Re: [Freeipa-devel] [PATCH] admintool: Add error message with path to log on failure.

2015-10-15 Thread Tomas Babej
On 10/15/2015 12:33 PM, David Kupka wrote: > Currently, when there is unhanded exception without any message, > installer ends with error code but without any error message. > > Adding line stating that some error occurred and where are logs located > should help with debugging. > > > The

[Freeipa-devel] [PATCH] 922 topology: add realm suffix to master entry on update

2015-10-15 Thread Petr Vobornik
This patch was extracted from replica promotion patches. -- Petr Vobornik From d523ddec1cdc3efc4e4f2d66a8fb9162cdb78f02 Mon Sep 17 00:00:00 2001 From: Petr Vobornik Date: Thu, 15 Oct 2015 13:58:46 +0200 Subject: [PATCH] topology: add realm suffix to master entry on update

Re: [Freeipa-devel] [PATCH] 922 topology: add realm suffix to master entry on update

2015-10-15 Thread Jan Cholasta
On 15.10.2015 14:04, Petr Vobornik wrote: This patch was extracted from replica promotion patches. (reference: ) Thanks, ACK. Pushed to master: ba22999cefb57f344acdc63a553d569ab6249099 -- Jan Cholasta -- Manage

Re: [Freeipa-devel] [PATCH] admintool: Add error message with path to log on failure.

2015-10-15 Thread Tomas Babej
On 10/15/2015 01:30 PM, Tomas Babej wrote: > > > On 10/15/2015 01:24 PM, David Kupka wrote: >> On 15/10/15 13:02, Tomas Babej wrote: >>> >>> >>> On 10/15/2015 12:33 PM, David Kupka wrote: Currently, when there is unhanded exception without any message, installer ends with error code

Re: [Freeipa-devel] [PATCH] admintool: Add error message with path to log on failure.

2015-10-15 Thread Tomas Babej
On 10/15/2015 01:24 PM, David Kupka wrote: > On 15/10/15 13:02, Tomas Babej wrote: >> >> >> On 10/15/2015 12:33 PM, David Kupka wrote: >>> Currently, when there is unhanded exception without any message, >>> installer ends with error code but without any error message. >>> >>> Adding line

Re: [Freeipa-devel] [PATCH] admintool: Add error message with path to log on failure.

2015-10-15 Thread David Kupka
On 15/10/15 13:02, Tomas Babej wrote: On 10/15/2015 12:33 PM, David Kupka wrote: Currently, when there is unhanded exception without any message, installer ends with error code but without any error message. Adding line stating that some error occurred and where are logs located should help

Re: [Freeipa-devel] [PATCHSET] Replica promotion patches

2015-10-15 Thread Jan Cholasta
On 15.10.2015 12:00, Petr Vobornik wrote: On 10/15/2015 10:45 AM, Jan Cholasta wrote: On 23.9.2015 19:47, Simo Sorce wrote: On Wed, 2015-09-23 at 08:35 +0200, Jan Cholasta wrote: What I mean is that installing a replica using an already existing replica file should be prevented at level 1 as

[Freeipa-devel] [PATCH] admintool: Add error message with path to log on failure.

2015-10-15 Thread David Kupka
Currently, when there is unhanded exception without any message, installer ends with error code but without any error message. Adding line stating that some error occurred and where are logs located should help with debugging. -- David Kupka From 15f98f44bf936434f9cbf8ab81b124cd783d3ebf Mon

[Freeipa-devel] [PATCH 0086] disable ipa-replica prepare in non-zero domain levels

2015-10-15 Thread Martin Babinsky
https://fedorahosted.org/freeipa/ticket/5175 -- Martin^3 Babinsky From 4c344b832432e59dcfe7a32bb7c4ea31470d26af Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Thu, 15 Oct 2015 16:07:48 +0200 Subject: [PATCH] disable ipa-replica-prepare in non-zero IPA domain level

Re: [Freeipa-devel] [PATCHSET] Replica promotion patches

2015-10-15 Thread Simo Sorce
Commenting only on the 2 remaining patches that need to be committed, inline. On 15/10/15 04:45, Jan Cholasta wrote: On 23.9.2015 19:47, Simo Sorce wrote: "Allow ipa-ca-install to use the new promotion code": 1) The --replica option was not removed: Will do, thanks for spotting. On

Re: [Freeipa-devel] [PATCHSET] Replica promotion patches

2015-10-15 Thread Martin Basti
On 15.10.2015 14:29, Jan Cholasta wrote: On 15.10.2015 12:00, Petr Vobornik wrote: On 10/15/2015 10:45 AM, Jan Cholasta wrote: On 23.9.2015 19:47, Simo Sorce wrote: On Wed, 2015-09-23 at 08:35 +0200, Jan Cholasta wrote: What I mean is that installing a replica using an already existing

Re: [Freeipa-devel] [PATCHSET] Replica promotion patches

2015-10-15 Thread Martin Basti
On 15.10.2015 14:29, Jan Cholasta wrote: On 15.10.2015 12:00, Petr Vobornik wrote: On 10/15/2015 10:45 AM, Jan Cholasta wrote: On 23.9.2015 19:47, Simo Sorce wrote: On Wed, 2015-09-23 at 08:35 +0200, Jan Cholasta wrote: What I mean is that installing a replica using an already existing

Re: [Freeipa-devel] [PATCH] 0001 cert-show: Remove check if hostname != CN

2015-10-15 Thread Jan Orel
> Anything bound to IPA can potentially retrieve a certificate. This code > adds special handling for hosts and probably should cover services as > well now that I think about it. I don't think services could be included > in ACIs when this was originally written. > > The idea was that hosts have

Re: [Freeipa-devel] [PATCHES 0318 - 0320, 0323] installer: allow to modify dse.ldif during installation

2015-10-15 Thread Martin Basti
On 14.10.2015 16:10, Martin Basti wrote: On 14.10.2015 15:51, Martin Babinsky wrote: On 10/13/2015 06:38 PM, Martin Basti wrote: On 12.10.2015 12:30, Martin Babinsky wrote: On 10/08/2015 05:58 PM, Martin Basti wrote: The attached patches fix following tickets:

Re: [Freeipa-devel] [PATCHES 0318 - 0320, 0323] installer: allow to modify dse.ldif during installation

2015-10-15 Thread Jan Cholasta
On 15.10.2015 19:47, Martin Basti wrote: On 15.10.2015 18:47, Martin Basti wrote: On 15.10.2015 18:36, Martin Babinsky wrote: On 10/15/2015 04:50 PM, Martin Basti wrote: On 14.10.2015 16:10, Martin Basti wrote: On 14.10.2015 15:51, Martin Babinsky wrote: On 10/13/2015 06:38 PM,

Re: [Freeipa-devel] [PATCH] 0001 cert-show: Remove check if hostname != CN

2015-10-15 Thread Jan Orel
2015-10-13 19:26 GMT+02:00 Rob Crittenden : > Jan Orel wrote: >>> The restriction was there so that hosts had limited visibility. This >>> applies that limitation to all users. I think the host check needs to be >>> re-added. >> >> I am confused, correct me if I am wrong, but

Re: [Freeipa-devel] [PATCHES 0318 - 0320, 0323] installer: allow to modify dse.ldif during installation

2015-10-15 Thread Martin Basti
On 15.10.2015 18:36, Martin Babinsky wrote: On 10/15/2015 04:50 PM, Martin Basti wrote: On 14.10.2015 16:10, Martin Basti wrote: On 14.10.2015 15:51, Martin Babinsky wrote: On 10/13/2015 06:38 PM, Martin Basti wrote: On 12.10.2015 12:30, Martin Babinsky wrote: On 10/08/2015 05:58

Re: [Freeipa-devel] [PATCHES 0318 - 0320, 0323] installer: allow to modify dse.ldif during installation

2015-10-15 Thread Martin Babinsky
On 10/15/2015 04:50 PM, Martin Basti wrote: On 14.10.2015 16:10, Martin Basti wrote: On 14.10.2015 15:51, Martin Babinsky wrote: On 10/13/2015 06:38 PM, Martin Basti wrote: On 12.10.2015 12:30, Martin Babinsky wrote: On 10/08/2015 05:58 PM, Martin Basti wrote: The attached patches fix

Re: [Freeipa-devel] [PATCHSET] Replica promotion patches

2015-10-15 Thread Simo Sorce
On 15/10/15 11:39, Martin Basti wrote: Without this patch the ipa-ca-install is broken in current master. Unexpected error - see /var/log/ipareplica-ca-install.log for details: AttributeError: Values instance has no attribute 'promote' Should be fixed with the attached patches. -- Simo Sorce

Re: [Freeipa-devel] [PATCHES 0318 - 0320, 0323] installer: allow to modify dse.ldif during installation

2015-10-15 Thread Martin Basti
On 15.10.2015 18:47, Martin Basti wrote: On 15.10.2015 18:36, Martin Babinsky wrote: On 10/15/2015 04:50 PM, Martin Basti wrote: On 14.10.2015 16:10, Martin Basti wrote: On 14.10.2015 15:51, Martin Babinsky wrote: On 10/13/2015 06:38 PM, Martin Basti wrote: On 12.10.2015 12:30,