subject:"\[Freeipa\-devel\] \[freeipa PR#640\]\[comment\] Remove pkinit options from master\/replica on DL0"

[Freeipa-devel] [freeipa PR#640][comment] Remove pkinit options from master/replica on DL0

2017-03-30 Thread MartinBasti

  URL: https://github.com/freeipa/freeipa/pull/640
Title: #640: Remove pkinit options from master/replica on DL0

MartinBasti commented:
"""
master:

* 6cda1509a68d7a21578280d381a6b9e994fd4f49 Fix the order of cert-files check
* 9e3ae785ac9b62b8e0809a4aa56363c458316135 Don't allow setting pkinit-related 
options on DL0
* 8af884d0489d5d57895959d27ca6eb8815c6c922 replica-prepare man: remove pkinit 
option refs
* fe7cf1e854b7dc28861455011091df3cbe45abe9 Remove redundant option check for 
cert files


ipa-4-5:

* 497e766427b3ced865ff88a51cd0c2c96e8b24f9 Fix the order of cert-files check
* a1ad1ffa3540da4b5d5c1963b3818d9c9260e1a2 Don't allow setting pkinit-related 
options on DL0
* 85720b6bdc764b98dd471799ccc1045e1379709e replica-prepare man: remove pkinit 
option refs
* 8f7b6c349f4e81e88ef36f014e26de6b1f3f3e41 Remove redundant option check for 
cert files


"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/640#issuecomment-290414140
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#640][comment] Remove pkinit options from master/replica on DL0

2017-03-29 Thread martbab

  URL: https://github.com/freeipa/freeipa/pull/640
Title: #640: Remove pkinit options from master/replica on DL0

martbab commented:
"""
@MartinBasti WebUI not working in DL0/--no-pkinit is beyond the scope of this 
PR. I am working on fixing that in a separate PR.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/640#issuecomment-290052050
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#640][comment] Remove pkinit options from master/replica on DL0

2017-03-29 Thread stlaz

  URL: https://github.com/freeipa/freeipa/pull/640
Title: #640: Remove pkinit options from master/replica on DL0

stlaz commented:
"""
Pushed a cleaner version of the previous changes, thanks @HonzaCholasta for the 
suggestion.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/640#issuecomment-290012934
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#640][comment] Remove pkinit options from master/replica on DL0

2017-03-29 Thread stlaz

  URL: https://github.com/freeipa/freeipa/pull/640
Title: #640: Remove pkinit options from master/replica on DL0

stlaz commented:
"""
@MartinBasti Even though this commit basically breaks the behavior, it's not in 
its scope to fix it, it's somehow intended to break it, actually. It will be 
fixed elsewhere.

I fixed the issue with running this on replica and removed one redundant check 
as well.

I also noticed that DL0 replica has a usability issue where it checks for 
either `*-cert-file` option and requires them all, once it has it, it will say 
that these options can't be used with replica file. I will not fix that here, 
though.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/640#issuecomment-290005415
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#640][comment] Remove pkinit options from master/replica on DL0

2017-03-29 Thread stlaz

  URL: https://github.com/freeipa/freeipa/pull/640
Title: #640: Remove pkinit options from master/replica on DL0

stlaz commented:
"""
@MartinBasti Even though this commit basically breaks the behavior, it's not in 
its scope to fix it, it's somehow intended to break it, actually. It will be 
fixed elsewhere.

I fixed the issue with running this on replica and removed one redundant check 
as well.

I also noticed that DL0 replica has a usability issue where it checks for 
either `*-cert-file` option and requires them all, once it has it, it will say 
that these options can't be used with replica file. I will not fix that here, 
though.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/640#issuecomment-290005415
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#640][comment] Remove pkinit options from master/replica on DL0

2017-03-28 Thread MartinBasti

  URL: https://github.com/freeipa/freeipa/pull/640
Title: #640: Remove pkinit options from master/replica on DL0

MartinBasti commented:
"""
With this PR applied I cannot use webUI with DL0
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/640#issuecomment-289721101
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#640][comment] Remove pkinit options from master/replica on DL0

2017-03-28 Thread stlaz

  URL: https://github.com/freeipa/freeipa/pull/640
Title: #640: Remove pkinit options from master/replica on DL0

stlaz commented:
"""
Ah, right, replica does not have `domain_level` option  
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/640#issuecomment-289684664
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#640][comment] Remove pkinit options from master/replica on DL0

2017-03-27 Thread MartinBasti

  URL: https://github.com/freeipa/freeipa/pull/640
Title: #640: Remove pkinit options from master/replica on DL0

MartinBasti commented:
"""
```
ipa-replica-install --no-pkinit  (as negative test without master installed)

2017-03-27T17:04:09Z DEBUG Logging to /var/log/ipareplica-install.log
2017-03-27T17:04:09Z DEBUG   File 
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute
return_value = self.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 314, 
in run
cfgr = transformed_cls(**kwargs)
  File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 
102, in __init__
**kwargs)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/__init__.py", 
line 602, in __init__
super(ServerReplicaInstall, self).__init__(**kwargs)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/__init__.py", 
line 338, in __init__
if self.domain_level == constants.DOMAIN_LEVEL_0:
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 611, 
in __getattr__
raise AttributeError(name)

2017-03-27T17:04:09Z DEBUG The ipa-replica-install command failed, exception: 
AttributeError: domain_level

```
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/640#issuecomment-289517964
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#640][comment] Remove pkinit options from master/replica on DL0

2017-03-24 Thread abbra

  URL: https://github.com/freeipa/freeipa/pull/640
Title: #640: Remove pkinit options from master/replica on DL0

abbra commented:
"""
Good question. I think we should remove all mentioning of PKINIT options for 
DL0 and explicitly configure local CA there. On DL1 we already require to 
provide pkinit cert for CA-less setup. However, there we should treat 
--no-pkinit as use of local CA (certmonger's one).
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/640#issuecomment-289041029
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#640][comment] Remove pkinit options from master/replica on DL0

2017-03-24 Thread martbab

  URL: https://github.com/freeipa/freeipa/pull/640
Title: #640: Remove pkinit options from master/replica on DL0

martbab commented:
"""
@abbra I believe these changes are in line with our recent discussion regarding 
pkinit availability on DL0. Do you agree?
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/640#issuecomment-289033452
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#640][comment] Remove pkinit options from master/replica on DL0

[Freeipa-devel] [freeipa PR#640][comment] Remove pkinit options from master/replica on DL0

[Freeipa-devel] [freeipa PR#640][comment] Remove pkinit options from master/replica on DL0

[Freeipa-devel] [freeipa PR#640][comment] Remove pkinit options from master/replica on DL0

[Freeipa-devel] [freeipa PR#640][comment] Remove pkinit options from master/replica on DL0

[Freeipa-devel] [freeipa PR#640][comment] Remove pkinit options from master/replica on DL0

[Freeipa-devel] [freeipa PR#640][comment] Remove pkinit options from master/replica on DL0

[Freeipa-devel] [freeipa PR#640][comment] Remove pkinit options from master/replica on DL0

[Freeipa-devel] [freeipa PR#640][comment] Remove pkinit options from master/replica on DL0

[Freeipa-devel] [freeipa PR#640][comment] Remove pkinit options from master/replica on DL0

10 matches

Site Navigation

Mail list logo

Footer information