| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
| |
| |
| | |
fine with ssl setup shell script removed.
|
| |/
|
|
|
|
| |
configuration has been
incorporated in the default bind install.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This add replication setup through two new commands: ipa-replica-prepare
and ipa-replica-install. The procedure is to run ipa-replica-prepare
on an existing master. This will collect information about the realm
and the current master and create a file storing all of the information.
After copying that file to the new replica, ipa-replica-install is
run (with -r to create a read-only replica).
This version of the patch also includes fixes for the sasl mappings
on the replicas.
Remaining features:
- ssl for replication.
- automatic configuration of mesh topology for
master (or a simpler way to replicate multiple
masters.
- tool for view / configuring current replication.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
1) Add a base class for all of the instance objects.
2) Normalize usage of logging.
3) General cleanups of ipa-server-install.
4) Make better use of httpinstance.
5) Add webguiinstance.
6) Improve progress reporting during installation.
Works Here (TM), but it would be nice to get someone else
to test since this moves code around a bit.
|
| | |
|
| |
|
|
|
|
|
|
| |
Configure ipa servers as an ntp server and clients
to (by default) us the ipa server as an ntp server.
Also corrected the messages about which ports should
be opened.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes a couple of buglets with read_ip_address():
1) It writes host_name to /etc/hosts, but isn't currently
being passed host_name
2) It doesn't return the IP address even though the caller
expects it
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
|
| |
|
|
| |
Ignore errors if setsebool fails and print a warning.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
After looking into setting up ntpd on the IPA servers I decided it
was better just to warn admins. There are just too many valid setups
for time synchronization for us to try to get this right. Additionally,
just installing ntp and accepting the default config will result in
a configuration that is perfectly valid for IPA.
This patch checks if ntpd is running and suggests enabling it if it
is not - for client and server. It also adds some suggested next
steps to the server installation.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
> > This largish patch makes the build and installation work on 64bit
> > machines. The only catch here is that to get a 64bit build you need to
> > set LIBDIR on make:
> >
> > make install LIBDIR=/usr/lib64
> >
> > The spec file does this correctly. I couldn't find any reliable way to
> > guess this that works both on real systems and in the almost entirely
> > empty rpm build root (you can't, for example, check for the existence
> > of /usr/lib64).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Here is another patch for the installer. It does a few things:
* use socket.getfqdn() but fallback to gethostname()
* streamlines the hostname prompting
* fixes a bunch of spelling and grammatical errors
* fixes a bug in the hostname reading/verification logic
* allows "yes" and "no" as answers
* modularizes and reuses code where possible
* changes some of the prompts to be more like
the FDS installer - some text is copied (which is easy to use IMO)
* tries to make the prompts fit on smaller screens (<80 chars)
Hope you agree that it is better. :)
Thanks,
Jon
|
| | |
|
| |
|
|
|
|
| |
Modify the way we detect SELinux to use selinuxenabled instead of using
a try/except.
Handle SASL/GSSAPI authentication failures when getting a connection
|
| |
|
|
|
|
|
| |
the exception to contain the complete command.
Add a check to make sure installer is running as root.
Add signal handler to detect a user-cancelled installation.
Detect existing DS instances and prompt to remove them.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Install the turbogears web gui including an init script. This
patch includes a few related changes:
* create a production configuration
* rename the web gui startup scrip to ipa-webgui
* add an init script
* chkconfig on the ipa-webgui init script
* make the start script properly daemonize the app when not
in a development directory.
* Install everything to the correct places (/usr/sbin/ipa-webgui
and /usr/share/ipa/ipagui mainly).
There are some things still left to do:
* Sort out the logging - the config needs to be adjusted so
that logging messages end up in /var/log.
|
| |
|
|
|
|
|
| |
* Remove the rpmbuild tree with the dist-clean target.
* Move ipa-server-setupssl from /usr/sbin to /usr/share/ipa
* Check in requirement change for generated freeipa-python.spec
* Fix interactive hostname in ipa-server-install.
|
| |
|
|
|
|
| |
The default configuration of the apache selinux policy doesn't allow
apache to connect to the turbogears gui. This sets the correct
boolean to allow that connection.
|
| |
|
|
| |
It's not perfect yet but good enough to include it.
|
| |
|
|
| |
fix it.
|
| | |
|
| | |
|
| |
|
|
| |
Patch from William Jon McCann <mccann@jhu.edu>
|
| |
|
|
| |
this way freeipa-client does not depend on freeipa-server
|
| |
|
|
|
|
|
|
|
| |
Set password for admin user using the Directory Mangaer account
and the mozldapldappaswd binary to get and SSL connection
Fix some timeout problems with deploying keytabs
Fix ipa_pwd_extop to actuallt correctly detect an SSL connection
Do not ask for the user to use for the directory unless 'dirsrv' is
an existing user which may clash, create it silently
|
| |
|
|
|
|
| |
Change unattended flag to be -U
Change master password flag to be -P instead of -m
Improve ipa-client-install readability for user prompts
|
| | |
|
| |
|
|
| |
Do not start ipa_kpasswd by default yet
|
| |
|
|
| |
which should also be the name used in DS 8.0, change all occurences
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
- Add mod_auth_kerb and cyrus-sasl-gssapi to Requires
- Remove references to admin server in ipa-server-setupssl
- Generate a client certificate for the XML-RPC server to connect to LDAP with
- Create a keytab for Apache
- Create an ldif with a test user
- Provide a certmap.conf for doing SSL client authentication
- Update tools to use kerberos
- Add User class
|
| |
|
|
| |
Remove hard-coded config.
|
| |
|
|
| |
Add fallback to ds_newinst.pl.
|
| |
|
|
| |
Make ipa-server-install restart htppd
|
| | |
|
| |
|
