https://bugzilla.redhat.com/show_bug.cgi?id=741180) ticket 1636
* Add a function for formatting network locations of the form host:port for ↵Jan Cholasta2011-10-054-10/+10
| | | | | | | | | use in URLs. If the host part is a literal IPv6 address, it must be enclosed in square brackets (RFC 2732). ticket 1869
* Be more clear about selfsign optionMartin Kosek2011-10-042-5/+13
| | | | | | | | | | | | | | Installing IPA server --selfsign option is currently a one-way ticket to server with limited certificate capabilities. Make sure that user really want to install it by implementing the following steps: - moving the option to the bottom of certificate options section - adding a warning to ipa-server-install man page - adding a warning to ipa-server-install help - adding a warning to ipa-server-install configuration summary when one runs ipa-server-install https://fedorahosted.org/freeipa/ticket/1908
* Detect CA installation type in ipa-replica-prepare and ipa-ca-install.Rob Crittenden2011-09-272-7/+9
| | | | | | | | | | ipa-ca-install can only add a dogtag CA to an IPA install. ipa-replica-prepare can only be run on the initial master with a selfsign backend. https://fedorahosted.org/freeipa/ticket/1756 https://fedorahosted.org/freeipa/ticket/1757
* Revert "Always require SSL in the Kerberos authorization block."Martin Kosek2011-09-271-1/+1
| | | | | | | This patch broke installation of a new master. Reverting until we develop a better solution. This reverts commit f42da4357eac7e64e803b53c78d6cff9175d20a4.
* Fix ipa-replica-prepare always warning the user about not using the system ↵Jan Cholasta2011-09-261-1/+1
| | | | | | hostname. ticket 1717
* Always require SSL in the Kerberos authorization block.Rob Crittenden2011-09-231-1/+1
| | | | | | | This also corrects a slight bug where if add is True then we always re-update the file. https://fedorahosted.org/freeipa/ticket/1755
* Remove checks for ds-replication pluginMartin Kosek2011-09-222-6/+2
| | | | | | | The replication plugin is no longer shipped as a separate package. Remove the code checking its existence. https://fedorahosted.org/freeipa/ticket/1815
* conncheck: Additional check to verify the admin password is okSimo Sorce2011-09-211-0/+9
| | | | | | If we can get a ticket for the master then we know we got all right. This should avoid being prompted again by ssh if the kinit failed and for some reason the error was not caught (seen in live tests).
* 25 Create Tool for Enabling/Disabling Managed Entry PluginsJR Aquino2011-09-215-233/+272
| | | | | | | | Remove legacy ipa-host-net-manage Add ipa-managed-entries tool Add man page for ipa-managed-entries tool https://fedorahosted.org/freeipa/ticket/1181
* dirsrv is not stopped correctly in the fallbackMartin Kosek2011-09-201-1/+1
| | | | | | | The previous patch fixed ipactl stop command. However, the dirsrv stop in the ipactl start command fallback was not right either. https://fedorahosted.org/freeipa/ticket/1800
* ipactl does not stop dirsrvMartin Kosek2011-09-201-1/+1
| | | | | | | Remove an invalid instance name passed to dirsrv service so that it is correctly stopped. https://fedorahosted.org/freeipa/ticket/1800
* Add ipa-adtrust-install utilitySumit Bose2011-09-144-0/+298
| | | | https://fedorahosted.org/freeipa/ticket/1619
* Update ipa-ldap-updater man page saying it is not an end-user utilityRob Crittenden2011-09-141-4/+8
| | | | https://fedorahosted.org/freeipa/ticket/1792
* Improved handling for ipa-pki-proxy.confRob Crittenden2011-09-132-9/+18
| | | | | | | | | - Remove ipa-pki-proxy.conf when IPA is uninstalled - Move file removal to httpinstance.py and use remove_file() - Add a version stanza - Create the file if it doesn't exist on upgraded installs https://fedorahosted.org/freeipa/ticket/1771
* Call standard_logging_setup() before any logging is doneSumit Bose2011-09-131-2/+2
|
* Convert installation tools to platform-independent access to system servicesAlexander Bokovoy2011-09-135-34/+50
| | | | http://fedorahosted.org/freeipa/ticket/1605
* Fix permissions in installersMartin Kosek2011-09-071-17/+17
| | | | | | | | Fix permissions for (configuration) files produced by ipa-server-install or ipa-client-install. This patch is needed when root has a umask preventing files from being world readable. https://fedorahosted.org/freeipa/ticket/1644
* Improve man pages structureMartin Kosek2011-09-0717-163/+207
| | | | | | | | | | | | | | | | There are too many options in ipa-*-install scripts which makes it difficult to read. This patch adds subsections to install script online help and man pages to improve readability. No option has been changed. To further improve man pages: 1) All man pages were changed to have the same header and top-center title to provide united look. 2) Few typos in man pages have been fixed https://fedorahosted.org/freeipa/ticket/1687
* conncheck: Fix List of ports to checkSimo Sorce2011-09-011-6/+6
| | | | | | | | | We need to check all Kerberos ports both TCP and UDP transports. Since we have the PKI proxy configuration all communication with the CA happens on the standard 80/443 ports so we need to check them always. We do not need to leave the old CA ports open. These ports are still used locally but not over the network.
* install: We do not need a kpasswd keytab anymoreSimo Sorce2011-08-312-3/+0
| | | | | | We now use MIT's kadmin instead of our old ipa_kpasswd daemon. kadmind knows how to fetch the keys directly from the database and doesn't need a keytab on the filesystem.
* install: We do not need a ldap password anymoreSimo Sorce2011-08-312-3/+1
| | | | | | | Our new ipa-kdb driver access ldap via ldapi:// and EXTERNAL auth and doesn't need a bind password anymore. Fixes: https://fedorahosted.org/freeipa/ticket/1743
* Let Bind track data changesMartin Kosek2011-08-314-2/+50
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Integrate new bind-dyndb-ldap features to automatically track DNS data changes: 1) Zone refresh Set --zone-refresh in installation to define number of seconds between bind-dyndb-ldap polls for new DNS zones. User now doesn't have to restart name server when a new zone is added. 2) New zone notifications Use LDAP persistent search mechanism to immediately get notification when any new DNS zone is added. Use --zone-notif install option to enable. This option is mutually exclusive with Zone refresh. To enable this functionality in existing IPA installations, update a list of arguments for bind-dyndb-ldap in /etc/named.conf. An example when zone refresh is disabled and DNS data change notifications (argument psearch of bind-dyndb-ldap) are enabled: dynamic-db "ipa" { ... arg "zone_refresh 0"; arg "psearch yes"; }; This patch requires bind-dyndb-ldap-1.0.0-0.1.b1 or later. https://fedorahosted.org/freeipa/ticket/826
generated by cgit (git 2.34.1) at 2024-10-02 09:27:16 +0000