Re: [Freeipa-devel] [PATCH 0071] replica: Fix ipa-replica-install with replica file (domain, level 0).

On 08/12/15 16:33, Tomas Babej wrote: On 12/08/2015 04:20 PM, Oleg Fayans wrote: ACK. The initial issue is fixed. On 12/08/2015 03:03 PM, David Kupka wrote: https://fedorahosted.org/freeipa/ticket/5531 Can we get some more love for the patch and provide at least a sentence worth of com

Re: [Freeipa-devel] [PATCH 0112] CI tests: ignore disconnected domain level 1 topology on IPA master teardown

ACK On 12/09/2015 07:37 AM, Martin Babinsky wrote: > On 12/07/2015 01:53 PM, Martin Babinsky wrote: >> On 12/07/2015 12:07 PM, Oleg Fayans wrote: >>> Hi Martin, >>> >>> CONFIGURED_DOMAIN_LEVEL is declared, but not used. The rest looks fine >>> to me >>> >>> On 12/07/2015 11:05 AM, Martin Babinsky

Re: [Freeipa-devel] [PATCH 0112] CI tests: ignore disconnected domain level 1 topology on IPA master teardown

On 12/07/2015 01:53 PM, Martin Babinsky wrote: On 12/07/2015 12:07 PM, Oleg Fayans wrote: Hi Martin, CONFIGURED_DOMAIN_LEVEL is declared, but not used. The rest looks fine to me On 12/07/2015 11:05 AM, Martin Babinsky wrote: This patch should fix teardown methods in replication-related CI tes

Re: [Freeipa-devel] [PATCH 0065] ipa-replica-install prints incorrect error message when replica is already installed

LGTM On 8.12.2015 17:04, Gabe Alford wrote: Updated patch attached. On Tue, Dec 8, 2015 at 8:27 AM, Martin Basti mailto:mba...@redhat.com>> wrote: On 08.12.2015 16:26, Gabe Alford wrote: Just to confirm: if server is installed: Let's stop here and not do anything else

Re: [Freeipa-devel] [PATCH] First part of the replica promotion tests + testplan

Substituted a hardcoded suffix name with a constant DOMAIN_SUFFIX_NAME On 12/08/2015 02:33 PM, Oleg Fayans wrote: > Hi all, > > > The patches are rebased against the current master. > > On 12/02/2015 05:10 PM, Martin Basti wrote: >> >> >> On 02.12.2015 16:18, Oleg Fayans wrote: >>> Hi Martin, >

[Freeipa-devel] [PATCH 0115] fix error message assertion in negative forced client reenrollment tests

This patch fixes the assertions in negative test cases of 'test_forced_client_reenrollment' CI test suite. On ipa-4-2 it fixes https://fedorahosted.org/freeipa/ticket/5511 and makes all 8 tests in this suite green, shiny and happy again. It also fixes negative test cases on master branch, but

Re: [Freeipa-devel] [PATCH 0394] topology: Make sure the old 'realm' topology suffix is not

On 12/08/2015 04:53 PM, Tomas Babej wrote: On 12/08/2015 02:28 PM, Tomas Babej wrote: Hi, The old 'realm' topology suffix is no longer used, however, it was being created on masters with version 4.2.3 and later. Make sure it's properly removed. Note that this is not the case for the 'ipaca'

[Freeipa-devel] [PATCH 0114] harden domain level 1 topology connectivity checks

A sort of auxilliary patch which makes topology checks more resistant to https://fedorahosted.org/freeipa/ticket/5526 If required I will open a separate ticket for it though. -- Martin^3 Babinsky From 6b722203ba9442559b1311be63b8b05b862af084 Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date:

Re: [Freeipa-devel] [PATCH 0065] ipa-replica-install prints incorrect error message when replica is already installed

Updated patch attached. On Tue, Dec 8, 2015 at 8:27 AM, Martin Basti wrote: > > > On 08.12.2015 16:26, Gabe Alford wrote: > > Just to confirm: > > if server is installed: > Let's stop here and not do anything else > > if domain level 0: > check if client installed and stop here > > Rig

Re: [Freeipa-devel] [PATCH 0394] topology: Make sure the old 'realm' topology suffix is not

On 12/08/2015 02:28 PM, Tomas Babej wrote: > Hi, > > The old 'realm' topology suffix is no longer used, however, it was being > created on masters with version 4.2.3 and later. Make sure it's properly > removed. > > Note that this is not the case for the 'ipaca' suffix, which was later > remove

Re: [Freeipa-devel] [PATCH 0071] replica: Fix ipa-replica-install with replica file (domain, level 0).

On 12/08/2015 04:20 PM, Oleg Fayans wrote: > ACK. The initial issue is fixed. > > On 12/08/2015 03:03 PM, David Kupka wrote: >> https://fedorahosted.org/freeipa/ticket/5531 >> >> > Can we get some more love for the patch and provide at least a sentence worth of commit message before pushing?

Re: [Freeipa-devel] [PATCH 0065] ipa-replica-install prints incorrect error message when replica is already installed

Just to confirm: if server is installed: Let's stop here and not do anything else if domain level 0: check if client installed and stop here Right? On Tue, Dec 8, 2015 at 8:20 AM, Jan Cholasta wrote: > On 8.12.2015 16:17, Martin Basti wrote: > >> >> >> On 08.12.2015 16:14, Jan Chol

Re: [Freeipa-devel] [PATCH 0065] ipa-replica-install prints incorrect error message when replica is already installed

On 08.12.2015 16:26, Gabe Alford wrote: Just to confirm: if server is installed: Let's stop here and not do anything else if domain level 0: check if client installed and stop here Right? yes On Tue, Dec 8, 2015 at 8:20 AM, Jan Cholasta > wrote:

Re: [Freeipa-devel] [PATCH 0065] ipa-replica-install prints incorrect error message when replica is already installed

On 08.12.2015 16:14, Jan Cholasta wrote: On 8.12.2015 16:09, Martin Basti wrote: On 01.12.2015 14:57, Gabe Alford wrote: Sorry guys, I forgot to add a meaningful subject to this message. Ignore the previous thread start. -- Forwarded message -- From: *Gabe Alford*

Re: [Freeipa-devel] [PATCH 0071] replica: Fix ipa-replica-install with replica file (domain, level 0).

ACK. The initial issue is fixed. On 12/08/2015 03:03 PM, David Kupka wrote: > https://fedorahosted.org/freeipa/ticket/5531 > > -- Oleg Fayans Quality Engineer FreeIPA team RedHat. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-

Re: [Freeipa-devel] [PATCH 0065] ipa-replica-install prints incorrect error message when replica is already installed

On 8.12.2015 16:17, Martin Basti wrote: On 08.12.2015 16:14, Jan Cholasta wrote: On 8.12.2015 16:09, Martin Basti wrote: On 01.12.2015 14:57, Gabe Alford wrote: Sorry guys, I forgot to add a meaningful subject to this message. Ignore the previous thread start. -- Forwarded message

Re: [Freeipa-devel] [PATCH 0065] ipa-replica-install prints incorrect error message when replica is already installed

On 8.12.2015 16:09, Martin Basti wrote: On 01.12.2015 14:57, Gabe Alford wrote: Sorry guys, I forgot to add a meaningful subject to this message. Ignore the previous thread start. -- Forwarded message -- From: *Gabe Alford* mailto:redhatri...@gmail.com>> Date: Mon, Nov 30, 201

Re: [Freeipa-devel] [PATCH 0065] ipa-replica-install prints incorrect error message when replica is already installed

On 01.12.2015 14:57, Gabe Alford wrote: Sorry guys, I forgot to add a meaningful subject to this message. Ignore the previous thread start. -- Forwarded message -- From: *Gabe Alford* mailto:redhatri...@gmail.com>> Date: Mon, Nov 30, 2015 at 7:31 PM Subject: [PATCH 0065] To: f

Re: [Freeipa-devel] [PATCH 0058, 0064] dns: do not add (forward)zone if it is already resolvable.

On 8.12.2015 12:19, David Kupka wrote: > On 08/12/15 08:56, Petr Spacek wrote: >> On 7.12.2015 14:41, David Kupka wrote: >>> +def is_host_resolvable(fqdn): >>> +if not isinstance(fqdn, DNSName): >>> +fqdn = DNSName(fqdn) >>> +for rdtype in (rdatatype.A, rdatatype.): >>> +

[Freeipa-devel] [PATCH 0071] replica: Fix ipa-replica-install with replica file (domain, level 0).

https://fedorahosted.org/freeipa/ticket/5531 -- David Kupka From eee2c606aeba8aff61777cbf54fdb6c006e8c755 Mon Sep 17 00:00:00 2001 From: David Kupka Date: Tue, 8 Dec 2015 14:22:01 +0100 Subject: [PATCH] replica: Fix ipa-replica-install with replica file (domain level 0). https://fedorahosted.or

Re: [Freeipa-devel] [PATCH 0388] tests: Add hostmask detection for sudo rules validating

On 12/03/2015 04:33 PM, Tomas Babej wrote: > > > On 12/03/2015 04:26 PM, Aleš Mareček wrote: >> Hello, >> >> ACK for code >> NACK for the placing "get_client_ip_with_hostmask" function to test_sudo.py >> (this function should be in some more general file) >> > > What place would you propose?

Re: [Freeipa-devel] [PATCH] First part of the replica promotion tests + testplan

Hi all, The patches are rebased against the current master. On 12/02/2015 05:10 PM, Martin Basti wrote: > > > On 02.12.2015 16:18, Oleg Fayans wrote: >> Hi Martin, >> >> On 12/01/2015 04:08 PM, Martin Basti wrote: >>> >>> >>> On 27.11.2015 16:26, Oleg Fayans wrote: And patch N 16 passes l

[Freeipa-devel] [PATCH 0394] topology: Make sure the old 'realm' topology suffix is not

Hi, The old 'realm' topology suffix is no longer used, however, it was being created on masters with version 4.2.3 and later. Make sure it's properly removed. Note that this is not the case for the 'ipaca' suffix, which was later removed to 'ca'. https://fedorahosted.org/freeipa/ticket/5526 From

Re: [Freeipa-devel] patch acceptance criteria

Petr Spacek wrote: > On 4.12.2015 14:42, Rob Crittenden wrote: >> Lukas Slebodnik wrote: On (03/12/15 09:59), Rob Crittenden wrote: >> Lukas Slebodnik wrote: On (02/12/15 13:14), Rob Crittenden wrote: >> Is it still mandatory that tests pass the unit tests before

Re: [Freeipa-devel] [PATCH 0391] replicainstall: Add check for domain if server is specified

On Tue, 2015-12-08 at 13:34 +0100, Martin Kosek wrote: > On 12/08/2015 08:28 AM, Jan Cholasta wrote: > > On 8.12.2015 08:23, Martin Kosek wrote: > >> On 12/08/2015 07:57 AM, Jan Cholasta wrote: > >>> On 7.12.2015 16:43, Martin Kosek wrote: > On 12/07/2015 02:17 PM, Tomas Babej wrote: > > >

Re: [Freeipa-devel] [PATCH 0391] replicainstall: Add check for domain if server is specified

On 12/08/2015 08:28 AM, Jan Cholasta wrote: > On 8.12.2015 08:23, Martin Kosek wrote: >> On 12/08/2015 07:57 AM, Jan Cholasta wrote: >>> On 7.12.2015 16:43, Martin Kosek wrote: On 12/07/2015 02:17 PM, Tomas Babej wrote: > > > On 12/04/2015 08:22 PM, Rob Crittenden wrote: >> Mar

Re: [Freeipa-devel] [PATCH 0068] add missing /ipaplatform/constants.py to .gitignore

On 12/08/2015 01:26 PM, Tomas Babej wrote: > > > On 12/08/2015 01:26 PM, Petr Spacek wrote: >> Hello, >> >> add missing /ipaplatform/constants.py to .gitignore >> > > ACK. > Pushed to master: 848912ae31d1549d5f6bed874cc6c4541bada6f4 -- Manage your subscription for the Freeipa-devel mailing

Re: [Freeipa-devel] [PATCH 0068] add missing /ipaplatform/constants.py to .gitignore

On 12/08/2015 01:26 PM, Petr Spacek wrote: > Hello, > > add missing /ipaplatform/constants.py to .gitignore > ACK. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribu

[Freeipa-devel] [PATCH 0068] add missing /ipaplatform/constants.py to .gitignore

Hello, add missing /ipaplatform/constants.py to .gitignore -- Petr^2 Spacek From f9116e6f999e0b9915bc6095fa0377eb13304bbb Mon Sep 17 00:00:00 2001 From: Petr Spacek Date: Tue, 8 Dec 2015 13:25:21 +0100 Subject: [PATCH] add missing /ipaplatform/constants.py to .gitignore --- .gitignore | 1 +

Re: [Freeipa-devel] [PATCH 522] replica promotion: allow OTP bulk client enrollment

On 08.12.2015 13:09, Jan Cholasta wrote: On 8.12.2015 12:49, Martin Basti wrote: On 08.12.2015 10:31, Martin Basti wrote: On 08.12.2015 08:52, Jan Cholasta wrote: On 7.12.2015 21:11, Martin Basti wrote: On 07.12.2015 08:21, Jan Cholasta wrote: On 2.12.2015 16:23, Jan Cholasta wrote:

Re: [Freeipa-devel] [PATCH 522] replica promotion: allow OTP bulk client enrollment

On 8.12.2015 12:49, Martin Basti wrote: On 08.12.2015 10:31, Martin Basti wrote: On 08.12.2015 08:52, Jan Cholasta wrote: On 7.12.2015 21:11, Martin Basti wrote: On 07.12.2015 08:21, Jan Cholasta wrote: On 2.12.2015 16:23, Jan Cholasta wrote: Hi, the attached patch fixes

Re: [Freeipa-devel] [PATCH 522] replica promotion: allow OTP bulk client enrollment

On 08.12.2015 10:31, Martin Basti wrote: On 08.12.2015 08:52, Jan Cholasta wrote: On 7.12.2015 21:11, Martin Basti wrote: On 07.12.2015 08:21, Jan Cholasta wrote: On 2.12.2015 16:23, Jan Cholasta wrote: Hi, the attached patch fixes . Not

Re: [Freeipa-devel] [PATCH 0058, 0064] dns: do not add (forward)zone if it is already resolvable.

On 08/12/15 08:56, Petr Spacek wrote: On 7.12.2015 14:41, David Kupka wrote: +def is_host_resolvable(fqdn): +if not isinstance(fqdn, DNSName): +fqdn = DNSName(fqdn) +for rdtype in (rdatatype.A, rdatatype.): +try: +resolver.query(fqdn.make_absolute(), rdtyp

Re: [Freeipa-devel] patch acceptance criteria

On 4.12.2015 14:42, Rob Crittenden wrote: > Lukas Slebodnik wrote: >> > On (03/12/15 09:59), Rob Crittenden wrote: >>> >> Lukas Slebodnik wrote: >>> On (02/12/15 13:14), Rob Crittenden wrote: > Is it still mandatory that tests pass the unit tests before > acceptance? >>

Re: [Freeipa-devel] [PATCH 0026] Workarounds for SELinux execmem violations in cryptography

On 2015-12-07 19:59, Petr Vobornik wrote: > On 7.12.2015 16:26, Christian Heimes wrote: >> On 2015-12-07 16:17, Alexander Bokovoy wrote: >>> On Mon, 07 Dec 2015, Christian Heimes wrote: The patch fixes SELinux violations in Fedora 23. Background: Recent versions of cryptography cause

[Freeipa-devel] [PATCH 0113] properly add ACIs to custodia container during IPA upgrade

fixes https://fedorahosted.org/freeipa/ticket/5524 -- Martin^3 Babinsky From fbcade73e29eb486bc5c2970bc8ba2d147db81eb Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Tue, 8 Dec 2015 09:51:09 +0100 Subject: [PATCH] properly add ACIs to custodia container during IPA upgrade During upgrade th

Re: [Freeipa-devel] [PATCH 522] replica promotion: allow OTP bulk client enrollment

On 08.12.2015 08:52, Jan Cholasta wrote: On 7.12.2015 21:11, Martin Basti wrote: On 07.12.2015 08:21, Jan Cholasta wrote: On 2.12.2015 16:23, Jan Cholasta wrote: Hi, the attached patch fixes . Note that you still have to provide admin passw

Re: [Freeipa-devel] [PATCH 0371] CI: fix function that prepares /etc/hosts

On 08.12.2015 10:22, Oleg Fayans wrote: ACK On 12/06/2015 09:52 PM, Martin Basti wrote: Without this fix, function removes more entries from /etc/host than is required, and it causes installation failure in tests without DNS Patch attached. Pushed to master: e4259d5b49a6f501f0a6f1b020bf492c

Re: [Freeipa-devel] [PATCH 0372] CI: installation tests

On 12/08/2015 10:09 AM, Martin Basti wrote: > > > On 08.12.2015 10:04, Oleg Fayans wrote: >> ACK > Pushed to master: a11cddd75b4e887998ad6fd52a05f87e0354ea30 > > How about patch mbasti-371, this will not work without it. Looks safe. Could be pushed too :) >> >> On 12/07/2015 10:44 PM, Martin

Re: [Freeipa-devel] [PATCH 0371] CI: fix function that prepares /etc/hosts

ACK On 12/06/2015 09:52 PM, Martin Basti wrote: > Without this fix, function removes more entries from /etc/host than is > required, and it causes installation failure in tests without DNS > > Patch attached. -- Oleg Fayans Quality Engineer FreeIPA team RedHat. -- Manage your subscription for

Re: [Freeipa-devel] [PATCH 0372] CI: installation tests

On 08.12.2015 10:04, Oleg Fayans wrote: ACK Pushed to master: a11cddd75b4e887998ad6fd52a05f87e0354ea30 How about patch mbasti-371, this will not work without it. On 12/07/2015 10:44 PM, Martin Basti wrote: On 07.12.2015 15:51, Oleg Fayans wrote: On 12/07/2015 03:51 PM, Martin Basti wrote

Re: [Freeipa-devel] [PATCH] 0046 Create server certs with DNS altname

On Mon, Dec 07, 2015 at 05:50:05PM -0500, Rob Crittenden wrote: > Fraser Tweedale wrote: > > On Mon, Dec 07, 2015 at 01:53:15PM +0100, Martin Kosek wrote: > >> On 12/07/2015 06:26 AM, Fraser Tweedale wrote: > >>> The attached patch fixes > >>> https://fedorahosted.org/freeipa/ticket/4970. > >>> > >

Re: [Freeipa-devel] [PATCH] 0046 Create server certs with DNS altname

On Tue, Dec 08, 2015 at 09:00:20AM +0100, Martin Kosek wrote: > On 12/08/2015 02:22 AM, Fraser Tweedale wrote: > > On Tue, Dec 08, 2015 at 08:46:39AM +1000, Fraser Tweedale wrote: > >> On Mon, Dec 07, 2015 at 01:53:15PM +0100, Martin Kosek wrote: > >>> On 12/07/2015 06:26 AM, Fraser Tweedale wrote:

Re: [Freeipa-devel] [PATCH 0372] CI: installation tests

ACK On 12/07/2015 10:44 PM, Martin Basti wrote: > > > On 07.12.2015 15:51, Oleg Fayans wrote: >> >> On 12/07/2015 03:51 PM, Martin Basti wrote: >>> >>> On 07.12.2015 15:49, Oleg Fayans wrote: Hi, On 12/07/2015 02:37 PM, Martin Basti wrote: > On 07.12.2015 14:32, Martin Basti w

Re: [Freeipa-devel] [PATCH] 0046 Create server certs with DNS altname

On 12/08/2015 02:22 AM, Fraser Tweedale wrote: > On Tue, Dec 08, 2015 at 08:46:39AM +1000, Fraser Tweedale wrote: >> On Mon, Dec 07, 2015 at 01:53:15PM +0100, Martin Kosek wrote: >>> On 12/07/2015 06:26 AM, Fraser Tweedale wrote: The attached patch fixes https://fedorahosted.org/freeipa/t