Commit Graph

12267 Commits

Author SHA1 Message Date
Anuja More
0128b3f92e
Test for ipa-client-install should not use hardcoded admin principal
Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
2018-06-29 10:31:50 +02:00
Florence Blanc-Renaud
7bf99e8dc5 Add test for ticket 7604: ipa-client-install --mkhomedir doesn't enable oddjobd
Add a test checking that ipa-client-install --mkhomedir
is properly enableing/starting oddjobd.

Related to:
https://pagure.io/freeipa/issue/7604

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-06-28 11:41:17 +02:00
Florence Blanc-Renaud
a39f656340 ipa-client-install: enable and start oddjobd if mkhomedir
Since the switch to authselect, the service oddjobd is not
automatically enabled when ipa client is installed with
--mkhomedir.
The fix makes sure that the service is enabled/started, and
stores the pre-install state in sysrestore.state, in order
to revert to the pre-install state when uninstall is called

Fixes:
https://pagure.io/freeipa/issue/7604

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-06-28 11:41:17 +02:00
Armando Neto
d622be295a Prevent the creation on users and groups with numeric characters only
Update regular expression validator to prevent user and group creation.

Fixes: https://pagure.io/freeipa/issue/7572

Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-06-27 15:25:39 -03:00
Alexander Bokovoy
81f36df7ac ipaserver/dcerpc.py: handle indirect topology conflicts
When AD forest A has a trust with a forest B that claims ownership
of a domain name (TLN) owned by an IPA forest, we need to build
exclusion record for that specific TLN, not our domain name.

Use realmdomains to find a correct exclusion entry to build.

Fixes: https://pagure.io/freeipa/issue/7370
Reviewed-By: Armando Neto <abiagion@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-06-27 12:49:35 -03:00
Varun Mylaraiah
39ac5f442a ui_tests: extend test_pwpolicy.py suite
Extend WebUI test_pwpolicy suite with the following test cases
Details in the ticket https://pagure.io/freeipa/issue/7574

Added tests:
krbpwdminlength: lower range integer
krbmaxpwdlife: non-integer, abc
krbmaxpwdlife: upper range integer,2147483648
krbmaxpwdlife: lower range integer,-1
krbminpwdlife: non-integer,edf
krbminpwdlife: upper range integer,2147483648
krbminpwdlife: lower range integer,-1
krbpwdhistorylength: non-integer,HIJ
krbpwdhistorylength: upper range integer,2147483648
krbpwdhistorylength: lower range integer,-1
krbpwdmindiffchars: noon-integer,3lm
krbpwdmindiffchars: upper range integer,2147483648
krbpwdmindiffchars: lower range integer, -1
krbpwdminlength: non-integer, n0p
krbpwdminlength: upper range integer,2147483648
krbpwdminlength: lower range integer, -1
cospriority: non-integer, abc
cospriority: upper range integer,2147483648
cospriority: lower range integer,-1
krbpwdmaxfailure: non-integer
krbpwdmaxfailure: upper range integer
krbpwdmaxfailure: lower range integer
krbpwdfailurecountinterval: non-integer
krbpwdfailurecountinterval: upper range integer
krbpwdfailurecountinterval: lower range integer
krbpwdlockoutduration: non-integer
krbpwdlockoutduration: upper range integer
krbpwdlockoutduration: lower range integer
deletePolicy_with various scenario
MeasurementUnitAdded_Bug798363
Delete global password policy
add_Policy_adder_dialog_bug910463
delete_Policy_deleter_dialog_bug910463
test field: cospriority
modifyPolicy(undo/refresh/reset)
empty policy name
upper bound of data range
lower bound of data range
non integer for policy priority

Signed-off-by: Varun Mylaraiah <mvarun@redhat.com>
Reviewed-By: Pavel Picka <ppicka@redhat.com>
2018-06-27 13:31:54 +02:00
Christian Heimes
c2eb0f1612
Fix permission of public files in upgrader
Make CA bundles, certs, and cert directories world-accessible in
upgrader.

Fixes: https://pagure.io/freeipa/issue/7594
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-06-27 11:05:01 +02:00
Christian Heimes
89b2137dc2
Make /etc/httpd/alias world readable & executable
The directory /etc/httpd/alias contains public key material. It must be
world readable and executable, so any client can read public certs.

Note: executable for a directory means, that a process is allowed to
traverse into the directory.

Fixes: https://pagure.io/freeipa/issue/7594
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-06-27 11:05:01 +02:00
Christian Heimes
1434f2a203
Always make ipa.p11-kit world-readable
Ensure that ipa.p11-kit is always world-readable.

Fixes: https://pagure.io/freeipa/issue/7594
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-06-27 11:05:01 +02:00
Christian Heimes
ba8cbb8c62
Ensure that public cert and CA bundle are readable
In CIS hardened mode, the process umask is 027. This results in some
files not being world readable. Ensure that write_certificate_list()
calls in client installer, server installer, and upgrader create cert
bundles with permission bits 0644.

Fixes: https://pagure.io/freeipa/issue/7594
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-06-27 11:05:01 +02:00
Christian Heimes
0e21d93391
Use 4 WSGI workers on 64bit systems
Commit f1d5ab3a03 increases WSGI worker
count to five. This turned out to be a bit much for our test systems.
Four workers are good enough and still double the old amount.

See: https://pagure.io/freeipa/issue/7587
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
2018-06-25 13:41:18 +02:00
Mohammad Rizwan Yusuf
e90d90c5c3
Check if issuer DN is updated after self-signed > external-ca
This test checks if issuer DN is updated properly after CA is
renewed from self-signed to external-ca

related ticket: https://pagure.io/freeipa/issue/7316

Signed-off-by: Mohammad Rizwan Yusuf <myusuf@redhat.com>

Replaced hardcoded issuer CN for external ca with constant

Signed-off-by: Mohammad Rizwan Yusuf <myusuf@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2018-06-25 10:37:58 +02:00
Sudhir Menon
89ae434131 Adding modified DOAP file
Signed-off-by: Sudhir Menon <sumenon@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-06-22 11:02:40 -04:00
Sudhir Menon
c7ac8b91db DOAP Description for IPA Project
https://pagure.io/freeipa/issue/2536

Signed-off-by: Sudhir Menon <sumenon@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-06-22 11:02:40 -04:00
Christian Heimes
ad838c37a9 Fix replication races in Dogtag admin code
DogtagInstance.setup_admin and related methods have multiple LDAP
replication race conditions. The bugs can cause parallel
ipa-replica-install to fail.

The code from __add_admin_to_group() has been changed to use MOD_ADD
ather than search + MOD_REPLACE. The MOD_REPLACE approach can lead to
data loss, when more than one writer changes a group.

setup_admin() now waits until both admin user and group membership have
been replicated to the master peer. The method also adds a new ACI to
allow querying group member in the replication check.

Fixes: https://pagure.io/freeipa/issue/7593
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2018-06-22 13:01:55 +02:00
Christian Heimes
1b966f708a Use common replication wait timeout of 5min
Instead of multiple timeout values all over the code base, all
replication waits now use a common timeout value from api.env of 5
minutes. Waiting for HTTP/replica principal takes 90 to 120 seconds, so
5 minutes seem like a sufficient value for slow setups.

Fixes: https://pagure.io/freeipa/issue/7595
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2018-06-22 13:01:55 +02:00
Christian Heimes
14c869b347 Improve and fix timeout bug in wait_for_entry()
replication.wait_for_entry() now can wait for an attribute value to
appear on a replica.

Fixed timeout handling caused by bad rounding and comparison. For small
timeouts, the actual time was rounded down. For example for 60 seconds
timeout and fast replica, the query accumulated to about 0.45 seconds
plus 60 seconds sleep. 60.45 is large enough to terminate the loop
"while int(time.time()) < timeout", but not large enough to trigger the
exception in "if int(time.time()) > timeout", because int(60.65) == 60.

See: https://pagure.io/freeipa/issue/7593
Fixes: https://pagure.io/freeipa/issue/7595
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2018-06-22 13:01:55 +02:00
Armando Neto
de8d308196 ipaserver config plugin: Increase search records minimum limit
Check if the given search records value is greater than an arbitrary number that is not so close to zero.

https://pagure.io/freeipa/issue/6617

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-06-21 14:42:15 -04:00
Stanislav Levin
c1f7a14c95 Fix some untranslatable commands in Web UI API Browser
There are some missing translatable docstrings of commands and modules.

Fixes: https://pagure.io/freeipa/issue/7592
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
2018-06-21 18:42:05 +02:00
Stanislav Levin
32ed10caf9 Apply validate_doc() to NO_CLI commands
This should prevent from NO_CLI commands have no translatable
description or have no one at all in Web UI API Browser.

Fixes: https://pagure.io/freeipa/issue/7592
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
2018-06-21 18:42:05 +02:00
Christian Heimes
3a8f0bb16b Remove restarted_named and xfail
With shorter TTL, several named restarts are no longer necessary to make
tests pass. The test case TestZoneSigningWithoutNamedRestart is no
longer relevant, too.

Modification of the root zone and disabling/enabling signing still seems
to need a restart. I have marked those cases as TODO.

See: https://pagure.io/freeipa/issue/5348
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-06-21 15:54:49 +02:00
Christian Heimes
dae4aac912 Tests: Set default TTL for DNS zones to 1 sec
When running IPA tests, a default TTL for the zone should be set
very low to allow get rid of timeouts in the tests. Zone updates should
be propagated to the clients as soon as possible.

This is not something that should be used in production so the change is
done purely at install time within the tests. As zone information is
replicated, we only modify it when creating a master with integrated
DNS.

This change should fix a number of DNSSEC-related tests where default
TTL is longer than what a test expects and a change of DNSSEC keys
never gets noticed by the BIND. As result, DNSSEC tests never match
their expected output with what they received from the BIND.

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Co-authored-by: Alexander Bokovoy <abokovoy@redhat.com>
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-06-21 15:54:49 +02:00
Tomas Krizek
6fb45d2f56 test_dnssec: re-add named-pkcs11 workarounds
DNSSEC tests starrted to fail again, probably due to a bug in
some underlaying component.

This reverts commit 8bc6775122
and makes the xfail test check less strict - it will no longer
mark the test suite red if it passes.

Run DNSSEC tests on PR-CI

Co-authored-by: Felipe Barreto <fbarreto@redhat.com>
Related https://pagure.io/freeipa/issue/5348

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-06-21 15:54:49 +02:00
Stanislav Levin
4b3bc490d3 Fix formatted translations of error messages in topology plugin
For now formatting is applied for bare messages before translating.
This breaks python-brace-format and message becomes untranslatable
at all.

Fixes: https://pagure.io/freeipa/issue/7586
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-06-21 15:30:58 +02:00
Stanislav Levin
1dfdbfd8bf Fix formatted translations of error messages in serverroles plugin
For now formatting is applied for bare messages before translating.
This breaks python-brace-format and message becomes untranslatable
at all.

Fixes: https://pagure.io/freeipa/issue/7586
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-06-21 15:30:58 +02:00
Stanislav Levin
6f245db8ea Fix formatted translations in trust plugin
Translation objects have support for format(). This allows to
get rid of unicode() which has been removed in Python3.

Also some messages to be translated at request time should
not use format()

Fixes: https://pagure.io/freeipa/issue/7586
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-06-21 15:30:58 +02:00
Stanislav Levin
229f1608db Fix translation of idrange_* commands description
For now formatting is applied for bare messages before translating.
This breaks python-brace-format and message becomes untranslatable
at all.

Also some messages to be translated at request time should
not use format().

Fixes: https://pagure.io/freeipa/issue/7586
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-06-21 15:30:58 +02:00
Stanislav Levin
65414d1471 Fix formatted translations in domainlevel plugin
For now formatting is applied for bare messages before translating.
This breaks python-brace-format and message becomes untranslatable.

Fixes: https://pagure.io/freeipa/issue/7586
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-06-21 15:30:58 +02:00
Stanislav Levin
854597c411 Use intended format() method of translation object
Translation objects have support for format(). This allows to
get rid of unicode() which is deprecated in Python3.

Fixes: https://pagure.io/freeipa/issue/7586
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-06-21 15:30:58 +02:00
Stanislav Levin
f4716b6991 Add support for format method to translation objects
For now translation classes have old style % formatting way only.
But 'format' is convenience, preferred in Python3 string formatting method.

Fixes: https://pagure.io/freeipa/issue/7586
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-06-21 15:30:58 +02:00
Christian Heimes
8c3ff0308c
Always set ca_host when installing replica
ipa-replica-install only set ca_host in its temporary
/etc/ipa/default.conf, when it wasn't installing a replica with CA. As a
consequence, the replica installer was picking a random CA server from
LDAP.

Always set the replication peer as ca_host. This will ensure that the
installer uses the same replication peer for CA. In case the replication
peer is not a CA master, the installer will automatically pick another
host later.

See: https://pagure.io/freeipa/issue/7566
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2018-06-21 11:49:26 +02:00
Ganna Kaihorodova
84ae625fe2 check nsds5ReplicaReleaseTimeout option was set
Check for nsds5ReplicaReleaseTimeout option was set

relates to: https://pagure.io/freeipa/issue/7488

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-06-20 12:42:51 +02:00
Anuja More
9ead70844e Test that host can remove there own services
Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-06-20 10:06:39 +02:00
Rob Crittenden
036d51d514
Handle subyptes in ACIs
While enabling console output in the server installation the
"Allow trust agents to retrieve keytab keys for cross realm
principals" ACI was throwing an unparseable error because
it has a subkey which broke parsing (the extra semi-colon):

userattr="ipaAllowedToPerform;read_keys#GROUPDN";

The regular expression pattern needed to be updated to handle
this case.

Related: https://pagure.io/freeipa/issue/6760

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-06-20 08:38:03 +02:00
Rob Crittenden
00ddb5dd53
server install: drop some print statements, change log level
The server installer had no console logger set so print
statements were used for communication. Now that a logger
is enabled the extra prints need to be dropped.

A number of logger.info statements have been upgraded
to debug since they do not need to appear on the console
by default.

https://pagure.io/freeipa/issue/6760

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-06-20 08:38:03 +02:00
Rob Crittenden
8ea227451f
Drop attr defaultServerList if removing the last server
This otherwise returns a syntax error if trying to set
an empty value.

Related: https://pagure.io/freeipa/issue/6760

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-06-20 08:38:03 +02:00
Rob Crittenden
b96906156b
Improve console logging for ipa-server-install
The server installation and uninstallation overlaps both the
server and client installers. The output could be confusing
with a server uninstall finishing with the message:

The ipa-client-install command was successful

This was in part due to the fact that the server was not
configured with a console format and verbose was False which
meant that no logger messages were displayed at all.

In order to suppress client installation errors and avoid
confusion add a list of errors to ignore. If a server install
was not successful and hadn't gotten far enough to do the
client install then we shouldn't complain loudly about it.

https://pagure.io/freeipa/issue/6760

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-06-20 08:38:03 +02:00
Florence Blanc-Renaud
0b794cd43b fix dependency for *-domainname.service file
FreeIPA has a dependency on /usr/lib/systemd/system/*-domainname.service
file. In fedora <=28, this is provided by package 'initscripts'
but in fedora >= 29, this is provided by package 'hostname'.

Fixes:
https://pagure.io/freeipa/issue/7591

Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
2018-06-19 18:06:56 +02:00
Michal Reznik
2d278720db
ui_tests: extend test_config.py suite
Extend test_config.py suite with new test cases.

Added tests:

config_email_undo
config_groupsearch_reset
groupsearchfield_blank
groupsearchfield_existing
groupsearchfield_leading_space
groupsearchfield_notallowed
groupsearchfield_trailing_space
usersearchfield_trailing_space
sizelimit_blank
sizelimit_letter
sizelimit_space
timelimit_blank
timelimit_letter
timelimit_negative
timelimit_space
userDefaultShell_blank
userDefaultShell_leading_space
userDefaultShell_new
userDefaultShell_specialchar
userDefaultShell_trailing_space
useremail_leading_space
useremail_new
useremail_trailing_space
usergroup_new
userhomedir_blank
userhomedir_leading_space
userhomedir_numbers
userhomedir_space_inbetween
userhomedir_specialchar
userhomedir_trailing_space
usermigrationmode_disable
usermigrationmode_enable
usernamelength_blank
usernamelength_letters
usernamelength_max
usernamelength_new
usernamelength_space_inbetween
usernamelength_specialchar
userpwdexpnotify_blank
userpwdexpnotify_letters
userpwdexpnotify_max
userpwdexpnotify_space_inbetween
userpwdexpnotify_specialchar
usersearchfield_blank
usersearchfield_existing
usersearchfield_leading_space
usersearchfield_new
usersearchfield_notallowed

https://pagure.io/freeipa/issue/7576

Reviewed-By: Pavel Picka <ppicka@redhat.com>
2018-06-19 14:58:08 +02:00
Christian Heimes
f1c7d3c278
Start to deprecate Python 2 and 3.5
Python 2 will reach EOL in 18 months. Start to issue deprecation
warnings on Python 2.

No longer claim support for Python 3.5. Python 3.5 is untested.

NOTE: At first I tried to raise the deprecation warning from
ipalib.__init__. This caused some unforseen side-effects with
ipaplatform namespace package on Python 2. Eventually it was easier to
raise the deprecation warning in ipaplatform. RHEL and Debian platforms
don't raise the deprecation warning yet, because they use Python 2.

Fixes: https://pagure.io/freeipa/issue/7568
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
2018-06-19 14:37:53 +02:00
Mohammad Rizwan Yusuf
bdc3e3c58c Extended UI test for Certificates
Signed-off-by: Mohammad Rizwan Yusuf <myusuf@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
Reviewed-By: Michal Reznik <mreznik@redhat.com>
2018-06-19 12:44:10 +02:00
Rob Crittenden
57fd79ffce Replace some test case adjectives
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-06-19 09:09:01 +02:00
Christian Heimes
f90e137a17 Sort and shuffle SRV record by priority and weight
On multiple occasions, SRV query answers were not properly sorted by
priority. Records with same priority weren't randomized and shuffled.
This caused FreeIPA to contact the same remote peer instead of
distributing the load across all available servers.

Two new helper functions now take care of SRV queries. sort_prio_weight()
sorts SRV and URI records. query_srv() combines SRV lookup with
sort_prio_weight().

Fixes: https://pagure.io/freeipa/issue/7475
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-06-19 08:56:46 +02:00
Florence Blanc-Renaud
eda831dba1 Installer: configure authselect with-sudo
authselect needs to be configured with the 'with-sudo' feature (except
when ipa-client-install is called with the option --no-sudo).

https://pagure.io/freeipa/issue/7562

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-06-19 08:51:02 +02:00
Anuja More
4f4835a724
Test for ipa-replica-install fails with PIN error for CA-less env.
Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Aleksei Slaikovskii <aslaikov@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2018-06-18 14:53:32 +02:00
Christian Heimes
f1d5ab3a03 Increase WSGI process count to 5 on 64bit
Increase the WSGI daemon worker process count from 2 processes to 5
processes. This allows IPA RPC to handle more parallel requests. The
additional processes increase memory consumption by approximante 250 MB
in total.

Since memory is scarce on 32bit platforms, only 64bit platforms are
bumped to 5 workers.

Fixes: https://pagure.io/freeipa/issue/7587
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-06-15 13:02:53 +02:00
Christian Heimes
907e164958 Fedora 29 renamed fedora-domainname.service
In Fedora 29, the fedora-domainname.service has been renamed to
nis-domainname.service like on RHEL. The ipaplatform service module for
Fedora now only renames the service, when it detects the presence of
fedora-domainname.service.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1588192
Fixes: https://pagure.io/freeipa/issue/7582
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-06-15 08:30:55 +02:00
Christian Heimes
7d12bbb99b Use python3-lesscpy 0.13.0
Require python-lesscpy 0.13. with Python 3 fix and use py3-lesscpy to
compile ipa.css.

python2-lesscpy was the last Python 2 dependency.

Fixes: https://pagure.io/freeipa/issue/7585
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-06-14 09:04:06 +02:00
Kaleemullah Siddiqui
114e46b7c9 Test coverage for multiservers for radius proxy
Test checks that no multiservers can be added for
radius proxy

Pagure: https://pagure.io/freeipa/issue/7542
Signed-off-by: Kaleemullah Siddiqui <ksiddiqu@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-06-13 16:23:18 -04:00
Stanislav Levin
f5a04da95d Fix translation of commands description in API Browser
The command description is taken from python docstring. Thus
commands should have them and should include the callings of
gettext to be translated.

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-06-12 08:38:56 +02:00