date:20161026

[Freeipa-devel] [freeipa PR#186][closed] replicainstall: log ACI and LDAP errors in promotion check

2016-10-26 Thread mbasti-rh

   URL: https://github.com/freeipa/freeipa/pull/186
Author: pvoborni
 Title: #186: replicainstall: log ACI and LDAP errors in promotion check
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/186/head:pr186
git checkout pr186
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#186][comment] replicainstall: log ACI and LDAP errors in promotion check

2016-10-26 Thread mbasti-rh

  URL: https://github.com/freeipa/freeipa/pull/186
Title: #186: replicainstall: log ACI and LDAP errors in promotion check

mbasti-rh commented:
"""
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/d0c17b4d9afb95db2abcd93096fa6626fd61870e
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/186#issuecomment-256404716
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#186][+pushed] replicainstall: log ACI and LDAP errors in promotion check

2016-10-26 Thread mbasti-rh

  URL: https://github.com/freeipa/freeipa/pull/186
Title: #186: replicainstall: log ACI and LDAP errors in promotion check

Label: +pushed
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#176][comment] cert-show: show validity in default output

2016-10-26 Thread mbasti-rh

  URL: https://github.com/freeipa/freeipa/pull/176
Title: #176: cert-show: show validity in default output

mbasti-rh commented:
"""
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/b6a3c9dc74ccef6f8e7df4123670d7e11269198c
ipa-4-4:
https://fedorahosted.org/freeipa/changeset/0d8f8896db8ad3a1c91cacfb009640602552f55f
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/176#issuecomment-256404255
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#176][+ack] cert-show: show validity in default output

2016-10-26 Thread mbasti-rh

  URL: https://github.com/freeipa/freeipa/pull/176
Title: #176: cert-show: show validity in default output

Label: +ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#176][+pushed] cert-show: show validity in default output

2016-10-26 Thread mbasti-rh

  URL: https://github.com/freeipa/freeipa/pull/176
Title: #176: cert-show: show validity in default output

Label: +pushed
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#163][closed] Do not create Object Signing certificate

2016-10-26 Thread mbasti-rh

   URL: https://github.com/freeipa/freeipa/pull/163
Author: frasertweedale
 Title: #163: Do not create Object Signing certificate
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/163/head:pr163
git checkout pr163
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#163][comment] Do not create Object Signing certificate

2016-10-26 Thread mbasti-rh

  URL: https://github.com/freeipa/freeipa/pull/163
Title: #163: Do not create Object Signing certificate

mbasti-rh commented:
"""
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/eb6bfd82f363405e3377b2a912b1152ba76625ae
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/163#issuecomment-256403076
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#163][+pushed] Do not create Object Signing certificate

2016-10-26 Thread mbasti-rh

  URL: https://github.com/freeipa/freeipa/pull/163
Title: #163: Do not create Object Signing certificate

Label: +pushed
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#163][comment] Do not create Object Signing certificate

2016-10-26 Thread mbasti-rh

  URL: https://github.com/freeipa/freeipa/pull/163
Title: #163: Do not create Object Signing certificate

mbasti-rh commented:
"""
Works for me
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/163#issuecomment-256402862
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#186][+ack] replicainstall: log ACI and LDAP errors in promotion check

2016-10-26 Thread mbasti-rh

  URL: https://github.com/freeipa/freeipa/pull/186
Title: #186: replicainstall: log ACI and LDAP errors in promotion check

Label: +ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#193][closed] [ipa-4-4] Make httpd publish its CA certificate on DL1

2016-10-26 Thread mbasti-rh

   URL: https://github.com/freeipa/freeipa/pull/193
Author: stlaz
 Title: #193: [ipa-4-4] Make httpd publish its CA certificate on DL1
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/193/head:pr193
git checkout pr193
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#193][+ack] [ipa-4-4] Make httpd publish its CA certificate on DL1

2016-10-26 Thread mbasti-rh

  URL: https://github.com/freeipa/freeipa/pull/193
Title: #193: [ipa-4-4] Make httpd publish its CA certificate on DL1

Label: +ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#193][comment] [ipa-4-4] Make httpd publish its CA certificate on DL1

2016-10-26 Thread mbasti-rh

  URL: https://github.com/freeipa/freeipa/pull/193
Title: #193: [ipa-4-4] Make httpd publish its CA certificate on DL1

mbasti-rh commented:
"""
Fixed upstream
ipa-4-4:
https://fedorahosted.org/freeipa/changeset/c84d920ce8b4ca634d72d7bd99652f93f98b0959
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/193#issuecomment-256398562
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#193][+pushed] [ipa-4-4] Make httpd publish its CA certificate on DL1

2016-10-26 Thread mbasti-rh

  URL: https://github.com/freeipa/freeipa/pull/193
Title: #193: [ipa-4-4] Make httpd publish its CA certificate on DL1

Label: +pushed
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#193][opened] [ipa-4-4] Make httpd publish its CA certificate on DL1

2016-10-26 Thread stlaz

   URL: https://github.com/freeipa/freeipa/pull/193
Author: stlaz
 Title: #193: [ipa-4-4] Make httpd publish its CA certificate on DL1
Action: opened

PR body:
"""
httpd did not publish its certificate on DL1 which could
cause issues during client installation in a rare corner
case where there would be no way of getting the certificate
but from a HTTP instance.

https://fedorahosted.org/freeipa/ticket/6393
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/193/head:pr193
git checkout pr193
From 6791beb8cb71311c36bac72db9467079e571fbbd Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka 
Date: Tue, 11 Oct 2016 15:48:47 +0200
Subject: [PATCH] Make httpd publish its CA certificate on DL1

httpd did not publish its certificate on DL1 which could
cause issues during client installation in a rare corner
case where there would be no way of getting the certificate
but from a HTTP instance.

https://fedorahosted.org/freeipa/ticket/6393
---
 ipaserver/install/httpinstance.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index 7914f4c..da46f4d 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -175,8 +175,7 @@ def create_instance(self, realm, fqdn, domain_name, dm_password=None,
 self.step("importing CA certificates from LDAP", self.__import_ca_certs)
 if autoconfig:
 self.step("setting up browser autoconfig", self.__setup_autoconfig)
-if not self.promote:
-self.step("publish CA cert", self.__publish_ca_cert)
+self.step("publish CA cert", self.__publish_ca_cert)
 self.step("clean up any existing httpd ccache", self.remove_httpd_ccache)
 self.step("configuring SELinux for httpd", self.configure_selinux_for_httpd)
 if not self.is_kdcproxy_configured():
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#151][comment] Make httpd publish its CA certificate on DL1

2016-10-26 Thread mbasti-rh

  URL: https://github.com/freeipa/freeipa/pull/151
Title: #151: Make httpd publish its CA certificate on DL1

mbasti-rh commented:
"""
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/5d15626b4db8f5e777e037680623badc86b6c31d
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/151#issuecomment-256394450
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#151][closed] Make httpd publish its CA certificate on DL1

2016-10-26 Thread mbasti-rh

   URL: https://github.com/freeipa/freeipa/pull/151
Author: stlaz
 Title: #151: Make httpd publish its CA certificate on DL1
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/151/head:pr151
git checkout pr151
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#151][+pushed] Make httpd publish its CA certificate on DL1

2016-10-26 Thread mbasti-rh

  URL: https://github.com/freeipa/freeipa/pull/151
Title: #151: Make httpd publish its CA certificate on DL1

Label: +pushed
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#192][comment] server-del: fix incorrect check for one IPA master

2016-10-26 Thread mbasti-rh

  URL: https://github.com/freeipa/freeipa/pull/192
Title: #192: server-del: fix incorrect check for one IPA master

mbasti-rh commented:
"""
LGTM, but I wrote possible improvement inline, please check.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/192#issuecomment-256376902
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#165][comment] Tests: Verify that cert-find show CA without --all

2016-10-26 Thread mbasti-rh

  URL: https://github.com/freeipa/freeipa/pull/165
Title: #165: Tests: Verify that cert-find show CA without --all

mbasti-rh commented:
"""
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/42d1a06bd1e856c14110c06ba0d9d946df36331d
ipa-4-4:
https://fedorahosted.org/freeipa/changeset/7fde0982610cdc19ac4e85a6759820130c66a233
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/165#issuecomment-256372338
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#151][synchronized] Make httpd publish its CA certificate on DL1

2016-10-26 Thread stlaz

   URL: https://github.com/freeipa/freeipa/pull/151
Author: stlaz
 Title: #151: Make httpd publish its CA certificate on DL1
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/151/head:pr151
git checkout pr151
From f71bb9e91758072d8c4c7c695f859ac6d4807242 Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka 
Date: Tue, 11 Oct 2016 15:48:47 +0200
Subject: [PATCH] Make httpd publish its CA certificate on DL1

httpd did not publish its certificate on DL1 which could
cause issues during client installation in a rare corner
case where there would be no way of getting the certificate
but from a HTTP instance.

https://fedorahosted.org/freeipa/ticket/6393
---
 ipaserver/install/httpinstance.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index 60d62c0..b102c82 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -171,8 +171,7 @@ def create_instance(self, realm, fqdn, domain_name, dm_password=None,
 self.step("setting up httpd keytab", self.__create_http_keytab)
 self.step("setting up ssl", self.__setup_ssl)
 self.step("importing CA certificates from LDAP", self.__import_ca_certs)
-if not self.promote:
-self.step("publish CA cert", self.__publish_ca_cert)
+self.step("publish CA cert", self.__publish_ca_cert)
 self.step("clean up any existing httpd ccache", self.remove_httpd_ccache)
 self.step("configuring SELinux for httpd", self.configure_selinux_for_httpd)
 if not self.is_kdcproxy_configured():
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#191][edited] Exclude testing ipa.pot file from zanata

2016-10-26 Thread mbasti-rh

   URL: https://github.com/freeipa/freeipa/pull/191
Author: mbasti-rh
 Title: #191: Exclude testing ipa.pot file from zanata
Action: edited

 Changed field: title
Original value:
"""
Zanata fix 4 4
"""

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#192][opened] server-del: fix incorrect check for one IPA master

2016-10-26 Thread martbab

   URL: https://github.com/freeipa/freeipa/pull/192
Author: martbab
 Title: #192: server-del: fix incorrect check for one IPA master
Action: opened

PR body:
"""
make the check more robust against returned container types for multivalued
attributes (lists vs. tuples).

https://fedorahosted.org/freeipa/ticket/6417
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/192/head:pr192
git checkout pr192
From 52b8dec120a341100b5401f06c8452e22716697e Mon Sep 17 00:00:00 2001
From: Martin Babinsky 
Date: Wed, 26 Oct 2016 16:07:21 +0200
Subject: [PATCH] server-del: fix incorrect check for one IPA master

make the check more robust against returned container types for multivalued
attributes (lists vs. tuples).

https://fedorahosted.org/freeipa/ticket/6417
---
 ipaserver/plugins/server.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ipaserver/plugins/server.py b/ipaserver/plugins/server.py
index ec71dbc..a739ee8 100644
--- a/ipaserver/plugins/server.py
+++ b/ipaserver/plugins/server.py
@@ -473,7 +473,7 @@ def handler(msg, ignore_last_of_role):
 ipa_masters = ipa_config['ipa_master_server']
 
 # skip these checks if the last master is being removed
-if ipa_masters == [hostname]:
+if list(ipa_masters) == [hostname]:
 return
 
 if self.api.Command.dns_is_enabled()['result']:
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#191][synchronized] Zanata fix 4 4

2016-10-26 Thread mbasti-rh

   URL: https://github.com/freeipa/freeipa/pull/191
Author: mbasti-rh
 Title: #191: Zanata fix 4 4
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/191/head:pr191
git checkout pr191
From 17db28e5920f3226c4cf839b57925a7f17352963 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Wed, 26 Oct 2016 15:48:21 +0200
Subject: [PATCH] Zanata: exlude testing ipa.pot file

Exlude testing file "ipatests/test_ipalib/data/ipa.pot" which should not be
uploaded to zanata.

https://fedorahosted.org/freeipa/ticket/6435
---
 zanata.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/zanata.xml b/zanata.xml
index d39a593..9566e46 100644
--- a/zanata.xml
+++ b/zanata.xml
@@ -6,6 +6,6 @@
   gettext
   .
   .
-
+  ipatests/test_ipalib/data/ipa.pot
   
 
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#190][opened] [4.4] Fix tests install dom0

2016-10-26 Thread mbasti-rh

   URL: https://github.com/freeipa/freeipa/pull/190
Author: mbasti-rh
 Title: #190: [4.4] Fix tests install dom0
Action: opened

PR body:
"""
Backport PR #136 to ipa-4-4
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/190/head:pr190
git checkout pr190
From 3fb600067dec553ab01e1c057e48975c1f33 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Tue, 4 Oct 2016 23:08:19 +0200
Subject: [PATCH 1/3] CI: extend replication layouts tests with KRA

KRA should be tested with warious replication topologies as well, mainly
in domain level 0

https://fedorahosted.org/freeipa/ticket/6088
---
 ipatests/test_integration/tasks.py | 18 ++--
 .../test_integration/test_replication_layouts.py   | 48 ++
 2 files changed, 63 insertions(+), 3 deletions(-)

diff --git a/ipatests/test_integration/tasks.py b/ipatests/test_integration/tasks.py
index ac36e2e..d730f73 100644
--- a/ipatests/test_integration/tasks.py
+++ b/ipatests/test_integration/tasks.py
@@ -983,12 +983,20 @@ def double_circle_topo(master, replicas, site_size=6):
 
 
 def install_topo(topo, master, replicas, clients, domain_level=None,
- skip_master=False, setup_replica_cas=True):
+ skip_master=False, setup_replica_cas=True,
+ setup_replica_kras=False):
 """Install IPA servers and clients in the given topology"""
+if setup_replica_kras and not setup_replica_cas:
+raise ValueError("Option 'setup_replica_kras' requires "
+ "'setup_replica_cas' set to True")
 replicas = list(replicas)
 installed = {master}
 if not skip_master:
-install_master(master, domain_level=domain_level)
+install_master(
+master,
+domain_level=domain_level,
+setup_kra=setup_replica_kras
+)
 
 add_a_records_for_hosts_in_master_domain(master)
 
@@ -998,7 +1006,11 @@ def install_topo(topo, master, replicas, clients, domain_level=None,
 connect_replica(parent, child)
 else:
 log.info('Installing replica %s from %s' % (parent, child))
-install_replica(parent, child, setup_ca=setup_replica_cas)
+install_replica(
+parent, child,
+setup_ca=setup_replica_cas,
+setup_kra=setup_replica_kras
+)
 installed.add(child)
 install_clients([master] + replicas, clients)
 
diff --git a/ipatests/test_integration/test_replication_layouts.py b/ipatests/test_integration/test_replication_layouts.py
index c178815..53cae7d 100644
--- a/ipatests/test_integration/test_replication_layouts.py
+++ b/ipatests/test_integration/test_replication_layouts.py
@@ -52,6 +52,16 @@ def test_line_topology_with_ca(self):
 self.replication_is_working()
 
 
+class TestLineTopologyWithCAKRA(LayoutsBaseTest):
+
+num_replicas = 3
+
+def test_line_topology_with_ca_kra(self):
+tasks.install_topo('line', self.master, self.replicas, [],
+   setup_replica_cas=True, setup_replica_kras=True)
+self.replication_is_working()
+
+
 class TestStarTopologyWithoutCA(LayoutsBaseTest):
 
 num_replicas = 3
@@ -72,6 +82,16 @@ def test_star_topology_with_ca(self):
 self.replication_is_working()
 
 
+class TestStarTopologyWithCAKRA(LayoutsBaseTest):
+
+num_replicas = 3
+
+def test_star_topology_with_ca_kra(self):
+tasks.install_topo('star', self.master, self.replicas, [],
+   setup_replica_cas=True, setup_replica_kras=True)
+self.replication_is_working()
+
+
 class TestCompleteTopologyWithoutCA(LayoutsBaseTest):
 
 num_replicas = 3
@@ -92,6 +112,16 @@ def test_complete_topology_with_ca(self):
 self.replication_is_working()
 
 
+class TestCompleteTopologyWithCAKRA(LayoutsBaseTest):
+
+num_replicas = 3
+
+def test_complete_topology_with_ca_kra(self):
+tasks.install_topo('complete', self.master, self.replicas, [],
+   setup_replica_cas=True, setup_replica_kras=True)
+self.replication_is_working()
+
+
 @pytest.mark.skipif(config.domain_level == DOMAIN_LEVEL_0,
 reason='does not work on DOMAIN_LEVEL_0 by design')
 class Test2ConnectedTopologyWithoutCA(LayoutsBaseTest):
@@ -112,6 +142,15 @@ def test_2_connected_topology_with_ca(self):
 self.replication_is_working()
 
 
+class Test2ConnectedTopologyWithCAKRA(LayoutsBaseTest):
+num_replicas = 33
+
+def test_2_connected_topology_with_ca_kra(self):
+tasks.install_topo('2-connected', self.master, self.replicas, [],
+   setup_replica_cas=True, setup_replica_kras=True)
+self.replication_is_working()
+
+
 @pytest.mark.skipif(config.domain_level == DOMAIN_LEVEL_0,
 reason='does not work on DOMAIN_LEVEL_0 by design')
 class

[Freeipa-devel] [freeipa PR#136][closed] Fix KRA install tests

2016-10-26 Thread mbasti-rh

   URL: https://github.com/freeipa/freeipa/pull/136
Author: mbasti-rh
 Title: #136: Fix KRA install tests
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/136/head:pr136
git checkout pr136
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#136][comment] Fix KRA install tests

2016-10-26 Thread mbasti-rh

  URL: https://github.com/freeipa/freeipa/pull/136
Title: #136: Fix KRA install tests

mbasti-rh commented:
"""
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/84ca1fc220c329b58fb6a22c8eb9bf17d3622c55
https://fedorahosted.org/freeipa/changeset/11d7b774c4d731896e3ab6109b6ed7d5524c1bec
https://fedorahosted.org/freeipa/changeset/9408085c58a1e9627c1fb4e1ba0343700e36d7e7
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/136#issuecomment-256341123
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#184][comment] Minor install script fixes

2016-10-26 Thread martbab

  URL: https://github.com/freeipa/freeipa/pull/184
Title: #184: Minor install script fixes

martbab commented:
"""
Reverted the Fix install scripts debugging  commit.

master:
* dc873007f8616ab9e77f903e235ba49f45ecde37 Revert "Fix install scripts 
debugging"
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/184#issuecomment-256334107
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#184][closed] Minor install script fixes

2016-10-26 Thread martbab

   URL: https://github.com/freeipa/freeipa/pull/184
Author: simo5
 Title: #184: Minor install script fixes
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/184/head:pr184
git checkout pr184
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#136][+ack] Fix KRA install tests

2016-10-26 Thread pvomacka

  URL: https://github.com/freeipa/freeipa/pull/136
Title: #136: Fix KRA install tests

Label: +ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#189][comment] Create relative symbol links

2016-10-26 Thread tiran

  URL: https://github.com/freeipa/freeipa/pull/189
Title: #189: Create relative symbol links

tiran commented:
"""
I ran into some strange issues while I was working on PR #188. The symlinks 
were both dangling symlinks and pointed to a directory that my user could not 
write to. Eventually I found the real culprit. I still think that relative 
symlinks are better. Python generally uses relative links for its aliases.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/189#issuecomment-256326175
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#184][comment] Minor install script fixes

2016-10-26 Thread abbra

  URL: https://github.com/freeipa/freeipa/pull/184
Title: #184: Minor install script fixes

abbra commented:
"""
I'm fine with that (revert --debug commit). Either alternative (make 
Configurable be aware of the debug or do a refactoring of an installer) is 
roughly going into the same direction. I certainly see a reason to have 
Configurable gain knowledge about --debug option to allow it to configure 
specific services in debug mode which would go beyond just setting up loggers 
in the installer itself.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/184#issuecomment-256325663
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#184][comment] Minor install script fixes

2016-10-26 Thread martbab

  URL: https://github.com/freeipa/freeipa/pull/184
Title: #184: Minor install script fixes

martbab commented:
"""
Note that the installer class has no access to debug options. These are only 
used in the containing ConfigureTool class to set up loggers (see 
https://git.fedorahosted.org/cgit/freeipa.git/tree/ipapython/install/cli.py#n267)
 and are not passed to the Configurable object.

We may need to revert commit #2 to unblock installation of FreeIPA server. The 
proper fix shall be implemented as a part of installer refactoring effort.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/184#issuecomment-256324868
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#189][comment] Create relative symbol links

2016-10-26 Thread rcritten

  URL: https://github.com/freeipa/freeipa/pull/189
Title: #189: Create relative symbol links

rcritten commented:
"""
I think you should add the reasoning for switching the link type to the commit 
message and if this is related to some higher-level ticket that should be 
included as well.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/189#issuecomment-256323936
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#188][comment] Move Python build artefacts to top level directory

2016-10-26 Thread tiran

  URL: https://github.com/freeipa/freeipa/pull/188
Title: #188: Move Python build artefacts to top level directory

tiran commented:
"""
I ran into some issues with ```make rpm```. ```setup.py``` started to pick up 
build artefacts of other packages. Now every package uses its own subdirectory 
under the top-level ```build``` directory.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/188#issuecomment-256323114
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#189][opened] Create relative symbol links

2016-10-26 Thread tiran

   URL: https://github.com/freeipa/freeipa/pull/189
Author: tiran
 Title: #189: Create relative symbol links
Action: opened

PR body:
"""
Instead of absolute symbolic links to /usr/bin/COMMAND the RPM spec now
creates relative symbolic links.

Signed-off-by: Christian Heimes 
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/189/head:pr189
git checkout pr189
From a97f0d47b50146885e0f0e1644e0d01e6e7b0686 Mon Sep 17 00:00:00 2001
From: Christian Heimes 
Date: Wed, 26 Oct 2016 13:37:53 +0200
Subject: [PATCH] Create relative symbol links

Instead of absolute symbolic links to /usr/bin/COMMAND the RPM spec now
creates relative symbolic links.

Signed-off-by: Christian Heimes 
---
 freeipa.spec.in | 18 +-
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 7d55a71..e2efc97 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -713,17 +713,17 @@ mv %{buildroot}%{_bindir}/ipa-test-task %{buildroot}%{_bindir}/ipa-test-task-%{p
 mv %{buildroot}%{_bindir}/ipa-run-tests %{buildroot}%{_bindir}/ipa-run-tests-%{python3_version}
 mv %{buildroot}%{_bindir}/ipa-test-config %{buildroot}%{_bindir}/ipa-test-config-%{python3_version}
 mv %{buildroot}%{_bindir}/ipa-test-task %{buildroot}%{_bindir}/ipa-test-task-%{python3_version}
-ln -s %{_bindir}/ipa-run-tests-%{python3_version} %{buildroot}%{_bindir}/ipa-run-tests-3
-ln -s %{_bindir}/ipa-test-config-%{python3_version} %{buildroot}%{_bindir}/ipa-test-config-3
-ln -s %{_bindir}/ipa-test-task-%{python3_version} %{buildroot}%{_bindir}/ipa-test-task-3
+ln -s -r %{buildroot}%{_bindir}/ipa-run-tests-%{python3_version} %{buildroot}%{_bindir}/ipa-run-tests-3
+ln -s -r %{buildroot}%{_bindir}/ipa-test-config-%{python3_version} %{buildroot}%{_bindir}/ipa-test-config-3
+ln -s -r %{buildroot}%{_bindir}/ipa-test-task-%{python3_version} %{buildroot}%{_bindir}/ipa-test-task-3
 %endif # with_python3
 
-ln -s %{_bindir}/ipa-run-tests-%{python2_version} %{buildroot}%{_bindir}/ipa-run-tests-2
-ln -s %{_bindir}/ipa-test-config-%{python2_version} %{buildroot}%{_bindir}/ipa-test-config-2
-ln -s %{_bindir}/ipa-test-task-%{python2_version} %{buildroot}%{_bindir}/ipa-test-task-2
-ln -s %{_bindir}/ipa-run-tests-%{python2_version} %{buildroot}%{_bindir}/ipa-run-tests
-ln -s %{_bindir}/ipa-test-config-%{python2_version} %{buildroot}%{_bindir}/ipa-test-config
-ln -s %{_bindir}/ipa-test-task-%{python2_version} %{buildroot}%{_bindir}/ipa-test-task
+ln -s -r %{buildroot}%{_bindir}/ipa-run-tests-%{python2_version} %{buildroot}%{_bindir}/ipa-run-tests-2
+ln -s -r %{buildroot}%{_bindir}/ipa-test-config-%{python2_version} %{buildroot}%{_bindir}/ipa-test-config-2
+ln -s -r %{buildroot}%{_bindir}/ipa-test-task-%{python2_version} %{buildroot}%{_bindir}/ipa-test-task-2
+ln -s -r %{buildroot}%{_bindir}/ipa-run-tests-%{python2_version} %{buildroot}%{_bindir}/ipa-run-tests
+ln -s -r %{buildroot}%{_bindir}/ipa-test-config-%{python2_version} %{buildroot}%{_bindir}/ipa-test-config
+ln -s -r %{buildroot}%{_bindir}/ipa-test-task-%{python2_version} %{buildroot}%{_bindir}/ipa-test-task
 
 %else
 make client-install DESTDIR=%{buildroot} LIBDIR=%{_libdir}
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#188][synchronized] Move Python build artefacts to top level directory

2016-10-26 Thread tiran

   URL: https://github.com/freeipa/freeipa/pull/188
Author: tiran
 Title: #188: Move Python build artefacts to top level directory
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/188/head:pr188
git checkout pr188
From 9e4e58bb7061bf9963350b1a1d66e0e7a4a04ca4 Mon Sep 17 00:00:00 2001
From: Christian Heimes 
Date: Wed, 26 Oct 2016 12:33:07 +0200
Subject: [PATCH] Move Python build artefacts to top level directory

All setup.py use the same build, dist and *.egg-info directory on top
level. Build artefacts are no longer placed in local build directories.

Signed-off-by: Christian Heimes 
---
 .gitignore|  5 ++---
 Makefile  |  1 +
 ipaclient/setup.cfg   | 10 ++
 ipalib/setup.cfg  | 10 ++
 ipaplatform/setup.cfg | 10 ++
 ipapython/setup.cfg   | 10 ++
 ipaserver/setup.cfg   | 10 ++
 ipatests/setup.cfg| 10 ++
 8 files changed, 63 insertions(+), 3 deletions(-)

diff --git a/.gitignore b/.gitignore
index ac69f97..ddd764f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -24,7 +24,7 @@ ltmain.sh
 missing
 stamp-h1
 libtool
-build/
+/build/
 compile
 
 # Python compilation
@@ -39,12 +39,11 @@ freeipa2-dev-doc
 /freeipa.spec
 !/Makefile
 /dist/
-/*/dist/
 /RELEASE
 /rpmbuild/
 # Build
 /ipasetup.py
-*.egg-info
+/*.egg-info
 
 # Subdirectories
 /daemons/ipa-otpd/ipa-otpd
diff --git a/Makefile b/Makefile
index 761b57d..b40ff0f 100644
--- a/Makefile
+++ b/Makefile
@@ -131,6 +131,7 @@ pylint: bootstrap-autogen
 	FILES=`find . \
 		-type d -exec test -e '{}/__init__.py' \; -print -prune -o \
 		-path '*/.*' -o \
+		-path './build/*' -o \
 		-path './dist/*' -o \
 		-path './lextab.py' -o \
 		-path './yacctab.py' -o \
diff --git a/ipaclient/setup.cfg b/ipaclient/setup.cfg
index 34abb12..754af4a 100644
--- a/ipaclient/setup.cfg
+++ b/ipaclient/setup.cfg
@@ -1,5 +1,15 @@
+[build]
+build-base = ../build/ipaclient
+
+[sdist]
+dist-dir = ../dist
+
+[egg_info]
+egg-base = ../
+
 [bdist_wheel]
 universal = 1
+dist-dir = ../dist
 
 [metadata]
 license_file = ../COPYING
diff --git a/ipalib/setup.cfg b/ipalib/setup.cfg
index 34abb12..b5b64cb 100644
--- a/ipalib/setup.cfg
+++ b/ipalib/setup.cfg
@@ -1,5 +1,15 @@
+[build]
+build-base = ../build/ipalib
+
+[sdist]
+dist-dir = ../dist
+
+[egg_info]
+egg-base = ../
+
 [bdist_wheel]
 universal = 1
+dist-dir = ../dist
 
 [metadata]
 license_file = ../COPYING
diff --git a/ipaplatform/setup.cfg b/ipaplatform/setup.cfg
index 34abb12..9e759f5 100644
--- a/ipaplatform/setup.cfg
+++ b/ipaplatform/setup.cfg
@@ -1,5 +1,15 @@
+[build]
+build-base = ../build/ipaplatform
+
+[sdist]
+dist-dir = ../dist
+
+[egg_info]
+egg-base = ../
+
 [bdist_wheel]
 universal = 1
+dist-dir = ../dist
 
 [metadata]
 license_file = ../COPYING
diff --git a/ipapython/setup.cfg b/ipapython/setup.cfg
index 34abb12..ff2e622 100644
--- a/ipapython/setup.cfg
+++ b/ipapython/setup.cfg
@@ -1,5 +1,15 @@
+[build]
+build-base = ../build/ipapython
+
+[sdist]
+dist-dir = ../dist
+
+[egg_info]
+egg-base = ../
+
 [bdist_wheel]
 universal = 1
+dist-dir = ../dist
 
 [metadata]
 license_file = ../COPYING
diff --git a/ipaserver/setup.cfg b/ipaserver/setup.cfg
index 34abb12..0421dd5 100644
--- a/ipaserver/setup.cfg
+++ b/ipaserver/setup.cfg
@@ -1,5 +1,15 @@
+[build]
+build-base = ../build/ipaserver
+
+[sdist]
+dist-dir = ../dist
+
+[egg_info]
+egg-base = ../
+
 [bdist_wheel]
 universal = 1
+dist-dir = ../dist
 
 [metadata]
 license_file = ../COPYING
diff --git a/ipatests/setup.cfg b/ipatests/setup.cfg
index 34abb12..4697272 100644
--- a/ipatests/setup.cfg
+++ b/ipatests/setup.cfg
@@ -1,5 +1,15 @@
+[build]
+build-base = ../build/ipatests
+
+[sdist]
+dist-dir = ../dist
+
+[egg_info]
+egg-base = ../
+
 [bdist_wheel]
 universal = 1
+dist-dir = ../dist
 
 [metadata]
 license_file = ../COPYING
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#188][comment] Move Python build artefacts to top level directory

2016-10-26 Thread tiran

  URL: https://github.com/freeipa/freeipa/pull/188
Title: #188: Move Python build artefacts to top level directory

tiran commented:
"""
The PR will also simplifies @pspacek next branch a bit.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/188#issuecomment-256312577
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#188][opened] Move Python build artefacts to top level directory

2016-10-26 Thread tiran

   URL: https://github.com/freeipa/freeipa/pull/188
Author: tiran
 Title: #188: Move Python build artefacts to top level directory
Action: opened

PR body:
"""
All setup.py use the same build, dist and *.egg-info directory on top
level. Build artefacts are no longer placed in local build directories.

Signed-off-by: Christian Heimes 
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/188/head:pr188
git checkout pr188
From 8582e7e172a235892e28bf15eba25ab7902726e1 Mon Sep 17 00:00:00 2001
From: Christian Heimes 
Date: Wed, 26 Oct 2016 12:33:07 +0200
Subject: [PATCH] Move Python build artefacts to top level directory

All setup.py use the same build, dist and *.egg-info directory on top
level. Build artefacts are no longer placed in local build directories.

Signed-off-by: Christian Heimes 
---
 .gitignore|  5 ++---
 ipaclient/setup.cfg   | 10 ++
 ipalib/setup.cfg  | 10 ++
 ipaplatform/setup.cfg | 10 ++
 ipapython/setup.cfg   | 10 ++
 ipaserver/setup.cfg   | 10 ++
 ipatests/setup.cfg| 10 ++
 7 files changed, 62 insertions(+), 3 deletions(-)

diff --git a/.gitignore b/.gitignore
index ac69f97..ddd764f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -24,7 +24,7 @@ ltmain.sh
 missing
 stamp-h1
 libtool
-build/
+/build/
 compile
 
 # Python compilation
@@ -39,12 +39,11 @@ freeipa2-dev-doc
 /freeipa.spec
 !/Makefile
 /dist/
-/*/dist/
 /RELEASE
 /rpmbuild/
 # Build
 /ipasetup.py
-*.egg-info
+/*.egg-info
 
 # Subdirectories
 /daemons/ipa-otpd/ipa-otpd
diff --git a/ipaclient/setup.cfg b/ipaclient/setup.cfg
index 34abb12..b540960 100644
--- a/ipaclient/setup.cfg
+++ b/ipaclient/setup.cfg
@@ -1,5 +1,15 @@
+[build]
+build-base = ../build
+
+[sdist]
+dist-dir = ../dist
+
+[egg_info]
+egg-base = ../
+
 [bdist_wheel]
 universal = 1
+dist-dir = ../dist
 
 [metadata]
 license_file = ../COPYING
diff --git a/ipalib/setup.cfg b/ipalib/setup.cfg
index 34abb12..b540960 100644
--- a/ipalib/setup.cfg
+++ b/ipalib/setup.cfg
@@ -1,5 +1,15 @@
+[build]
+build-base = ../build
+
+[sdist]
+dist-dir = ../dist
+
+[egg_info]
+egg-base = ../
+
 [bdist_wheel]
 universal = 1
+dist-dir = ../dist
 
 [metadata]
 license_file = ../COPYING
diff --git a/ipaplatform/setup.cfg b/ipaplatform/setup.cfg
index 34abb12..b540960 100644
--- a/ipaplatform/setup.cfg
+++ b/ipaplatform/setup.cfg
@@ -1,5 +1,15 @@
+[build]
+build-base = ../build
+
+[sdist]
+dist-dir = ../dist
+
+[egg_info]
+egg-base = ../
+
 [bdist_wheel]
 universal = 1
+dist-dir = ../dist
 
 [metadata]
 license_file = ../COPYING
diff --git a/ipapython/setup.cfg b/ipapython/setup.cfg
index 34abb12..b540960 100644
--- a/ipapython/setup.cfg
+++ b/ipapython/setup.cfg
@@ -1,5 +1,15 @@
+[build]
+build-base = ../build
+
+[sdist]
+dist-dir = ../dist
+
+[egg_info]
+egg-base = ../
+
 [bdist_wheel]
 universal = 1
+dist-dir = ../dist
 
 [metadata]
 license_file = ../COPYING
diff --git a/ipaserver/setup.cfg b/ipaserver/setup.cfg
index 34abb12..b540960 100644
--- a/ipaserver/setup.cfg
+++ b/ipaserver/setup.cfg
@@ -1,5 +1,15 @@
+[build]
+build-base = ../build
+
+[sdist]
+dist-dir = ../dist
+
+[egg_info]
+egg-base = ../
+
 [bdist_wheel]
 universal = 1
+dist-dir = ../dist
 
 [metadata]
 license_file = ../COPYING
diff --git a/ipatests/setup.cfg b/ipatests/setup.cfg
index 34abb12..b540960 100644
--- a/ipatests/setup.cfg
+++ b/ipatests/setup.cfg
@@ -1,5 +1,15 @@
+[build]
+build-base = ../build
+
+[sdist]
+dist-dir = ../dist
+
+[egg_info]
+egg-base = ../
+
 [bdist_wheel]
 universal = 1
+dist-dir = ../dist
 
 [metadata]
 license_file = ../COPYING
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#184][reopened] Minor install script fixes

2016-10-26 Thread mbasti-rh

   URL: https://github.com/freeipa/freeipa/pull/184
Author: simo5
 Title: #184: Minor install script fixes
Action: reopened

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/184/head:pr184
git checkout pr184
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#187][opened] Register entry points of Custodia plugins

2016-10-26 Thread tiran

   URL: https://github.com/freeipa/freeipa/pull/187
Author: tiran
 Title: #187: Register entry points of Custodia plugins
Action: opened

PR body:
"""
With setuptools in place FreeIPA is able to register its Custodia
plugins. Custodia 0.1 ignores the plugins directives. Custodia 0.2 uses
the entry points to discover plugins.

Signed-off-by: Christian Heimes 
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/187/head:pr187
git checkout pr187
From 93b052a03d86cce6b9ee01072fc3a7d3d16b8ec2 Mon Sep 17 00:00:00 2001
From: Christian Heimes 
Date: Wed, 26 Oct 2016 11:14:06 +0200
Subject: [PATCH] Register entry points of Custodia plugins

With setuptools in place FreeIPA is able to register its Custodia
plugins. Custodia 0.1 ignores the plugins directives. Custodia 0.2 uses
the entry points to discover plugins.

Signed-off-by: Christian Heimes 
---
 ipapython/setup.py | 8 
 1 file changed, 8 insertions(+)

diff --git a/ipapython/setup.py b/ipapython/setup.py
index 47acdd6..28937eb 100755
--- a/ipapython/setup.py
+++ b/ipapython/setup.py
@@ -38,4 +38,12 @@
 "ipapython.secrets",
 "ipapython.install"
 ],
+entry_points={
+'custodia.authorizers': [
+'IPAKEMKeys = ipapython.secrets.kem:IPAKEMKeys',
+],
+'custodia.stores': [
+'iSecStore = ipapython.secrets.store:iSecStore',
+],
+},
 )
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#186][opened] replicainstall: log ACI and LDAP errors in promotion check

2016-10-26 Thread pvoborni

   URL: https://github.com/freeipa/freeipa/pull/186
Author: pvoborni
 Title: #186: replicainstall: log ACI and LDAP errors in promotion check
Action: opened

PR body:
"""
to enable debugging of such errors.

E.g.: https://fedorahosted.org/freeipa/ticket/5741
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/186/head:pr186
git checkout pr186
From 178c899fb837bad440095ffc4e21804eb7057e1e Mon Sep 17 00:00:00 2001
From: Petr Vobornik 
Date: Thu, 24 Mar 2016 15:24:23 +0100
Subject: [PATCH] replicainstall: log ACI and LDAP errors in promotion check

to enable debugging of such errors.

E.g.: https://fedorahosted.org/freeipa/ticket/5741
---
 ipaserver/install/server/replicainstall.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index 6c9f598..d9c61f4 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -14,6 +14,7 @@
 import shutil
 import socket
 import tempfile
+import traceback
 
 import six
 
@@ -1316,8 +1317,10 @@ def promote_check(installer):
 broadcast_ip_address_warning(config.ips)
 
 except errors.ACIError:
+root_logger.debug(traceback.format_exc())
 raise ScriptError("\nInsufficient privileges to promote the server.")
 except errors.LDAPError:
+root_logger.debug(traceback.format_exc())
 raise ScriptError("\nUnable to connect to LDAP server %s" %
   config.master_host_name)
 finally:
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] 956 replicainstall: log ACI and LDAP errors in promotion check

2016-10-26 Thread Petr Vobornik

On 10/26/2016 09:53 AM, Martin Basti wrote:
> 
> 
> On 30.03.2016 10:06, Martin Basti wrote:
>>
>>
>> On 24.03.2016 15:27, Petr Vobornik wrote:
>>> to enable debugging of such errors.
>>>
>>> E.g.: https://fedorahosted.org/freeipa/ticket/5741
>>>
>>>
>> Can we log the whole traceback to get exact place where error happened?
>>
>> Martin^2
>>
>>
> bump
> 

replaced by: https://github.com/freeipa/freeipa/pull/186


-- 
Petr Vobornik

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] 0102-0104: webui: Add support for setting custom table pagination size

2016-10-26 Thread Martin Basti




On 11.08.2016 16:18, Pavel Vomacka wrote:

Hello,

please review attached patches.

https://fedorahosted.org/freeipa/ticket/5742




bump for review
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] webui: 0084, 0101: refactoring rpc module

2016-10-26 Thread Martin Basti




On 09.08.2016 13:29, Pavel Vomacka wrote:

Hello,

please review attached patches.

The rpc module is now separated from display layer
and changing activity text while loading metadata.

https://fedorahosted.org/freeipa/ticket/6144




bump for review
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] 956 replicainstall: log ACI and LDAP errors in promotion check

2016-10-26 Thread Martin Basti




On 30.03.2016 10:06, Martin Basti wrote:



On 24.03.2016 15:27, Petr Vobornik wrote:

to enable debugging of such errors.

E.g.: https://fedorahosted.org/freeipa/ticket/5741



Can we log the whole traceback to get exact place where error happened?

Martin^2



bump
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] restrict setkeytab operation

2016-10-26 Thread Martin Basti




On 31.08.2016 14:36, Martin Basti wrote:




On 26.07.2016 13:38, Simo Sorce wrote:

On Mon, 2016-07-25 at 11:26 -0400, Simo Sorce wrote:

On Mon, 2016-07-25 at 11:10 -0400, Rob Crittenden wrote:

Simo Sorce wrote:

On Mon, 2016-07-25 at 10:55 -0400, Rob Crittenden wrote:

Simo Sorce wrote:

As described in #232 start restricting the use of the setkeytab
operation to just the computers objects.

I haven't tested this with older RHEL/CentOS machines that actully use
the setkeytab operation as I do not have such an old VM handy right now.

Meanwhile I'd like to know if ppl agree with this approach.

What about services?

Do we automatically acquire keytab for services in the old clients ?

Are you thinking about scripted ipa-getkytab callouts ?

You are limiting access to host keytabs, what about service keytabs?
Should they be or are they now similarly restricted?

Installers for something like Foreman may try to generate a service
keytab in its installer, probably using admin credentials. I am planning
to do the same in Openstack.

Ok I'll amend the patch to allow service keytabs to still use the
setkeytab control still, and restrict only users.
However note that the idea of using this method is that admin can change
this default on their own, so they can restrict more or less if they
want, to that end I need to remember how to set a default that we do not
override in the update file.

Simo.


Amended patch to allow services too.
Only users are excluded.

Simo.





bump for review



bump for review
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#139][comment] WebUI: Vault Management

2016-10-26 Thread pvomacka

  URL: https://github.com/freeipa/freeipa/pull/139
Title: #139: WebUI: Vault Management

pvomacka commented:
"""
Fixed PEP8 errors.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/139#issuecomment-256271405
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#139][synchronized] WebUI: Vault Management

2016-10-26 Thread pvomacka

   URL: https://github.com/freeipa/freeipa/pull/139
Author: pvomacka
 Title: #139: WebUI: Vault Management
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/139/head:pr139
git checkout pr139
From 0e038b2e6297e1045008d8aacccfcba067d6e7ab Mon Sep 17 00:00:00 2001
From: Pavel Vomacka 
Date: Wed, 5 Oct 2016 09:54:24 +0200
Subject: [PATCH 01/13] Additional option to add and del operations can be set

By setting the property 'additional_add_del_field' to the name of one of
the fields which are on current details page, we choose field which value
will be added to  *_add_* and *_del_* commands in this format:

{field_name: field_value}
--field_name: field_value

Part of: https://fedorahosted.org/freeipa/ticket/5426
---
 install/ui/src/freeipa/association.js | 22 ++
 1 file changed, 22 insertions(+)

diff --git a/install/ui/src/freeipa/association.js b/install/ui/src/freeipa/association.js
index 7579bb0..d44f8c8 100644
--- a/install/ui/src/freeipa/association.js
+++ b/install/ui/src/freeipa/association.js
@@ -421,6 +421,14 @@ IPA.association_table_widget = function (spec) {
 
 var that = IPA.table_widget(spec);
 
+/**
+ * The value should be name of the field, which will be added to *_add_*,
+ * *_del_* commands as option: {fieldname: fieldvalue}.
+ *
+ * @property {String} fieldname
+ */
+that.additional_add_del_field = spec.additional_add_del_field;
+
 that.other_entity = IPA.get_entity(spec.other_entity);
 that.attribute_member = spec.attribute_member;
 
@@ -677,9 +685,22 @@ IPA.association_table_widget = function (spec) {
 });
 command.set_option(that.other_entity.name, values);
 
+that.join_additional_option(command);
+
 command.execute();
 };
 
+that.join_additional_option = function(command) {
+var add_opt = that.additional_add_del_field;
+if (add_opt && typeof add_opt === 'string') {
+var opt_field = that.entity.facet.get_field(add_opt);
+var value;
+if (opt_field) value = opt_field.get_value()[0];
+
+command.set_option(add_opt, value);
+}
+};
+
 that.show_remove_dialog = function() {
 
 var selected_values = that.get_selected_values();
@@ -741,6 +762,7 @@ IPA.association_table_widget = function (spec) {
 });
 
 command.set_option(that.other_entity.name, values);
+that.join_additional_option(command);
 
 command.execute();
 };

From 3f665d1ecff23515c68ff872e7d2fa23f570b0d6 Mon Sep 17 00:00:00 2001
From: Pavel Vomacka 
Date: Wed, 5 Oct 2016 10:09:20 +0200
Subject: [PATCH 02/13] Allow to set another other_entity name

Association table's add, del commands needs as option list of cn of
other_entity, which is added or deleted. There is a case (currently in vaults)
that the name of option is different than the name of other_entity.
In this situation we can set 'other_option_name' and put there the option name.
This option name will be used instead of 'other_entity' name.

Part of: https://fedorahosted.org/freeipa/ticket/5426
---
 install/ui/src/freeipa/association.js | 24 +---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/install/ui/src/freeipa/association.js b/install/ui/src/freeipa/association.js
index d44f8c8..63beeb8 100644
--- a/install/ui/src/freeipa/association.js
+++ b/install/ui/src/freeipa/association.js
@@ -429,6 +429,17 @@ IPA.association_table_widget = function (spec) {
  */
 that.additional_add_del_field = spec.additional_add_del_field;
 
+/**
+ * Can be used in situations when the *_add_member command needs entity
+ * as a parameter, but parameter has different name than entity.
+ * i.e. vault_add_member --services=[values] ... this needs values from service
+ * entity, but option is called services, that we can set by setting
+ * this option in spec to other_option_name: 'services'
+ *
+ * @property other_option_name {String}
+ */
+that.other_option_name = spec.other_option_name;
+
 that.other_entity = IPA.get_entity(spec.other_entity);
 that.attribute_member = spec.attribute_member;
 
@@ -683,9 +694,9 @@ IPA.association_table_widget = function (spec) {
 on_success: on_success,
 on_error: on_error
 });
-command.set_option(that.other_entity.name, values);
 
 that.join_additional_option(command);
+that.handle_entity_option(command, values);
 
 command.execute();
 };
@@ -701,6 +712,14 @@ IPA.association_table_widget = function (spec) {
 }
 };
 
+that.handle_entity_option = function(command, values) {
+var option_name = that.other_option_name;
+if (!option_name) {
+option_name = that.other_entity.name;
+}
+

50 matches

Mail list logo