[Freeipa-devel] [freeipa PR#186][closed] replicainstall: log ACI and LDAP errors in promotion check
URL: https://github.com/freeipa/freeipa/pull/186 Author: pvoborni Title: #186: replicainstall: log ACI and LDAP errors in promotion check Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/186/head:pr186 git checkout pr186 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#186][comment] replicainstall: log ACI and LDAP errors in promotion check
URL: https://github.com/freeipa/freeipa/pull/186 Title: #186: replicainstall: log ACI and LDAP errors in promotion check mbasti-rh commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/d0c17b4d9afb95db2abcd93096fa6626fd61870e """ See the full comment at https://github.com/freeipa/freeipa/pull/186#issuecomment-256404716 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#186][+pushed] replicainstall: log ACI and LDAP errors in promotion check
URL: https://github.com/freeipa/freeipa/pull/186 Title: #186: replicainstall: log ACI and LDAP errors in promotion check Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#176][comment] cert-show: show validity in default output
URL: https://github.com/freeipa/freeipa/pull/176 Title: #176: cert-show: show validity in default output mbasti-rh commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/b6a3c9dc74ccef6f8e7df4123670d7e11269198c ipa-4-4: https://fedorahosted.org/freeipa/changeset/0d8f8896db8ad3a1c91cacfb009640602552f55f """ See the full comment at https://github.com/freeipa/freeipa/pull/176#issuecomment-256404255 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#176][+ack] cert-show: show validity in default output
URL: https://github.com/freeipa/freeipa/pull/176 Title: #176: cert-show: show validity in default output Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#176][+pushed] cert-show: show validity in default output
URL: https://github.com/freeipa/freeipa/pull/176 Title: #176: cert-show: show validity in default output Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#163][closed] Do not create Object Signing certificate
URL: https://github.com/freeipa/freeipa/pull/163 Author: frasertweedale Title: #163: Do not create Object Signing certificate Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/163/head:pr163 git checkout pr163 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#163][comment] Do not create Object Signing certificate
URL: https://github.com/freeipa/freeipa/pull/163 Title: #163: Do not create Object Signing certificate mbasti-rh commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/eb6bfd82f363405e3377b2a912b1152ba76625ae """ See the full comment at https://github.com/freeipa/freeipa/pull/163#issuecomment-256403076 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#163][+pushed] Do not create Object Signing certificate
URL: https://github.com/freeipa/freeipa/pull/163 Title: #163: Do not create Object Signing certificate Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#163][comment] Do not create Object Signing certificate
URL: https://github.com/freeipa/freeipa/pull/163 Title: #163: Do not create Object Signing certificate mbasti-rh commented: """ Works for me """ See the full comment at https://github.com/freeipa/freeipa/pull/163#issuecomment-256402862 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#186][+ack] replicainstall: log ACI and LDAP errors in promotion check
URL: https://github.com/freeipa/freeipa/pull/186 Title: #186: replicainstall: log ACI and LDAP errors in promotion check Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#193][closed] [ipa-4-4] Make httpd publish its CA certificate on DL1
URL: https://github.com/freeipa/freeipa/pull/193 Author: stlaz Title: #193: [ipa-4-4] Make httpd publish its CA certificate on DL1 Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/193/head:pr193 git checkout pr193 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#193][+ack] [ipa-4-4] Make httpd publish its CA certificate on DL1
URL: https://github.com/freeipa/freeipa/pull/193 Title: #193: [ipa-4-4] Make httpd publish its CA certificate on DL1 Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#193][comment] [ipa-4-4] Make httpd publish its CA certificate on DL1
URL: https://github.com/freeipa/freeipa/pull/193 Title: #193: [ipa-4-4] Make httpd publish its CA certificate on DL1 mbasti-rh commented: """ Fixed upstream ipa-4-4: https://fedorahosted.org/freeipa/changeset/c84d920ce8b4ca634d72d7bd99652f93f98b0959 """ See the full comment at https://github.com/freeipa/freeipa/pull/193#issuecomment-256398562 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#193][+pushed] [ipa-4-4] Make httpd publish its CA certificate on DL1
URL: https://github.com/freeipa/freeipa/pull/193 Title: #193: [ipa-4-4] Make httpd publish its CA certificate on DL1 Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#193][opened] [ipa-4-4] Make httpd publish its CA certificate on DL1
URL: https://github.com/freeipa/freeipa/pull/193 Author: stlaz Title: #193: [ipa-4-4] Make httpd publish its CA certificate on DL1 Action: opened PR body: """ httpd did not publish its certificate on DL1 which could cause issues during client installation in a rare corner case where there would be no way of getting the certificate but from a HTTP instance. https://fedorahosted.org/freeipa/ticket/6393 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/193/head:pr193 git checkout pr193 From 6791beb8cb71311c36bac72db9467079e571fbbd Mon Sep 17 00:00:00 2001 From: Stanislav LaznickaDate: Tue, 11 Oct 2016 15:48:47 +0200 Subject: [PATCH] Make httpd publish its CA certificate on DL1 httpd did not publish its certificate on DL1 which could cause issues during client installation in a rare corner case where there would be no way of getting the certificate but from a HTTP instance. https://fedorahosted.org/freeipa/ticket/6393 --- ipaserver/install/httpinstance.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 7914f4c..da46f4d 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -175,8 +175,7 @@ def create_instance(self, realm, fqdn, domain_name, dm_password=None, self.step("importing CA certificates from LDAP", self.__import_ca_certs) if autoconfig: self.step("setting up browser autoconfig", self.__setup_autoconfig) -if not self.promote: -self.step("publish CA cert", self.__publish_ca_cert) +self.step("publish CA cert", self.__publish_ca_cert) self.step("clean up any existing httpd ccache", self.remove_httpd_ccache) self.step("configuring SELinux for httpd", self.configure_selinux_for_httpd) if not self.is_kdcproxy_configured(): -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#151][comment] Make httpd publish its CA certificate on DL1
URL: https://github.com/freeipa/freeipa/pull/151 Title: #151: Make httpd publish its CA certificate on DL1 mbasti-rh commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/5d15626b4db8f5e777e037680623badc86b6c31d """ See the full comment at https://github.com/freeipa/freeipa/pull/151#issuecomment-256394450 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#151][closed] Make httpd publish its CA certificate on DL1
URL: https://github.com/freeipa/freeipa/pull/151 Author: stlaz Title: #151: Make httpd publish its CA certificate on DL1 Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/151/head:pr151 git checkout pr151 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#151][+pushed] Make httpd publish its CA certificate on DL1
URL: https://github.com/freeipa/freeipa/pull/151 Title: #151: Make httpd publish its CA certificate on DL1 Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#192][comment] server-del: fix incorrect check for one IPA master
URL: https://github.com/freeipa/freeipa/pull/192 Title: #192: server-del: fix incorrect check for one IPA master mbasti-rh commented: """ LGTM, but I wrote possible improvement inline, please check. """ See the full comment at https://github.com/freeipa/freeipa/pull/192#issuecomment-256376902 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#165][comment] Tests: Verify that cert-find show CA without --all
URL: https://github.com/freeipa/freeipa/pull/165 Title: #165: Tests: Verify that cert-find show CA without --all mbasti-rh commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/42d1a06bd1e856c14110c06ba0d9d946df36331d ipa-4-4: https://fedorahosted.org/freeipa/changeset/7fde0982610cdc19ac4e85a6759820130c66a233 """ See the full comment at https://github.com/freeipa/freeipa/pull/165#issuecomment-256372338 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#151][synchronized] Make httpd publish its CA certificate on DL1
URL: https://github.com/freeipa/freeipa/pull/151 Author: stlaz Title: #151: Make httpd publish its CA certificate on DL1 Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/151/head:pr151 git checkout pr151 From f71bb9e91758072d8c4c7c695f859ac6d4807242 Mon Sep 17 00:00:00 2001 From: Stanislav LaznickaDate: Tue, 11 Oct 2016 15:48:47 +0200 Subject: [PATCH] Make httpd publish its CA certificate on DL1 httpd did not publish its certificate on DL1 which could cause issues during client installation in a rare corner case where there would be no way of getting the certificate but from a HTTP instance. https://fedorahosted.org/freeipa/ticket/6393 --- ipaserver/install/httpinstance.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 60d62c0..b102c82 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -171,8 +171,7 @@ def create_instance(self, realm, fqdn, domain_name, dm_password=None, self.step("setting up httpd keytab", self.__create_http_keytab) self.step("setting up ssl", self.__setup_ssl) self.step("importing CA certificates from LDAP", self.__import_ca_certs) -if not self.promote: -self.step("publish CA cert", self.__publish_ca_cert) +self.step("publish CA cert", self.__publish_ca_cert) self.step("clean up any existing httpd ccache", self.remove_httpd_ccache) self.step("configuring SELinux for httpd", self.configure_selinux_for_httpd) if not self.is_kdcproxy_configured(): -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#191][edited] Exclude testing ipa.pot file from zanata
URL: https://github.com/freeipa/freeipa/pull/191 Author: mbasti-rh Title: #191: Exclude testing ipa.pot file from zanata Action: edited Changed field: title Original value: """ Zanata fix 4 4 """ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#192][opened] server-del: fix incorrect check for one IPA master
URL: https://github.com/freeipa/freeipa/pull/192 Author: martbab Title: #192: server-del: fix incorrect check for one IPA master Action: opened PR body: """ make the check more robust against returned container types for multivalued attributes (lists vs. tuples). https://fedorahosted.org/freeipa/ticket/6417 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/192/head:pr192 git checkout pr192 From 52b8dec120a341100b5401f06c8452e22716697e Mon Sep 17 00:00:00 2001 From: Martin BabinskyDate: Wed, 26 Oct 2016 16:07:21 +0200 Subject: [PATCH] server-del: fix incorrect check for one IPA master make the check more robust against returned container types for multivalued attributes (lists vs. tuples). https://fedorahosted.org/freeipa/ticket/6417 --- ipaserver/plugins/server.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipaserver/plugins/server.py b/ipaserver/plugins/server.py index ec71dbc..a739ee8 100644 --- a/ipaserver/plugins/server.py +++ b/ipaserver/plugins/server.py @@ -473,7 +473,7 @@ def handler(msg, ignore_last_of_role): ipa_masters = ipa_config['ipa_master_server'] # skip these checks if the last master is being removed -if ipa_masters == [hostname]: +if list(ipa_masters) == [hostname]: return if self.api.Command.dns_is_enabled()['result']: -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#191][synchronized] Zanata fix 4 4
URL: https://github.com/freeipa/freeipa/pull/191 Author: mbasti-rh Title: #191: Zanata fix 4 4 Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/191/head:pr191 git checkout pr191 From 17db28e5920f3226c4cf839b57925a7f17352963 Mon Sep 17 00:00:00 2001 From: Martin BastiDate: Wed, 26 Oct 2016 15:48:21 +0200 Subject: [PATCH] Zanata: exlude testing ipa.pot file Exlude testing file "ipatests/test_ipalib/data/ipa.pot" which should not be uploaded to zanata. https://fedorahosted.org/freeipa/ticket/6435 --- zanata.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/zanata.xml b/zanata.xml index d39a593..9566e46 100644 --- a/zanata.xml +++ b/zanata.xml @@ -6,6 +6,6 @@ gettext . . - + ipatests/test_ipalib/data/ipa.pot -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#190][opened] [4.4] Fix tests install dom0
URL: https://github.com/freeipa/freeipa/pull/190 Author: mbasti-rh Title: #190: [4.4] Fix tests install dom0 Action: opened PR body: """ Backport PR #136 to ipa-4-4 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/190/head:pr190 git checkout pr190 From 3fb600067dec553ab01e1c057e48975c1f33 Mon Sep 17 00:00:00 2001 From: Martin BastiDate: Tue, 4 Oct 2016 23:08:19 +0200 Subject: [PATCH 1/3] CI: extend replication layouts tests with KRA KRA should be tested with warious replication topologies as well, mainly in domain level 0 https://fedorahosted.org/freeipa/ticket/6088 --- ipatests/test_integration/tasks.py | 18 ++-- .../test_integration/test_replication_layouts.py | 48 ++ 2 files changed, 63 insertions(+), 3 deletions(-) diff --git a/ipatests/test_integration/tasks.py b/ipatests/test_integration/tasks.py index ac36e2e..d730f73 100644 --- a/ipatests/test_integration/tasks.py +++ b/ipatests/test_integration/tasks.py @@ -983,12 +983,20 @@ def double_circle_topo(master, replicas, site_size=6): def install_topo(topo, master, replicas, clients, domain_level=None, - skip_master=False, setup_replica_cas=True): + skip_master=False, setup_replica_cas=True, + setup_replica_kras=False): """Install IPA servers and clients in the given topology""" +if setup_replica_kras and not setup_replica_cas: +raise ValueError("Option 'setup_replica_kras' requires " + "'setup_replica_cas' set to True") replicas = list(replicas) installed = {master} if not skip_master: -install_master(master, domain_level=domain_level) +install_master( +master, +domain_level=domain_level, +setup_kra=setup_replica_kras +) add_a_records_for_hosts_in_master_domain(master) @@ -998,7 +1006,11 @@ def install_topo(topo, master, replicas, clients, domain_level=None, connect_replica(parent, child) else: log.info('Installing replica %s from %s' % (parent, child)) -install_replica(parent, child, setup_ca=setup_replica_cas) +install_replica( +parent, child, +setup_ca=setup_replica_cas, +setup_kra=setup_replica_kras +) installed.add(child) install_clients([master] + replicas, clients) diff --git a/ipatests/test_integration/test_replication_layouts.py b/ipatests/test_integration/test_replication_layouts.py index c178815..53cae7d 100644 --- a/ipatests/test_integration/test_replication_layouts.py +++ b/ipatests/test_integration/test_replication_layouts.py @@ -52,6 +52,16 @@ def test_line_topology_with_ca(self): self.replication_is_working() +class TestLineTopologyWithCAKRA(LayoutsBaseTest): + +num_replicas = 3 + +def test_line_topology_with_ca_kra(self): +tasks.install_topo('line', self.master, self.replicas, [], + setup_replica_cas=True, setup_replica_kras=True) +self.replication_is_working() + + class TestStarTopologyWithoutCA(LayoutsBaseTest): num_replicas = 3 @@ -72,6 +82,16 @@ def test_star_topology_with_ca(self): self.replication_is_working() +class TestStarTopologyWithCAKRA(LayoutsBaseTest): + +num_replicas = 3 + +def test_star_topology_with_ca_kra(self): +tasks.install_topo('star', self.master, self.replicas, [], + setup_replica_cas=True, setup_replica_kras=True) +self.replication_is_working() + + class TestCompleteTopologyWithoutCA(LayoutsBaseTest): num_replicas = 3 @@ -92,6 +112,16 @@ def test_complete_topology_with_ca(self): self.replication_is_working() +class TestCompleteTopologyWithCAKRA(LayoutsBaseTest): + +num_replicas = 3 + +def test_complete_topology_with_ca_kra(self): +tasks.install_topo('complete', self.master, self.replicas, [], + setup_replica_cas=True, setup_replica_kras=True) +self.replication_is_working() + + @pytest.mark.skipif(config.domain_level == DOMAIN_LEVEL_0, reason='does not work on DOMAIN_LEVEL_0 by design') class Test2ConnectedTopologyWithoutCA(LayoutsBaseTest): @@ -112,6 +142,15 @@ def test_2_connected_topology_with_ca(self): self.replication_is_working() +class Test2ConnectedTopologyWithCAKRA(LayoutsBaseTest): +num_replicas = 33 + +def test_2_connected_topology_with_ca_kra(self): +tasks.install_topo('2-connected', self.master, self.replicas, [], + setup_replica_cas=True, setup_replica_kras=True) +self.replication_is_working() + + @pytest.mark.skipif(config.domain_level == DOMAIN_LEVEL_0, reason='does not work on DOMAIN_LEVEL_0 by design') class
[Freeipa-devel] [freeipa PR#136][closed] Fix KRA install tests
URL: https://github.com/freeipa/freeipa/pull/136 Author: mbasti-rh Title: #136: Fix KRA install tests Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/136/head:pr136 git checkout pr136 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#136][comment] Fix KRA install tests
URL: https://github.com/freeipa/freeipa/pull/136 Title: #136: Fix KRA install tests mbasti-rh commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/84ca1fc220c329b58fb6a22c8eb9bf17d3622c55 https://fedorahosted.org/freeipa/changeset/11d7b774c4d731896e3ab6109b6ed7d5524c1bec https://fedorahosted.org/freeipa/changeset/9408085c58a1e9627c1fb4e1ba0343700e36d7e7 """ See the full comment at https://github.com/freeipa/freeipa/pull/136#issuecomment-256341123 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#184][comment] Minor install script fixes
URL: https://github.com/freeipa/freeipa/pull/184 Title: #184: Minor install script fixes martbab commented: """ Reverted the Fix install scripts debugging commit. master: * dc873007f8616ab9e77f903e235ba49f45ecde37 Revert "Fix install scripts debugging" """ See the full comment at https://github.com/freeipa/freeipa/pull/184#issuecomment-256334107 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#184][closed] Minor install script fixes
URL: https://github.com/freeipa/freeipa/pull/184 Author: simo5 Title: #184: Minor install script fixes Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/184/head:pr184 git checkout pr184 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#136][+ack] Fix KRA install tests
URL: https://github.com/freeipa/freeipa/pull/136 Title: #136: Fix KRA install tests Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#189][comment] Create relative symbol links
URL: https://github.com/freeipa/freeipa/pull/189 Title: #189: Create relative symbol links tiran commented: """ I ran into some strange issues while I was working on PR #188. The symlinks were both dangling symlinks and pointed to a directory that my user could not write to. Eventually I found the real culprit. I still think that relative symlinks are better. Python generally uses relative links for its aliases. """ See the full comment at https://github.com/freeipa/freeipa/pull/189#issuecomment-256326175 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#184][comment] Minor install script fixes
URL: https://github.com/freeipa/freeipa/pull/184 Title: #184: Minor install script fixes abbra commented: """ I'm fine with that (revert --debug commit). Either alternative (make Configurable be aware of the debug or do a refactoring of an installer) is roughly going into the same direction. I certainly see a reason to have Configurable gain knowledge about --debug option to allow it to configure specific services in debug mode which would go beyond just setting up loggers in the installer itself. """ See the full comment at https://github.com/freeipa/freeipa/pull/184#issuecomment-256325663 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#184][comment] Minor install script fixes
URL: https://github.com/freeipa/freeipa/pull/184 Title: #184: Minor install script fixes martbab commented: """ Note that the installer class has no access to debug options. These are only used in the containing ConfigureTool class to set up loggers (see https://git.fedorahosted.org/cgit/freeipa.git/tree/ipapython/install/cli.py#n267) and are not passed to the Configurable object. We may need to revert commit #2 to unblock installation of FreeIPA server. The proper fix shall be implemented as a part of installer refactoring effort. """ See the full comment at https://github.com/freeipa/freeipa/pull/184#issuecomment-256324868 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#189][comment] Create relative symbol links
URL: https://github.com/freeipa/freeipa/pull/189 Title: #189: Create relative symbol links rcritten commented: """ I think you should add the reasoning for switching the link type to the commit message and if this is related to some higher-level ticket that should be included as well. """ See the full comment at https://github.com/freeipa/freeipa/pull/189#issuecomment-256323936 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#188][comment] Move Python build artefacts to top level directory
URL: https://github.com/freeipa/freeipa/pull/188 Title: #188: Move Python build artefacts to top level directory tiran commented: """ I ran into some issues with ```make rpm```. ```setup.py``` started to pick up build artefacts of other packages. Now every package uses its own subdirectory under the top-level ```build``` directory. """ See the full comment at https://github.com/freeipa/freeipa/pull/188#issuecomment-256323114 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#189][opened] Create relative symbol links
URL: https://github.com/freeipa/freeipa/pull/189 Author: tiran Title: #189: Create relative symbol links Action: opened PR body: """ Instead of absolute symbolic links to /usr/bin/COMMAND the RPM spec now creates relative symbolic links. Signed-off-by: Christian Heimes""" To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/189/head:pr189 git checkout pr189 From a97f0d47b50146885e0f0e1644e0d01e6e7b0686 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Wed, 26 Oct 2016 13:37:53 +0200 Subject: [PATCH] Create relative symbol links Instead of absolute symbolic links to /usr/bin/COMMAND the RPM spec now creates relative symbolic links. Signed-off-by: Christian Heimes --- freeipa.spec.in | 18 +- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index 7d55a71..e2efc97 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -713,17 +713,17 @@ mv %{buildroot}%{_bindir}/ipa-test-task %{buildroot}%{_bindir}/ipa-test-task-%{p mv %{buildroot}%{_bindir}/ipa-run-tests %{buildroot}%{_bindir}/ipa-run-tests-%{python3_version} mv %{buildroot}%{_bindir}/ipa-test-config %{buildroot}%{_bindir}/ipa-test-config-%{python3_version} mv %{buildroot}%{_bindir}/ipa-test-task %{buildroot}%{_bindir}/ipa-test-task-%{python3_version} -ln -s %{_bindir}/ipa-run-tests-%{python3_version} %{buildroot}%{_bindir}/ipa-run-tests-3 -ln -s %{_bindir}/ipa-test-config-%{python3_version} %{buildroot}%{_bindir}/ipa-test-config-3 -ln -s %{_bindir}/ipa-test-task-%{python3_version} %{buildroot}%{_bindir}/ipa-test-task-3 +ln -s -r %{buildroot}%{_bindir}/ipa-run-tests-%{python3_version} %{buildroot}%{_bindir}/ipa-run-tests-3 +ln -s -r %{buildroot}%{_bindir}/ipa-test-config-%{python3_version} %{buildroot}%{_bindir}/ipa-test-config-3 +ln -s -r %{buildroot}%{_bindir}/ipa-test-task-%{python3_version} %{buildroot}%{_bindir}/ipa-test-task-3 %endif # with_python3 -ln -s %{_bindir}/ipa-run-tests-%{python2_version} %{buildroot}%{_bindir}/ipa-run-tests-2 -ln -s %{_bindir}/ipa-test-config-%{python2_version} %{buildroot}%{_bindir}/ipa-test-config-2 -ln -s %{_bindir}/ipa-test-task-%{python2_version} %{buildroot}%{_bindir}/ipa-test-task-2 -ln -s %{_bindir}/ipa-run-tests-%{python2_version} %{buildroot}%{_bindir}/ipa-run-tests -ln -s %{_bindir}/ipa-test-config-%{python2_version} %{buildroot}%{_bindir}/ipa-test-config -ln -s %{_bindir}/ipa-test-task-%{python2_version} %{buildroot}%{_bindir}/ipa-test-task +ln -s -r %{buildroot}%{_bindir}/ipa-run-tests-%{python2_version} %{buildroot}%{_bindir}/ipa-run-tests-2 +ln -s -r %{buildroot}%{_bindir}/ipa-test-config-%{python2_version} %{buildroot}%{_bindir}/ipa-test-config-2 +ln -s -r %{buildroot}%{_bindir}/ipa-test-task-%{python2_version} %{buildroot}%{_bindir}/ipa-test-task-2 +ln -s -r %{buildroot}%{_bindir}/ipa-run-tests-%{python2_version} %{buildroot}%{_bindir}/ipa-run-tests +ln -s -r %{buildroot}%{_bindir}/ipa-test-config-%{python2_version} %{buildroot}%{_bindir}/ipa-test-config +ln -s -r %{buildroot}%{_bindir}/ipa-test-task-%{python2_version} %{buildroot}%{_bindir}/ipa-test-task %else make client-install DESTDIR=%{buildroot} LIBDIR=%{_libdir} -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#188][synchronized] Move Python build artefacts to top level directory
URL: https://github.com/freeipa/freeipa/pull/188 Author: tiran Title: #188: Move Python build artefacts to top level directory Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/188/head:pr188 git checkout pr188 From 9e4e58bb7061bf9963350b1a1d66e0e7a4a04ca4 Mon Sep 17 00:00:00 2001 From: Christian HeimesDate: Wed, 26 Oct 2016 12:33:07 +0200 Subject: [PATCH] Move Python build artefacts to top level directory All setup.py use the same build, dist and *.egg-info directory on top level. Build artefacts are no longer placed in local build directories. Signed-off-by: Christian Heimes --- .gitignore| 5 ++--- Makefile | 1 + ipaclient/setup.cfg | 10 ++ ipalib/setup.cfg | 10 ++ ipaplatform/setup.cfg | 10 ++ ipapython/setup.cfg | 10 ++ ipaserver/setup.cfg | 10 ++ ipatests/setup.cfg| 10 ++ 8 files changed, 63 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index ac69f97..ddd764f 100644 --- a/.gitignore +++ b/.gitignore @@ -24,7 +24,7 @@ ltmain.sh missing stamp-h1 libtool -build/ +/build/ compile # Python compilation @@ -39,12 +39,11 @@ freeipa2-dev-doc /freeipa.spec !/Makefile /dist/ -/*/dist/ /RELEASE /rpmbuild/ # Build /ipasetup.py -*.egg-info +/*.egg-info # Subdirectories /daemons/ipa-otpd/ipa-otpd diff --git a/Makefile b/Makefile index 761b57d..b40ff0f 100644 --- a/Makefile +++ b/Makefile @@ -131,6 +131,7 @@ pylint: bootstrap-autogen FILES=`find . \ -type d -exec test -e '{}/__init__.py' \; -print -prune -o \ -path '*/.*' -o \ + -path './build/*' -o \ -path './dist/*' -o \ -path './lextab.py' -o \ -path './yacctab.py' -o \ diff --git a/ipaclient/setup.cfg b/ipaclient/setup.cfg index 34abb12..754af4a 100644 --- a/ipaclient/setup.cfg +++ b/ipaclient/setup.cfg @@ -1,5 +1,15 @@ +[build] +build-base = ../build/ipaclient + +[sdist] +dist-dir = ../dist + +[egg_info] +egg-base = ../ + [bdist_wheel] universal = 1 +dist-dir = ../dist [metadata] license_file = ../COPYING diff --git a/ipalib/setup.cfg b/ipalib/setup.cfg index 34abb12..b5b64cb 100644 --- a/ipalib/setup.cfg +++ b/ipalib/setup.cfg @@ -1,5 +1,15 @@ +[build] +build-base = ../build/ipalib + +[sdist] +dist-dir = ../dist + +[egg_info] +egg-base = ../ + [bdist_wheel] universal = 1 +dist-dir = ../dist [metadata] license_file = ../COPYING diff --git a/ipaplatform/setup.cfg b/ipaplatform/setup.cfg index 34abb12..9e759f5 100644 --- a/ipaplatform/setup.cfg +++ b/ipaplatform/setup.cfg @@ -1,5 +1,15 @@ +[build] +build-base = ../build/ipaplatform + +[sdist] +dist-dir = ../dist + +[egg_info] +egg-base = ../ + [bdist_wheel] universal = 1 +dist-dir = ../dist [metadata] license_file = ../COPYING diff --git a/ipapython/setup.cfg b/ipapython/setup.cfg index 34abb12..ff2e622 100644 --- a/ipapython/setup.cfg +++ b/ipapython/setup.cfg @@ -1,5 +1,15 @@ +[build] +build-base = ../build/ipapython + +[sdist] +dist-dir = ../dist + +[egg_info] +egg-base = ../ + [bdist_wheel] universal = 1 +dist-dir = ../dist [metadata] license_file = ../COPYING diff --git a/ipaserver/setup.cfg b/ipaserver/setup.cfg index 34abb12..0421dd5 100644 --- a/ipaserver/setup.cfg +++ b/ipaserver/setup.cfg @@ -1,5 +1,15 @@ +[build] +build-base = ../build/ipaserver + +[sdist] +dist-dir = ../dist + +[egg_info] +egg-base = ../ + [bdist_wheel] universal = 1 +dist-dir = ../dist [metadata] license_file = ../COPYING diff --git a/ipatests/setup.cfg b/ipatests/setup.cfg index 34abb12..4697272 100644 --- a/ipatests/setup.cfg +++ b/ipatests/setup.cfg @@ -1,5 +1,15 @@ +[build] +build-base = ../build/ipatests + +[sdist] +dist-dir = ../dist + +[egg_info] +egg-base = ../ + [bdist_wheel] universal = 1 +dist-dir = ../dist [metadata] license_file = ../COPYING -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#188][comment] Move Python build artefacts to top level directory
URL: https://github.com/freeipa/freeipa/pull/188 Title: #188: Move Python build artefacts to top level directory tiran commented: """ The PR will also simplifies @pspacek next branch a bit. """ See the full comment at https://github.com/freeipa/freeipa/pull/188#issuecomment-256312577 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#188][opened] Move Python build artefacts to top level directory
URL: https://github.com/freeipa/freeipa/pull/188 Author: tiran Title: #188: Move Python build artefacts to top level directory Action: opened PR body: """ All setup.py use the same build, dist and *.egg-info directory on top level. Build artefacts are no longer placed in local build directories. Signed-off-by: Christian Heimes""" To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/188/head:pr188 git checkout pr188 From 8582e7e172a235892e28bf15eba25ab7902726e1 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Wed, 26 Oct 2016 12:33:07 +0200 Subject: [PATCH] Move Python build artefacts to top level directory All setup.py use the same build, dist and *.egg-info directory on top level. Build artefacts are no longer placed in local build directories. Signed-off-by: Christian Heimes --- .gitignore| 5 ++--- ipaclient/setup.cfg | 10 ++ ipalib/setup.cfg | 10 ++ ipaplatform/setup.cfg | 10 ++ ipapython/setup.cfg | 10 ++ ipaserver/setup.cfg | 10 ++ ipatests/setup.cfg| 10 ++ 7 files changed, 62 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index ac69f97..ddd764f 100644 --- a/.gitignore +++ b/.gitignore @@ -24,7 +24,7 @@ ltmain.sh missing stamp-h1 libtool -build/ +/build/ compile # Python compilation @@ -39,12 +39,11 @@ freeipa2-dev-doc /freeipa.spec !/Makefile /dist/ -/*/dist/ /RELEASE /rpmbuild/ # Build /ipasetup.py -*.egg-info +/*.egg-info # Subdirectories /daemons/ipa-otpd/ipa-otpd diff --git a/ipaclient/setup.cfg b/ipaclient/setup.cfg index 34abb12..b540960 100644 --- a/ipaclient/setup.cfg +++ b/ipaclient/setup.cfg @@ -1,5 +1,15 @@ +[build] +build-base = ../build + +[sdist] +dist-dir = ../dist + +[egg_info] +egg-base = ../ + [bdist_wheel] universal = 1 +dist-dir = ../dist [metadata] license_file = ../COPYING diff --git a/ipalib/setup.cfg b/ipalib/setup.cfg index 34abb12..b540960 100644 --- a/ipalib/setup.cfg +++ b/ipalib/setup.cfg @@ -1,5 +1,15 @@ +[build] +build-base = ../build + +[sdist] +dist-dir = ../dist + +[egg_info] +egg-base = ../ + [bdist_wheel] universal = 1 +dist-dir = ../dist [metadata] license_file = ../COPYING diff --git a/ipaplatform/setup.cfg b/ipaplatform/setup.cfg index 34abb12..b540960 100644 --- a/ipaplatform/setup.cfg +++ b/ipaplatform/setup.cfg @@ -1,5 +1,15 @@ +[build] +build-base = ../build + +[sdist] +dist-dir = ../dist + +[egg_info] +egg-base = ../ + [bdist_wheel] universal = 1 +dist-dir = ../dist [metadata] license_file = ../COPYING diff --git a/ipapython/setup.cfg b/ipapython/setup.cfg index 34abb12..b540960 100644 --- a/ipapython/setup.cfg +++ b/ipapython/setup.cfg @@ -1,5 +1,15 @@ +[build] +build-base = ../build + +[sdist] +dist-dir = ../dist + +[egg_info] +egg-base = ../ + [bdist_wheel] universal = 1 +dist-dir = ../dist [metadata] license_file = ../COPYING diff --git a/ipaserver/setup.cfg b/ipaserver/setup.cfg index 34abb12..b540960 100644 --- a/ipaserver/setup.cfg +++ b/ipaserver/setup.cfg @@ -1,5 +1,15 @@ +[build] +build-base = ../build + +[sdist] +dist-dir = ../dist + +[egg_info] +egg-base = ../ + [bdist_wheel] universal = 1 +dist-dir = ../dist [metadata] license_file = ../COPYING diff --git a/ipatests/setup.cfg b/ipatests/setup.cfg index 34abb12..b540960 100644 --- a/ipatests/setup.cfg +++ b/ipatests/setup.cfg @@ -1,5 +1,15 @@ +[build] +build-base = ../build + +[sdist] +dist-dir = ../dist + +[egg_info] +egg-base = ../ + [bdist_wheel] universal = 1 +dist-dir = ../dist [metadata] license_file = ../COPYING -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#184][reopened] Minor install script fixes
URL: https://github.com/freeipa/freeipa/pull/184 Author: simo5 Title: #184: Minor install script fixes Action: reopened To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/184/head:pr184 git checkout pr184 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#187][opened] Register entry points of Custodia plugins
URL: https://github.com/freeipa/freeipa/pull/187 Author: tiran Title: #187: Register entry points of Custodia plugins Action: opened PR body: """ With setuptools in place FreeIPA is able to register its Custodia plugins. Custodia 0.1 ignores the plugins directives. Custodia 0.2 uses the entry points to discover plugins. Signed-off-by: Christian Heimes""" To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/187/head:pr187 git checkout pr187 From 93b052a03d86cce6b9ee01072fc3a7d3d16b8ec2 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Wed, 26 Oct 2016 11:14:06 +0200 Subject: [PATCH] Register entry points of Custodia plugins With setuptools in place FreeIPA is able to register its Custodia plugins. Custodia 0.1 ignores the plugins directives. Custodia 0.2 uses the entry points to discover plugins. Signed-off-by: Christian Heimes --- ipapython/setup.py | 8 1 file changed, 8 insertions(+) diff --git a/ipapython/setup.py b/ipapython/setup.py index 47acdd6..28937eb 100755 --- a/ipapython/setup.py +++ b/ipapython/setup.py @@ -38,4 +38,12 @@ "ipapython.secrets", "ipapython.install" ], +entry_points={ +'custodia.authorizers': [ +'IPAKEMKeys = ipapython.secrets.kem:IPAKEMKeys', +], +'custodia.stores': [ +'iSecStore = ipapython.secrets.store:iSecStore', +], +}, ) -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#186][opened] replicainstall: log ACI and LDAP errors in promotion check
URL: https://github.com/freeipa/freeipa/pull/186 Author: pvoborni Title: #186: replicainstall: log ACI and LDAP errors in promotion check Action: opened PR body: """ to enable debugging of such errors. E.g.: https://fedorahosted.org/freeipa/ticket/5741 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/186/head:pr186 git checkout pr186 From 178c899fb837bad440095ffc4e21804eb7057e1e Mon Sep 17 00:00:00 2001 From: Petr VobornikDate: Thu, 24 Mar 2016 15:24:23 +0100 Subject: [PATCH] replicainstall: log ACI and LDAP errors in promotion check to enable debugging of such errors. E.g.: https://fedorahosted.org/freeipa/ticket/5741 --- ipaserver/install/server/replicainstall.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 6c9f598..d9c61f4 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -14,6 +14,7 @@ import shutil import socket import tempfile +import traceback import six @@ -1316,8 +1317,10 @@ def promote_check(installer): broadcast_ip_address_warning(config.ips) except errors.ACIError: +root_logger.debug(traceback.format_exc()) raise ScriptError("\nInsufficient privileges to promote the server.") except errors.LDAPError: +root_logger.debug(traceback.format_exc()) raise ScriptError("\nUnable to connect to LDAP server %s" % config.master_host_name) finally: -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 956 replicainstall: log ACI and LDAP errors in promotion check
On 10/26/2016 09:53 AM, Martin Basti wrote: > > > On 30.03.2016 10:06, Martin Basti wrote: >> >> >> On 24.03.2016 15:27, Petr Vobornik wrote: >>> to enable debugging of such errors. >>> >>> E.g.: https://fedorahosted.org/freeipa/ticket/5741 >>> >>> >> Can we log the whole traceback to get exact place where error happened? >> >> Martin^2 >> >> > bump > replaced by: https://github.com/freeipa/freeipa/pull/186 -- Petr Vobornik -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0102-0104: webui: Add support for setting custom table pagination size
On 11.08.2016 16:18, Pavel Vomacka wrote: Hello, please review attached patches. https://fedorahosted.org/freeipa/ticket/5742 bump for review -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] webui: 0084, 0101: refactoring rpc module
On 09.08.2016 13:29, Pavel Vomacka wrote: Hello, please review attached patches. The rpc module is now separated from display layer and changing activity text while loading metadata. https://fedorahosted.org/freeipa/ticket/6144 bump for review -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 956 replicainstall: log ACI and LDAP errors in promotion check
On 30.03.2016 10:06, Martin Basti wrote: On 24.03.2016 15:27, Petr Vobornik wrote: to enable debugging of such errors. E.g.: https://fedorahosted.org/freeipa/ticket/5741 Can we log the whole traceback to get exact place where error happened? Martin^2 bump -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] restrict setkeytab operation
On 31.08.2016 14:36, Martin Basti wrote: On 26.07.2016 13:38, Simo Sorce wrote: On Mon, 2016-07-25 at 11:26 -0400, Simo Sorce wrote: On Mon, 2016-07-25 at 11:10 -0400, Rob Crittenden wrote: Simo Sorce wrote: On Mon, 2016-07-25 at 10:55 -0400, Rob Crittenden wrote: Simo Sorce wrote: As described in #232 start restricting the use of the setkeytab operation to just the computers objects. I haven't tested this with older RHEL/CentOS machines that actully use the setkeytab operation as I do not have such an old VM handy right now. Meanwhile I'd like to know if ppl agree with this approach. What about services? Do we automatically acquire keytab for services in the old clients ? Are you thinking about scripted ipa-getkytab callouts ? You are limiting access to host keytabs, what about service keytabs? Should they be or are they now similarly restricted? Installers for something like Foreman may try to generate a service keytab in its installer, probably using admin credentials. I am planning to do the same in Openstack. Ok I'll amend the patch to allow service keytabs to still use the setkeytab control still, and restrict only users. However note that the idea of using this method is that admin can change this default on their own, so they can restrict more or less if they want, to that end I need to remember how to set a default that we do not override in the update file. Simo. Amended patch to allow services too. Only users are excluded. Simo. bump for review bump for review -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#139][comment] WebUI: Vault Management
URL: https://github.com/freeipa/freeipa/pull/139 Title: #139: WebUI: Vault Management pvomacka commented: """ Fixed PEP8 errors. """ See the full comment at https://github.com/freeipa/freeipa/pull/139#issuecomment-256271405 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#139][synchronized] WebUI: Vault Management
URL: https://github.com/freeipa/freeipa/pull/139 Author: pvomacka Title: #139: WebUI: Vault Management Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/139/head:pr139 git checkout pr139 From 0e038b2e6297e1045008d8aacccfcba067d6e7ab Mon Sep 17 00:00:00 2001 From: Pavel VomackaDate: Wed, 5 Oct 2016 09:54:24 +0200 Subject: [PATCH 01/13] Additional option to add and del operations can be set By setting the property 'additional_add_del_field' to the name of one of the fields which are on current details page, we choose field which value will be added to *_add_* and *_del_* commands in this format: {field_name: field_value} --field_name: field_value Part of: https://fedorahosted.org/freeipa/ticket/5426 --- install/ui/src/freeipa/association.js | 22 ++ 1 file changed, 22 insertions(+) diff --git a/install/ui/src/freeipa/association.js b/install/ui/src/freeipa/association.js index 7579bb0..d44f8c8 100644 --- a/install/ui/src/freeipa/association.js +++ b/install/ui/src/freeipa/association.js @@ -421,6 +421,14 @@ IPA.association_table_widget = function (spec) { var that = IPA.table_widget(spec); +/** + * The value should be name of the field, which will be added to *_add_*, + * *_del_* commands as option: {fieldname: fieldvalue}. + * + * @property {String} fieldname + */ +that.additional_add_del_field = spec.additional_add_del_field; + that.other_entity = IPA.get_entity(spec.other_entity); that.attribute_member = spec.attribute_member; @@ -677,9 +685,22 @@ IPA.association_table_widget = function (spec) { }); command.set_option(that.other_entity.name, values); +that.join_additional_option(command); + command.execute(); }; +that.join_additional_option = function(command) { +var add_opt = that.additional_add_del_field; +if (add_opt && typeof add_opt === 'string') { +var opt_field = that.entity.facet.get_field(add_opt); +var value; +if (opt_field) value = opt_field.get_value()[0]; + +command.set_option(add_opt, value); +} +}; + that.show_remove_dialog = function() { var selected_values = that.get_selected_values(); @@ -741,6 +762,7 @@ IPA.association_table_widget = function (spec) { }); command.set_option(that.other_entity.name, values); +that.join_additional_option(command); command.execute(); }; From 3f665d1ecff23515c68ff872e7d2fa23f570b0d6 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka Date: Wed, 5 Oct 2016 10:09:20 +0200 Subject: [PATCH 02/13] Allow to set another other_entity name Association table's add, del commands needs as option list of cn of other_entity, which is added or deleted. There is a case (currently in vaults) that the name of option is different than the name of other_entity. In this situation we can set 'other_option_name' and put there the option name. This option name will be used instead of 'other_entity' name. Part of: https://fedorahosted.org/freeipa/ticket/5426 --- install/ui/src/freeipa/association.js | 24 +--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/install/ui/src/freeipa/association.js b/install/ui/src/freeipa/association.js index d44f8c8..63beeb8 100644 --- a/install/ui/src/freeipa/association.js +++ b/install/ui/src/freeipa/association.js @@ -429,6 +429,17 @@ IPA.association_table_widget = function (spec) { */ that.additional_add_del_field = spec.additional_add_del_field; +/** + * Can be used in situations when the *_add_member command needs entity + * as a parameter, but parameter has different name than entity. + * i.e. vault_add_member --services=[values] ... this needs values from service + * entity, but option is called services, that we can set by setting + * this option in spec to other_option_name: 'services' + * + * @property other_option_name {String} + */ +that.other_option_name = spec.other_option_name; + that.other_entity = IPA.get_entity(spec.other_entity); that.attribute_member = spec.attribute_member; @@ -683,9 +694,9 @@ IPA.association_table_widget = function (spec) { on_success: on_success, on_error: on_error }); -command.set_option(that.other_entity.name, values); that.join_additional_option(command); +that.handle_entity_option(command, values); command.execute(); }; @@ -701,6 +712,14 @@ IPA.association_table_widget = function (spec) { } }; +that.handle_entity_option = function(command, values) { +var option_name = that.other_option_name; +if (!option_name) { +option_name = that.other_entity.name; +} +