Re: [Freeipa-devel] [PATCH] add man page for ipa-kra-install

2014-08-26 Thread Petr Viktorin

On 08/25/2014 06:37 PM, Ade Lee wrote:

New patch attached.
If OK, please commit for me.

Thanks,
Ade



I missed the argument list, where you have a deprecated option, and you 
list -U for both --unattended and --uninstall.


Here's an updated patch, I can push if it looks OK to you.

--
Petr³
From f7e4d66241392a3a6b2faaf01e8b98aa85792703 Mon Sep 17 00:00:00 2001
From: Ade Lee a...@redhat.com
Date: Sun, 24 Aug 2014 12:19:55 -0400
Subject: [PATCH] Add man page for ipa-kra-install

https://fedorahosted.org/freeipa/ticket/4504
---
 freeipa.spec.in |  1 +
 install/tools/man/Makefile.am   |  1 +
 install/tools/man/ipa-kra-install.1 | 56 +
 3 files changed, 58 insertions(+)
 create mode 100644 install/tools/man/ipa-kra-install.1

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 3079625aecb9d6067cb3315d64de727b5204f8ab..6df4f06f2925700a35a4fc608c379ac400caa888 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -712,6 +712,7 @@ fi
 %{_mandir}/man1/ipa-server-install.1.gz
 %{_mandir}/man1/ipa-dns-install.1.gz
 %{_mandir}/man1/ipa-ca-install.1.gz
+%{_mandir}/man1/ipa-kra-install.1.gz
 %{_mandir}/man1/ipa-compat-manage.1.gz
 %{_mandir}/man1/ipa-nis-manage.1.gz
 %{_mandir}/man1/ipa-managed-entries.1.gz
diff --git a/install/tools/man/Makefile.am b/install/tools/man/Makefile.am
index f9f75f183c406a2159c025b17e5bf463a46e12d2..38c049c79fbd2ce22888b47ee576c4574e98c45b 100644
--- a/install/tools/man/Makefile.am
+++ b/install/tools/man/Makefile.am
@@ -15,6 +15,7 @@ man1_MANS = \
 	ipa-dns-install.1		\
 	ipa-adtrust-install.1		\
 	ipa-ca-install.1		\
+	ipa-kra-install.1		\
 	ipa-ldap-updater.1		\
 	ipa-compat-manage.1		\
 	ipa-nis-manage.1		\
diff --git a/install/tools/man/ipa-kra-install.1 b/install/tools/man/ipa-kra-install.1
new file mode 100644
index ..e3133eee188af0b613fca76b51d2f5b4f8d1ba7d
--- /dev/null
+++ b/install/tools/man/ipa-kra-install.1
@@ -0,0 +1,56 @@
+.\ A man page for ipa-kra-install
+.\ Copyright (C) 2014 Red Hat, Inc.
+.\
+.\ This program is free software; you can redistribute it and/or modify
+.\ it under the terms of the GNU General Public License as published by
+.\ the Free Software Foundation, either version 3 of the License, or
+.\ (at your option) any later version.
+.\
+.\ This program is distributed in the hope that it will be useful, but
+.\ WITHOUT ANY WARRANTY; without even the implied warranty of
+.\ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+.\ General Public License for more details.
+.\
+.\ You should have received a copy of the GNU General Public License
+.\ along with this program.  If not, see http://www.gnu.org/licenses/.
+.\
+.\ Author: Ade Lee a...@redhat.com
+.\
+.TH ipa-kra-install 1 Aug 24 2014 FreeIPA FreeIPA Manual Pages
+.SH NAME
+ipa\-kra\-install \- Install a KRA on a server
+.SH SYNOPSIS
+ipa\-kra\-install [\fIOPTION\fR]... [replica_file]
+.SH DESCRIPTION
+Adds a KRA as an IPA\-managed service. This requires that the IPA server is already installed and configured, including a CA.
+
+The KRA (Key Recovery Authority) is a component used to securely store secrets such as passwords, symmetric keys and private asymmetric keys.  It is used as the back-end repository for the IPA Password Vault.
+
+ipa\-kra\-install can be run without replica_file to add KRA to the existing CA.
+ipa\-kra\-install will contact the CA to determine if a KRA has already been installed on another replica, and if so, will exit indicating that a replica_file is required.
+
+The replica_file is created using the ipa\-replica\-prepare utility.  A new replica_file should be generated on the master IPA server after the KRA has been installed and configured, so that the replica_file will contain the master KRA configuration and system certificates.
+
+The uninstall option can be  used to remove the KRA from the local IPA server. KRA instances on other replicas are not affected.  The KRA will also be removed if the entire server is removed using ipa\-server\-install \-\-uninstall.
+.SH OPTIONS
+\fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR
+Directory Manager (existing master) password
+.TP
+\fB\-U\fR, \fB\-\-unattended\fR
+An unattended installation that will never prompt for user input
+.TP
+\fB\-\-uninstall\fR
+Uninstall the KRA from the local IPA server.
+.TP
+\fB\-v\fR, \fB\-\-verbose\fR
+Enable debug output when more verbose output is needed
+.TP
+\fB\-q\fR, \fB\-\-quiet\fR
+Output only errors
+.TP
+\fB\-v\fR, \fB\-\-log-file\fR=\fFILE\fR
+Log to the given file
+.SH EXIT STATUS
+0 if the command was successful
+
+1 if an error occurred
-- 
1.9.3

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] add man page for ipa-kra-install

2014-08-26 Thread Ade Lee
Looks good to me.  Thanks.

Ade
On Tue, 2014-08-26 at 14:13 +0200, Petr Viktorin wrote:
 On 08/25/2014 06:37 PM, Ade Lee wrote:
  New patch attached.
  If OK, please commit for me.
 
  Thanks,
  Ade
 
 
 I missed the argument list, where you have a deprecated option, and you 
 list -U for both --unattended and --uninstall.
 
 Here's an updated patch, I can push if it looks OK to you.
 


___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


Re: [Freeipa-devel] [PATCH] add man page for ipa-kra-install

2014-08-26 Thread Petr Viktorin

On 08/26/2014 02:47 PM, Ade Lee wrote:

Looks good to me.  Thanks.

Ade
On Tue, 2014-08-26 at 14:13 +0200, Petr Viktorin wrote:

On 08/25/2014 06:37 PM, Ade Lee wrote:

New patch attached.
If OK, please commit for me.

Thanks,
Ade



I missed the argument list, where you have a deprecated option, and you
list -U for both --unattended and --uninstall.

Here's an updated patch, I can push if it looks OK to you.


Pushed to master: e732458a8e1af6432a739adf7a80a13fabcd59cc


--
Petr³

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] add man page for ipa-kra-install

2014-08-25 Thread Petr Viktorin

On 08/24/2014 06:28 PM, Ade Lee wrote:

Added man pages for ipa-kra-install.  And its not even Tuesday yet :)

Please review,
Ade



If I was new to this, I think I'd be quite lost.

I think the man page should briefly explain what KRA is -- just a 
sentence would be fine. At the very least expand the acronym.


--
Petr³

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


Re: [Freeipa-devel] [PATCH] add man page for ipa-kra-install

2014-08-25 Thread Ade Lee
What if I add the following first paragraph?

The KRA (Key Recovery Authority) is a component used to securely store
secrets such as passwords, symmetric keys and private asymmetric keys.
It is used as the back-end repository for the IPA Password Vault.

Ade

On Mon, 2014-08-25 at 10:28 +0200, Petr Viktorin wrote:
 On 08/24/2014 06:28 PM, Ade Lee wrote:
  Added man pages for ipa-kra-install.  And its not even Tuesday yet :)
 
  Please review,
  Ade
 
 
 If I was new to this, I think I'd be quite lost.
 
 I think the man page should briefly explain what KRA is -- just a 
 sentence would be fine. At the very least expand the acronym.
 


___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


Re: [Freeipa-devel] [PATCH] add man page for ipa-kra-install

2014-08-25 Thread Petr Viktorin

On 08/25/2014 06:17 PM, Ade Lee wrote:

What if I add the following first paragraph?

The KRA (Key Recovery Authority) is a component used to securely store
secrets such as passwords, symmetric keys and private asymmetric keys.
It is used as the back-end repository for the IPA Password Vault.

Ade


Perfect.



On Mon, 2014-08-25 at 10:28 +0200, Petr Viktorin wrote:

On 08/24/2014 06:28 PM, Ade Lee wrote:

Added man pages for ipa-kra-install.  And its not even Tuesday yet :)

Please review,
Ade



If I was new to this, I think I'd be quite lost.

I think the man page should briefly explain what KRA is -- just a
sentence would be fine. At the very least expand the acronym.







--
Petr³

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] add man page for ipa-kra-install

2014-08-25 Thread Ade Lee
New patch attached.
If OK, please commit for me.

Thanks,
Ade
On Mon, 2014-08-25 at 18:25 +0200, Petr Viktorin wrote:
 On 08/25/2014 06:17 PM, Ade Lee wrote:
  What if I add the following first paragraph?
 
  The KRA (Key Recovery Authority) is a component used to securely store
  secrets such as passwords, symmetric keys and private asymmetric keys.
  It is used as the back-end repository for the IPA Password Vault.
 
  Ade
 
 Perfect.
 
 
  On Mon, 2014-08-25 at 10:28 +0200, Petr Viktorin wrote:
  On 08/24/2014 06:28 PM, Ade Lee wrote:
  Added man pages for ipa-kra-install.  And its not even Tuesday yet :)
 
  Please review,
  Ade
 
 
  If I was new to this, I think I'd be quite lost.
 
  I think the man page should briefly explain what KRA is -- just a
  sentence would be fine. At the very least expand the acronym.
 
 
 
 
 

From ea23a915a74834005b584996c868fb4acfbf5e5b Mon Sep 17 00:00:00 2001
From: Ade Lee a...@redhat.com
Date: Sun, 24 Aug 2014 12:19:55 -0400
Subject: [PATCH] Added man page for ipa-kra-install

---
 freeipa.spec.in |  1 +
 install/tools/man/Makefile.am   |  1 +
 install/tools/man/ipa-kra-install.1 | 50 +
 3 files changed, 52 insertions(+)
 create mode 100644 install/tools/man/ipa-kra-install.1

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 3079625aecb9d6067cb3315d64de727b5204f8ab..6df4f06f2925700a35a4fc608c379ac400caa888 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -712,6 +712,7 @@ fi
 %{_mandir}/man1/ipa-server-install.1.gz
 %{_mandir}/man1/ipa-dns-install.1.gz
 %{_mandir}/man1/ipa-ca-install.1.gz
+%{_mandir}/man1/ipa-kra-install.1.gz
 %{_mandir}/man1/ipa-compat-manage.1.gz
 %{_mandir}/man1/ipa-nis-manage.1.gz
 %{_mandir}/man1/ipa-managed-entries.1.gz
diff --git a/install/tools/man/Makefile.am b/install/tools/man/Makefile.am
index f9f75f183c406a2159c025b17e5bf463a46e12d2..38c049c79fbd2ce22888b47ee576c4574e98c45b 100644
--- a/install/tools/man/Makefile.am
+++ b/install/tools/man/Makefile.am
@@ -15,6 +15,7 @@ man1_MANS = \
 	ipa-dns-install.1		\
 	ipa-adtrust-install.1		\
 	ipa-ca-install.1		\
+	ipa-kra-install.1		\
 	ipa-ldap-updater.1		\
 	ipa-compat-manage.1		\
 	ipa-nis-manage.1		\
diff --git a/install/tools/man/ipa-kra-install.1 b/install/tools/man/ipa-kra-install.1
new file mode 100644
index ..60b53b0e9389762df3d656d105a1e5cabb89f7f0
--- /dev/null
+++ b/install/tools/man/ipa-kra-install.1
@@ -0,0 +1,50 @@
+.\ A man page for ipa-kra-install
+.\ Copyright (C) 2014 Red Hat, Inc.
+.\
+.\ This program is free software; you can redistribute it and/or modify
+.\ it under the terms of the GNU General Public License as published by
+.\ the Free Software Foundation, either version 3 of the License, or
+.\ (at your option) any later version.
+.\
+.\ This program is distributed in the hope that it will be useful, but
+.\ WITHOUT ANY WARRANTY; without even the implied warranty of
+.\ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+.\ General Public License for more details.
+.\
+.\ You should have received a copy of the GNU General Public License
+.\ along with this program.  If not, see http://www.gnu.org/licenses/.
+.\
+.\ Author: Ade Lee a...@redhat.com
+.\
+.TH ipa-kra-install 1 Aug 24 2014 FreeIPA FreeIPA Manual Pages
+.SH NAME
+ipa\-kra\-install \- Install a KRA on a server
+.SH SYNOPSIS
+ipa\-kra\-install [\fIOPTION\fR]... [replica_file]
+.SH DESCRIPTION
+Adds a KRA as an IPA\-managed service. This requires that the IPA server is already installed and configured, including a CA.
+
+The KRA (Key Recovery Authority) is a component used to securely store secrets such as passwords, symmetric keys and private asymmetric keys.  It is used as the back-end repository for the IPA Password Vault.
+
+ipa\-kra\-install can be run without replica_file to add KRA to the existing CA.
+ipa\-kra\-install will contact the CA to determine if a KRA has already been installed on another replica, and if so, will exit indicating that a replica_file is required.
+
+The replica_file is created using the ipa\-replica\-prepare utility.  A new replica_file should be generated on the master IPA server after the KRA has been installed and configured, so that the replica_file will contain the master KRA configuration and system certificates.
+
+The uninstall option can be  used to remove the KRA from the local IPA server. KRA instances on other replicas are not affected.  The KRA will also be removed if the entire server is removed using ipa\-server\-install \-\-uninstall.
+.SH OPTIONS
+\fB\-d\fR, \fB\-\-debug\fR
+Enable debug logging when more verbose output is needed
+.TP
+\fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR
+Directory Manager (existing master) password
+.TP
+\fB\-U\fR, \fB\-\-unattended\fR
+An unattended installation that will never prompt for user input
+.TP
+\fB\-U\fR, \fB\-\-uninstall\fR
+Uninstall the KRA from the local IPA server.
+.SH EXIT