freeipa.git/ipaplatform, branch AD-binds FreeIPA patches Use 389-ds centralized scripts. 2015-06-11T11:16:06+00:00 David Kupka dkupka@redhat.com 2015-04-01T15:27:36+00:00 4d05b5d18da84c1e9cc89e9d3c3432261863837a Directory server is deprecating use of tools in instance specific paths. Instead tools in bin/sbin path should be used. https://fedorahosted.org/freeipa/ticket/4051 Reviewed-By: Martin Basti <mbasti@redhat.com> 
Directory server is deprecating use of tools in instance specific paths. Instead
tools in bin/sbin path should be used.

https://fedorahosted.org/freeipa/ticket/4051

Reviewed-By: Martin Basti <mbasti@redhat.com>
vault: Fix ipa-kra-install 2015-06-10T16:17:34+00:00 Jan Cholasta jcholast@redhat.com 2015-06-10T08:50:42+00:00 e7ac57e1390c76c3d7fdb2710808def107d21d6d Use state in LDAP rather than local state to check if KRA is installed. Use correct log file names. https://fedorahosted.org/freeipa/ticket/3872 Reviewed-By: David Kupka <dkupka@redhat.com> 
Use state in LDAP rather than local state to check if KRA is installed.
Use correct log file names.

https://fedorahosted.org/freeipa/ticket/3872

Reviewed-By: David Kupka <dkupka@redhat.com>
vault: Move vaults to cn=vaults,cn=kra 2015-06-10T16:17:34+00:00 Jan Cholasta jcholast@redhat.com 2015-06-10T10:35:43+00:00 81729e22d35c5313e85081b6b3e8658b3d542af1 https://fedorahosted.org/freeipa/ticket/3872 Reviewed-By: David Kupka <dkupka@redhat.com> 
https://fedorahosted.org/freeipa/ticket/3872

Reviewed-By: David Kupka <dkupka@redhat.com>
Fix: use DS socket check only for upgrade 2015-05-26T11:30:15+00:00 Martin Basti mbasti@redhat.com 2015-05-25T07:01:42+00:00 f903c2d5bff3e420519f7bbf026b9bfcc5460fb0 To detect if DS server is running, use the slapd socket for upgrade, and the LDAP port for installation. Without enabled LDAPi socket checking doesnt work. https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: Fraser Tweedale <ftweedal@redhat.com> 
To detect if DS server is running, use the slapd socket for upgrade, and the LDAP port
for installation.

Without enabled LDAPi socket checking doesnt work.

https://fedorahosted.org/freeipa/ticket/4904

Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
Server Upgrade: wait until DS is ready 2015-05-22T13:51:05+00:00 Martin Basti mbasti@redhat.com 2015-05-21T11:25:10+00:00 3d17bf8e639616893d6937d98662ccc7541d1e23 During server upgrade we should wait until DS is ready after restart, otherwise connection error is raised. Instead of 389 port, the DS socket is checked. https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: Fraser Tweedale <ftweedal@redhat.com> 
During server upgrade we should wait until DS is ready after restart, otherwise
connection error is raised.

Instead of 389 port, the DS socket is checked.

https://fedorahosted.org/freeipa/ticket/4904

Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
explicitly destroy httpd service ccache file during httpinstance removal 2015-05-19T12:59:18+00:00 Martin Babinsky mbabinsk@redhat.com 2015-05-15T13:45:34+00:00 5a741b614f39a148d849877e743200de5a7302db during IPA server uninstall, the httpd service ccache is not removed from runtime directory. This file then causes server-side client install to fail when performing subsequent installation without rebooting/recreating runtime directories. This patch ensures that the old httpd ccache is explicitly destroyed during uninstallation. https://fedorahosted.org/freeipa/ticket/4973 Reviewed-By: David Kupka <dkupka@redhat.com> 
during IPA server uninstall, the httpd service ccache is not removed from
runtime directory. This file then causes server-side client install to fail
when performing subsequent installation without rebooting/recreating runtime
directories.

This patch ensures that the old httpd ccache is explicitly destroyed during
uninstallation.

https://fedorahosted.org/freeipa/ticket/4973

Reviewed-By: David Kupka <dkupka@redhat.com>
Dont use the proxy to check CA status 2015-05-15T10:22:28+00:00 Martin Basti mbasti@redhat.com 2015-05-13T08:53:59+00:00 3c86b0ef3e684d45301ae2c2452932ea4f279f08 Checking status of the CA via proxy cause issues when httpd instance is down. To check status of CA we do not need proxy. https://fedorahosted.org/freeipa/ticket/4994 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
Checking status of the CA via proxy cause issues when httpd instance is
down.

To check status of CA we do not need proxy.

https://fedorahosted.org/freeipa/ticket/4994

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Server Upgrade: Verify version and platform 2015-05-04T11:16:26+00:00 Martin Basti mbasti@redhat.com 2015-04-10T13:42:58+00:00 9f049ca14403f3696d54d186e6b1b15181f055df Verify version and platform before upgrade or ipactl start|restart Upgrade: * do not allow upgrade on different platforms * do not allow upgrade data with higher version than build has Start: * do not start services if platform mismatch * do not start services if upgrade is needed * do not start services if data with higher version than build has New ipactl options: --skip-version-check: do not validate IPA version --ignore-service-failures (was --force): ignore if a service start fail and continue with starting other services --force: combine --skip-version-check and --ignore-service-failures https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com> 
Verify version and platform before upgrade or ipactl start|restart

Upgrade:
* do not allow upgrade on different platforms
* do not allow upgrade data with higher version than build has

Start:
* do not start services if platform mismatch
* do not start services if upgrade is needed
* do not start services if data with higher version than build has

New ipactl options:
--skip-version-check: do not validate IPA version
--ignore-service-failures (was --force): ignore if a service start fail
      and continue with starting other services
--force: combine --skip-version-check and --ignore-service-failures

https://fedorahosted.org/freeipa/ticket/4904

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
DNSSEC CI tests 2015-04-14T17:29:36+00:00 Martin Basti mbasti@redhat.com 2014-10-23T13:06:34+00:00 0a1a3d73120bdf20ae05bcf663f14ca1a8b02c25 Tests: * install master, replica, then instal DNSSEC on master * test if zone is signed (added on master) * test if zone is signed (added on replica) * install master with DNSSEC, then install replica * test if root zone is signed * add zone, verify signatures using our root zone https://fedorahosted.org/freeipa/ticket/4657 Reviewed-By: Milan Kubik <mkubik@redhat.com> 
Tests:
* install master, replica, then instal DNSSEC on master
  * test if zone is signed (added on master)
  * test if zone is signed (added on replica)

* install master with DNSSEC, then install replica
  * test if root zone is signed
  * add zone, verify signatures using our root zone

https://fedorahosted.org/freeipa/ticket/4657

Reviewed-By: Milan Kubik <mkubik@redhat.com>
show the exception message thrown by dogtag._parse_ca_status during install 2015-03-26T13:46:56+00:00 Martin Babinsky mbabinsk@redhat.com 2015-03-16T11:36:25+00:00 e8d4f6dba1743389962e9d51871a88dc384840ec https://fedorahosted.org/freeipa/ticket/4885 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com> 
https://fedorahosted.org/freeipa/ticket/4885

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>