freeipa.git/install/tools/ipa-replica-install, branch master Unnamed repository; edit this file 'description' to name the repository. Fix SELinux errors caused by enabling TLS on dogtag 389-ds instance. 2011-03-15T18:09:57+00:00 Rob Crittenden rcritten@redhat.com 2011-03-14T20:27:19+00:00 861d1bbdca4793fb45fb233d236d3793cc23da36 This fixes 2 AVCS: * One because we are enabling port 7390 because an SSL port must be defined to use TLS On 7389. * We were symlinking to the main IPA 389-ds NSS certificate databsae. Instead generate a separate NSS database and certificate and have certmonger track it separately I also noticed some variable inconsistency in cainstance.py. Everywhere else we use self.fqdn and that was using self.host_name. I found it confusing so I fixed it. ticket 1085 
This fixes 2 AVCS:

* One because we are enabling port 7390 because an SSL port must be
  defined to use TLS On 7389.
* We were symlinking to the main IPA 389-ds NSS certificate databsae.
  Instead generate a separate NSS database and certificate and have
  certmonger track it separately

I also noticed some variable inconsistency in cainstance.py. Everywhere
else we use self.fqdn and that was using self.host_name. I found it
confusing so I fixed it.

ticket 1085
Use TLS for dogtag replication agreements. 2011-03-10T14:57:36+00:00 Rob Crittenden rcritten@redhat.com 2011-03-10T05:06:15+00:00 9dfb0f05b03176dd8478b56ce684c9a2f4f07b0e Configure the dogtag 389-ds instance with SSL so we can enable TLS for the dogtag replication agreements. The NSS database we use is a symbolic link to the IPA 389-ds instance. ticket 1060 
Configure the dogtag 389-ds instance with SSL so we can enable TLS
for the dogtag replication agreements. The NSS database we use is a
symbolic link to the IPA 389-ds instance.

ticket 1060
Need to restart the dogtag 388-ds instance before using it. 2011-03-03T16:02:03+00:00 Rob Crittenden rcritten@redhat.com 2011-03-02T21:45:45+00:00 f69dc03f07ef1dd7dde4f2db8ba0ffc57fedcab7 Restart the 389-ds instance to ensure all schema is loaded that dogtag may have installed as files. According to bug https://bugzilla.redhat.com/show_bug.cgi?id=680984 this it is only needed on clones. ticket 1024 
Restart the 389-ds instance to ensure all schema is loaded that
dogtag may have installed as files.

According to bug
https://bugzilla.redhat.com/show_bug.cgi?id=680984 this it is only needed
on clones.

ticket 1024
IPA replica/server install does not check for a client 2011-03-03T15:20:39+00:00 Martin Kosek mkosek@redhat.com 2011-02-24T12:02:27+00:00 5a9a9723deffbeef23248e0f145788c9159b726a When IPA replica or server is configured it does not check for possibly installed client. This will cause the installation to fail in the very end. This patch adds a check for already configured client and suggests removing it before server/replica installation. https://fedorahosted.org/freeipa/ticket/1002 
When IPA replica or server is configured it does not check for
possibly installed client. This will cause the installation to
fail in the very end.

This patch adds a check for already configured client and suggests
removing it before server/replica installation.

https://fedorahosted.org/freeipa/ticket/1002
Use a common group for all DS instances 2011-01-31T21:35:53+00:00 Simo Sorce ssorce@redhat.com 2011-01-28T20:45:19+00:00 cc9abf5d38c0030bb4dad0e204c16c9c9bae27c0 Also remove the option to choose a user. It is silly to keep it, when you can't choose the group nor the CA directory user. Fixes: https://fedorahosted.org/freeipa/ticket/851 
Also remove the option to choose a user.
It is silly to keep it, when you can't choose the group nor the CA
directory user.

Fixes: https://fedorahosted.org/freeipa/ticket/851
Don't perform some API self-tests in production mode for performance reasons 2011-01-28T23:49:17+00:00 Rob Crittenden rcritten@redhat.com 2011-01-19T16:24:31+00:00 359d54e741877f04b0773fb0955041eee7ec0054 The API does a fair number of self tests and locking to assure that the registered commands are consistent and will work. This does not need to be done on a production system and adds additional overhead causing somewhere between a 30 and 50% decrease in performance. Because makeapi is executed when a build is done ensure that it is executed in developer mode to ensure that the framework is ok. ticket 751 
The API does a fair number of self tests and locking to assure that the
registered commands are consistent and will work. This does not need
to be done on a production system and adds additional overhead causing
somewhere between a 30 and 50% decrease in performance.

Because makeapi is executed when a build is done ensure that it is
executed in developer mode to ensure that the framework is ok.

ticket 751
Fix assorted bugs found by pylint 2011-01-25T19:01:36+00:00 Jakub Hrozek jhrozek@redhat.com 2011-01-25T17:46:26+00:00 ab2ca8022e4bd89e87e0b7ce908022e6df350866 






Create DNS records as early as possible
2011-01-25T19:01:35+00:00

Simo Sorce
ssorce@redhat.com

2011-01-24T16:42:53+00:00

34cedfe138fe97841a673b83b7e6a978617d28bf

Fixes: https://fedorahosted.org/freeipa/ticket/833





Fixes: https://fedorahosted.org/freeipa/ticket/833







Always add DNS records when installing a replica
2011-01-25T19:01:35+00:00

Simo Sorce
ssorce@redhat.com

2011-01-21T19:46:58+00:00

cec3978c799220164ba0f560d3e764a0d879bb05

Even if the replica is not running a DNS server other replicas might.
So if the DNS container is present, then try to add DNS records.

Fixes: https://fedorahosted.org/freeipa/ticket/824





Even if the replica is not running a DNS server other replicas might.
So if the DNS container is present, then try to add DNS records.

Fixes: https://fedorahosted.org/freeipa/ticket/824







Populate shared tree with replica related values
2011-01-25T16:10:27+00:00

Simo Sorce
ssorce@redhat.com

2011-01-21T19:32:55+00:00

5bc7e5a9c790c80f73b82f8ef175799b3c84eaaa

Fixes: https://fedorahosted.org/freeipa/ticket/820





Fixes: https://fedorahosted.org/freeipa/ticket/820