freeipa.git/ipaserver/install/plugins, branch pwdpolicy FreeIPA patches add missing attribute to ipaca replica during CA topology update 2016-12-09T14:47:13+00:00 Martin Babinsky mbabinsk@redhat.com 2016-12-07T13:00:09+00:00 6d0e450c8226a8e23d88cf21487a77db66a2968b 'nsds5replicabinddngroupcheckinterval' attribute was not properly added to 'o=ipaca' replica attribute during upgrade. The CA topology update plugin should now add it to the entry if it exists. https://fedorahosted.org/freeipa/ticket/6508 Reviewed-By: Martin Basti <mbasti@redhat.com> 
'nsds5replicabinddngroupcheckinterval' attribute was not properly added
to 'o=ipaca' replica attribute during upgrade. The CA topology update
plugin should now add it to the entry if it exists.

https://fedorahosted.org/freeipa/ticket/6508

Reviewed-By: Martin Basti <mbasti@redhat.com>
ipalib: move certstore to the install subpackage 2016-11-29T13:50:51+00:00 Jan Cholasta jcholast@redhat.com 2016-11-23T14:40:21+00:00 a2c58889735c794cd1e93331c755b6f9ba273773 The certstore module depends on ipaplatform. Move it to ipalib.install, as it is used only from installers. https://fedorahosted.org/freeipa/ticket/6474 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> 
The certstore module depends on ipaplatform.

Move it to ipalib.install, as it is used only from installers.

https://fedorahosted.org/freeipa/ticket/6474

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
ipapython: move certmonger and sysrestore to ipalib.install 2016-11-29T13:50:51+00:00 Jan Cholasta jcholast@redhat.com 2016-11-23T14:04:40+00:00 26c46a447f82b4cf37a5076b72cf6328857d5f35 The certmonger and sysrestore modules depend on ipaplatform. Move them to ipalib.install as they are used only from installers. https://fedorahosted.org/freeipa/ticket/6474 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> 
The certmonger and sysrestore modules depend on ipaplatform.

Move them to ipalib.install as they are used only from installers.

https://fedorahosted.org/freeipa/ticket/6474

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Moved update of DNA plugin among update plugins 2016-11-11T11:13:56+00:00 Stanislav Laznicka slaznick@redhat.com 2016-10-18T08:16:29+00:00 7279ef1d0f28dae9f3203362ca9e2245e56e111f To make the code more general, moved the update_dna_shared_config among other update plugins. Bugfix: DNA shared config connection protocol was compared to a method string which would result in a try to always update it even if there was no need to. https://fedorahosted.org/389/ticket/48373 causes that two shared DNA config entries are created instead of one. https://fedorahosted.org/freeipa/ticket/6392 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
To make the code more general, moved the update_dna_shared_config
among other update plugins.

Bugfix: DNA shared config connection protocol was compared to a
method string which would result in a try to always update it
even if there was no need to.

https://fedorahosted.org/389/ticket/48373 causes that two
shared DNA config entries are created instead of one.

https://fedorahosted.org/freeipa/ticket/6392

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Move ds.replica_populate to an update plugin 2016-11-11T11:13:56+00:00 Stanislav Laznicka slaznick@redhat.com 2016-10-13T13:08:31+00:00 83e72d704630b9cc5a1f713dfee30601950eb5e9 Replica populate can be applied with other update plugins. https://fedorahosted.org/freeipa/ticket/6392 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
Replica populate can be applied with other update plugins.

https://fedorahosted.org/freeipa/ticket/6392

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
ipaldap: merge IPAdmin to LDAPClient 2016-11-07T10:34:03+00:00 Tomas Krizek tkrizek@redhat.com 2016-11-01T13:52:33+00:00 5b81dbfda1e4f0799d4ce87e9987a896af3ff299 * move IPAdmin methods to LDAPClient * add extra arguments (cacert, sasl_nocanon) to LDAPClient.__init__() * add host, port, _protocol to LDAPClient (parsed from ldap_uri) * create get_ldap_uri() method to create ldap_uri from former IPAdmin.__init__() arguments * replace IPAdmin with LDAPClient + get_ldap_uri() * remove ununsed function argument hostname from enable_replication_version_checking() https://fedorahosted.org/freeipa/ticket/6461 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
* move IPAdmin methods to LDAPClient
* add extra arguments (cacert, sasl_nocanon) to LDAPClient.__init__()
* add host, port, _protocol to LDAPClient (parsed from ldap_uri)
* create get_ldap_uri() method to create ldap_uri from former
    IPAdmin.__init__() arguments
* replace IPAdmin with LDAPClient + get_ldap_uri()
* remove ununsed function argument hostname from
    enable_replication_version_checking()

https://fedorahosted.org/freeipa/ticket/6461

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Pylint: remove unused variables from installers and scripts 2016-10-06T08:43:36+00:00 Martin Basti mbasti@redhat.com 2016-10-04T14:54:44+00:00 d9375881460d63cdd696bb0705da0ac205db9870 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> 
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Pylint: enable check for unused-variables 2016-09-27T11:35:58+00:00 Martin Basti mbasti@redhat.com 2016-09-26T16:24:39+00:00 45e3aee35219c89c07d590003a334f8db658a3b2 Unused variables may: * make code less readable * create dead code * potentialy hide issues/errors Enabled check should prevent to leave unused variable in code Check is locally disabled for modules that fix is not clear or easy or have too many occurences of unused variables Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> 
Unused variables may:
* make code less readable
* create dead code
* potentialy hide issues/errors

Enabled check should prevent to leave unused variable in code

Check is locally disabled for modules that fix is not clear or easy or have too many occurences of
unused variables

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Remove unused variables in the code 2016-09-27T11:35:58+00:00 Martin Basti mbasti@redhat.com 2016-09-26T12:08:17+00:00 0f88f8fe889ae4801fc8d5ece1ad51c5246718ac This commit removes unused variables or rename variables as "expected to be unused" by using "_" prefix. This covers only cases where fix was easy or only one unused variable was in a module Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> 
This commit removes unused variables or rename variables as "expected to
be unused" by using "_" prefix.

This covers only cases where fix was easy or only one unused variable
was in a module

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
DNS server upgrade: do not fail when DNS server did not respond 2016-08-16T12:23:30+00:00 Petr Spacek pspacek@redhat.com 2016-08-11T11:44:29+00:00 f2fe35721967531257bc952b766a7c77e71be826 Previously, update_dnsforward_emptyzones failed with an exeception if DNS query failed for some reason. Now the error is logged and upgrade continues. I assume that this is okay because the DNS query is used as heuristics of last resort in the upgrade logic and failure to do so should not have catastrophics consequences: In the worst case, the admin needs to manually change forwarding policy from 'first' to 'only'. In the end I have decided not to auto-start BIND because BIND depends on GSSAPI for authentication, which in turn depends on KDC ... Alternative like reconfiguring BIND to use LDAPI+EXTERNAL and reconfiguring DS to accept LDAP external bind from named user are too complicated. https://fedorahosted.org/freeipa/ticket/6205 Reviewed-By: Martin Basti <mbasti@redhat.com> 
Previously, update_dnsforward_emptyzones failed with an exeception if
DNS query failed for some reason. Now the error is logged and upgrade
continues.

I assume that this is okay because the DNS query is used as heuristics
of last resort in the upgrade logic and failure to do so should not have
catastrophics consequences: In the worst case, the admin needs to
manually change forwarding policy from 'first' to 'only'.

In the end I have decided not to auto-start BIND because BIND depends on
GSSAPI for authentication, which in turn depends on KDC ... Alternative
like reconfiguring BIND to use LDAPI+EXTERNAL and reconfiguring DS to
accept LDAP external bind from named user are too complicated.

https://fedorahosted.org/freeipa/ticket/6205

Reviewed-By: Martin Basti <mbasti@redhat.com>