[Freeipa-devel] [freeipa PR#355][synchronized] Set up DS TLS on replica in CA-less topology

2017-01-02 Thread frasertweedale 
   URL: https://github.com/freeipa/freeipa/pull/355
Author: frasertweedale
 Title: #355: Set up DS TLS on replica in CA-less topology
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/355/head:pr355
git checkout pr355
From d1ff655281116b0a74f5a1c5c491c3f2247317a4 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale 
Date: Tue, 20 Dec 2016 23:29:22 +1000
Subject: [PATCH 1/2] Set up DS TLS on replica in CA-less topology

Fixes: https://fedorahosted.org/freeipa/ticket/6226
---
 ipaserver/install/dsinstance.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index bcfcb05..2ac1041 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -390,7 +390,9 @@ def create_replica(self, realm_name, master_fqdn, fqdn,
 
 self.step("creating DS keytab", self._request_service_keytab)
 if self.promote:
-if self.ca_is_configured:
+if self.pkcs12_info:
+self.step("configuring ssl for ds instance", self.__enable_ssl)
+else:
 self.step("retrieving DS Certificate", self.__get_ds_cert)
 self.step("restarting directory server", self.__restart_instance)
 

From 7e347d7641a29f9e94251adc97c15a8bcee70230 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale 
Date: Tue, 3 Jan 2017 12:04:20 +1000
Subject: [PATCH 2/2] dsinstance: minor string fixes

Fixes: https://fedorahosted.org/freeipa/ticket/6586
---
 ipaserver/install/dsinstance.py | 13 +++--
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 2ac1041..a0fdc4a 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -278,7 +278,7 @@ def __common_setup(self, enable_ssl=False):
 self.step("creating indices", self.__create_indices)
 self.step("enabling referential integrity plugin", self.__add_referint_module)
 if enable_ssl:
-self.step("configuring ssl for ds instance", self.__enable_ssl)
+self.step("configuring TLS for DS instance", self.__enable_ssl)
 self.step("configuring certmap.conf", self.__certmap_conf)
 self.step("configure new location for managed entries", self.__repoint_managed_entries)
 self.step("configure dirsrv ccache", self.configure_dirsrv_ccache)
@@ -351,7 +351,7 @@ def create_instance(self, realm_name, fqdn, domain_name,
 def enable_ssl(self):
 self.steps = []
 
-self.step("configuring ssl for ds instance", self.__enable_ssl)
+self.step("configuring TLS for DS instance", self.__enable_ssl)
 self.step("restarting directory server", self.__restart_instance)
 self.step("adding CA certificate entry", self.__upload_ca_cert)
 
@@ -391,7 +391,7 @@ def create_replica(self, realm_name, master_fqdn, fqdn,
 self.step("creating DS keytab", self._request_service_keytab)
 if self.promote:
 if self.pkcs12_info:
-self.step("configuring ssl for ds instance", self.__enable_ssl)
+self.step("configuring TLS for DS instance", self.__enable_ssl)
 else:
 self.step("retrieving DS Certificate", self.__get_ds_cert)
 self.step("restarting directory server", self.__restart_instance)
@@ -559,9 +559,9 @@ def __create_instance(self):
 root_logger.debug("calling setup-ds.pl")
 try:
 ipautil.run(args)
-root_logger.debug("completed creating ds instance")
+root_logger.debug("completed creating DS instance")
 except ipautil.CalledProcessError as e:
-raise RuntimeError("failed to create ds instance %s" % e)
+raise RuntimeError("failed to create DS instance %s" % e)
 
 # check for open port 389 from now on
 self.open_ports.append(389)
@@ -1024,7 +1024,8 @@ def uninstall(self):
 try:
 services.knownservices.dirsrv.restart(ds_instance, wait=False)
 except Exception as e:
-root_logger.error('Unable to restart ds instance %s: %s', ds_instance, e)
+root_logger.error(
+'Unable to restart DS instance %s: %s', ds_instance, e)
 
 def stop_tracking_certificates(self, serverid=None):
 if serverid is None:
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#355][synchronized] Set up DS TLS on replica in CA-less topology

2017-01-02 Thread frasertweedale 
   URL: https://github.com/freeipa/freeipa/pull/355
Author: frasertweedale
 Title: #355: Set up DS TLS on replica in CA-less topology
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/355/head:pr355
git checkout pr355
From d1ff655281116b0a74f5a1c5c491c3f2247317a4 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale 
Date: Tue, 20 Dec 2016 23:29:22 +1000
Subject: [PATCH 1/2] Set up DS TLS on replica in CA-less topology

Fixes: https://fedorahosted.org/freeipa/ticket/6226
---
 ipaserver/install/dsinstance.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index bcfcb05..2ac1041 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -390,7 +390,9 @@ def create_replica(self, realm_name, master_fqdn, fqdn,
 
 self.step("creating DS keytab", self._request_service_keytab)
 if self.promote:
-if self.ca_is_configured:
+if self.pkcs12_info:
+self.step("configuring ssl for ds instance", self.__enable_ssl)
+else:
 self.step("retrieving DS Certificate", self.__get_ds_cert)
 self.step("restarting directory server", self.__restart_instance)
 

From 4780278fd3006187ca809f60b5f397c8d2dd6187 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale 
Date: Tue, 3 Jan 2017 12:04:20 +1000
Subject: [PATCH 2/2] dsinstance: minor string fixes

Fixes: https://fedorahosted.org/freeipa/ticket/6586
---
 ipaserver/install/dsinstance.py | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 2ac1041..5b0d91c 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -278,7 +278,7 @@ def __common_setup(self, enable_ssl=False):
 self.step("creating indices", self.__create_indices)
 self.step("enabling referential integrity plugin", self.__add_referint_module)
 if enable_ssl:
-self.step("configuring ssl for ds instance", self.__enable_ssl)
+self.step("configuring TLS for DS instance", self.__enable_ssl)
 self.step("configuring certmap.conf", self.__certmap_conf)
 self.step("configure new location for managed entries", self.__repoint_managed_entries)
 self.step("configure dirsrv ccache", self.configure_dirsrv_ccache)
@@ -351,7 +351,7 @@ def create_instance(self, realm_name, fqdn, domain_name,
 def enable_ssl(self):
 self.steps = []
 
-self.step("configuring ssl for ds instance", self.__enable_ssl)
+self.step("configuring TLS for DS instance", self.__enable_ssl)
 self.step("restarting directory server", self.__restart_instance)
 self.step("adding CA certificate entry", self.__upload_ca_cert)
 
@@ -391,7 +391,7 @@ def create_replica(self, realm_name, master_fqdn, fqdn,
 self.step("creating DS keytab", self._request_service_keytab)
 if self.promote:
 if self.pkcs12_info:
-self.step("configuring ssl for ds instance", self.__enable_ssl)
+self.step("configuring TLS for DS instance", self.__enable_ssl)
 else:
 self.step("retrieving DS Certificate", self.__get_ds_cert)
 self.step("restarting directory server", self.__restart_instance)
@@ -559,9 +559,9 @@ def __create_instance(self):
 root_logger.debug("calling setup-ds.pl")
 try:
 ipautil.run(args)
-root_logger.debug("completed creating ds instance")
+root_logger.debug("completed creating DS instance")
 except ipautil.CalledProcessError as e:
-raise RuntimeError("failed to create ds instance %s" % e)
+raise RuntimeError("failed to create DS instance %s" % e)
 
 # check for open port 389 from now on
 self.open_ports.append(389)
@@ -1024,7 +1024,7 @@ def uninstall(self):
 try:
 services.knownservices.dirsrv.restart(ds_instance, wait=False)
 except Exception as e:
-root_logger.error('Unable to restart ds instance %s: %s', ds_instance, e)
+root_logger.error('Unable to restart DS instance %s: %s', ds_instance, e)
 
 def stop_tracking_certificates(self, serverid=None):
 if serverid is None:
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#355][synchronized] Set up DS TLS on replica in CA-less topology

2016-12-21 Thread frasertweedale 
   URL: https://github.com/freeipa/freeipa/pull/355
Author: frasertweedale
 Title: #355: Set up DS TLS on replica in CA-less topology
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/355/head:pr355
git checkout pr355
From 9e2e1fb71a6ef34cab56206346dc193305d71d82 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale 
Date: Tue, 20 Dec 2016 23:29:22 +1000
Subject: [PATCH] Set up DS TLS on replica in CA-less topology

Fixes: https://fedorahosted.org/freeipa/ticket/6226
---
 ipaserver/install/dsinstance.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index bcfcb05..2ac1041 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -390,7 +390,9 @@ def create_replica(self, realm_name, master_fqdn, fqdn,
 
 self.step("creating DS keytab", self._request_service_keytab)
 if self.promote:
-if self.ca_is_configured:
+if self.pkcs12_info:
+self.step("configuring ssl for ds instance", self.__enable_ssl)
+else:
 self.step("retrieving DS Certificate", self.__get_ds_cert)
 self.step("restarting directory server", self.__restart_instance)
 
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#355][synchronized] Set up DS TLS on replica in CA-less topology

2016-12-21 Thread frasertweedale 
   URL: https://github.com/freeipa/freeipa/pull/355
Author: frasertweedale
 Title: #355: Set up DS TLS on replica in CA-less topology
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/355/head:pr355
git checkout pr355
From 34ca89d344c623432dfec1bb04f4776cd9546eb6 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale 
Date: Tue, 20 Dec 2016 23:29:22 +1000
Subject: [PATCH] Set up DS TLS on replica in CA-less topology

Fixes: https://fedorahosted.org/freeipa/ticket/6226
---
 ipaserver/install/dsinstance.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index bcfcb05..2ac1041 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -390,7 +390,9 @@ def create_replica(self, realm_name, master_fqdn, fqdn,
 
 self.step("creating DS keytab", self._request_service_keytab)
 if self.promote:
-if self.ca_is_configured:
+if self.pkcs12_info:
+self.step("configuring ssl for ds instance", self.__enable_ssl)
+else:
 self.step("retrieving DS Certificate", self.__get_ds_cert)
 self.step("restarting directory server", self.__restart_instance)
 
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code