summaryrefslogtreecommitdiffstats
path: root/ipaserver/install/bindinstance.py
Commit message (Collapse)AuthorAgeFilesLines
* remove Kerberos authenticators when installing/uninstalling service instanceMartin Babinsky2015-11-111-0/+3
| | | | | | | | | | each service possessing Kerberos keytab/ccache will now perform their removal before service principal creation and during service uninstall https://fedorahosted.org/freeipa/ticket/5243 Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>
* ipaplatform: Add NAMED_USER to constantsTimo Aaltonen2015-11-041-1/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/5343 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* always ask the resolver for the reverse zone when manipulating PTR recordsMartin Babinsky2015-10-221-2/+0
| | | | | | | | | | | | | Instead of searching for all zones to identify the correct reverse zone, we will first ask the resolver to return the name of zone that should contain the desired record and then see if IPA manages this zone. This patch also removes a duplicate function in bindinstance.py that is not used anywhere. https://fedorahosted.org/freeipa/ticket/5200 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Change DNS installer code to use passed in apiSimo Sorce2015-10-151-46/+54
| | | | | | | | | Fixes a number of places where api was not passed around internally. Also allows to install dns in replica promotion which requires an alternative api to be created with the right configuration. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Remove bind configuration detected questionGabe2015-10-131-7/+0
| | | | | | https://fedorahosted.org/freeipa/ticket/5351 Reviewed-By: Martin Basti <mbasti@redhat.com>
* paths: Add GENERATE_RNDC_KEY.Timo Aaltonen2015-10-051-1/+1
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* Alias "unicode" to "str" under Python 3Jan Cholasta2015-09-171-0/+3
| | | | | | | | | The six way of doing this is to replace all occurences of "unicode" with "six.text_type". However, "unicode" is non-ambiguous and (arguably) easier to read. Also, using it makes the patches smaller, which should help with backporting. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Use the print functionPetr Viktorin2015-09-011-15/+17
| | | | | | | | | In Python 3, `print` is no longer a statement. Call it as a function everywhere, and include the future import to remove the statement in Python 2 code as well. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use six.string_types instead of "basestring"Petr Viktorin2015-09-011-1/+2
| | | | | Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use absolute importsPetr Viktorin2015-08-121-2/+2
| | | | | | | In Python 3, implicit relative imports will not be supported. Use fully-qualified imports everywhere. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Modernize 'except' clausesPetr Viktorin2015-08-121-4/+4
| | | | | | | The 'as' syntax works from Python 2 on, and Python 3 will drop the "comma" syntax. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Modernize number literalsPetr Viktorin2015-07-311-1/+1
| | | | | | | | | | | | | | Use Python-3 compatible syntax, without breaking compatibility with py 2.7 - Octals literals start with 0o to prevent confusion - The "L" at the end of large int literals is not required as they use long on Python 2 automatically. - Using 'int' instead of 'long' for small numbers is OK in all cases except strict type checking checking, e.g. type(0). https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* DNS: check if DNS package is installedMartin Basti2015-07-211-18/+1
| | | | | | | | | | | Instead of separate checking of DNS required packages, we need just check if IPA DNS package is installed. https://fedorahosted.org/freeipa/ticket/4058 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Tomas Babej <tbabej@redhat.com>
* plugable: Pass API to plugins on initialization rather than using set_apiJan Cholasta2015-07-011-1/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/3090 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* ipalib: Load ipaserver plugins when api.env.in_server is TrueJan Cholasta2015-07-011-1/+0
| | | | | | | https://fedorahosted.org/freeipa/ticket/3090 https://fedorahosted.org/freeipa/ticket/5073 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* DNSSEC: Improve global forwarders validationMartin Basti2015-06-111-11/+21
| | | | | | | | | | Validation now provides more detailed information and less false positives failures. https://fedorahosted.org/freeipa/ticket/4657 Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* move realm_to_serverid to installutils moduleMartin Basti2015-05-051-2/+1
| | | | | | | | | To avoid cyclic imports realm_to_serverid function had to be moved to installutils from dsinstance. Required for: https://fedorahosted.org/freeipa/ticket/4925 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* ipa-dns-install: use LDAPI to connect to DSMartin Babinsky2015-03-181-5/+5
| | | | | | | | | | | | | ipa-dns-install now uses LDAPI/autobind to connect to DS during the setup of DNS/DNSSEC-related service and thus makes -p option obsolete. Futhermore, now it makes more sense to use LDAPI also for API Backend connections to DS and thus all forms of Kerberos auth were removed. This fixes https://fedorahosted.org/freeipa/ticket/4933 and brings us closer to fixing https://fedorahosted.org/freeipa/ticket/2957 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipa-dns-install: use STARTTLS to connect to DSMartin Babinsky2015-03-181-4/+7
| | | | | | | BindInstance et al. now use STARTTLS to set up secure connection to DS during ipa-dns-install. This fixes https://fedorahosted.org/freeipa/ticket/4933 Reviewed-By: Martin Basti <mbasti@redhat.com>
* replica-install: Use different API instance for the remote serverJan Cholasta2015-03-051-26/+27
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Fix saving named restore statusMartin Basti2015-02-181-2/+4
| | | | | | | Accidentaly status was stored after service was stopped by installer Ticket: https://fedorahosted.org/freeipa/ticket/4869 Reviewed-By: David Kupka <dkupka@redhat.com>
* Fix restoring services status during uninstallMartin Basti2015-02-181-6/+5
| | | | | | | | | Services hasn't been restored correctly, which causes disabling already disabled services, or some service did not start. This patch fix these issues. Ticket: https://fedorahosted.org/freeipa/ticket/4869 Reviewed-By: David Kupka <dkupka@redhat.com>
* Fix traceback if zonemgr error contains unicodeMartin Basti2015-01-121-1/+8
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4805 Reviewed-By: David Kupka <dkupka@redhat.com>
* Fix zonemgr option encoding detectionMartin Basti2014-11-251-1/+4
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4766 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Fix detection of encoding in zonemgr optionMartin Basti2014-11-241-7/+8
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4762 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Fix: zonemgr must be unicode valueMartin Basti2014-11-191-0/+2
| | | | | | | | To support IDNA --zonemgr option must be unicode not ascii https://fedorahosted.org/freeipa/ticket/4724 Reviewed-By: David Kupka <dkupka@redhat.com>
* Fix: DNS installer adds invalid zonemgr emailMartin Basti2014-11-131-1/+1
| | | | | | | | Installer adds zonemgr as relative (and invalid) address. This fix force installer to use absolute email. Ticket: https://fedorahosted.org/freeipa/ticket/4707 Reviewed-By: David Kupka <dkupka@redhat.com>
* fix forwarder validation errorsMartin Basti2014-10-211-2/+4
| | | | | | Fix tests, validation in dnsconfig mod, wuser warning Reviewed-By: Petr Spacek <pspacek@redhat.com>
* fix DNSSEC restore named stateMartin Basti2014-10-211-2/+2
| | | | Reviewed-By: Petr Spacek <pspacek@redhat.com>
* DNSSEC: modify named service to support dnssecMartin Basti2014-10-211-11/+51
| | | | | | | | | | | | Tickets: https://fedorahosted.org/freeipa/ticket/3801 https://fedorahosted.org/freeipa/ticket/4417 Design: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>
* DNSSEC: validate forwardersMartin Basti2014-10-211-2/+29
| | | | | | | | | | | | Tickets: https://fedorahosted.org/freeipa/ticket/3801 https://fedorahosted.org/freeipa/ticket/4417 Design: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>
* dns: fix privileges' memberof during dns installPetr Vobornik2014-10-171-0/+30
| | | | | | | | | | Permissions with member attrs pointing to privileges are created before the privileges. Run memberof plugin task to fix other ends of the relationships. https://fedorahosted.org/freeipa/ticket/4637 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Make named.conf template platform independentMartin Basti2014-10-141-0/+4
| | | | | Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Add missing attributes to named.confMartin Basti2014-10-141-0/+28
| | | | | | Ticket: https://fedorahosted.org/freeipa/ticket/3801#comment:31 Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Detect and configure all usable IP addresses.David Kupka2014-09-261-28/+82
| | | | | | | | | | | Find, verify and configure all IP addresses that can be used to reach the server FreeIPA is being installed on. Ignore some IP address only if user specifies subset of detected addresses using --ip-address option. This change simplyfies FreeIPA installation on multihomed and dual-stacked servers. https://fedorahosted.org/freeipa/ticket/3575 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Refactoring of autobind, object_existsMartin Basti2014-09-261-20/+5
| | | | | | | | | Required to prevent code duplications ipaldap.IPAdmin now has method do_bind, which tries several bind methods ipaldap.IPAClient now has method object_exists(dn) Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Add correct NS records during installationMartin Basti2014-09-251-46/+56
| | | | | | | | | | | All ipa-dns capable server is added to root zones as nameserver During uninstall all NS records pointing to particular replica are removed. Part of ticket: https://fedorahosted.org/freeipa/ticket/4149 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Allow to add non string values to named confMartin Basti2014-07-021-6/+24
| | | | | | | | | Non string values should not start and end with '"' in options section in named.conf Required by ticket: https://fedorahosted.org/freeipa/ticket/4408 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* ipaplatform: Move all filesystem paths to ipaplatform.paths moduleTomas Babej2014-06-161-10/+11
| | | | | | https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Modified dns related global functionsMartin Basti2014-06-031-2/+2
| | | | | | | | | | | * Modified functions to use DNSName type * Removed unused functions Part of ticket: IPA should allow internationalized domain names https://fedorahosted.org/freeipa/ticket/3169 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Call generate-rndc-key.sh during ipa-server-installAdam Misnyovszki2014-05-271-0/+7
| | | | | | | | | | | | | | | | | | | | | | Since systemd has by default a 2 minute timeout to start a service, the end of ipa-server-install might fail because starting named times out. This patch ensures that generate-rndc-key.sh runs before named service restart. Also, warning message is displayed before KDC install and generate-rndc-key.sh, if there is a lack of entropy, to notify the user that the process could take more time than expected. Modifications done by Martin Kosek: - removed whitespace at the end of installutils.py - the warning in krbinstance.py moved right before the step requiring entropy - slightly reworded the warning message https://fedorahosted.org/freeipa/ticket/4210 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Move CACERT definition to a single place.Jan Cholasta2014-03-251-1/+2
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* bindinstance: make sure zone manager is initialized in add_master_dns_recordsAlexander Bokovoy2014-02-261-0/+1
| | | | | | | | | Bind instance is configured using a short-circuited way when replica is set up. Make sure required properties are in place for that. https://fedorahosted.org/freeipa/ticket/4186 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Remove working directory for bind-dyndb-ldap plugin.Petr Spacek2014-01-271-13/+0
| | | | | | | | | The working directory will be provided directly by bind-dyndb-ldap package. This partially reverts commit 689382dc833e687d30349b10a8fd7dc740d54d08. https://fedorahosted.org/freeipa/ticket/3967
* Treat error during write to /etc/resolv.conf as non-fatal.Petr Spacek2014-01-161-5/+8
| | | | https://fedorahosted.org/freeipa/ticket/4110
* Enable Retro Changelog and Content Synchronization DS pluginsAna Krivokapic2014-01-141-0/+13
| | | | | | | | | Enable Retro Changelog and Content Synchronization DS plugins which are required for SyncRepl support. Create a working directory /var/named/ipa required by bind-dyndb-ldap v4+. https://fedorahosted.org/freeipa/ticket/3967
* Remove --no-serial-autoincrementMartin Kosek2013-10-111-6/+1
| | | | | | | | Deprecate this option and do not offer it in installation tools. Without this option enabled, advanced DNS features like DNSSEC would not work. https://fedorahosted.org/freeipa/ticket/3962
* Remove support for IPA deployments with no persistent searchTomas Babej2013-08-091-22/+18
| | | | | | | | | Drops the code from ipa-server-install, ipa-dns-install and the BindInstance itself. Also changed ipa-upgradeconfig script so that it does not set zone_refresh to 0 on upgrades, as the option is deprecated. https://fedorahosted.org/freeipa/ticket/3632
* Fix ipa-ca DNS name creationMartin Kosek2013-05-091-6/+10
| | | | | | | Previous fix (6d06a7e) did not work properly on a CA-less replica with CA-powered master. https://fedorahosted.org/freeipa/ticket/3617
* Do not add ipa-ca records on CA-less installsMartin Kosek2013-05-091-1/+1
| | | | | | ipa-dns-install crashed when it was run on a CA-less server. https://fedorahosted.org/freeipa/ticket/3617
generated by cgit (git 2.34.1) at 2025-09-01 16:04:53 +0000