summaryrefslogtreecommitdiffstats
path: root/ipaserver/install
Commit message (Collapse)AuthorAgeFilesLines
...
* install: Handle Knob cli_name and cli_aliases values consistentlyJan Cholasta2015-06-101-18/+18
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: David Kupka <dkupka@redhat.com>
* install: Migrate ipa-server-install to the install frameworkJan Cholasta2015-06-083-138/+650
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Martin Basti <mbasti@redhat.com>
* install: Move private_ccache from ipaserver to ipapythonJan Cholasta2015-06-082-24/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Martin Basti <mbasti@redhat.com>
* install: Fix external CA server installJan Cholasta2015-06-082-20/+19
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: David Kupka <dkupka@redhat.com>
* install: Fix CA-less server installJan Cholasta2015-06-081-0/+6
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: David Kupka <dkupka@redhat.com>
* install: Fix missing variable initialization in replica installJan Cholasta2015-06-081-0/+1
| | | | https://fedorahosted.org/freeipa/ticket/4468
* Move CA installation code into single module.David Kupka2015-06-083-118/+303
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Grammar fix in 'Estimated time' messages printed by installerPetr Spacek2015-06-051-1/+1
| | | | | | Proposed by Tomas Capek. Reviewed-By: Martin Basti <mbasti@redhat.com>
* Clarify messages related to adding DNS forwardersPetr Spacek2015-06-051-6/+5
| | | | | | Proposed by Tomas Capek. Reviewed-By: Martin Basti <mbasti@redhat.com>
* Import profiles earlier during installFraser Tweedale2015-06-052-3/+5
| | | | | | | | | | | | | | | | | Currently, IPA certificate profile import happens at end of install. Certificates issuance during the install process does work but uses an un-customised caIPAserviceCert profile, resulting in incorrect subject DNs and missing extensions. Furthermore, the caIPAserviceCert profile shipped with Dogtag will eventually be removed. Move the import of included certificate profiles to the end of the cainstance deployment phase, prior to the issuance of DS and HTTP certificates. Part of: https://fedorahosted.org/freeipa/ticket/4002 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Fix certificate subject baseFraser Tweedale2015-06-051-1/+1
| | | | | | | | | | Profile management patches introduced a regression where a custom certificate subject base (if configured) is not used in the default profile. Use the configured subject base. Part of: https://fedorahosted.org/freeipa/ticket/4002 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Add profile_id parameter to 'request_certificate'Fraser Tweedale2015-06-041-1/+1
| | | | | | | | | | | | Add the profile_id parameter to the 'request_certificate' function and update call sites. Also remove multiple occurrences of the default profile ID 'caIPAserviceCert'. Part of: https://fedorahosted.org/freeipa/ticket/57 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Import included profiles during install or upgradeFraser Tweedale2015-06-044-214/+88
| | | | | | | | | | | | Add a default service profile template as part of FreeIPA and format and import it as part of installation or upgrade process. Also remove the code that modifies the old (file-based) `caIPAserviceCert' profile. Fixes https://fedorahosted.org/freeipa/ticket/4002 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Enable LDAP-based profiles in CA on upgradeFraser Tweedale2015-06-041-0/+40
| | | | | | Part of: https://fedorahosted.org/freeipa/ticket/4560 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Add ACL to allow CA agent to modify profilesFraser Tweedale2015-06-042-0/+40
| | | | | | Part of: https://fedorahosted.org/freeipa/ticket/57 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Add schema for certificate profilesFraser Tweedale2015-06-041-0/+1
| | | | | | | | | The certprofile object class is used to track IPA-managed certificate profiles in Dogtag and store IPA-specific settings. Part of: https://fedorahosted.org/freeipa/ticket/57 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Install CA with LDAP profiles backendFraser Tweedale2015-06-041-0/+1
| | | | | | | | | Install the Dogtag CA to use the LDAPProfileSubsystem instead of the default (file-based) ProfileSubsystem. Part of: https://fedorahosted.org/freeipa/ticket/4560 Reviewed-By: Martin Basti <mbasti@redhat.com>
* accept missing binddn groupLudwig Krispenz2015-06-031-2/+2
| | | | | | | replicas installed from older versions do not have a binddn group just accept the errror Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Installers fix: remove temporal ccacheMartin Basti2015-06-021-6/+11
| | | | | | | | | Environ variable may be changed outside, so store path into global variable. https://fedorahosted.org/freeipa/ticket/5042 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* install: Move ipa-server-upgrade code into a moduleJan Cholasta2015-05-293-66/+74
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Martin Basti <mbasti@redhat.com>
* install: Move ipa-replica-install code into a moduleJan Cholasta2015-05-292-0/+642
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Martin Basti <mbasti@redhat.com>
* install: Move ipa-server-install code into a moduleJan Cholasta2015-05-292-0/+1212
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Martin Basti <mbasti@redhat.com>
* install: Make a package out of ipaserver.install.serverJan Cholasta2015-05-292-0/+5
| | | | | | | | | | Until ipa-server-install, ipa-replica-install and ipa-server-upgrade are merged into a single code base, keep their respective bits in separate modules in the package. https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Martin Basti <mbasti@redhat.com>
* KRA: get the right dogtag version during server uninstallMartin Babinsky2015-05-261-1/+1
| | | | | | | | | Ensure that the correct version of dogtag is passed from API object to the KRA uninstaller during IPA server uninstall. https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Add Domain Level featureTomas Babej2015-05-263-3/+29
| | | | | | | https://fedorahosted.org/freeipa/ticket/5018 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Server Upgrade: fix remove statementMartin Basti2015-05-261-3/+4
| | | | | | | | | If value does not exists then do not update entry. Otherwise, together with nonexistent entry, the LDAP decode error will be raised. https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Fix: use DS socket check only for upgradeMartin Basti2015-05-261-1/+2
| | | | | | | | | | | To detect if DS server is running, use the slapd socket for upgrade, and the LDAP port for installation. Without enabled LDAPi socket checking doesnt work. https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* install part - manage topology in shared treeLudwig Krispenz2015-05-263-1/+27
| | | | | | https://fedorahosted.org/freeipa/ticket/4302 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* replica-manage: Properly delete nested entriesTomas Babej2015-05-261-2/+2
| | | | | | | | | | | Bad ordering of LDAP entries during replica removal resulted in a failure to delete replica and its services from cn=masters,cn=ipa,cn=etc,$SUFFIX. This patch enforces the correct ordering of entries resulting in proper removal of services before the host entry itself. https://fedorahosted.org/freeipa/ticket/5019 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Server Upgrade: Move code from ipa-upgradeconfig to separate moduleMartin Basti2015-05-252-10/+1381
| | | | | | | | | This also prevent the script ipa-upgradeconfig execute upgrading. Upgrade of services is called from ipa-server-upgrade https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* merge KRA installation machinery to a single moduleMartin Babinsky2015-05-252-70/+98
| | | | | | | | | This is a prerequisite to further refactoring of KRA install/uninstall functionality in all IPA install scripts. https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Server Upgrade: Fix: execute schema updateMartin Basti2015-05-221-1/+5
| | | | | | | | Accidentaly schema upgrade has not been executed. https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* Server Upgrade: wait until DS is readyMartin Basti2015-05-221-5/+3
| | | | | | | | | | | During server upgrade we should wait until DS is ready after restart, otherwise connection error is raised. Instead of 389 port, the DS socket is checked. https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* do not check for directory manager password during KRA uninstallMartin Babinsky2015-05-201-17/+17
| | | | | | | | | | ipa-kra-install validates and asks for directory manager password during uninstallation phase. Since this password is never used during service uninstall, the uninstaller will not perform these checks anymore. https://fedorahosted.org/freeipa/ticket/5028 Reviewed-By: Martin Basti <mbasti@redhat.com>
* DNS install: extract DNS installer into one moduleMartin Basti2015-05-194-3/+219
| | | | | | | | | | | | This is required modification to be able move to new installers. DNS subsystem will be installed by functions in this module in each of ipa-server-install, ipa-dns-install, ipa-replica-install install scripts. https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* explicitly destroy httpd service ccache file during httpinstance removalMartin Babinsky2015-05-191-0/+4
| | | | | | | | | | | | | | during IPA server uninstall, the httpd service ccache is not removed from runtime directory. This file then causes server-side client install to fail when performing subsequent installation without rebooting/recreating runtime directories. This patch ensures that the old httpd ccache is explicitly destroyed during uninstallation. https://fedorahosted.org/freeipa/ticket/4973 Reviewed-By: David Kupka <dkupka@redhat.com>
* Do not store state if CA is enabledDavid Kupka2015-05-192-15/+2
| | | | | | | IPA creates own instance of CA, so there is no need to check if previous instance was enabled, because there could not be any. Reviewed-By: Martin Basti <mbasti@redhat.com>
* DNSSEC: FIX Do not re-create kasp.db if already existsMartin Basti2015-05-191-0/+1
| | | | | | | | Kasp should not be replaced by DNS reinstallation with new file. https://fedorahosted.org/freeipa/ticket/4657 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Server Upgrade: ipa-ldap-updater will not do overall upgradeMartin Basti2015-05-191-12/+7
| | | | | | | | | | | | ipa-ldap-updater is now just util which applies changes specified in update files or schema files. ipa-ldap-updater will not do overall server upgrade anymore, use ipa-server-upgrade instead. https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: handle errors betterMartin Basti2015-05-194-24/+29
| | | | | | | | | * Prevent to continue with upgrade if a fatal error happened * Use exceptions to handle failures https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: do not allow to run upgradeinstace aloneMartin Basti2015-05-191-18/+0
| | | | | | https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: raise RuntimeError instead exit()Martin Basti2015-05-191-1/+1
| | | | | | | | | Ldapupdater should not call sys.exit() in the middle of execution and should fail gracefully https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: Do not start DS if it was stopped before upgradeMartin Basti2015-05-191-3/+5
| | | | | | https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* User life cycle: Stage user Administrators permission/priviledgeThierry Bordaz2015-05-181-2/+10
| | | | | | | | Creation of stage user administrator https://fedorahosted.org/freeipa/ticket/3813 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: Allow base64 encoded valuesMartin Basti2015-05-117-50/+138
| | | | | | | | | | | | | | This patch allows to use base64 encoded values in update files. Double colon ('::') must be used as separator between attribute name and base64 encoded value. add:attr::<base64-value> replace:attr::<old-base64-value>::<new-base64-value> https://fedorahosted.org/freeipa/ticket/4984 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Server Upgrade: remove CSV from upgrade filesMartin Basti2015-05-112-102/+67
| | | | | | | | | | | | | | | | | CSV values are not supported in upgrade files anymore Instead of add:attribute: 'first, part', second please use add:attribute: firts, part add:attribute: second Required for ticket: https://fedorahosted.org/freeipa/ticket/4984 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* prevent duplicate IDs when setting up multiple replicas against single masterMartin Babinsky2015-05-071-24/+50
| | | | | | | | | | | This patch forces replicas to use DELETE+ADD operations to increment 'nsDS5ReplicaId' in 'cn=replication,cn=etc,$SUFFIX' on master, and retry multiple times in the case of conflict with another update. Thus when multiple replicas are set-up against single master none of them will have duplicate ID. https://fedorahosted.org/freeipa/ticket/4378 Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
* Fix stop_tracking_certificates call in ipa-restoreJan Cholasta2015-05-071-3/+2
| | | | | | | | | CAInstance.stop_tracking_certificates() no longer has dogtag_constants argument. https://fedorahosted.org/freeipa/ticket/4775 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: enable DS global lock during upgradeMartin Basti2015-05-052-4/+34
| | | | | | https://fedorahosted.org/freeipa/ticket/4925 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Server Upgrade: use LDIF parser to modify DSE.ldifMartin Basti2015-05-051-20/+165
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4925 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
generated by cgit (git 2.34.1) at 2024-06-17 00:54:50 +0000