Add the ability to provide PKCS#12 files during initial installation
Add the ability to provide PKCS#12 files when preparing a replica
Correct some issues with ipa-server-certinstall
452402
When an install instance is created that contains a pointer to a sysrestore
point it loads in the current configuration when instantiated. If an
instance is instantiated but not used then changes may occur to the
system state that it is unaware of. So one needs to take care in the order
that things are done to avoid losing information.
When bind was setup it was overwriting all data in sysrestore.state and
leaving just a [named] section. This caused problems at uninstall.
448173
Because the ipa.config() object raises an error if there is no configuration
file and auto-detection fails, ipa_webgui may fail to start at install time.
440475
Change backup format so files are all in a single directory (no dir
hierarchies) and use an index file so we can save also ownership and
permission info for the restore (and eventually other data later on).
No longer create a PKCS#12 file that contains the CA
No longer send the entire CA to each replica, generate the SSL certs on master
Fix number of bugs in ipa-replica-install and prepare
Produce status output during replica creation
The ipa_webgui and ipa_kpasswd instance code is identical
and I want to add another similar instance down the line,
so re-factor the code into a service.SimpleServiceInstance
class.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
Let's assume that all ipaserver.dsinstance could be used
somewhere where asking questions on stdout/stdin is not
approriate and re-factor the code to be suitable in
those situations too.
i.e. make check_existing_installation() return a list of
server IDs and make check_ports() return an (unsecure,
secure) tuple indication which ports are in use.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
- Removing shebangs (#!) from a bunch of python libraries
- Don't use a variable name in init scripts for the lock file
- Keep the init script name consistent with the binary name, so renamed
ipa-kpasswd.init to ipa_kpasswd.init
- Add status option to the init scripts
- Move most python scripts out of /usr/share/ipa and into the python
site-packages directories (ipaserver and ipaclient)
- Remove unnecessary sys.path.append("/usr/share/ipa")
- Fix the license string in the spec files
- Rename ipa-webgui to ipa_webgui everywhere
- Fix a couple of issues reported by pychecker in ipa-python
Add a --uninstall option to ipa-server-install which tries to
restore the system to the way it was before ipa-server-install
was run using the state backed up through sysrestore.py.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
This patch adds a sysrestore module which allows ipa-server-install
code to backup any system state so that it can be restored again
with e.g. ipa-server-install --uninstall.
The idea is that any files ipa-server-install modifies gets backed
up to /var/cache/ipa/sysrestore/ while any "meta" state, like
whether a service is enabled with chkconfig, is saved to
/var/cache/ipa/sysrestore.state.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
Add a simple helper to check whether a service is running
and make ipa-server-install use it to check whether ntpd
is running.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
This add replication setup through two new commands: ipa-replica-prepare
and ipa-replica-install. The procedure is to run ipa-replica-prepare
on an existing master. This will collect information about the realm
and the current master and create a file storing all of the information.
After copying that file to the new replica, ipa-replica-install is
run (with -r to create a read-only replica).
This version of the patch also includes fixes for the sasl mappings
on the replicas.
Remaining features:
- ssl for replication.
- automatic configuration of mesh topology for
master (or a simpler way to replicate multiple
masters.
- tool for view / configuring current replication.
1) Add a base class for all of the instance objects.
2) Normalize usage of logging.
3) General cleanups of ipa-server-install.
4) Make better use of httpinstance.
5) Add webguiinstance.
6) Improve progress reporting during installation.
Works Here (TM), but it would be nice to get someone else
to test since this moves code around a bit.
