To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
As for now the default title of remove dialogs is set to
'Remove ${entity}', where 'entity' is also translatable text.
This construction is used via method 'create_remove_dialog'
of Search facet for the all association 'Delete' actions of
entities.
The such concatenation leads to a bad quality translation and
should be changed to an entire sentence.
From now a mentioned title is taken from a spec and should be
specified explicitly.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
Create HBAC and a sudo rule for allowing members of the admins
group to run sudo on all enrolled hosts.
https://pagure.io/freeipa/issue/7538
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
There is no need to set options.promote to false anymore for a server
installation in the install function.
See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This is related to the DL0 code removal. FIRST_MASTER describes this
mode a lot better.
See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
iWithout DL0 support the custodia mode can be used to determine if a
server or replica will be installed. Therefore the use of config.promote
can be removed.
A new check has been added to make sure the mode known in
get_custodia_instance.
See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This function is used to load the replica file. Without DL0 support this
is not needed at all anymore.
See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
create_replica_config is not imported anymore from
ipaserver.install.installutils.
The promote argument has been removed from these functions and function
calls:
- install_replica_ds
- ds.create_replica
- install_krb
- krbinstance.create_replica
- install_http
- httpinstance.create_instance
The function install_check has been removed completely as it is only used
to prepare the DL0 installation.
All DL0 specific code has been removed from the install function.
The varaibles promote, installer.promote/options.promote and config.promote
have bene removed.
See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
The methods _is_promote has been removed from all classes as this has only
been used internally to check if the domain level is correct.
The check if the installer object has the attribute replica_file has been
modified to use the new variable replica_install defined in
CompatServerReplicaInstall instead.
The DL0 specific code from ServerInstallInterface.__init__ has been removed
See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Replica files are DL0 specific therefore the knob extension for
replica_file has been removed. Also the code that is only executed if
replica_file is not None.
The new variable replica_install has been added which is used in
ServerInstallInterface.__init__
See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
The argument was not used at all.
See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
The code to add missing KRA certificates has been removed from install_check
as it was only reached if replica_config is not None and promote was False
for DL0 replica installations. Also the other places.
Promote is now hard set to True if replica_config is not None in install
for later use in krainstance.
See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Promote is now hard set to True in create_replica for later use in
_get_replication_manager.
See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Replica files are DL0 specific therefore all the code that is related to
replica files have been removed An additional check for the new minimal
domain level has been added. The use of extra args results in an error as
this was only needed for the replica file.
See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
cainstance.replica_ca_install_check is only used in ca.install_check if
replica_config is not None (replica installation). As it is immediately
stopped if promote is not set, therefore it can be removed.
The check for cafile in ca.install_check has been dropped. promote is set
to True in ca.install_step_0 if replica_config is not None for
cainstance.configure_instance.
See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This is part of the DL0 code removal. As ipa-replica-prepare is only needed
and useful for domain level 0, the script can be removed.
See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
To be translatable messages should be marked with '@i18n' and
present in "i18n_messages" dictionary.
Fixes: https://pagure.io/freeipa/issue/7619
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
Make this page message translatable as other parts of IPA framework.
Fixes: https://pagure.io/freeipa/issue/7640
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
Make this page message translatable as other parts of IPA framework.
Fixes: https://pagure.io/freeipa/issue/7640
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
In ipa-replica-install, many components use their own instance
of the FileStore to backup configuration files to the pre-install
state. This causes issues when the calls are mixed, like for
instance:
ds.do_task1_that_backups_file (using ds.filestore)
http.do_task2_that_backups_file (using http.filestore)
ds.do_task3_that_backups_file (using ds.filestore)
because the list of files managed by ds.filestore does not include
the files managed by http.filestore, and the 3rd call would remove
any file added on 2nd call.
The symptom of this bug is that ipa-replica-install does not save
/etc/httpd/conf.d/ssl.conf and subsequent uninstallation does not
restore the file, leading to a line referring to ipa-rewrite.conf
that prevents httpd startup.
The installer should consistently use the same filestore.
Fixes https://pagure.io/freeipa/issue/7684
Reviewed-By: Christian Heimes <cheimes@redhat.com>
commit 7284097 (Delay enabling services until end of installer)
introduced a regression in replica installation.
When the replica requests a cert for PKINIT, a check is done
to ensure that the hostname corresponds to a machine with a
KDC service enabled (ipaconfigstring attribute of
cn=KDC,cn=<hostname>,cn=masters,cn=ipa,cn=etc,$BASEDN must contain
'enabledService').
With the commit mentioned above, the service is set to enabled only
at the end of the installation.
The fix makes a less strict check, ensuring that 'enabledService'
or 'configuredService' is in ipaconfigstring.
Fixes: https://pagure.io/freeipa/issue/7566
Reviewed-By: Christian Heimes <cheimes@redhat.com>
ipa-server-install is checking if the forwarder(s) specified with
--forwarder argument support DNSSEC. When the --no-dnssec-validation
option is added, the installer should not perform the check.
Fixes: https://pagure.io/freeipa/issue/7666
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
Setting ca_host caused replication failures on DL0
because it was trying to connect to wrong CA host.
Trying to avoid corner-case in ipaserver/plugins/dogtag.py
when api.env.host nor api.env.ca_host had not CA configured
and there was ca_host set to api.env.ca_host variable.
See: https://pagure.io/freeipa/issue/7566
Resolves: https://pagure.io/freeipa/issue/7629
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Translatable messages should be marked with @i18n. Also
these messages should be presented in "i18n_messages" dictionary.
Fixes: https://pagure.io/freeipa/issue/7641
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Serhii Tsymbaliuk <stsymbal@localhost.localdomain>
Commit 811b0fdb46 introduced a regression
when configuring replication with a master < 3.3
Even if 389-ds schema is extended with nsds5ReplicaReleaseTimeout,
nsds5ReplicaBackoffMax and nsDS5ReplicaBindDnGroupCheckInterval
attributes, it will return UNWILLING_TO_PERFORM when a mod
operation is performed on the cn=replica entry.
This patch ignores the error and logs a debug msg.
See: https://pagure.io/freeipa/issue/7617
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Some commands print tracebacks or unclear error message when
they are called on a machine where ipa packages are installed but
IPA is not configured.
Consistently report 'IPA is not configured on this system' in this
case.
Related to https://pagure.io/freeipa/issue/6261
Reviewed-By: Christian Heimes <cheimes@redhat.com>
--no-host-dns is supposed to avoid all DNS lookups so pass
this as the force value when creating the host in a replica
installation.
https://pagure.io/freeipa/issue/7656
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
There was an issue with ipa-server-upgrade and it was
showing an error while upgrading:
DN... does not exists or haven't been updated, caused
by not moving pointer to file begining when re-reading.
Resolves: https://pagure.io/freeipa/issue/7644
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
The indirect members need to be calculated and the member
attributes converted. This is normally done in
baseldap::LDAPRetrieve but these methods provide their
own execute() in order to handle the option values.
Update sudorule_add|remove_option tests to include check
that converted user/group exists in the proper format.
https://pagure.io/freeipa/issue/7649
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
To be translatable messages should be marked with '@i18n' and
present in "i18n_messages" dictionary.
Fixes: https://pagure.io/freeipa/issue/7621
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
The old domain level check to suggest to use ipa-replica-prepare has been
converted to make sure that domain fulfills minimal domain level
requirement (no DL0).
See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
As there is the minimal domain level setting MIN_DOMAIN_LEVEL, it should
be used instead of DOMAIN_LEVEL_0.
See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
