IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-11 16:51:55 -06:00
Code Issues Packages Projects Releases Wiki Activity
15,053 Commits 11 Branches 59 Tags 60 MiB
680d92b548
Commit Graph

15053 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alexander Bokovoy
e59d3854c7 Update translations to FreeIPA master state 
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
 2021-06-02 11:30:28 +03:00
Alexander Bokovoy
f86ad3e174 Update translations to FreeIPA master state 
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
 2021-06-02 11:30:28 +03:00
Alexander Bokovoy
b5a7dea811 Update translations to FreeIPA master state 
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
 2021-06-02 11:30:28 +03:00
Alexander Bokovoy
e7f439d9e2 Update translations to FreeIPA master state 
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
 2021-06-02 11:30:28 +03:00
Alexander Bokovoy
d0d08f48a6 Update translations to FreeIPA master state 
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
 2021-06-02 11:30:28 +03:00
Alexander Bokovoy
0ae15b3f31 Update translations to FreeIPA master state 
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
 2021-06-02 11:30:28 +03:00
Alexander Bokovoy
4d87ea0b92 Update translations to FreeIPA master state 
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
 2021-06-02 11:30:28 +03:00
Alexander Bokovoy
941a99e13c Update translations to FreeIPA master state 
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
 2021-06-02 11:30:28 +03:00
Alexander Bokovoy
d249847272 Update translations to FreeIPA master state 
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
 2021-06-02 11:30:28 +03:00
Alexander Bokovoy
f082345989 Update translations to FreeIPA master state 
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
 2021-06-02 11:30:28 +03:00
Yuri Chornoivan
3e3fa86e0b Translated using Weblate (Ukrainian) 
Currently translated at 100.0% (4672 of 4672 strings)

Co-authored-by: Yuri Chornoivan <yurchor@ukr.net>
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/uk/
Translation: freeipa/master
 2021-06-02 11:30:28 +03:00
Emilio Herrera
6f89607f77 Translated using Weblate (Spanish) 
Currently translated at 60.6% (2835 of 4672 strings)

Co-authored-by: Emilio Herrera <ehespinosa57@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/es/
Translation: freeipa/master
 2021-06-02 11:30:28 +03:00
Jan Kuparinen
d9f00e0b8c Translated using Weblate (Finnish) 
Currently translated at 7.2% (340 of 4672 strings)

Translated using Weblate (Finnish)

Currently translated at 6.8% (318 of 4672 strings)

Translated using Weblate (Finnish)

Currently translated at 6.2% (290 of 4672 strings)

Translated using Weblate (Finnish)

Currently translated at 6.2% (290 of 4672 strings)

Added translation using Weblate (Finnish)

Co-authored-by: Jan Kuparinen <copper_fin@hotmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/fi/
Translation: freeipa/master
 2021-06-02 11:30:28 +03:00
Piotr Drąg
164617ab6d Translated using Weblate (Polish) 
Currently translated at 9.6% (451 of 4669 strings)

Translated using Weblate (Polish)

Currently translated at 9.6% (451 of 4669 strings)

Co-authored-by: Piotr Drąg <piotrdrag@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/pl/
Translation: freeipa/master
 2021-06-02 11:30:28 +03:00
Weblate
f1ac79728d Update translation files 
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.

Co-authored-by: Weblate <noreply@weblate.org>
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/
Translation: freeipa/master
 2021-06-02 11:30:28 +03:00
Marcin Stanclik
6d33d29fdd Translated using Weblate (Polish) 
Currently translated at 9.6% (451 of 4669 strings)

Co-authored-by: Marcin Stanclik <mstanclik@yahoo.com>
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/pl/
Translation: freeipa/master
 2021-06-02 11:30:27 +03:00
Rafael Fontenelle
55e4b5e19a Translated using Weblate (Portuguese (Brazil)) 
Currently translated at 4.7% (223 of 4669 strings)

Co-authored-by: Rafael Fontenelle <rafaelff@gnome.org>
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/pt_BR/
Translation: freeipa/master
 2021-06-02 11:30:27 +03:00
Hela Basa
61bc4e05c2 Added translation using Weblate (Sinhala) 
Co-authored-by: Hela Basa <r45xveza@pm.me>
 2021-06-02 11:30:27 +03:00
Daniel Lara Souza
ee12f2b42e Translated using Weblate (Portuguese (Brazil)) 
Currently translated at 3.8% (178 of 4669 strings)

Co-authored-by: Daniel Lara Souza <daniellarasouza@yahoo.com.br>
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/pt_BR/
Translation: freeipa/master
 2021-06-02 11:30:27 +03:00
Yuri Chornoivan
09c83ca43a Translated using Weblate (Ukrainian) 
Currently translated at 100.0% (4669 of 4669 strings)

Co-authored-by: Yuri Chornoivan <yurchor@ukr.net>
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/uk/
Translation: freeipa/master
 2021-06-02 11:30:27 +03:00
Weblate
76dac09fda Update translation files 
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.

Co-authored-by: Weblate <noreply@weblate.org>
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/
Translation: freeipa/master
 2021-06-02 11:30:27 +03:00
Yuri Chornoivan
f2543df120 Translated using Weblate (Ukrainian) 
Currently translated at 100.0% (4668 of 4668 strings)

Co-authored-by: Yuri Chornoivan <yurchor@ukr.net>
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/uk/
Translation: freeipa/master
 2021-06-02 11:30:27 +03:00
Weblate
dfee18f029 Update translation files 
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.

Co-authored-by: Weblate <noreply@weblate.org>
Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/
Translation: freeipa/master
 2021-06-02 11:30:27 +03:00
Alexander Bokovoy
b4b2c10e23 ds: Support renaming of a replication plugin in 389-ds 
IPA topology plugin depends on the replication plugin but
389-ds cannot handle older alias querying in the plugin
configuration with 'nsslapd-plugin-depends-on-named: ..' attribute

See https://github.com/389ds/389-ds-base/issues/4786 for details

Fixes: https://pagure.io/freeipa/issue/8799

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
 2021-06-01 17:09:28 +03:00
MIZUTA Takeshi
5250ef826e Add --keyfile option to ipa-otptoken-import.1 
ipa-otptoken-import.1 describes the -k option.
However, the long option --keyfile option is also available.
Therefore, add the --keyfile option to ipa-otptoken-import.1.

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2021-05-27 18:28:19 +03:00
Alexander Bokovoy
338f0bcecf Update IRC links to point to Libera.chat 
Update documentation now that we moved IRC channels #freeipa and #sssd
to Libera.chat network.

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
 2021-05-27 18:26:28 +03:00
Florence Blanc-Renaud
379d5da0ae pkispawn: override AJP connector address 
Since commit 1906afbeb3c8b7140601be7f9bee2f7fef5b0a5e, in order to fix
rhbz#1780082, pki defines AJP connectors using localhost4 and localhost6:
  <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" address="localhost4" name="Connector1" secret="..."/>
  <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" address="localhost6" name="Connector2" secret="..."/>

When /etc/hosts only defines the following:
    127.0.0.1 localhost
    ::1 localhost
the connector initialization may fail with
    java.net.BindException: Address already in use

The installer can add the following definitions to pkispawn cfg file:
    pki_ajp_host_ipv4=127.0.0.1
    pki_ajp_host_ipv6=::1
in order to force the value to an IP address instead of localhost4/6.

Fixes: https://pagure.io/freeipa/issue/8851
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
 2021-05-26 17:04:56 +03:00
Stanislav Levin
10461b7091 azure: Make it possible to adjust Docker resources per test env 
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2021-05-25 10:45:49 +03:00
Stanislav Levin
6c2db326f8 azure: coredump: Wait for systemd fully booted 
Otherwise, 'Check for coredumps' task fails with:
```
Verifying        : samba-debugsource-2:4.14.4-0.fc34.x86_64             20/20
[Errno 2] No such file or directory: '/var/lib/dnf/rpmdb_lock.pid'
Finishing: Check for coredumps
```

This is due to systemd-tmpfiles(not ready yet).

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2021-05-25 10:45:49 +03:00
Stanislav Levin
01553572d4 azure: Re-balance tests envs 
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2021-05-25 10:45:49 +03:00
Stanislav Levin
a893852b4f azure: Warn about extra and missing gating tests compared to PR-CI 
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2021-05-25 10:45:49 +03:00
Stanislav Levin
26ee44bcfd ipatests: dnssec: Add alternative approach for checking chain of trust 
drill is currently broken on F34. Fortunately, there are another
tools for checking DNSSEC trust. One of them is `delv`:

> delv is a tool for sending DNS queries and validating the results,
using the same internal resolver and validator logic as named.

delv sends to a specified name server all queries needed to fetch and
validate the requested data; this includes the original requested query,
subsequent queries to follow CNAME or DNAME chains, queries for DNSKEY,
and DS records to establish a chain of trust for DNSSEC validation. It
does not perform iterative resolution, but simulates the behavior of a
name server configured for DNSSEC validating and forwarding.

Related: https://pagure.io/freeipa/issue/8793
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2021-05-25 10:45:49 +03:00
Stanislav Levin
611b49e42b azure: Collect installed packages 
The list of installed packages may be useful for checking the
versions of packages for analysis. Previously, only the newly
installed packages can be observed on Build phase.

This is convenient for experienced users of PR-CI.

Note: the read-only access provided for non-master containers
to be able to execute Azure scripts. The logs are still collected
only on controller.

Only RPM-based collection is implemented for Fedora. By default
nothing is collected.

Users may want to override `installed_packages` function
in the corresponding `ipatests/azure/scripts/variables-DISTRO.sh`.

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2021-05-25 10:45:49 +03:00
Stanislav Levin
4a4c078b80 ipatests: Suppress list trust or certificates 
There are tons of useless information in test's runner log on
server uninstallation about list trust and certificates, such
as:

```
RUN ['trust', 'list']
pkcs11:id=%D2%87%B4%E3%DF%37%27%93%55%F6%56%EA%81%E5%36%CC%8C%1E%3F%BD;type=cert
    type: certificate
    label: ACCVRAIZ1
    trust: anchor
    category: authority

pkcs11:id=%F7%7D%C5%FD%C4%E8%9A%1B%77%64%A7%F5%1D%A0%CC%BF%87%60%9A%6D;type=cert
    type: certificate
    label: AC RAIZ FNMT-RCM
    trust: anchor
    category: authority

pkcs11:id=%52%D8%88%3A%C8%9F%78%66%ED%89%F3%7B%38%70%94%C9%02%02%36%D0;type=cert
    type: certificate
    label: Actalis Authentication Root CA
    trust: anchor
    category: authority

...

```

This improves the readability of test logs.

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2021-05-25 10:45:49 +03:00
Stanislav Levin
afef09ccba ipatests: Ignore warnings on failed to read files on tarring 
There are tons of useless warnings about missing files on collecting
logs, such as:

```
tar: /var/log/ipaserver-kra-install.log: Warning: Cannot stat: No such file or directory
tar: /var/log/ipaepn.log: Warning: Cannot stat: No such file or directory
tar: /etc/NetworkManager/NetworkManager.conf: Warning: Cannot stat: No such file or directory
tar: /var/log/ipabackup.log: Warning: Cannot stat: No such file or directory
tar: /var/log/iparestore.log: Warning: Cannot stat: No such file or directory
...

```

Since `--ignore-failed-read` option is passed to tar the caller
doesn't care about not readable(mostly missing) files and these warnings
may be filtered out.

This improves the readability of test logs.

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2021-05-25 10:45:49 +03:00
Stanislav Levin
3889d8654a pytest: Show extra summary information for all except passed tests 
By default pytest reports in summary section about tests failures and errors.
It will be helpful to see skipped, xfailed and xpassed tests.

Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2021-05-25 10:45:49 +03:00
Stanislav Levin
269c61a9a6 dns: get_reverse_zone: Ignore resolver's timeout 
The DNS server may not process a query in a its internal timeout for
a some reason or don't answer for a query at all. This may indicate
a high load on DNS server. For example, if IPA DNS server is
configured with 'none' forward policy (read as resolver), then
SERVFAIL/Timeout errors will be normal until the hot cache for zones.
Resolver's timeout in turn, indicates that it queried a server, but
didn't received an answer in specified timeout.

Related: https://pagure.io/freeipa/issue/7397
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2021-05-25 10:45:49 +03:00
Stanislav Levin
4709aefb83 dnsutil: Improvements for IPA DNS Resolver 
- check only IPv6 address of local NS if specified
- increase request timeout(2sec is too small, BIND resolver's
  default 10sec)

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2021-05-25 10:45:49 +03:00
Stanislav Levin
cc72a988d6 ipatests: Handle network-isolated mode 
Since the dns plugin's tests have no access to wild resolvers
nobody answer such requests but authoritative NS.

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2021-05-25 10:45:49 +03:00
Stanislav Levin
fc0c6b44a8 azure: Run Base and XMLRPC tests is isolated network 
The tests in these envs make DNS requests to wild(internet) NSs,
though usually tests assume the opposite making requests to
`test.` zone. This makes CI unstable and dependent on wild
resolvers and logically wrong.

In future there can be tests which may want to check BIND as
resolver(cache) for external networks. In this case such tests
should be placed on not isolated mode.

By default, a test env is not isolated from internet(as it was
before), but it may be a good idea to change this default in
future.

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2021-05-25 10:45:49 +03:00
Stanislav Levin
65700bf743 ipatests: Setup and collect BIND logs 
For Base/XMLRPC tests BIND's logs are already collected.

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2021-05-25 10:45:49 +03:00
Stanislav Levin
07c423afd5 BIND: Setup logging 
- allow BIND's logging customization
- preconfig logging with ISC recommendations:
  https://kb.isc.org/docs/aa-01526

Fixes: https://pagure.io/freeipa/issue/8856
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2021-05-25 10:45:49 +03:00
Stanislav Levin
b5fdba7a72 azure: Warn about memory issues 
The nonzero number of memory/memory+Swap usage hits limits may
indicate the possible env instability(crashes, random failures, etc.).

> memory.failcnt		 # show the number of memory usage hits limits
  memory.memsw.failcnt		 # show the number of memory+Swap hits limits

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2021-05-25 10:45:49 +03:00
Stanislav Levin
9148ca2e1e azure: Add workaround for PhantomJS against OpenSSL 1.1.1 
WebUI unit tests fail with:
```
PhantomJS threw an error:ERROR
>> Auto configuration failed 0 [
>>   'Auto configuration failed',
>>   '140613066520384:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:185:filename(libssl_conf.so): libssl_conf.so: cannot open shared object file: No such file or directory',
>>   '140613066520384:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244:',
>>   '140613066520384:error:0E07506E:configuration file routines:MODULE_LOAD_DSO:error loading dso:conf_mod.c:285:module=ssl_conf, path=ssl_conf',
>>   '140613066520384:error:0E076071:configuration file routines:MODULE_RUN:unknown module name:conf_mod.c:222:module=ssl_conf'
>> ]
...

Warning: PhantomJS exited unexpectedly with exit code 1. Use --force to continue.

Aborted due to warnings.
```

See https://github.com/wch/webshot/pull/93 for details.

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2021-05-25 10:45:49 +03:00
Stanislav Levin
1aff24e891 ipatests: Update expectations for test_detect_container 
Since a4a9a6f7c6
systemd improves the detection of Docker and Podman containers based
on the presence of files-markers.

```console
[slev@test systemd]$ git describe --contains --tags a4a9a6f7c6e9cd9e219c56d08434a04bc2f395ff
v248-rc1~155^2~1
```

Note: on Azure unit tests are run as non-privileged user in non-systemd
inited container.

This worked on F32 because:
```console
[root@6d2aad38f62c /]# rpm -q systemd
systemd-245.9-1.fc32.x86_64
```
So, actual comparison in test was `assert None == None`.

But F34 has:
```console
[root@1ff1325f5a61 /]# rpm -q systemd
systemd-248-2.fc34.x86_64
```
So, the test's expectations should be updated.
Unfortunately, this is incompatible with older versions of systemd
(< v248).

See https://github.com/systemd/systemd/pull/17902 for details.

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2021-05-25 10:45:49 +03:00
Stanislav Levin
06d7c7f1d3 azure: Mask systemd-resolved 
The initial value of NS of resolv.conf is 127.0.0.11, this
is the embedded NS of docker-compose. The disabling of
this feature is not currently supported by Docker.

On startup systemd-resolved caches the /etc/resolv.conf
(docker-compose version), which is later modified by
setup_containers.py script.

This results in resolving error occurs:
```console
[root@replica1 /]# getent ahosts master1.ipa.test
... can't resolve

[root@replica1 /]# grep 'hosts:' /etc/nsswitch.conf
hosts:      files myhostname resolve [!UNAVAIL=return] dns

[root@replica1 /]# resolvectl status
Global
       LLMNR setting: resolve
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
  Current DNS Server: 127.0.0.11
         DNS Servers: 127.0.0.11
Fallback DNS Servers: 1.1.1.1
                      8.8.8.8
                      1.0.0.1
                      8.8.4.4
                      2606:4700:4700::1111
                      2001:4860:4860::8888
                      2606:4700:4700::1001
                      2001:4860:4860::8844
```

According to docs:
https://www.freedesktop.org/software/systemd/man/systemd-resolved.service.html#/etc/resolv.conf
our case is 4(managed by other packages).

So, restart of systemd-resolved is enough for its re-initialization,
but not for services that already received DNS results. To speed up
the overall process and to no restart each service which wants
internet connection(or wait until service retries connection)
systemd-resolved is masked.

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2021-05-25 10:45:49 +03:00
Stanislav Levin
7ed21f158c azure: Remove no longer needed repo 
libseccomp2 2.5.1 is on focal-updates(Ubuntu 20.04LTS):
https://packages.ubuntu.com/focal-updates/libseccomp2

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2021-05-25 10:45:49 +03:00
Stanislav Levin
1c82895c20 azure: Wait for systemd booted 
The calling of systemd's utils during systemd boot may lead to
unpredictable results. For example, if DBus(dbus-broker) service
is not started then DBus request goes nowhere and eventually will
be timeouted. So, it's safer to wait fully booted system.

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2021-05-25 10:45:49 +03:00
Stanislav Levin
09a4918f03 azure: Enforce multi-user.target as default systemd's target 
This may speed up boot process.
For example, 'fedora:34' set graphical.target as default,
while multi-user one will be more appropriate.

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2021-05-25 10:45:49 +03:00
Stanislav Levin
be2f659aa7 azure: Collect systemd boot log 
If an error occured while containers setup phase then no logs will
be collected and it is hard(impossible?) to debug such issues on
remote Azure host. With this change in case of such error all the
container's journals will be collected in `systemd_boot_logs`.

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2021-05-25 10:45:49 +03:00