freeipa.git/install/tools/ipa-server-install, branch WIP Unnamed repository; edit this file 'description' to name the repository. Improve user awareness about dnsconfig 2012-03-26T04:33:45+00:00 Martin Kosek mkosek@redhat.com 2012-03-15T12:51:59+00:00 52aa008b8719f4ea678efa8957794bb6dcd13893 Global DNS configuration is a nice tool to maintain a common DNS settings stored in LDAP which are then used for all enrolled IPA servers. However, the settings stored in LDAP override local settings in named.conf on DNS servers. This patch adds more information about global DNS configuration options in install scripts and DNS module help. https://fedorahosted.org/freeipa/ticket/2525 
Global DNS configuration is a nice tool to maintain a common DNS
settings stored in LDAP which are then used for all enrolled IPA
servers. However, the settings stored in LDAP override local
settings in named.conf on DNS servers.

This patch adds more information about global DNS configuration
options in install scripts and DNS module help.

https://fedorahosted.org/freeipa/ticket/2525
Refresh resolvers after DNS install 2012-03-12T02:11:41+00:00 Martin Kosek mkosek@redhat.com 2012-03-06T12:26:45+00:00 c956b3cd2ba12d87054909af3dce7d231f034240 Server framework calls acutil.res_send() to send DNS queries used for various DNS tests. However, once acutil is imported it does not change its list of configured resolvers even when /etc/resolv.conf is changed. This may lead to unexpected resolution issues. We should at least reload httpd when we change /etc/resolv.conf to point to FreeIPA nameserver to force a new import of acutil and thus workaround this bug until it is resolved in authconfig. https://fedorahosted.org/freeipa/ticket/2481 
Server framework calls acutil.res_send() to send DNS queries used
for various DNS tests. However, once acutil is imported it does
not change its list of configured resolvers even when
/etc/resolv.conf is changed. This may lead to unexpected
resolution issues.

We should at least reload httpd when we change /etc/resolv.conf to
point to FreeIPA nameserver to force a new import of acutil and
thus workaround this bug until it is resolved in authconfig.

https://fedorahosted.org/freeipa/ticket/2481
Don't delete system users that are added during installation. 2012-02-29T21:36:13+00:00 Rob Crittenden rcritten@redhat.com 2012-02-29T04:05:06+00:00 a5a55ceff3822ede55ad817ede0da5712fb75651 We don't want to run the risk of adding a user, uninstalling it, the system adding a new user (for another package install for example) and then re-installing IPA. This wreaks havoc with file and directory ownership. https://fedorahosted.org/freeipa/ticket/2423 
We don't want to run the risk of adding a user, uninstalling it,
the system adding a new user (for another package install for example)
and then re-installing IPA. This wreaks havoc with file and directory
ownership.

https://fedorahosted.org/freeipa/ticket/2423
Ease zonemgr restrictions 2012-02-20T14:34:45+00:00 Martin Kosek mkosek@redhat.com 2012-02-20T12:40:13+00:00 e10af0b764fb2d042c6ad730866af508f231c8cb Admin e-mail validator currently requires an email to be in a second-level domain (hostmaster@example.com). This is too restrictive. Top level domain e-mails (hostmaster@testrelm) should also be allowed. This patch also fixes default zonemgr value in help texts and man pages. https://fedorahosted.org/freeipa/ticket/2272 
Admin e-mail validator currently requires an email to be in
a second-level domain (hostmaster@example.com). This is too
restrictive. Top level domain e-mails (hostmaster@testrelm)
should also be allowed.

This patch also fixes default zonemgr value in help texts and man
pages.

https://fedorahosted.org/freeipa/ticket/2272
Enable ipa_memcached when upgrading 2012-02-16T13:43:08+00:00 Rob Crittenden rcritten@redhat.com 2012-02-15T21:55:59+00:00 b9bc99e43ae7c364e5c3804d46efcb442da1dda4 Add support for autobind to services. This is a bit of a special case so I currently require the caller to specify ldapi separately. It only makes sense to do this only in upgrade cases. Also uninstall ipa_memcached when uninstalling the server. https://fedorahosted.org/freeipa/ticket/2399 
Add support for autobind to services. This is a bit of a special case
so I currently require the caller to specify ldapi separately. It only
makes sense to do this only in upgrade cases.

Also uninstall ipa_memcached when uninstalling the server.

https://fedorahosted.org/freeipa/ticket/2399
Configure ssh and sshd during ipa-client-install. 2012-02-14T03:21:47+00:00 Jan Cholasta jcholast@redhat.com 2011-12-07T08:49:09+00:00 c00bf9e38afa4867f4ec397b260f2e467163096d For ssh, VerifyHostKeyDNS option is set to 'yes' if --ssh-trust-dns ipa-client-install option is used. For sshd, KerberosAuthentication, GSSAPIAuthentication and UsePAM options are enabled (this can be disabled using --no-sshd ipa-client-install option). ticket 1634 
For ssh, VerifyHostKeyDNS option is set to 'yes' if --ssh-trust-dns
ipa-client-install option is used.

For sshd, KerberosAuthentication, GSSAPIAuthentication and UsePAM
options are enabled (this can be disabled using --no-sshd
ipa-client-install option).

ticket 1634
Update host SSH public keys on the server during client install. 2012-02-14T03:21:43+00:00 Jan Cholasta jcholast@redhat.com 2011-12-07T08:40:51+00:00 c34f5fbc882b16baebc18d795511e8e1fc50668b This is done by calling host-mod to update the keys on IPA server and nsupdate to update DNS SSHFP records. DNS update can be disabled using --no-dns-sshfp ipa-client-install option. https://fedorahosted.org/freeipa/ticket/1634 
This is done by calling host-mod to update the keys on IPA server and nsupdate
to update DNS SSHFP records. DNS update can be disabled using --no-dns-sshfp
ipa-client-install option.

https://fedorahosted.org/freeipa/ticket/1634
Add ipa_memcached service 2012-02-09T19:20:28+00:00 John Dennis jdennis@redhat.com 2012-02-06T18:15:06+00:00 d1e0c1b606fe2a8edce5965cee9ab023a5e27676 * Adds ipa_memcached SystemV initscript * Adds ipa_memcached service file and tmpfiles.d/ipa.conf to recreate /var/run/ipa_memcached on reboot. * Adds ipa_memcached config file * Adds memcacheinstnace.py to manage ipa_memcaced as as SimpleService object. * Updates the IPA service list to include ipa_memcached, at service positon 39, httpd is position 40 * Updates the spec file: - requires the memcached daemon and python client - installs service or initscripts depending on OS - installs config file - creates /var/run/ipa_memcached directory * Modifies ipa-server-install to install ipa_memcached 
* Adds ipa_memcached SystemV initscript

* Adds ipa_memcached service file and tmpfiles.d/ipa.conf
  to recreate /var/run/ipa_memcached on reboot.

* Adds ipa_memcached config file

* Adds memcacheinstnace.py to manage ipa_memcaced as
  as SimpleService object.

* Updates the IPA service list to include ipa_memcached,
  at service positon 39, httpd is position 40

* Updates the spec file:
  - requires the memcached daemon and python client
  - installs service or initscripts depending on OS
  - installs config file
  - creates /var/run/ipa_memcached directory

* Modifies ipa-server-install to install ipa_memcached
Let replicas install without DNS 2012-01-13T08:11:05+00:00 Martin Kosek mkosek@redhat.com 2012-01-04T19:04:21+00:00 95f3ec5d7053a54a393daf1f7d9a93be9d8a64fe Let ipa-replica-prepare and ipa-replica-install work without proper DNS records as records in /etc/hosts are sufficient for DS replication. 1) ipa-replica-prepare now just checks if the replica hostname is resolvable (DNS records are not required). It is now able to prepare a replica file even when the replica IP address is present in /etc/hosts only. 2) ipa-replica-install is now able to proceed when the hostname is not resolvable. It uses an IP address passed in a new option --ip-address to create a record in /etc/hosts in the same way as ipa-server-install does. https://fedorahosted.org/freeipa/ticket/2139 
Let ipa-replica-prepare and ipa-replica-install work without
proper DNS records as records in /etc/hosts are sufficient for
DS replication.

  1) ipa-replica-prepare now just checks if the replica hostname
     is resolvable (DNS records are not required). It is now able
     to prepare a replica file even when the replica IP address is
     present in /etc/hosts only.
  2) ipa-replica-install is now able to proceed when the hostname
     is not resolvable. It uses an IP address passed in a new
     option --ip-address to create a record in /etc/hosts in the
     same way as ipa-server-install does.

https://fedorahosted.org/freeipa/ticket/2139
Ask for user confirmation in ipa-server-install 2011-12-07T13:45:09+00:00 Martin Kosek mkosek@redhat.com 2011-12-07T12:58:35+00:00 d040b93e386457266d5095bd696fa146962b640c Summarize entered IPA server configuration so that user can examine it and stop the installation process in case of error. Before this patch, user had to know which question is the last one and check the values he entered in various places during the interactive wizard. https://fedorahosted.org/freeipa/ticket/1083 
Summarize entered IPA server configuration so that user can examine
it and stop the installation process in case of error. Before this
patch, user had to know which question is the last one and check
the values he entered in various places during the interactive
wizard.

https://fedorahosted.org/freeipa/ticket/1083