[Freeipa-devel] [PATCH 0372] CI: installation tests

[Martin Basti]

My favorite today \o/ --> 67 <-- \o/ test cases, no more manual testing 
of installers \o/.


Test suite contains: 6 combination how to install components on replica 
X 4 combinations of server installation + 3 extra server tests


To save time tests install 1 master and 3 replicas per test class 
(except extra server tests):

Class name  specifies what is installed on master.

Remember, option "-k" is your friend
$ ipa-run-tests -k ''
otherwise you will need a lot of time until tests finish.

To list all tests:
$ ipa-run-tests test_integration/test_installation.py --collect-only


Patch attached, it needs to have attached all patches I sent today and 
also attached workaround patch (Martin3 will provide proper fix)


I haven't had time/mood/resources to test this patch with domain level 
0, so testing this patch with domain level 0 is appreciated.



Oleg, I added some methods to tasks.py which you may want to reuse.

Martin^2

From 28dac70efd8768539e7c1a4175ee573bc62def25 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Fri, 4 Dec 2015 17:12:05 +0100
Subject: [PATCH] CI: installation tests

---
 ipatests/test_integration/tasks.py |  32 
 ipatests/test_integration/test_installation.py | 200 +
 2 files changed, 232 insertions(+)
 create mode 100644 ipatests/test_integration/test_installation.py

diff --git a/ipatests/test_integration/tasks.py b/ipatests/test_integration/tasks.py
index a0d599d52d4edb9471b6a0cedd155a8590d0889b..6c869158d49210df0e8b3979ee76b34d5263f9f6 100644
--- a/ipatests/test_integration/tasks.py
+++ b/ipatests/test_integration/tasks.py
@@ -39,6 +39,7 @@ from ipatests.test_integration.env_config import env_to_script
 from ipatests.test_integration.host import Host
 from ipalib.util import get_reverse_zone_default
 from ipalib.constants import DOMAIN_SUFFIX_NAME
+from ipalib.constants import DOMAIN_LEVEL_0
 
 log = log_mgr.get_logger(__name__)
 
@@ -924,3 +925,34 @@ def resolve_record(nameserver, query, rtype="SOA", retry=True, timeout=100):
 if not retry:
 raise
 time.sleep(1)
+
+
+def install_kra(host, domain_level=None, first_instance=False):
+if not domain_level:
+   domain_level = domainlevel(host)
+command = ["ipa-kra-install", "-U", "-p", host.config.dirman_password]
+if domain_level == DOMAIN_LEVEL_0 and not first_instance:
+replica_file = get_replica_filename(host)
+command.append(replica_file)
+return host.run_command(command)
+
+
+def install_ca(host, domain_level=None, first_instance=False):
+if not domain_level:
+   domain_level = domainlevel(host)
+command = ["ipa-ca-install", "-U", "-p", host.config.dirman_password,
+   "-P", 'admin', "-w", host.config.admin_password]
+if domain_level == DOMAIN_LEVEL_0 and not first_instance:
+replica_file = get_replica_filename(host)
+command.append(replica_file)
+return host.run_command(command)
+
+
+def install_dns(host):
+args = [
+"ipa-dns-install",
+"--forwarder", host.config.dns_forwarder,
+"-p", host.config.dirman_password,
+"-U",
+]
+host.run_command(args)
diff --git a/ipatests/test_integration/test_installation.py b/ipatests/test_integration/test_installation.py
new file mode 100644
index ..e557ad5a0b8cd4497016659b0dfeb2e94b198c99
--- /dev/null
+++ b/ipatests/test_integration/test_installation.py
@@ -0,0 +1,200 @@
+#
+# Copyright (C) 2015  FreeIPA Contributors see COPYING for license
+#
+
+"""
+Module provides tests which testing ability of various subsystems to be
+installed.
+"""
+
+import time
+
+from ipatests.test_integration.base import IntegrationTest
+from ipatests.test_integration import tasks
+
+
+class InstallTestBase1(IntegrationTest):
+
+num_replicas = 3
+topology = 'star'
+
+@classmethod
+def install(cls, mh):
+tasks.install_master(cls.master, setup_dns=False)
+
+def test_replica0_ca_less_install(self):
+tasks.install_replica(self.master, self.replicas[0], setup_ca=False)
+
+def test_replica0_ipa_ca_install(self):
+tasks.install_ca(self.replicas[0])
+
+def test_replica0_ipa_kra_install(self):
+tasks.install_kra(self.replicas[0], first_instance=True)
+
+def test_replica0_ipa_dns_install(self):
+tasks.install_dns(self.replicas[0])
+
+def test_replica1_with_ca_install(self):
+tasks.install_replica(self.master, self.replicas[1], setup_ca=True)
+
+def test_replica1_ipa_kra_install(self):
+tasks.install_kra(self.replicas[1])
+
+def test_replica1_ipa_dns_install(self):
+tasks.install_dns(self.replicas[1])
+
+def test_replica2_with_ca_kra_install(self):
+tasks.install_replica(self.master, self.replicas[2], setup_ca=True,
+  setup_kra=True)
+
+def test_replica2_ipa_dns_install(self):
+

[Freeipa-devel] [PATCH 0370] CI: test various topologies with 3 replicas

[Martin Basti]

Patch attached, to work properly it requires all patches I sent today + 
workaround patch attached (Martin3 will provide proper fix).


The last two test are failing due to bug in test framework 
(ipa-replica-manage should not be used with domain level1)


Martin^2
From 37e3d205ab91bf753f199b61a7b4c1c574ea7769 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Sun, 6 Dec 2015 18:46:45 +0100
Subject: [PATCH] CI: uninstall WORKAROUND DO NOT PUSH

---
 ipatests/test_integration/tasks.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ipatests/test_integration/tasks.py b/ipatests/test_integration/tasks.py
index e75fe505f5ad9b5ffe680f7e37dec6873616ca05..a0d599d52d4edb9471b6a0cedd155a8590d0889b 100644
--- a/ipatests/test_integration/tasks.py
+++ b/ipatests/test_integration/tasks.py
@@ -616,7 +616,7 @@ def kinit_admin(host):
 
 def uninstall_master(host):
 host.collect_log(paths.IPASERVER_UNINSTALL_LOG)
-
+host.run_command(['ipactl', 'stop'], raiseonerr=False)  # temporal workaround
 host.run_command(['ipa-server-install', '--uninstall', '-U'],
  raiseonerr=False)
 host.run_command(['pkidestroy', '-s', 'CA', '-i', 'pki-tomcat'],
-- 
2.5.0

From fae0ea3409641b2373bf074849b8a847dd2453c8 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Fri, 4 Dec 2015 13:50:38 +0100
Subject: [PATCH] CI: test various topologies with multiple replicas

Test tests topologies listed bellow with and without CA on replicas:
star topology: 3 replicas
line topology: 3 replicas
complete topology: 3 replicas
---
 .../test_integration/test_replication_layouts.py   | 87 ++
 1 file changed, 87 insertions(+)
 create mode 100644 ipatests/test_integration/test_replication_layouts.py

diff --git a/ipatests/test_integration/test_replication_layouts.py b/ipatests/test_integration/test_replication_layouts.py
new file mode 100644
index ..3a3e9641e8645c62c95c8d48ecf67f2dc32dbd4d
--- /dev/null
+++ b/ipatests/test_integration/test_replication_layouts.py
@@ -0,0 +1,87 @@
+#
+# Copyright (C) 2015  FreeIPA Contributors see COPYING for license
+#
+
+import time
+
+from ipatests.test_integration.base import IntegrationTest
+from ipatests.test_integration import tasks
+
+
+class LayoutsBaseTest(IntegrationTest):
+
+@classmethod
+def install(cls, mh):
+# tests use custom installation
+pass
+
+def replication_is_working(self):
+test_user = 'replication-testuser'
+self.master.run_command(
+['ipa', 'user-add', test_user, '--first', 'test', '--last', 'user']
+)
+
+time.sleep(60)  # make sure the replication of user is done
+
+for r in self.replicas:
+r.run_command(['ipa', 'user-show', test_user])
+
+
+class TestLineTopologyWithoutCA(LayoutsBaseTest):
+
+num_replicas = 3
+
+def test_line_topology_without_ca(self):
+tasks.install_topo('line', self.master, self.replicas, [],
+   setup_replica_cas=False)
+self.replication_is_working()
+
+
+class TestLineTopologyWithCA(LayoutsBaseTest):
+
+num_replicas = 3
+
+def test_line_topology_with_ca(self):
+tasks.install_topo('line', self.master, self.replicas, [],
+   setup_replica_cas=True)
+self.replication_is_working()
+
+
+class TestStarTopologyWithoutCA(LayoutsBaseTest):
+
+num_replicas = 3
+
+def test_star_topology_without_ca(self):
+tasks.install_topo('star', self.master, self.replicas, [],
+   setup_replica_cas=False)
+self.replication_is_working()
+
+
+class TestStarTopologyWithCA(LayoutsBaseTest):
+
+num_replicas = 3
+
+def test_star_topology_with_ca(self):
+tasks.install_topo('star', self.master, self.replicas, [],
+   setup_replica_cas=True)
+self.replication_is_working()
+
+
+class TestCompleteTopologyWithoutCA(LayoutsBaseTest):
+
+num_replicas = 3
+
+def test_complete_topology_without_ca(self):
+tasks.install_topo('complete', self.master, self.replicas, [],
+   setup_replica_cas=False)
+self.replication_is_working()
+
+
+class TestCompleteTopologyWithCA(LayoutsBaseTest):
+
+num_replicas = 3
+
+def test_complete_topology_with_ca(self):
+tasks.install_topo('complete', self.master, self.replicas, [],
+   setup_replica_cas=True)
+self.replication_is_working()
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

[Martin Basti]

On 04.12.2015 16:58, Simo Sorce wrote:

On Fri, 2015-12-04 at 15:39 +0100, Jan Cholasta wrote:

On 4.12.2015 15:16, Jan Cholasta wrote:

On 4.12.2015 15:12, Jan Cholasta wrote:

On 4.12.2015 11:15, Petr Vobornik wrote:

On 12/03/2015 03:11 PM, Martin Basti wrote:


On 01.12.2015 12:19, Jan Cholasta wrote:

On 23.11.2015 15:47, Simo Sorce wrote:

On Mon, 2015-11-23 at 15:37 +0100, Jan Cholasta wrote:

Ad alternative is to add the host to ipaservers before the checks
are
done and remove it again if any of them fail.

Too error prone, I am ok with the current way in your patches
until/unless I can think of a fail safe way. :-)

Updated patches attached. Note that 520 should be applied between 509
and 510.




Functional ACK


Simo, do you want to review the ACIs or other things it the patches? Or
can the patches be pushed?

There were no changes in the ACIs since last time.

Actually, memberPrincipal was removed from the "IPA server hosts can
manage own Custodia secrets" ACI, as per Simo's request.


Rebased patches attached.

Note that 520 should still be applied between 509 and 510.


LGTM


ACK

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [PATCH 0369] Force creation of service during replica install

[Martin Basti]

Replica install should not fail due a missing A record, if there are 
proper entries in hosts.


Patch attached.
From 5cf97c9329d2e55c357c29e8ef66c5168e84d067 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Sun, 6 Dec 2015 18:43:37 +0100
Subject: [PATCH] Force creation of services during replica install

Missing A record should not prevent replica to be installed.
---
 ipaserver/install/server/replicainstall.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index e0b9ef869e2e60f574a08495e9a1a2fc7b40e10c..d735e67cbf34cc42c98add40731c10473e2e042c 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -80,7 +80,8 @@ def install_http_certs(config, fstore):
 principal = 'HTTP/%s@%s' % (config.host_name, config.realm_name)
 installutils.install_service_keytab(principal,
 config.master_host_name,
-paths.IPA_KEYTAB)
+paths.IPA_KEYTAB,
+force_service_add=True)
 
 # Obtain certificate for the HTTP service
 nssdir = certs.NSS_DIR
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [PATCH 0371] CI: fix function that prepares /etc/hosts

[Martin Basti]

Without this fix, function removes more entries from /etc/host than is 
required, and it causes installation failure in tests without DNS


Patch attached.
From 13d9bb9fb08f88d61185b89a837b7f75445bd2aa Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Sun, 6 Dec 2015 18:44:43 +0100
Subject: [PATCH] CI: fix function that prepare the hosts file before CI run

Without this fix function removed 2 lines from hosts file.
---
 ipatests/test_integration/tasks.py | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/ipatests/test_integration/tasks.py b/ipatests/test_integration/tasks.py
index a295d522d69c28da3c58156c8850e68b83342c53..e75fe505f5ad9b5ffe680f7e37dec6873616ca05 100644
--- a/ipatests/test_integration/tasks.py
+++ b/ipatests/test_integration/tasks.py
@@ -114,12 +114,14 @@ def fix_etc_hosts(host):
 backup_file(host, paths.HOSTS)
 contents = host.get_file_contents(paths.HOSTS)
 # Remove existing mentions of the host's FQDN, short name, and IP
+# Removing of IP must be done as first, otherwise hosts file may be
+# corrupted
+contents = re.sub('^%s.*' % re.escape(host.ip), '', contents,
+  flags=re.MULTILINE)
 contents = re.sub('\s%s(\s|$)' % re.escape(host.hostname), ' ', contents,
   flags=re.MULTILINE)
 contents = re.sub('\s%s(\s|$)' % re.escape(host.shortname), ' ', contents,
   flags=re.MULTILINE)
-contents = re.sub('^%s.*' % re.escape(host.ip), '', contents,
-  flags=re.MULTILINE)
 # Add the host's info again
 contents += '\n%s %s %s\n' % (host.ip, host.hostname, host.shortname)
 log.debug('Writing the following to /etc/hosts:\n%s', contents)
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [PATCH] 0046 Create server certs with DNS altname

[Fraser Tweedale]

The attached patch fixes
https://fedorahosted.org/freeipa/ticket/4970.

Note that the problem is addressed by adding the appropriate request
extension to the CSR; the fix does not involve changing the default
profile behaviour, which is complicated (see ticket for details).

Thanks,
Fraser
From e984b2cbfd419a2a71aa40ba4b42dd29857a66d9 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale 
Date: Mon, 7 Dec 2015 16:14:28 +1100
Subject: [PATCH] Create server certs with DNS altname

Currently server (HTTP / LDAP) certs are created without a Subject
Alternative Name extension during server install or replica prepare,
a potentially problematic violation of RFC 2818.

Add the hostname as a SAN dNSName when these certs are created.

(Certmonger already adds an appropriate request extension when
renewing the certificate, so nothing needs to be done for renewal).

Fixes: https://fedorahosted.org/freeipa/ticket/4970
---
 ipaserver/install/certs.py | 8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index 
c918791f0be7a17e20123fe6f94c4ac0bbf09d7b..bd1792d32246bc3034c5403f1d868e0966ec0014
 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -335,7 +335,7 @@ class CertDB(object):
 cdb = self
 if subject is None:
 subject=DN(('CN', hostname), self.subject_base)
-self.request_cert(subject)
+self.request_cert(subject, san_dnsnames=[hostname])
 cdb.issue_server_cert(self.certreq_fname, self.certder_fname)
 self.import_cert(self.certder_fname, nickname)
 fd = open(self.certder_fname, "r")
@@ -359,7 +359,9 @@ class CertDB(object):
 os.unlink(self.certreq_fname)
 os.unlink(self.certder_fname)
 
-def request_cert(self, subject, certtype="rsa", keysize="2048"):
+def request_cert(
+self, subject, certtype="rsa", keysize="2048",
+san_dnsnames=None):
 assert isinstance(subject, DN)
 self.create_noise_file()
 self.setup_cert_request()
@@ -370,6 +372,8 @@ class CertDB(object):
 "-z", self.noise_fname,
 "-f", self.passwd_fname,
 "-a"]
+if san_dnsnames is not None and len(san_dnsnames) > 0:
+args += ['-8', ','.join(san_dnsnames)]
 (stdout, stderr, returncode) = self.run_certutil(args)
 os.remove(self.noise_fname)
 return (stdout, stderr)
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] 0046 Create server certs with DNS altname

[Alexander Bokovoy]

On Mon, 07 Dec 2015, Fraser Tweedale wrote:

The attached patch fixes
https://fedorahosted.org/freeipa/ticket/4970.

Note that the problem is addressed by adding the appropriate request
extension to the CSR; the fix does not involve changing the default
profile behaviour, which is complicated (see ticket for details).

LGTM. I haven't tested the patch yet but it does what is explained.

--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 522] replica promotion: allow OTP bulk client enrollment

[Jan Cholasta]

On 2.12.2015 16:23, Jan Cholasta wrote:

Hi,

the attached patch fixes .

Note that you still have to provide admin password in
ipa-replica-install, either using --admin-password or interactively,
because:

a) Admin password is required for replica promotion. This will be fixed
with .

Patches are on the list:
.


Pushed.




b) Admin password is required for connection check. This will be fixed
with .


Martin Basti pointed out that admin password should not be asked 
interactively during OTP replica promotion. Fixed.


Updated and rebased patch attached.

--
Jan Cholasta
From 14ea04301a876d2f955600ba7f482a7d492b7903 Mon Sep 17 00:00:00 2001
From: Jan Cholasta 
Date: Wed, 2 Dec 2015 15:57:59 +0100
Subject: [PATCH] replica promotion: allow OTP bulk client enrollment

https://fedorahosted.org/freeipa/ticket/5498
---
 ipaserver/install/server/replicainstall.py | 64 ++
 1 file changed, 39 insertions(+), 25 deletions(-)

diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index 8a9120a..96c470c 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -776,7 +776,9 @@ def ensure_enrolled(installer):
 config = installer._config
 
 # Perform only if we have the necessary options
-if not any([installer.admin_password, installer.keytab]):
+if not any([installer.password,
+installer.admin_password,
+installer.keytab]):
 sys.exit("IPA client is not configured on this system.\n"
  "You must join the system by running 'ipa-client-install' "
  "first. Alternatively, you may specify enrollment related "
@@ -786,6 +788,8 @@ def ensure_enrolled(installer):
 service.print_msg("Configuring client side components")
 try:
 args = [paths.IPA_CLIENT_INSTALL, "--unattended"]
+stdin = None
+
 if installer.domain_name:
 args.extend(["--domain", installer.domain_name])
 if installer.server:
@@ -795,12 +799,16 @@ def ensure_enrolled(installer):
 if installer.host_name:
 args.extend(["--hostname", installer.host_name])
 
-if installer.admin_password:
-# Always set principal if password was set explicitly,
-# the password itself gets passed directly via stdin
-args.extend(["--principal", installer.principal or "admin"])
-if installer.keytab:
-args.extend(["--keytab", installer.keytab])
+if installer.password:
+args.extend(["--password", installer.password])
+else:
+if installer.admin_password:
+# Always set principal if password was set explicitly,
+# the password itself gets passed directly via stdin
+args.extend(["--principal", installer.principal or "admin"])
+stdin = installer.admin_password
+if installer.keytab:
+args.extend(["--keytab", installer.keytab])
 
 if installer.no_dns_sshfp:
 args.append("--no-dns-sshfp")
@@ -813,7 +821,7 @@ def ensure_enrolled(installer):
 if installer.mkhomedir:
 args.append("--mkhomedir")
 
-ipautil.run(args, stdin=installer.admin_password or None)
+ipautil.run(args, stdin=stdin)
 
 except Exception as e:
 sys.exit("Configuration of client side components failed!\n"
@@ -972,16 +980,17 @@ def promote_check(installer):
 add_to_ipaservers = not result
 
 if add_to_ipaservers:
-if installer._ccache is None:
-del os.environ['KRB5CCNAME']
-else:
-os.environ['KRB5CCNAME'] = installer._ccache
-
-try:
-installutils.check_creds(options, config.realm_name)
-installer._ccache = os.environ.get('KRB5CCNAME')
-finally:
-os.environ['KRB5CCNAME'] = ccache
+if not options.password or options.admin_password:
+if installer._ccache is None:
+del os.environ['KRB5CCNAME']
+else:
+os.environ['KRB5CCNAME'] = installer._ccache
+
+try:
+installutils.check_creds(options, config.realm_name)
+installer._ccache = os.environ.get('KRB5CCNAME')
+finally:
+os.environ['KRB5CCNAME'] = ccache
 
 conn.disconnect()
 conn.connect(ccache=installer._ccache)
@@ -1348,11 +1357,14 @@ class Replica(BaseServer):
  "multiple times"),
 )
 
-dm_password = Knob(
+dm_password = None
+
+password = Knob(
 

Re: [Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

[Jan Cholasta]

On 6.12.2015 21:32, Martin Basti wrote:



On 04.12.2015 16:58, Simo Sorce wrote:

On Fri, 2015-12-04 at 15:39 +0100, Jan Cholasta wrote:

On 4.12.2015 15:16, Jan Cholasta wrote:

On 4.12.2015 15:12, Jan Cholasta wrote:

On 4.12.2015 11:15, Petr Vobornik wrote:

On 12/03/2015 03:11 PM, Martin Basti wrote:


On 01.12.2015 12:19, Jan Cholasta wrote:

On 23.11.2015 15:47, Simo Sorce wrote:

On Mon, 2015-11-23 at 15:37 +0100, Jan Cholasta wrote:

Ad alternative is to add the host to ipaservers before the checks
are
done and remove it again if any of them fail.

Too error prone, I am ok with the current way in your patches
until/unless I can think of a fail safe way. :-)

Updated patches attached. Note that 520 should be applied
between 509
and 510.




Functional ACK


Simo, do you want to review the ACIs or other things it the
patches? Or
can the patches be pushed?

There were no changes in the ACIs since last time.

Actually, memberPrincipal was removed from the "IPA server hosts can
manage own Custodia secrets" ACI, as per Simo's request.


Rebased patches attached.

Note that 520 should still be applied between 509 and 510.


LGTM


ACK


Thanks.

Pushed to master: 01ddf51df76f3298499973355c5461727e46ab5b

--
Jan Cholasta

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code