/home/admin: No such file or directory
Ade Lee noticed that the replica install is failing before it ever
attempts to talk to the Master, which corresponds with what I am
seeing. I see in the PKI install log that
[2011-08-24 22:23:50] [error] FAILED run_command(/sbin/service pki-cad
On Tue, 2011-11-01 at 12:49 -0400, Simo Sorce wrote:
On Tue, 2011-11-01 at 12:40 -0400, Richard Megginson wrote:
- Original Message -
We had a brief discussion on unifying the PKI and IPA Directory
Server instances. Here are my notes from it. Please fill out the
On Wed, 2011-11-02 at 16:03 -0400, Adam Young wrote:
To clarify: there are two types of Data stored in the PKI CA DS
instances. One is Users and groups (IdM), and the other is
certificates and requests.
The CA currently administers its own users: creates, add deletes, add
privs and
On Thu, 2011-11-03 at 09:20 -0400, Adam Young wrote:
On 11/03/2011 12:56 AM, Simo Sorce wrote:
On Wed, 2011-11-02 at 20:25 -0400, Adam Young wrote:
On 11/02/2011 06:19 PM, Rob Crittenden wrote:
Simo Sorce wrote:
On Wed, 2011-11-02 at 16:44 -0400, Ade Lee wrote:
On Wed, 2011-11-02 at 16
On Thu, 2011-11-03 at 09:22 -0400, Rob Crittenden wrote:
Ade Lee wrote:
On Wed, 2011-11-02 at 16:03 -0400, Adam Young wrote:
To clarify: there are two types of Data stored in the PKI CA DS
instances. One is Users and groups (IdM), and the other is
certificates and requests.
The CA
Hi all,
Based on conversations with Adam, Simo and Rob, here are some thoughts
on $subject:
http://pki.fedoraproject.org/wiki/Merging_IPA_and_Dogtag_Databases
I'll probably add more later - like the details on how cloned instance
installation will run.
Comments are welcome.
Ade
17 00:00:00 2001
From: Ade Lee a...@redhat.com
Date: Sun, 29 Jul 2012 14:07:31 -0400
Subject: [PATCH] Modifications to install scripts for dogtag 10
Dogtag 10 uses a new installer, new directory layout and new default
ports. This patch changes the ipa install code to integrate these changes
On Wed, 2012-08-15 at 13:24 +0200, Martin Kosek wrote:
On 08/08/2012 10:05 PM, Ade Lee wrote:
Hi,
Dogtag 10 is being released on f18, and has a number of changes that
will affect IPA. In particular, the following changes will affect
current IPA code.
* The directory layout
On Wed, 2012-08-15 at 16:34 +0200, Martin Kosek wrote:
On 08/15/2012 03:54 PM, Ade Lee wrote:
On Wed, 2012-08-15 at 13:24 +0200, Martin Kosek wrote:
On 08/08/2012 10:05 PM, Ade Lee wrote:
Hi,
Dogtag 10 is being released on f18, and has a number of changes that
will affect IPA
On Wed, 2012-08-15 at 23:41 -0400, Ade Lee wrote:
On Wed, 2012-08-15 at 16:34 +0200, Martin Kosek wrote:
On 08/15/2012 03:54 PM, Ade Lee wrote:
On Wed, 2012-08-15 at 13:24 +0200, Martin Kosek wrote:
On 08/08/2012 10:05 PM, Ade Lee wrote:
Hi,
Dogtag 10 is being released on f18
Patch attached this time. I should know better than to do this in the
middle of the night ..
On Thu, 2012-08-16 at 09:12 +0200, Martin Kosek wrote:
On 08/16/2012 07:53 AM, Ade Lee wrote:
On Wed, 2012-08-15 at 23:41 -0400, Ade Lee wrote:
On Wed, 2012-08-15 at 16:34 +0200, Martin Kosek wrote
On Thu, 2012-08-16 at 18:45 +0200, Martin Kosek wrote:
On 08/16/2012 01:28 PM, Ade Lee wrote:
Patch attached this time. I should know better than to do this in the
middle of the night ..
On Thu, 2012-08-16 at 09:12 +0200, Martin Kosek wrote:
On 08/16/2012 07:53 AM, Ade Lee wrote
On Thu, 2012-08-16 at 18:45 +0200, Martin Kosek wrote:
On 08/16/2012 01:28 PM, Ade Lee wrote:
Patch attached this time. I should know better than to do this in the
middle of the night ..
On Thu, 2012-08-16 at 09:12 +0200, Martin Kosek wrote:
On 08/16/2012 07:53 AM, Ade Lee wrote
On Fri, 2012-08-17 at 09:34 -0400, Ade Lee wrote:
On Thu, 2012-08-16 at 18:45 +0200, Martin Kosek wrote:
On 08/16/2012 01:28 PM, Ade Lee wrote:
Patch attached this time. I should know better than to do this in the
middle of the night ..
On Thu, 2012-08-16 at 09:12 +0200, Martin
:
On 08/27/2012 02:39 PM, Dmitri Pal wrote:
On 08/17/2012 12:06 PM, Rob Crittenden wrote:
Ade Lee wrote:
On Fri, 2012-08-17 at 09:34 -0400, Ade Lee wrote:
On Thu, 2012-08-16 at 18:45 +0200, Martin Kosek wrote:
On 08/16/2012 01:28 PM, Ade Lee wrote:
Patch attached this time. I should know
On Wed, 2012-09-05 at 16:43 -0400, Nalin Dahyabhai wrote:
On Wed, Aug 29, 2012 at 08:48:32AM -0400, Ade Lee wrote:
Incidentally, I ran this in permmissive selinux mode. The following
rules are required to be added:
#= certmonger_t
On Wed, 2012-09-05 at 17:44 -0400, Simo Sorce wrote:
On Wed, 2012-09-05 at 17:08 -0400, Ade Lee wrote:
On Wed, 2012-09-05 at 16:43 -0400, Nalin Dahyabhai wrote:
On Wed, Aug 29, 2012 at 08:48:32AM -0400, Ade Lee wrote:
Incidentally, I ran this in permmissive selinux mode. The following
On Wed, 2012-09-05 at 16:20 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On 08/31/2012 04:53 PM, Petr Viktorin wrote:
On 08/28/2012 03:40 PM, Petr Viktorin wrote:
On 08/17/2012 06:04 PM, Ade Lee wrote:
On Fri, 2012-08-17 at 09:34 -0400, Ade Lee wrote:
On Thu, 2012-08-16 at 18:45
On Mon, 2012-09-10 at 16:58 -0400, Rob Crittenden wrote:
Petr Viktorin wrote:
Attaching rebased and squashed patches. I've done some testing with them
but please test some more.
Most of these aren't IPA issues, but dogtag issues. I'll try to split
them out.
IPA:
For the
On Tue, 2012-09-11 at 08:59 -0400, Rob Crittenden wrote:
Petr Viktorin wrote:
On 09/11/2012 04:04 AM, Ade Lee wrote:
On Mon, 2012-09-10 at 16:58 -0400, Rob Crittenden wrote:
Petr Viktorin wrote:
Attaching rebased and squashed patches. I've done some testing with
them
but please test
On Tue, 2012-09-11 at 14:45 -0400, Rob Crittenden wrote:
Petr Viktorin wrote:
On 09/11/2012 04:38 PM, Rob Crittenden wrote:
Ade Lee wrote:
On Tue, 2012-09-11 at 08:59 -0400, Rob Crittenden wrote:
Petr Viktorin wrote:
On 09/11/2012 04:04 AM, Ade Lee wrote:
On Mon, 2012-09-10 at 16:58
On Wed, 2012-09-12 at 18:43 +0200, Petr Viktorin wrote:
On 09/11/2012 09:38 PM, Rob Crittenden wrote:
Rob Crittenden wrote:
Rob Crittenden wrote:
Petr Viktorin wrote:
On 09/11/2012 04:38 PM, Rob Crittenden wrote:
Ade Lee wrote:
On Tue, 2012-09-11 at 08:59 -0400, Rob Crittenden wrote
On Mon, 2012-09-17 at 14:32 +0200, Petr Viktorin wrote:
On 09/14/2012 11:19 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
On 09/12/2012 06:40 PM, Petr Viktorin wrote:
A new Dogtag build with changed pkispawn/pkidestroy locations should be
out later today. The attached patch should work
On Mon, 2012-09-17 at 14:32 +0200, Petr Viktorin wrote:
On 09/14/2012 11:19 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
On 09/12/2012 06:40 PM, Petr Viktorin wrote:
A new Dogtag build with changed pkispawn/pkidestroy locations should be
out later today. The attached patch should work
Its a bug. Basically, the d10 instance is trying to get an installation
token from the security domain, using a new restful interface. This, on
a dogtag 9 instance, results in a 404.
We need to change the d10 code to fall back to the old interface in case
the new one does not work.
Its a bug. Basically, the d10 instance is trying to get an installation
token from the security domain, using a new restful interface. This, on
a dogtag 9 instance, results in a 404.
We need to change the d10 code to fall back to the old interface in case
the new one does not work.
Its a bug. Basically, the d10 instance is trying to get an installation
token from the security domain, using a new restful interface. This, on
a dogtag 9 instance, results in a 404.
We need to change the d10 code to fall back to the old interface in case
the new one does not work.
Ade
On
. But as this will take awhile to get resolved, its
better to get this out for review as fast as possible.
Happy reviewing.
Ade
From f827c0d744086a65c574de06ee3ff85083429f87 Mon Sep 17 00:00:00 2001
From: Ade Lee a...@redhat.com
Date: Wed, 19 Sep 2012 23:35:42 -0400
Subject: [PATCH] Changes
On Mon, 2012-10-01 at 16:09 +0200, Martin Kosek wrote:
On 10/01/2012 03:35 PM, Petr Viktorin wrote:
On 09/27/2012 10:26 AM, Petr Viktorin wrote:
On 09/20/2012 05:58 AM, Ade Lee wrote:
Changes to use a single database for dogtag and IPA
New servers that are installed with dogtag 10
-devel
mailing list: http://www.redhat.com/mailman/listinfo/pki-devel
== Detailed Changelog ==
Ade Lee (4):
761a047 Updated release to a2
854ecce fall back to old interface for installtoken if needed
11e05d3 Use getStatus servlet to provide startup status
e1666df Changes to use standard dbuser
On Fri, 2012-10-05 at 16:45 +0200, Martin Kosek wrote:
On 10/05/2012 10:59 AM, Martin Kosek wrote:
On 10/04/2012 06:17 PM, Rob Crittenden wrote:
This changes the way IPA generates CRLs for new installs only.
The first master installed is configured as the CRL generator. An entry is
, Ade Lee wrote:
Attached is a patch to handle the ipa-replica-conncheck issue. It
should be applied on top of your patch.
Essentially, the fix is as follows:
A. If the DS_PORT = 7389, then we pass --check-ca in the
ipa-replica-conncheck to be executed on the master.
a1. If the master
On Fri, 2012-10-05 at 12:26 -0400, Simo Sorce wrote:
On Fri, 2012-10-05 at 12:19 -0400, Ade Lee wrote:
On Fri, 2012-10-05 at 16:45 +0200, Martin Kosek wrote:
On 10/05/2012 10:59 AM, Martin Kosek wrote:
On 10/04/2012 06:17 PM, Rob Crittenden wrote:
This changes the way IPA generates
and other feedback via the pki-devel
mailing list: http://www.redhat.com/mailman/listinfo/pki-devel
== Detailed Changelog ==
Ade Lee (11):
5ef10ba Update selinux-policy version to fix error from latest policy
81596ba fix spec typo
919434b Added build requires for version of selinux-policy-devel
---BeginMessage---
The Dogtag team is proud to announce version Dogtag v10.0.0 beta 2.
A build is available for Fedora 18 in the updates-testing repo. Please
try it out and provide karma to move it to the F18 stable repo.
Daily developer builds for Fedora 17 and 18 are available at
---BeginMessage---
The Dogtag team is proud to announce version Dogtag v10.0.0 Release
Candidate 1.
A build is available for Fedora 18 in the updates-testing repo. Please
try it out and provide karma to move it to the F18 stable repo.
Daily developer builds for Fedora 17 and 18 are available
On Wed, 2012-12-19 at 21:35 -0500, Simo Sorce wrote:
On Wed, 2012-12-19 at 22:41 +, JR Aquino wrote:
On Dec 19, 2012, at 2:32 PM, Simo Sorce wrote:
On Wed, 2012-12-19 at 20:52 +, JR Aquino wrote:
Due to a limitation with 389 DS, the nsslapd-maxbersize cannot be set
---BeginMessage---
The Dogtag team is proud to announce the release of Dogtag v10.0.0.
This release is being bundled with the GA release of Fedora 18, and
marks the culmination of over a year of development by the Dogtag team.
== Build Versions ==
pki-core-10.0.0-2.fc18
pki-ra-10.0.0-1.fc18
---BeginMessage---
The Dogtag team is proud to announce the first errata build for
Dogtag v10.0.0.
The only packages that are being modified are dogtag-pki and pki-core,
both of which are being released as version 10.0.1.
A build is available for Fedora 18 in the updates-testing repo. Please
The Dogtag team is proud to announce the second errata build for
Dogtag v10.0.0.
Builds are available for Fedora 18 and Fedora 19 in the updates-testing
repo. Please try it out and provide karma to move them to the F18 and
F19 stable repos.
Daily developer builds for Fedora 17, 18 and 19 are
The Dogtag team is proud to announce the third errata build for
Dogtag v10.0.0.
Builds are available for Fedora 18 and Fedora 19 in the updates-testing
repositories. Please try them out and provide karma to move them to the
F18 and F19 stable repositories.
== Build Versions ==
On Mon, 2013-06-10 at 16:35 +0200, Ana Krivokapic wrote:
On 06/07/2013 10:23 AM, Tomas Babej wrote:
On 05/15/2013 01:36 PM, Ana Krivokapic wrote:
On 05/15/2013 12:29 PM, Petr Viktorin wrote:
On 05/15/2013 12:04 PM, Tomas Babej wrote:
On 05/15/2013 11:40 AM, Ana Krivokapic
The Dogtag team is proud to announce the fourth errata build for
Dogtag 10.0.
Builds are available for Fedora 18 and Fedora 19 in the updates-testing
repositories. Please try them out and provide karma to move them to the
F18 and F19 stable repositories.
== Build Versions ==
pki-core-10.0.4-1
On Mon, 2013-08-26 at 12:38 -0400, Adam Young wrote:
Keystone needs signing certificates for Signing PKI tokens.
In addition, CERN has a developed an approach that allows user to
authenticate to Keystone via X509 for batch jobs. This requires Client
Certs.
Both of these use cases are
The Dogtag team is proud to announce the fifth errata build for
Dogtag 10.0.
Builds are available for Fedora 18 and Fedora 19 in the updates-testing
repositories. Please try them out and provide karma to move them to the
F18 and F19 stable repositories. Karma can be provided at
The Dogtag team is proud to announce the sixth errata build for
Dogtag 10.0.
Builds are available for Fedora 18 and Fedora 19 in the updates-testing
repositories. Please try them out and provide karma to move them to the
F18 and F19 stable repositories. Karma can be provided at
The Dogtag team is proud to announce the release of Dogtag v10.1.0.
This release is being released in conjunction with the GA release of
Fedora 20.
Due to changes in the way tomcat is started in Fedora 20, and the
corresponding changes in the Dogtag init scripts, Dogtag 10.1 will only
be
CA), or an existing clone.
Please review,
Thanks,
Ade
From 298aa20b554b5e17a0f7a1d4cf13e246fba9c8dc Mon Sep 17 00:00:00 2001
From: Ade Lee a...@redhat.com
Date: Tue, 18 Mar 2014 11:23:30 -0400
Subject: [PATCH] Add a DRM to IPA
This patch adds the capability of installing a Dogtag DRM
On Mon, 2014-04-07 at 09:48 +0200, Martin Kosek wrote:
Hi Rob, Ade and others,
In the past, Rob was investigating enabling random certificate serial numbers
for FreeIPA PKI [1]. We also have a ticket [2] planned to enable it for 4.0.
Can we simply switch it on for PKI with pkispawn
On Tue, 2014-04-08 at 09:52 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On 04/07/2014 10:40 PM, Rob Crittenden wrote:
Ade Lee wrote:
This patch adds the capability of installing a Dogtag DRM
to an IPA instance. With this patch, when ipa-server-install
is run
is to applied on top of the previous one.
So, patch 2 and then patch 3.
I will create a patch to address the issues mentioned below, as well as
some other formatting issues reported by pycharm.
Thanks,
Ade
On Tue, 2014-04-15 at 11:41 -0400, Rob Crittenden wrote:
Ade Lee wrote:
Attached a new
Welcome Fraser,
To build dogtag, you should start here:
http://pki.fedoraproject.org/wiki/Building_Dogtag_10
and I happen to know you'll be working on IPA/PKI stuff, you'll be
interested in reviewing the links under:
http://pki.fedoraproject.org/wiki/Dogtag#Resources_for_Client_Developers
The
2001
From: Ade Lee a...@redhat.com
Date: Wed, 30 Apr 2014 11:35:00 -0400
Subject: [PATCH 6/6] Added dogtag plugin for DRM
This is an initial commit providing the basic vault functionality.
This plugin will likely be modified as we create the code to call
some of these functions.
---
ipaserver
:
On 05/28/2014 08:48 AM, Fraser Tweedale wrote:
On Tue, May 27, 2014 at 05:57:40PM -0400, Ade Lee wrote:
There have been a couple of changes in the Dogtag interface, that
require some changes in the IPA patches. Also, I had to add back a
function in order to rebase to the latest IPA code
Design at:
http://pki.fedoraproject.org/wiki/Top-Level_Tree
This is a feature to change the tree structure of the Dogtag internal
database so that a new top level baseDN is available. This will
simplify the replication topology by allowing one to replicate all
subsystems in a tomcat instance
to run ipa-kra-install etc.
Please apply this on top of the previous patch. I'll go ahead and squash them
before commit.
Thanks,
Ade
- Original Message -
From: Ade Lee a...@redhat.com
To: Petr Viktorin pvikt...@redhat.com
Cc: freeipa-devel@redhat.com
Sent: Wednesday, August 13, 2014 2:05:51
On Wed, 2014-08-20 at 15:35 -0400, Rob Crittenden wrote:
Ade Lee wrote:
On Thu, 2014-08-14 at 14:29 +0200, Petr Viktorin wrote:
On 08/14/2014 10:53 AM, Martin Kosek wrote:
On 08/13/2014 09:54 PM, Ade Lee wrote:
In Dogtag, we have decided to revert the name of the DRM to the old name
As agreed on #irc, disabling uninstallation for now.
Please apply this new patch on top of the big one.
Ade
On Thu, 2014-08-21 at 01:15 -0400, Ade Lee wrote:
On Wed, 2014-08-20 at 15:35 -0400, Rob Crittenden wrote:
Ade Lee wrote:
On Thu, 2014-08-14 at 14:29 +0200, Petr Viktorin wrote
On Thu, 2014-08-21 at 21:52 +0200, Martin Kosek wrote:
On 08/21/2014 05:27 PM, Petr Viktorin wrote:
On 08/21/2014 03:48 PM, Ade Lee wrote:
As agreed on #irc, disabling uninstallation for now.
Please apply this new patch on top of the big one.
I'm fine with pushing a patch
Added man pages for ipa-kra-install. And its not even Tuesday yet :)
Please review,
Ade
From 571c77102577321bb2a524873904a83581f85a32 Mon Sep 17 00:00:00 2001
From: Ade Lee a...@redhat.com
Date: Sun, 24 Aug 2014 12:19:55 -0400
Subject: [PATCH] Added man page for ipa-kra-install
We plan to do an alpha build of Dogtag 10.2 on Fedora 21 at the end of
this week.
Ade
On Mon, 2014-08-25 at 13:14 +0200, Petr Viktorin wrote:
On 08/22/2014 03:28 PM, Petr Vobornik wrote:
[...]
Should the requirement of Dogtag 10.2 be reflected in a spec file?
Yes. Sorry for forgetting
, Petr Viktorin wrote:
On 08/24/2014 06:28 PM, Ade Lee wrote:
Added man pages for ipa-kra-install. And its not even Tuesday yet :)
Please review,
Ade
If I was new to this, I think I'd be quite lost.
I think the man page should briefly explain what KRA is -- just a
sentence would
New patch attached.
If OK, please commit for me.
Thanks,
Ade
On Mon, 2014-08-25 at 18:25 +0200, Petr Viktorin wrote:
On 08/25/2014 06:17 PM, Ade Lee wrote:
What if I add the following first paragraph?
The KRA (Key Recovery Authority) is a component used to securely store
secrets
Looks good to me. Thanks.
Ade
On Tue, 2014-08-26 at 14:13 +0200, Petr Viktorin wrote:
On 08/25/2014 06:37 PM, Ade Lee wrote:
New patch attached.
If OK, please commit for me.
Thanks,
Ade
I missed the argument list, where you have a deprecated option, and you
list -U for both
been built. (pki-core-10.2.0-0.8.fc20) Please update your
Dogtag build to this version.
Thanks,
Ade
From b039bc0a8ddc88e90830626f3b812e8ee29e7e08 Mon Sep 17 00:00:00 2001
From: Ade Lee a...@redhat.com
Date: Mon, 1 Sep 2014 22:49:54 -0400
Subject: [PATCH] Re-enable uninstall feature for ipa-kra
In order for IPA to use some new functionality in Profile Management and
Sub CAs, we need to add some additional schema to the Dogtag LDAP
instance.
Fraser has written a Dogtag upgrade script to do this upgrade, but this
script expects the DM password to be in password.conf. Some discussion
on
Fraser,
Continuing the discussion started previously, the question is whether
IPA should check for the presence of certain extensions.
There seem to be two kinds of problems which could be encountered here:
1. User could include a CSR which includes an extension that is not
valid for the
67 matches
Mail list logo