| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
The group "apache" needs to have read access to them so they will work in
Fedora 9+.
|
| |
|
|
|
|
| |
Change backup format so files are all in a single directory (no dir
hierarchies) and use an index file so we can save also ownership and
permission info for the restore (and eventually other data later on).
|
| |
|
|
|
|
|
| |
We update the mod_nss configuration (nss.conf) during installation to include
ipa-rewrite.conf to handle the SSL side.
433054
|
| |
|
|
|
|
| |
Use that domain when creating replicas
Resolves 432066
|
| | |
|
| |
|
|
|
|
|
| |
No longer create a PKCS#12 file that contains the CA
No longer send the entire CA to each replica, generate the SSL certs on master
Fix number of bugs in ipa-replica-install and prepare
Produce status output during replica creation
|
| |
|
|
|
|
|
|
|
| |
The ipa_webgui and ipa_kpasswd instance code is identical
and I want to add another similar instance down the line,
so re-factor the code into a service.SimpleServiceInstance
class.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
If, in future, we change the server ID so that it's not
derived from the realm name, there's a fair few places
that need to be changed.
Make that easier by having config_dirname() take the
server ID rather than the realm name. That makes sense
anyway so we don't have to realm_to_serverid() so
much.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
|
| |
|
|
|
|
|
|
| |
Add a --uninstall option to ipa-server-install which tries to
restore the system to the way it was before ipa-server-install
was run using the state backed up through sysrestore.py.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds a sysrestore module which allows ipa-server-install
code to backup any system state so that it can be restored again
with e.g. ipa-server-install --uninstall.
The idea is that any files ipa-server-install modifies gets backed
up to /var/cache/ipa/sysrestore/ while any "meta" state, like
whether a service is enabled with chkconfig, is saved to
/var/cache/ipa/sysrestore.state.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
|
| |
|
|
|
|
|
| |
httpinstance.py currently uses a hardcoded /tmp/ipa temporary
directory. Make it use tempfile.mkdtemp() instead.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
There's a few places where we spawn of kadmin to add/modify
principals and create keytabs.
Refactor all that code into installutils.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Creation steps are currently done with:
self.start_creation(2, "Create foo")
self.step("do foo")
self.foo()
self.step("do bar")
self.bar()
self.done_creation()
This patch refactors that into the much more
straightforward:
self.step("do foo", self.foo)
self.step("do bar", self.bar)
self.start_creation("Create foo")
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
|
| |
|
|
|
|
|
|
| |
Recently, dsinstance and krbinstance was fixed to
not import * from ipautil; do the same for the
rest of ipaserver.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
|
| |
|
|
|
|
| |
This uses the UniversalPreferencesWrite function to set the browser
preferences to allow negotiation and ticket forwarding in the IPA domain.
A self-signed certificate is generated to sign the javascript.
|
| | |
|
| | |
|
| |
|
|
|
| |
python module. This is in preparation for user
supplied certs.
|
| | |
|
| |
|
|
| |
fail if the file it was to update didn't exist.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
1) Add a base class for all of the instance objects.
2) Normalize usage of logging.
3) General cleanups of ipa-server-install.
4) Make better use of httpinstance.
5) Add webguiinstance.
6) Improve progress reporting during installation.
Works Here (TM), but it would be nice to get someone else
to test since this moves code around a bit.
|
| |
|
