IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
9,585 Commits 11 Branches 60 Tags
3ec7a52aea104ce0f37d9204fcba21a42abfc798
Commit Graph

13 Commits

Author SHA1 Message Date
Martin Babinsky
a540c909a7 Fix listing of enabled roles in server-find 
The roles can be thought of as membership attributes so we should only
list
them if `--all` is specified and `--no-members` is not.

Also do not show them if `--raw` is passed in.

https://fedorahosted.org/freeipa/ticket/5181

Reviewed-By: Martin Basti <mbasti@redhat.com>
 2016-06-17 19:00:14 +02:00
Martin Babinsky
a6eb87bd68 server-del: perform full master removal in managed topology 
This patch implements most of the del_master_managed() functionality as a part
of `server-del` command.

`server-del` nows performs these actions:
  * check topology connectivity
  * check that at least one CA/DNS server and DNSSec masters are left
    after removal
  * cleanup all LDAP entries/attributes exposing information about the master
  * cleanup master DNS records
  * remove master and service principals
  * remove master entry from LDAP
  * check that all segments pointing to the master were removed

  `server-del` now accepts the following options:
  * `--force`: force master removal even if it doesn't exist
  * `--ignore-topology-disconnect`: ignore errors arising from disconnected
    topology before and after master removal
  * `--ignore-last-of-role`: remove master even if it is last DNS server,
    and DNSSec key master. The last CA will *not* be removed regardless of
    this option.

https://fedorahosted.org/freeipa/ticket/5588

Reviewed-By: Martin Basti <mbasti@redhat.com>
 2016-06-17 18:55:19 +02:00
Martin Basti
4155eb7b13 DNS Locations: Rename ipalocationweight to ipaserviceweight 
Service weight explains better meaning of attribute than location
weight, because location itself have no weight only services have.

https://fedorahosted.org/freeipa/ticket/2008

Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2016-06-17 18:05:03 +02:00
Martin Basti
8dde1201ed DNS Locations: show warning if there is no DNS servers in location 
DNS servers must be in each location, otherwise DNS location without DNS
server assigned will not work.

https://fedorahosted.org/freeipa/ticket/2008

Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2016-06-17 18:05:03 +02:00
Martin Basti
1997733cdf DNS Locations: require to restart named-pkcs11 affter location change 
Send a warning message that named-pkcs11 service must be restarted after
changes related to locations or server weight

https://fedorahosted.org/freeipa/ticket/2008

Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2016-06-17 18:05:03 +02:00
Martin Basti
ef12cad30b DNS Locations: set proper substitution variable 
DNS Server (bind-dyndb-ldap) needs to have set
'idnsSubstitutionVariable;ipalocation' in ldap to the proper location

https://fedorahosted.org/freeipa/ticket/2008

Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2016-06-17 18:05:03 +02:00
Martin Basti
2157ea0e6d DNS Locations: dnsserver-* commands 
New commands for manipulation with DNS server configuration were added:
 * dnsserver-show
 * dnsserver-mod
 * dnsserver-find

https://fedorahosted.org/bind-dyndb-ldap/wiki/Design/PerServerConfigInLDAP
https://fedorahosted.org/freeipa/ticket/2008

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2016-06-17 15:22:24 +02:00
Martin Basti
4076e8e4e5 DNS Locations: server-mod: add automatic records update 
For any location or server weight change is required to update records

https://fedorahosted.org/freeipa/ticket/2008

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2016-06-17 15:22:24 +02:00
Martin Basti
394b094fc2 DNS Locations: permission: allow to read status of services 
New permission was added: "System: Read Status of Services on IPA Servers"
This permission is needed for detection which records should be created
on which servers.

https://fedorahosted.org/freeipa/ticket/2008

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2016-06-17 15:22:24 +02:00
Martin Babinsky
b9aa31191b Server Roles: make server-{show,find} utilize role information 
server-show command will now display list of roles enabled on the master
(unless `--raw` is given).

server-find gained `--servroles` options which facilitate search for server
having one or more enabled roles.

http://www.freeipa.org/page/V4/Server_Roles
https://fedorahosted.org/freeipa/ticket/5181

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
 2016-06-13 17:50:54 +02:00
Martin Basti
79544aa51a DNS Location: location-show: return list of servers in location 
location-show returns list of servers curently assigned to the location

https://fedorahosted.org/freeipa/ticket/2008

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2016-06-03 15:58:21 +02:00
Martin Basti
15abfcf0f7 DNS Locations: extend server-* command with locations 
Server find, server show, server mod should work with IPA locations.

https://fedorahosted.org/freeipa/ticket/2008

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2016-06-03 15:58:21 +02:00
Jan Cholasta
6e44557b60 ipalib: move server-side plugins to ipaserver 
Move the remaining plugin code from ipalib.plugins to ipaserver.plugins.

Remove the now unused ipalib.plugins package.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
 2016-06-03 09:00:34 +02:00