summaryrefslogtreecommitdiffstats
path: root/install/tools/ipa-replica-manage
Commit message (Collapse)AuthorAgeFilesLines
* Domain levels: use constants rather than hardcoded valuesMartin Basti2015-10-271-4/+5
| | | | | | | | | | | Added constants for domain levels DOMAIN_LEVEL_0 = 0 DOMAIN_LEVEL_1 = 1 This allows to search for domain level easier in code. Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Tomas Babej <tbabej@redhat.com>
* handle cleaning of RUV in the topology pluginLudwig Krispenz2015-10-261-6/+1
| | | | | | | | | | After removing a server the replicaid needs to be cleared in the ruv entry and in the changelog. This was triggere by initiating a cleanallruv task in "ipa-replica-manage del", but the removal of a master already triggers a cleanup of segments and replication agreement by the topology plugin, so this could be handled by the plugin as well. Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
* ipa-replica-manage: fix undefined variableMartin Basti2015-10-231-1/+1
| | | | Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Use six.moves.xmlrpc.client instead of xmlrpclibPetr Viktorin2015-10-071-1/+1
| | | | | | | | The module is renamed to xmlrpc.client in Python 3. Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Use six.moves.urllib instead of urllib/urllib2/urlparsePetr Viktorin2015-10-071-2/+3
| | | | | | | | In Python 3, these modules are reorganized. Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Decode script arguments using file system encodingJan Cholasta2015-09-071-1/+1
| | | | | | | | This mimics Python 3's behavior, where sys.argv is automatically decoded using file system encoding, as returned by sys.getfilesystemencoding(). This includes reimplementation of os.fsdecode() from Python 3. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Use the print functionPetr Viktorin2015-09-011-133/+136
| | | | | | | | | In Python 3, `print` is no longer a statement. Call it as a function everywhere, and include the future import to remove the statement in Python 2 code as well. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use Python3-compatible dict method namesPetr Viktorin2015-09-011-2/+2
| | | | | | | | | | | | | | | | | | | | | | Python 2 has keys()/values()/items(), which return lists, iterkeys()/itervalues()/iteritems(), which return iterators, and viewkeys()/viewvalues()/viewitems() which return views. Python 3 has only keys()/values()/items(), which return views. To get iterators, one can use iter() or a for loop/comprehension; for lists there's the list() constructor. When iterating through the entire dict, without modifying the dict, the difference between Python 2's items() and iteritems() is negligible, especially on small dicts (the main overhead is extra memory, not CPU time). In the interest of simpler code, this patch changes many instances of iteritems() to items(), iterkeys() to keys() etc. In other cases, helpers like six.itervalues are used. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Port from python-krbV to python-gssapiMichael Simacek2015-08-261-4/+3
| | | | | | | | | | | | | | | | | | python-krbV library is deprecated and doesn't work with python 3. Replacing all it's usages with python-gssapi. - Removed Backend.krb and KRB5_CCache classes They were wrappers around krbV classes that cannot really work without them - Added few utility functions for querying GSSAPI credentials in krb_utils module. They provide replacements for KRB5_CCache. - Merged two kinit_keytab functions - Changed ldap plugin connection defaults to match ipaldap - Unified getting default realm Using api.env.realm instead of krbV call Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Robbie Harwood <rharwood@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>
* Modernize 'except' clausesPetr Viktorin2015-08-121-30/+30
| | | | | | | The 'as' syntax works from Python 2 on, and Python 3 will drop the "comma" syntax. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Allow value 'no' for replica-certify-all attr in abort-clean-ruv subcommandMartin Basti2015-07-171-1/+1
| | | | | | | | | --force option set replica-certify-all to 'no' during abort-clean-ruv subcommand https://fedorahosted.org/freeipa/ticket/4988 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* DNSSEC: update messageMartin Basti2015-07-071-0/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/4657 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* ipa-replica-manage del: add timeout to segment removal checkPetr Vobornik2015-07-031-2/+10
| | | | Reviewed-By: David Kupka <dkupka@redhat.com>
* ipa-replica-manage del: relax segment deletement check if topology is ↵Petr Vobornik2015-07-031-4/+34
| | | | | | | | disconnected https://fedorahosted.org/freeipa/ticket/5072 Reviewed-By: David Kupka <dkupka@redhat.com>
* ipalib: Load ipaserver plugins when api.env.in_server is TrueJan Cholasta2015-07-011-1/+0
| | | | | | | https://fedorahosted.org/freeipa/ticket/3090 https://fedorahosted.org/freeipa/ticket/5073 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* topology: check topology in ipa-replica-manage delPetr Vobornik2015-06-291-6/+42
| | | | | | | | | | | | ipa-replica-manage del now: - checks the whole current topology(before deletion), reports issues - simulates deletion of server and checks the topology again, reports issues Asks admin if he wants to continue with the deletion if any errors are found. https://fedorahosted.org/freeipa/ticket/4302 Reviewed-By: David Kupka <dkupka@redhat.com>
* ipa-replica-manage: adjust del to work with managed topologyPetr Vobornik2015-06-151-63/+166
| | | | | | | | | Introduces new method for deletion of replica. This method is used if managed topology is enabled. part of https://fedorahosted.org/freeipa/ticket/4302 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* ipa-replica-manage: Do not allow topology altering commands from DL 1Petr Vobornik2015-06-151-16/+37
| | | | | | | | | | | | | | | | | | With Domain Level 1 and above, the usage of ipa-replica-manage commands that alter the replica topology is deprecated. Following commands are prohibited: * connect * disconnect Upon executing any of these commands, users are pointed out to the ipa topologysegment-* replacements. Exception is creation/deletion of winsync agreement. Part of: https://fedorahosted.org/freeipa/ticket/4302 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* replica-manage: Properly delete nested entriesTomas Babej2015-05-261-1/+1
| | | | | | | | | | | Bad ordering of LDAP entries during replica removal resulted in a failure to delete replica and its services from cn=masters,cn=ipa,cn=etc,$SUFFIX. This patch enforces the correct ordering of entries resulting in proper removal of services before the host entry itself. https://fedorahosted.org/freeipa/ticket/5019 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* DNSSEC: uninstallationMartin Basti2014-10-211-0/+14
| | | | | | | | | | | | Tickets: https://fedorahosted.org/freeipa/ticket/3801 https://fedorahosted.org/freeipa/ticket/4417 Design: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>
* Add correct NS records during installationMartin Basti2014-09-251-0/+1
| | | | | | | | | | | All ipa-dns capable server is added to root zones as nameserver During uninstall all NS records pointing to particular replica are removed. Part of ticket: https://fedorahosted.org/freeipa/ticket/4149 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Pick new CA renewal master when deleting a replica.Jan Cholasta2014-07-301-1/+12
| | | | Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* ipaplatform: Move paths from installers to paths moduleTomas Babej2014-06-261-1/+2
| | | | | | Part of: https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Move CACERT definition to a single place.Jan Cholasta2014-03-251-2/+1
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Use /usr/bin/python2Xiao-Long Chen2014-01-031-1/+1
| | | | | | | | | | | | Part of the effort to port FreeIPA to Arch Linux, where Python 3 is the default. FreeIPA hasn't been ported to Python 3, so the code must be modified to run /usr/bin/python2 https://fedorahosted.org/freeipa/ticket/3438 Updated by pviktori@redhat.com
* Turn LDAPEntry.single_value into a dictionary-like property.Jan Cholasta2013-11-051-31/+31
| | | | | | This change makes single_value consistent with the raw property. https://fedorahosted.org/freeipa/ticket/3521
* Winsync re-initialize should not run memberOf fixup taskMartin Kosek2013-10-111-5/+6
| | | | | | | Change re-initialize command to consider memberOf fixup task only for non-winsync replication agreements. https://fedorahosted.org/freeipa/ticket/3854
* Fix RUV search scope in ipa-replica-managePetr Vobornik2013-09-041-1/+1
| | | | | | | | The search had an incorrect scope and therefore it didn't find any RUV. This issue prevented removing of replica. https://fedorahosted.org/freeipa/ticket/3876
* Print newline after receiving EOF in installutils.read_password.Jan Cholasta2013-07-241-1/+1
|
* Handle connection timeout in ipa-replica-manageTomas Babej2013-05-021-1/+13
| | | | | | | | When connecting to replica, ipa-replica-manage could fail with unknown error due to connection time out. This patch properly handles the situation Fixed in conjunction with https://fedorahosted.org/freeipa/ticket/3524
* Enforce host existence only where needed in ipa-replica-manageTomas Babej2013-05-021-48/+70
| | | | | | | | | | | In ipa-replica-manage commands, we enforce that hostnames we work with are resolvable. However, this caused errors while deleting or disconnecting a ipa / winsync replica, if that replica was down and authoritative server for itself. Also adds an --no-lookup flag to disable host existence checks. https://fedorahosted.org/freeipa/ticket/3524
* Update only selected attributes for winsync agreementTomas Babej2013-04-161-3/+12
| | | | | | | | | | | | Trying to insert nsDS5ReplicatedAttributeListTotal and nsds5ReplicaStripAttrs to winsync agreements caused upgrade errors. With this patch, these attributes are skipped for winsync agreements. Made find_ipa_replication_agreements() in replication.py more corresponding to find_replication_agreements. It returns list of entries instead of unicode strings now. https://fedorahosted.org/freeipa/ticket/3522
* Use A/AAAA records instead of CNAME records in ipa-ca.Jan Cholasta2013-04-151-0/+1
| | | | https://fedorahosted.org/freeipa/ticket/3547
* Full system backup and restoreRob Crittenden2013-04-121-0/+4
| | | | | | | | | This will allow one to backup and restore the IPA files and data. This does not cover individual entry restoration. http://freeipa.org/page/V3/Backup_and_Restore https://fedorahosted.org/freeipa/ticket/3128
* Improve some error handling in ipa-replica-manageRob Crittenden2013-03-141-3/+6
| | | | | | | | | | | | If you break a replica install after the agreement is created but before it gets much further you'll be in the situation where an agreement exists, no cn=masters entry exists, and the RUV may not be set yet. This adds some error handling so the broken install can be safely removed. https://fedorahosted.org/freeipa/ticket/3444
* Extend ipa-replica-manage to be able to manage DNA ranges.Rob Crittenden2013-03-131-2/+286
| | | | | | | | | | | | | | | | | Attempt to automatically save DNA ranges when a master is removed. This is done by trying to find a master that does not yet define a DNA on-deck range. If one can be found then the range on the deleted master is added. If one cannot be found then it is reported as an error. Some validation of the ranges are done to ensure that they do overlap an IPA local range and do not overlap existing DNA ranges configured on other masters. http://freeipa.org/page/V3/Recover_DNA_Ranges https://fedorahosted.org/freeipa/ticket/3321
* Remove ipaserver/ipaldap.pyPetr Viktorin2013-03-131-2/+2
| | | | | | In addition to removing the module, fix all places where it was imported. Preparation for: https://fedorahosted.org/freeipa/ticket/3446
* ipa-replica-manage: migrate to single_value after LDAPEntry updatesAlexander Bokovoy2013-03-061-2/+2
|
* Remove some uses of raw python-ldapPetr Viktorin2013-03-011-49/+33
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Remove search_s and search_ext_s from IPAdminPetr Viktorin2013-03-011-4/+4
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* replace getEntry with get_entry (or get_entries if scope != SCOPE_BASE)Petr Viktorin2013-03-011-4/+4
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Replace deleteEntry with delete_entryPetr Viktorin2013-03-011-2/+2
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Replace getList by a get_entries methodPetr Viktorin2013-03-011-10/+12
| | | | | | | | | | | The find_entries method is cumbersome to use: it requires keyword arguments for simple uses, and callers are tempted to ignore the 'truncated' flag it returns. Introduce a simpler method, get_entries, that returns the found list directly, and raises an errors if the list is truncated. Replace the getList method by get_entries. Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Replace entry.getValue by entry.single_valuePetr Viktorin2013-03-011-16/+22
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Remove IPAdmin.get_dns_sorted_by_lengthPetr Viktorin2013-03-011-6/+4
| | | | | | | A simple sort(key=len) is simpler both implementation-wise and semantics-wise. Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Add LDAP server fallback to client installerRob Crittenden2013-02-071-1/+1
| | | | | | | | | | | | | | Change the discovery code to validate all servers, regardless of where the originated (either via SRV records or --server). This will prevent the client installer from failing if one of those records points to a server that is either not running or is not an IPA server. If a server is not available it is not removed from the list of configured servers, simply moved to the end of the list. If a server is not an IPA server it is removed. https://fedorahosted.org/freeipa/ticket/3388
* Take into consideration services when deleting replicasAna Krivokapic2013-02-061-0/+23
| | | | | | | | When deleting a replica from IPA domain: * Abort if the installation is about to be left without CA * Warn if the installation is about to be left without DNS Ticket: https://fedorahosted.org/freeipa/ticket/2879
* Use fully qualified CCACHE namesMartin Kosek2013-02-011-1/+1
| | | | | | | | | | | | | | Some parts of install scripts used only ccache name as returned by krbV.CCache.name attribute. However, when this name is used again to initialize krbV.CCache object or when it is used in KRB5CCNAME environmental variable, it fails for new DIR type of CCACHE. We should always use both CCACHE type and name when referring to them to avoid these crashes. ldap2 backend was also updated to accept directly krbV.CCache object which contains everything we need to authenticate with ccache. https://fedorahosted.org/freeipa/ticket/3381
* Handle the case where there are no replicas with list-ruvRob Crittenden2012-11-071-10/+11
| | | | | | | This assumed that at least was returned by LDAP. This is not the case if no replicas have ever been created. https://fedorahosted.org/freeipa/ticket/3229
* Reword description of the --passsync option of ipa-replica-manage.Jan Cholasta2012-11-021-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/3208
generated by cgit (git 2.34.1) at 2024-09-11 22:20:52 +0000