summaryrefslogtreecommitdiffstats
path: root/ipaserver/install/server/replicainstall.py
Commit message (Collapse)AuthorAgeFilesLines
* Force creation of services during replica installMartin Basti2015-12-071-1/+2
| | | | | | Missing A record should not prevent replica to be installed. Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* replicainstall: Admin password should not conflict with replica fileTomas Babej2015-12-071-1/+0
| | | | | | | | The --admin-password (-w) has its use both in domain level 0 and 1. https://fedorahosted.org/freeipa/ticket/5517 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* replica promotion: automatically add the local host to ipaserversJan Cholasta2015-12-071-2/+46
| | | | | | | | | | If the user is authorized to modify members of the ipaservers host group, add the local host to ipaservers automatically. https://fedorahosted.org/freeipa/ticket/5401 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>
* replica promotion: use host credentials when setting up replicationJan Cholasta2015-12-071-11/+45
| | | | | | | | | | | Use the local host credentials rather than the user credentials when setting up replication. The host must be a member of the ipaservers host group. The user credentials are still required for connection check. https://fedorahosted.org/freeipa/ticket/5401 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>
* replica install: improvements in the handling of CA-related IPA config entriesMartin Babinsky2015-12-041-0/+7
| | | | | | | | | | | | When a CA-less replica is installed, its IPA config file should be updated so that ca_host points to nearest CA master and all certificate requests are forwarded to it. A subsequent installation of CA subsystem on the replica should clear this entry from the config so that all certificate requests are handled by freshly installed local CA. https://fedorahosted.org/freeipa/ticket/5506 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipa-replica-install support caless install with promotion.David Kupka2015-12-031-28/+140
| | | | | | https://fedorahosted.org/freeipa/ticket/5441 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* replicainstall: Add possiblity to install client in one commandTomas Babej2015-12-011-9/+85
| | | | | | https://fedorahosted.org/freeipa/ticket/5310 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipa-dns-install offer IP addresses from resolv.conf as default forwardersPetr Spacek2015-12-011-3/+4
| | | | | | | | | In non-interactive more option --auto-forwarders can be used to do the same. --forward option can be used to supply additional IP addresses. https://fedorahosted.org/freeipa/ticket/5438 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* replica promotion: modify default.conf even if DS configuration failsMartin Babinsky2015-11-271-25/+30
| | | | | | | | | | | When we promote an IPA client to replica, we need to write master-like default.conf once we start configuring directory server instance. This way even if DS configuration fails for some reason the server uninstall code can work properly and clean up partially configured replica. https://fedorahosted.org/freeipa/ticket/5417 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* install: drop support for Dogtag 9Jan Cholasta2015-11-251-19/+7
| | | | | | | | | | | Dogtag 9 CA and CA DS install and uninstall code was removed. Existing Dogtag 9 CA and CA DS instances are disabled on upgrade. Creating a replica of a Dogtag 9 IPA master is still supported. https://fedorahosted.org/freeipa/ticket/5197 Reviewed-By: David Kupka <dkupka@redhat.com>
* Add profiles and default CA ACL on migrationFraser Tweedale2015-11-241-0/+3
| | | | | | | | | | | | | | | | | | | | Profiles and the default CA ACL were not being added during replica install from pre-4.2 servers. Update ipa-replica-install to add these if they are missing. Also update the caacl plugin to prevent deletion of the default CA ACL and instruct the administrator to disable it instead. To ensure that the cainstance installation can add profiles, supply the RA certificate as part of the instance configuration. Certmonger renewal setup is avoided at this point because the NSSDB gets reinitialised later in installation procedure. Also move the addition of the default CA ACL from dsinstance installation to cainstance installation. Fixes: https://fedorahosted.org/freeipa/ticket/5459 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Drop configure.jarMartin Basti2015-11-131-12/+0
| | | | | | | | | Configure.jar used to be used with firefox version < 10 which is not supported anymore, thus this can be removed. https://fedorahosted.org/freeipa/ticket/5144 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Domain levels: use constants rather than hardcoded valuesMartin Basti2015-10-271-4/+4
| | | | | | | | | | | Added constants for domain levels DOMAIN_LEVEL_0 = 0 DOMAIN_LEVEL_1 = 1 This allows to search for domain level easier in code. Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Allow to install the KRA on a promoted serverSimo Sorce2015-10-221-8/+21
| | | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Rename option --dirsrv-config-mods to --dirsrv-config-fileMartin Basti2015-10-191-1/+1
| | | | | | | | | | | Option is renamed to be consistent with other options. Affected tickets: https://fedorahosted.org/freeipa/ticket/4949 https://fedorahosted.org/freeipa/ticket/4048 https://fedorahosted.org/freeipa/ticket/1930 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Add option to specify LDIF file that contains DS configuration changesMartin Basti2015-10-151-4/+5
| | | | | | | | | | | | | This allows to user modify configuration changes of the directory server instance during installation of DS https://fedorahosted.org/freeipa/ticket/4949 Also fixes: https://fedorahosted.org/freeipa/ticket/4048 https://fedorahosted.org/freeipa/ticket/1930 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Make checks for existing credentials reusableSimo Sorce2015-10-151-73/+2
| | | | | | | move the in installutils so they can be reused by multiple scripts Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Allow to setup the CA when promoting a replicaSimo Sorce2015-10-151-34/+24
| | | | | | | | | This patch makes --setup-ca work to set upa clone CA while creating a new replica. The standalone ipa-ca-install script is not converted yet though. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Allow ipa-replica-conncheck to use default credsSimo Sorce2015-10-151-3/+11
| | | | | | | | If the user has already run kinit try to use those credentials. The user can always override by explicitly passing the -p flag. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Change DNS installer code to use passed in apiSimo Sorce2015-10-151-9/+13
| | | | | | | | | Fixes a number of places where api was not passed around internally. Also allows to install dns in replica promotion which requires an alternative api to be created with the right configuration. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Implement replica promotion functionalitySimo Sorce2015-10-151-22/+548
| | | | | | | | | | | | | | | | | | This patch implements a new flag --promote for the ipa-replica-install command that allows an administrative user to 'promote' an already joined client to become a full ipa server. The only credentials used are that of an administrator. This code relies on ipa-custodia being available on the peer master as well as a number of other patches to allow a computer account to request certificates for its services. Therefore this feature is marked to work only with domain level 1 and above servers. Ticket: https://fedorahosted.org/freeipa/ticket/2888 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Add ipa-custodia serviceSimo Sorce2015-10-151-1/+8
| | | | | | | | | | Add a customized Custodia daemon and enable it after installation. Generates server keys and loads them in LDAP autonomously on install or update. Provides client code classes too. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* install: fix ipa-server-install fail on missing --forwarderJan Cholasta2015-10-011-0/+7
| | | | | | https://fedorahosted.org/freeipa/ticket/4517 Reviewed-By: Martin Basti <mbasti@redhat.com>
* install: Add common base class for server and replica installJan Cholasta2015-09-221-175/+49
| | | | | | https://fedorahosted.org/freeipa/ticket/4517 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Server Install: print message that client is being installedMartin Basti2015-09-111-0/+1
| | | | | | | | IPA client is installed on server side during "Restarting web server" step, which lasts too long. This commit explicitly print message that IPA client is being installed. Reviewed-By: Simo Sorce <ssorce@redhat.com>
* Installer: do not modify /etc/hosts before user agreementMartin Basti2015-09-031-1/+11
| | | | | | | | | https://fedorahosted.org/freeipa/ticket/4561 As side effect this also fixes: https://fedorahosted.org/freeipa/ticket/5266 Reviewed-By: David Kupka <dkupka@redhat.com>
* Use the print functionPetr Viktorin2015-09-011-20/+22
| | | | | | | | | In Python 3, `print` is no longer a statement. Call it as a function everywhere, and include the future import to remove the statement in Python 2 code as well. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* install: Fix replica install with custom certificatesJan Cholasta2015-08-181-8/+9
| | | | | | https://fedorahosted.org/freeipa/ticket/5226 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Modernize 'except' clausesPetr Viktorin2015-08-121-7/+7
| | | | | | | The 'as' syntax works from Python 2 on, and Python 3 will drop the "comma" syntax. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* install: Fix server and replica install optionsJan Cholasta2015-08-121-29/+7
| | | | | | https://fedorahosted.org/freeipa/ticket/5184 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Modernize number literalsPetr Viktorin2015-07-311-2/+2
| | | | | | | | | | | | | | Use Python-3 compatible syntax, without breaking compatibility with py 2.7 - Octals literals start with 0o to prevent confusion - The "L" at the end of large int literals is not required as they use long on Python 2 automatically. - Using 'int' instead of 'long' for small numbers is OK in all cases except strict type checking checking, e.g. type(0). https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Fix DNS records installation for replicasSimo Sorce2015-07-141-3/+3
| | | | | | | Ticket: https:/fedorahosted.org/freeipa/ticket/5116 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* DNSSEC: allow to disable/replace DNSSEC key masterMartin Basti2015-07-071-1/+29
| | | | | | | | | | | | | | | This commit allows to replace or disable DNSSEC key master Replacing DNSSEC master requires to copy kasp.db file manually by user ipa-dns-install: --disable-dnssec-master DNSSEC master will be disabled --dnssec-master --kasp-db=FILE This configure new DNSSEC master server, kasp.db from old server is required for sucessful replacement --force Skip checks https://fedorahosted.org/freeipa/ticket/4657 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Sanitize CA replica installMartin Basti2015-06-301-12/+10
| | | | | | | | Check if cafile exist first. https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* fix force-sync, re-initialize of replica and a check for replication ↵Petr Vobornik2015-06-291-7/+1
| | | | | | | | | | | | | agreement existence in other words limit usage of `agreement_dn` method only for manipulation and search of agreements which are not managed by topology plugin. For other cases is safer to search for the agreement. https://fedorahosted.org/freeipa/ticket/5066 Reviewed-By: David Kupka <dkupka@redhat.com>
* Replicas cannot define their own master password.Simo Sorce2015-06-241-8/+0
| | | | | | | | | Seem like this slipped in during the refactoring of the install tools. https://fedorahosted.org/freeipa/ticket/4468 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* install: Fix ipa-replica-install not installing RA certJan Cholasta2015-06-181-2/+13
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: David Kupka <dkupka@redhat.com>
* vault: Fix ipa-kra-installJan Cholasta2015-06-101-18/+15
| | | | | | | | | Use state in LDAP rather than local state to check if KRA is installed. Use correct log file names. https://fedorahosted.org/freeipa/ticket/3872 Reviewed-By: David Kupka <dkupka@redhat.com>
* install: Initialize API early in server and replica installJan Cholasta2015-06-101-134/+144
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: David Kupka <dkupka@redhat.com>
* install: Migrate ipa-replica-install to the install frameworkJan Cholasta2015-06-101-59/+263
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: David Kupka <dkupka@redhat.com>
* install: Migrate ipa-server-install to the install frameworkJan Cholasta2015-06-081-2/+26
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Martin Basti <mbasti@redhat.com>
* install: Fix missing variable initialization in replica installJan Cholasta2015-06-081-0/+1
| | | | https://fedorahosted.org/freeipa/ticket/4468
* Move CA installation code into single module.David Kupka2015-06-081-34/+19
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* install: Move ipa-replica-install code into a moduleJan Cholasta2015-05-291-0/+640
https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Martin Basti <mbasti@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-02 21:44:31 +0000