freeipa.git/ipaplatform, branch custodia FreeIPA patches topology: manage ca replication agreements 2015-10-15T12:24:33+00:00 Petr Vobornik pvoborni@redhat.com 2015-07-15T09:17:14+00:00 fff31ca220311421f1ac8cef0888aaa892e97584 Configure IPA so that topology plugin will manage also CA replication agreements. upgrades if CA is congigured: - ipaca suffix is added to cn=topology,cn=ipa,cn=etc,$SUFFIX - ipaReplTopoManagedSuffix: o=ipaca is added to master entry - binddngroup is added to o=ipaca replica entry Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
Configure IPA so that topology plugin will manage also CA replication
agreements.

upgrades if CA is congigured:
- ipaca suffix is added to cn=topology,cn=ipa,cn=etc,$SUFFIX
- ipaReplTopoManagedSuffix: o=ipaca is added to master entry
- binddngroup is added to o=ipaca replica entry

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Implement replica promotion functionality 2015-10-15T12:24:33+00:00 Simo Sorce simo@redhat.com 2015-06-11T19:45:38+00:00 d03619fff3a1eb7d21c2ba21f8867ae8018779b8 This patch implements a new flag --promote for the ipa-replica-install command that allows an administrative user to 'promote' an already joined client to become a full ipa server. The only credentials used are that of an administrator. This code relies on ipa-custodia being available on the peer master as well as a number of other patches to allow a computer account to request certificates for its services. Therefore this feature is marked to work only with domain level 1 and above servers. Ticket: https://fedorahosted.org/freeipa/ticket/2888 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
This patch implements a new flag --promote for the ipa-replica-install command
that allows an administrative user to 'promote' an already joined client to
become a full ipa server.

The only credentials used are that of an administrator. This code relies on
ipa-custodia being available on the peer master as well as a number of other
patches to allow a computer account to request certificates for its services.

Therefore this feature is marked to work only with domain level 1 and above
servers.

Ticket: https://fedorahosted.org/freeipa/ticket/2888

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Add ipa-custodia service 2015-10-15T12:24:33+00:00 Simo Sorce simo@redhat.com 2015-05-08T17:39:29+00:00 463dda30679da9ac5eea5683984002989965e2a5 Add a customized Custodia daemon and enable it after installation. Generates server keys and loads them in LDAP autonomously on install or update. Provides client code classes too. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
Add a customized Custodia daemon and enable it after installation.
Generates server keys and loads them in LDAP autonomously on install
or update.
Provides client code classes too.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Use six.moves.urllib instead of urllib/urllib2/urlparse 2015-10-07T08:27:20+00:00 Petr Viktorin pviktori@redhat.com 2015-09-14T10:52:29+00:00 70b37a956c0b7dad52bf14fdb5fed421c01c8f77 In Python 3, these modules are reorganized. Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com> 
In Python 3, these modules are reorganized.

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
paths: Add GENERATE_RNDC_KEY. 2015-10-05T15:45:51+00:00 Timo Aaltonen tjaalton@debian.org 2015-10-03T08:40:15+00:00 7059117ec32bfad8ec802d472b0f7d2b6cb12d2a Reviewed-By: Martin Basti <mbasti@redhat.com> 
Reviewed-By: Martin Basti <mbasti@redhat.com>
ipatests: configure Network Manager not to manage resolv.conf 2015-10-02T12:01:50+00:00 Milan KubĂ­k mkubik@redhat.com 2015-09-25T19:09:24+00:00 c22c60b87c101178e5e653cada53dfdb861d1ad0 For the duration of the test, makes resolv.conf unmanaged. If NetworkManager is not running, nothing is changed. https://fedorahosted.org/freeipa/ticket/5331 Reviewed-By: Martin Basti <mbasti@redhat.com> 
For the duration of the test, makes resolv.conf unmanaged.
If NetworkManager is not running, nothing is changed.

https://fedorahosted.org/freeipa/ticket/5331

Reviewed-By: Martin Basti <mbasti@redhat.com>
do not overwrite files with local users/groups when restoring authconfig 2015-10-02T10:45:26+00:00 Martin Babinsky mbabinsk@redhat.com 2015-09-25T16:00:30+00:00 14977b5d84796c02a2c2a41f78919810cce83732 the patch fixes regression in ipa-restore caused by overwriting /etc/passwd, /etc/shadow and fiends during restore of authconfig configuration files. These files are now excluded from authconfig backup dir. https://fedorahosted.org/freeipa/ticket/5328 Reviewed-By: David Kupka <dkupka@redhat.com> 
the patch fixes regression in ipa-restore caused by overwriting /etc/passwd,
/etc/shadow and fiends during restore of authconfig configuration files. These
files are now excluded from authconfig backup dir.

https://fedorahosted.org/freeipa/ticket/5328

Reviewed-By: David Kupka <dkupka@redhat.com>
install: fix kdcproxy user home directory 2015-09-23T14:29:49+00:00 Jan Cholasta jcholast@redhat.com 2015-09-23T08:35:06+00:00 4c39561261e79fe1cfdef916eafbcb9c204e77e8 https://fedorahosted.org/freeipa/ticket/5314 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> 
https://fedorahosted.org/freeipa/ticket/5314

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
platform: add option to create home directory when adding user 2015-09-23T14:29:49+00:00 Jan Cholasta jcholast@redhat.com 2015-09-23T11:09:44+00:00 859590337a1978eb216b9f4ec0750db2fd547a5a https://fedorahosted.org/freeipa/ticket/5314 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> 
https://fedorahosted.org/freeipa/ticket/5314

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
ipa-backup: Add mechanism to store empty directory structure 2015-09-22T11:17:25+00:00 Tomas Babej tbabej@redhat.com 2015-09-17T15:09:33+00:00 cfeea91828ad47e1d321947d04f5f6de0e3d1c8c Certain subcomponents of IPA, such as Dogtag, cannot function if non-critical directories (such as log directories) have not been stored in the backup. This patch implements storage of selected empty directories, while preserving attributes and SELinux context. https://fedorahosted.org/freeipa/ticket/5297 Reviewed-By: Martin Basti <mbasti@redhat.com> 
Certain subcomponents of IPA, such as Dogtag, cannot function if
non-critical directories (such as log directories) have not been
stored in the backup.

This patch implements storage of selected empty directories,
while preserving attributes and SELinux context.

https://fedorahosted.org/freeipa/ticket/5297

Reviewed-By: Martin Basti <mbasti@redhat.com>