freeipa.git/ipapython/platform, branch my-master FreeIPA patches Process exceptions when talking to Dogtag 2013-03-21T16:14:55+00:00 Alexander Bokovoy abokovoy@redhat.com 2013-03-06T08:17:58+00:00 41031fe121d6ec8bc9a6bb48b62068a9af905dc3 The problem is the ca_status() uses an HTTP GET operation to check Dogtag's status. Under some circumstances Dogtag may take a long time to respond, so the HTTP GET may time out much earlier than 2 minutes. And since the above code doesn't catch the exception, the whole loop fails immediately, so it doesn't wait for a full 2 minutes as expected. https://fedorahosted.org/freeipa/ticket/3492 
The problem is the ca_status() uses an HTTP GET operation to check Dogtag's
status. Under some circumstances Dogtag may take a long time to respond, so the
HTTP GET may time out much earlier than 2 minutes. And since the above code
doesn't catch the exception, the whole loop fails immediately, so it doesn't
wait for a full 2 minutes as expected.

https://fedorahosted.org/freeipa/ticket/3492
convert the base platform modules into packages 2013-01-14T13:39:54+00:00 Timo Aaltonen tjaalton@ubuntu.com 2012-12-05T12:58:06+00:00 ed849639272acf0aed44935591ba525ec1348d59 






Stop and disable conflicting time&date services
2012-12-07T18:07:36+00:00

Martin Kosek
mkosek@redhat.com

2012-12-07T15:44:32+00:00

211f6c9046ab9b43c7f40e279db7c5595ae70bd1

Fedora 16 introduced chrony as default client time&date synchronization
service:
http://fedoraproject.org/wiki/Features/ChronyDefaultNTP
Thus, there may be people already using chrony as their time and date
synchronization service before installing IPA.

However, installing IPA server or client on such machine may lead to
unexpected behavior, as the IPA installer would configure ntpd and leave
the machine with both ntpd and chronyd enabled. However, since the OS
does not allow both chronyd and ntpd to be running concurrently and chronyd
has the precedence, ntpd would not be run on that system at all.

Make sure, that user is warned when trying to install IPA on such
system and is given a possibility to either not to let IPA configure
ntpd at all or to let the installer stop and disable chronyd.

https://fedorahosted.org/freeipa/ticket/2974





Fedora 16 introduced chrony as default client time&date synchronization
service:
http://fedoraproject.org/wiki/Features/ChronyDefaultNTP
Thus, there may be people already using chrony as their time and date
synchronization service before installing IPA.

However, installing IPA server or client on such machine may lead to
unexpected behavior, as the IPA installer would configure ntpd and leave
the machine with both ntpd and chronyd enabled. However, since the OS
does not allow both chronyd and ntpd to be running concurrently and chronyd
has the precedence, ntpd would not be run on that system at all.

Make sure, that user is warned when trying to install IPA on such
system and is given a possibility to either not to let IPA configure
ntpd at all or to let the installer stop and disable chronyd.

https://fedorahosted.org/freeipa/ticket/2974







Only update the list of running services in the installer or ipactl.
2012-12-05T15:44:44+00:00

Rob Crittenden
rcritten@redhat.com

2012-12-04T18:55:30+00:00

62e7053a12fdfc38ac7ed212529c716428c7d92b

The file is only present in the case of a server installation.

It should only be touched by the server installer and ipactl.

https://fedorahosted.org/freeipa/ticket/3277





The file is only present in the case of a server installation.

It should only be touched by the server installer and ipactl.

https://fedorahosted.org/freeipa/ticket/3277







Change network configuration file
2012-12-05T12:30:31+00:00

Martin Kosek
mkosek@redhat.com

2012-12-05T09:50:05+00:00

3896bf370a142eb95a4341e381ee7b1ff0f0c3e2

Fedora+systemd changed deprecated /etc/sysconfig/network which was
used by IPA to store static hostname for the IPA machine. See
https://bugzilla.redhat.com/show_bug.cgi?id=881785 for details.

Change Fedora platform files to store the hostname to /etc/hostname
instead.

https://fedorahosted.org/freeipa/ticket/3279





Fedora+systemd changed deprecated /etc/sysconfig/network which was
used by IPA to store static hostname for the IPA machine. See
https://bugzilla.redhat.com/show_bug.cgi?id=881785 for details.

Change Fedora platform files to store the hostname to /etc/hostname
instead.

https://fedorahosted.org/freeipa/ticket/3279







Save service name on service startup/shutdown
2012-11-01T18:24:41+00:00

Simo Sorce
ssorce@redhat.com

2012-10-22T21:01:58+00:00

57132797120bcd3f68380b6b74343af2d83e0657

This is done as a default action of the ancestor class so that no matter what
platform is currently used this code is always the same and the name is the
wellknown service name.
This information will be used by ipactl to stop only and all the services that
have been started by any ipa tool/install script





This is done as a default action of the ancestor class so that no matter what
platform is currently used this code is always the same and the name is the
wellknown service name.
This information will be used by ipactl to stop only and all the services that
have been started by any ipa tool/install script







Revert "Save service name on service startup"
2012-11-01T18:23:38+00:00

Simo Sorce
simo@redhat.com

2012-11-01T18:23:38+00:00

895b2e2b4339f1b9edc2bc995e7548ac118ea5a1

This reverts commit 1ef651e7f9f5f940051dc470385aa08eefcd60af.

This was an olde version of the patch, next commit will put in the acked
version.





This reverts commit 1ef651e7f9f5f940051dc470385aa08eefcd60af.

This was an olde version of the patch, next commit will put in the acked
version.







Save service name on service startup
2012-11-01T14:58:19+00:00

Simo Sorce
ssorce@redhat.com

2012-10-23T00:48:25+00:00

1ef651e7f9f5f940051dc470385aa08eefcd60af

This is done as a default action of the ancestor class so that no matter what
platform is currently used this code is always the same and the name is the
wellknown service name.
This information will be used by ipacl to stop only and all the services that
have been started by any ipa tool/install script





This is done as a default action of the ancestor class so that no matter what
platform is currently used this code is always the same and the name is the
wellknown service name.
This information will be used by ipacl to stop only and all the services that
have been started by any ipa tool/install script







Preserve original service_name in services
2012-11-01T14:58:19+00:00

Simo Sorce
ssorce@redhat.com

2012-10-23T00:48:24+00:00

09dbc1f36bbc14c1224e45778cbc59586dfeea75

This is needed to be able to reference stuff always wth the same name.
The platform specific private name must be kept in a platform specific
variable.
In the case of systemd we store it in systemd_name
For the redhat platform wellknown names and service name are the same so
currently no special name is needed.





This is needed to be able to reference stuff always wth the same name.
The platform specific private name must be kept in a platform specific
variable.
In the case of systemd we store it in systemd_name
For the redhat platform wellknown names and service name are the same so
currently no special name is needed.







Make sure the CA is running when starting services
2012-10-24T02:02:21+00:00

Petr Viktorin
pviktori@redhat.com

2012-09-25T13:57:03+00:00

d6fbbd530ee94bc4cdd00c9106fd789e50fb81cf

- Provide a function for determinig the CA status using Dogtag 10's new
  getStatus endpoint.
  This must be done over HTTPS, but since our client certificate may not be set
  up yet, we need HTTPS without client authentication.
  Rather than copying from the existing http_request and https_request
  function, shared code is factored out to a common helper.
- Call the new function when restarting the CA service. Since our Service
  can only be extended in platform-specific code, do this for Fedora only.
  Also, the status is only checked with Dogtag 10+.
- When a restart call in cainstance failed, users were refered to the
  installation log, but no info was actually logged. Log the exception.

https://fedorahosted.org/freeipa/ticket/3084





- Provide a function for determinig the CA status using Dogtag 10's new
  getStatus endpoint.
  This must be done over HTTPS, but since our client certificate may not be set
  up yet, we need HTTPS without client authentication.
  Rather than copying from the existing http_request and https_request
  function, shared code is factored out to a common helper.
- Call the new function when restarting the CA service. Since our Service
  can only be extended in platform-specific code, do this for Fedora only.
  Also, the status is only checked with Dogtag 10+.
- When a restart call in cainstance failed, users were refered to the
  installation log, but no info was actually logged. Log the exception.

https://fedorahosted.org/freeipa/ticket/3084