summaryrefslogtreecommitdiffstats
path: root/ipaserver/install
Commit message (Collapse)AuthorAgeFilesLines
...
* install: Move ipa-server-upgrade code into a moduleJan Cholasta2015-05-293-66/+74
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Martin Basti <mbasti@redhat.com>
* install: Move ipa-replica-install code into a moduleJan Cholasta2015-05-292-0/+642
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Martin Basti <mbasti@redhat.com>
* install: Move ipa-server-install code into a moduleJan Cholasta2015-05-292-0/+1212
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Martin Basti <mbasti@redhat.com>
* install: Make a package out of ipaserver.install.serverJan Cholasta2015-05-292-0/+5
| | | | | | | | | | Until ipa-server-install, ipa-replica-install and ipa-server-upgrade are merged into a single code base, keep their respective bits in separate modules in the package. https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Martin Basti <mbasti@redhat.com>
* KRA: get the right dogtag version during server uninstallMartin Babinsky2015-05-261-1/+1
| | | | | | | | | Ensure that the correct version of dogtag is passed from API object to the KRA uninstaller during IPA server uninstall. https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Add Domain Level featureTomas Babej2015-05-263-3/+29
| | | | | | | https://fedorahosted.org/freeipa/ticket/5018 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Server Upgrade: fix remove statementMartin Basti2015-05-261-3/+4
| | | | | | | | | If value does not exists then do not update entry. Otherwise, together with nonexistent entry, the LDAP decode error will be raised. https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Fix: use DS socket check only for upgradeMartin Basti2015-05-261-1/+2
| | | | | | | | | | | To detect if DS server is running, use the slapd socket for upgrade, and the LDAP port for installation. Without enabled LDAPi socket checking doesnt work. https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* install part - manage topology in shared treeLudwig Krispenz2015-05-263-1/+27
| | | | | | https://fedorahosted.org/freeipa/ticket/4302 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* replica-manage: Properly delete nested entriesTomas Babej2015-05-261-2/+2
| | | | | | | | | | | Bad ordering of LDAP entries during replica removal resulted in a failure to delete replica and its services from cn=masters,cn=ipa,cn=etc,$SUFFIX. This patch enforces the correct ordering of entries resulting in proper removal of services before the host entry itself. https://fedorahosted.org/freeipa/ticket/5019 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Server Upgrade: Move code from ipa-upgradeconfig to separate moduleMartin Basti2015-05-252-10/+1381
| | | | | | | | | This also prevent the script ipa-upgradeconfig execute upgrading. Upgrade of services is called from ipa-server-upgrade https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* merge KRA installation machinery to a single moduleMartin Babinsky2015-05-252-70/+98
| | | | | | | | | This is a prerequisite to further refactoring of KRA install/uninstall functionality in all IPA install scripts. https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Server Upgrade: Fix: execute schema updateMartin Basti2015-05-221-1/+5
| | | | | | | | Accidentaly schema upgrade has not been executed. https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* Server Upgrade: wait until DS is readyMartin Basti2015-05-221-5/+3
| | | | | | | | | | | During server upgrade we should wait until DS is ready after restart, otherwise connection error is raised. Instead of 389 port, the DS socket is checked. https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* do not check for directory manager password during KRA uninstallMartin Babinsky2015-05-201-17/+17
| | | | | | | | | | ipa-kra-install validates and asks for directory manager password during uninstallation phase. Since this password is never used during service uninstall, the uninstaller will not perform these checks anymore. https://fedorahosted.org/freeipa/ticket/5028 Reviewed-By: Martin Basti <mbasti@redhat.com>
* DNS install: extract DNS installer into one moduleMartin Basti2015-05-194-3/+219
| | | | | | | | | | | | This is required modification to be able move to new installers. DNS subsystem will be installed by functions in this module in each of ipa-server-install, ipa-dns-install, ipa-replica-install install scripts. https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* explicitly destroy httpd service ccache file during httpinstance removalMartin Babinsky2015-05-191-0/+4
| | | | | | | | | | | | | | during IPA server uninstall, the httpd service ccache is not removed from runtime directory. This file then causes server-side client install to fail when performing subsequent installation without rebooting/recreating runtime directories. This patch ensures that the old httpd ccache is explicitly destroyed during uninstallation. https://fedorahosted.org/freeipa/ticket/4973 Reviewed-By: David Kupka <dkupka@redhat.com>
* Do not store state if CA is enabledDavid Kupka2015-05-192-15/+2
| | | | | | | IPA creates own instance of CA, so there is no need to check if previous instance was enabled, because there could not be any. Reviewed-By: Martin Basti <mbasti@redhat.com>
* DNSSEC: FIX Do not re-create kasp.db if already existsMartin Basti2015-05-191-0/+1
| | | | | | | | Kasp should not be replaced by DNS reinstallation with new file. https://fedorahosted.org/freeipa/ticket/4657 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Server Upgrade: ipa-ldap-updater will not do overall upgradeMartin Basti2015-05-191-12/+7
| | | | | | | | | | | | ipa-ldap-updater is now just util which applies changes specified in update files or schema files. ipa-ldap-updater will not do overall server upgrade anymore, use ipa-server-upgrade instead. https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: handle errors betterMartin Basti2015-05-194-24/+29
| | | | | | | | | * Prevent to continue with upgrade if a fatal error happened * Use exceptions to handle failures https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: do not allow to run upgradeinstace aloneMartin Basti2015-05-191-18/+0
| | | | | | https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: raise RuntimeError instead exit()Martin Basti2015-05-191-1/+1
| | | | | | | | | Ldapupdater should not call sys.exit() in the middle of execution and should fail gracefully https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: Do not start DS if it was stopped before upgradeMartin Basti2015-05-191-3/+5
| | | | | | https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* User life cycle: Stage user Administrators permission/priviledgeThierry Bordaz2015-05-181-2/+10
| | | | | | | | Creation of stage user administrator https://fedorahosted.org/freeipa/ticket/3813 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: Allow base64 encoded valuesMartin Basti2015-05-117-50/+138
| | | | | | | | | | | | | | This patch allows to use base64 encoded values in update files. Double colon ('::') must be used as separator between attribute name and base64 encoded value. add:attr::<base64-value> replace:attr::<old-base64-value>::<new-base64-value> https://fedorahosted.org/freeipa/ticket/4984 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Server Upgrade: remove CSV from upgrade filesMartin Basti2015-05-112-102/+67
| | | | | | | | | | | | | | | | | CSV values are not supported in upgrade files anymore Instead of add:attribute: 'first, part', second please use add:attribute: firts, part add:attribute: second Required for ticket: https://fedorahosted.org/freeipa/ticket/4984 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* prevent duplicate IDs when setting up multiple replicas against single masterMartin Babinsky2015-05-071-24/+50
| | | | | | | | | | | This patch forces replicas to use DELETE+ADD operations to increment 'nsDS5ReplicaId' in 'cn=replication,cn=etc,$SUFFIX' on master, and retry multiple times in the case of conflict with another update. Thus when multiple replicas are set-up against single master none of them will have duplicate ID. https://fedorahosted.org/freeipa/ticket/4378 Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
* Fix stop_tracking_certificates call in ipa-restoreJan Cholasta2015-05-071-3/+2
| | | | | | | | | CAInstance.stop_tracking_certificates() no longer has dogtag_constants argument. https://fedorahosted.org/freeipa/ticket/4775 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: enable DS global lock during upgradeMartin Basti2015-05-052-4/+34
| | | | | | https://fedorahosted.org/freeipa/ticket/4925 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Server Upgrade: use LDIF parser to modify DSE.ldifMartin Basti2015-05-051-20/+165
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4925 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* move realm_to_serverid to installutils moduleMartin Basti2015-05-0511-27/+30
| | | | | | | | | To avoid cyclic imports realm_to_serverid function had to be moved to installutils from dsinstance. Required for: https://fedorahosted.org/freeipa/ticket/4925 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Server Upgrade: fix a comment in ldapupdaterMartin Basti2015-05-051-6/+1
| | | | | | | | DN sorting was removed in previous patches https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Remove unneeded ip-address option in ipa-adtrust-installGabe2015-05-051-3/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/4575 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Server Upgrade: Verify version and platformMartin Basti2015-05-043-2/+103
| | | | | | | | | | | | | | | | | | | | | | | | Verify version and platform before upgrade or ipactl start|restart Upgrade: * do not allow upgrade on different platforms * do not allow upgrade data with higher version than build has Start: * do not start services if platform mismatch * do not start services if upgrade is needed * do not start services if data with higher version than build has New ipactl options: --skip-version-check: do not validate IPA version --ignore-service-failures (was --force): ignore if a service start fail and continue with starting other services --force: combine --skip-version-check and --ignore-service-failures https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: ipa-server-upgrade commandMartin Basti2015-05-041-0/+72
| | | | | | | https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>
* point the users to PKI-related logs when CA configuration failsMartin Babinsky2015-04-292-5/+15
| | | | | | | | | | This patch adds an error handler which prints out the paths to logs related to configuration and installation of Dogtag/CA in the case of failure. https://fedorahosted.org/freeipa/ticket/4900 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Make lint work on Fedora 22.David Kupka2015-04-271-0/+1
| | | | | | | | | | | pylint added 'confidence' parameter to 'add_message' method of PyLinter. To be compatible with both, pre- and post- 1.4 IPALinter must accept the parameter but not pass it over. Also python3 checker was added and enabled by default. FreeIPA is still not ready for python3. Additionally few false-positives was marked. Reviewed-By: Martin Basti <mbasti@redhat.com>
* rename_managed: Remove use of EditableDNPetr Viktorin2015-04-231-20/+32
| | | | | | This was the last use of EditableDN in IPA; the class can now be removed. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* cainstance: Use LDAPClient instead of IPASimpleLDAPObjectJan Cholasta2015-04-161-7/+8
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Server Upgrade: only root can run updatesMartin Basti2015-04-141-28/+6
| | | | | | https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: restart DS using ipaplatfom serviceMartin Basti2015-04-142-51/+4
| | | | | | | | Removes extra class DSRestart which do the same thing https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: use ldap2 connection in fix_replica_agreementsMartin Basti2015-04-141-3/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: Handle connection better in updates_from_dictMartin Basti2015-04-141-3/+4
| | | | | | | | Connection should be closed if update is done https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: plugins should use ldapupdater API instanceMartin Basti2015-04-148-28/+32
| | | | | | | | This is required to have proper LDAP connection in plugins https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: specify order of plugins in update filesMartin Basti2015-04-1420-326/+194
| | | | | | | | | | | | * add 'plugin' directive * specify plugins order in update files * remove 'run plugins' options * use ldapupdater API instance in plugins * add update files representing former PreUpdate and PostUpdate order of plugins https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: Apply plugin updates immediatelyMartin Basti2015-04-1414-74/+67
| | | | | | | | | | Preparation to moving plugins executin into update files. * remove apply_now flag * plugins will return only (restart, modifications) https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: remove unused code in upgradeMartin Basti2015-04-142-9/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: use only LDAPI connectionMartin Basti2015-04-142-32/+3
| | | | | | | | Use only ldapi connection to execute upgrade https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* fix improper handling of boolean option inMartin Babinsky2015-04-021-1/+1
| | | | | | | | read_replica_info_kra_enabled This patch fixes https://fedorahosted.org/freeipa/ticket/4530. Reviewed-By: Martin Basti <mbasti@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-04 04:59:25 +0000