When -w/--password option is passed to ipa-replica-install it is
printed to ipareplica-install.log. Make sure that the value of this
option is hidden.
https://fedorahosted.org/freeipa/ticket/1378
When connection between a master machine and future replica is not
sane, the replica installation may fail unexpectedly with
inconvenient error messages. One common problem is misconfigured
firewall.
This patch adds a program ipa-replica-conncheck which tests the
connection using the following procedure:
1) Execute the on-replica check testing the connection to master
2) Open required ports on local machine
3) Ask user to run the on-master part of the check OR run it
automatically:
a) kinit to master as default admin user with given password
b) run the on-master part using ssh
4) When master part is executed, it checks connection back to
the replica and prints the check result
This program is run by ipa-replica-install as mandatory part. It
can, however, be skipped using --skip-conncheck option.
ipa-replica-install now requires password for admin user to run
the command on remote master.
https://fedorahosted.org/freeipa/ticket/1107
Remove redundant ipa-client-install error message when optional nscd
daemon was not installed. Additionally, use standard IPA functions
for service manipulation and improve logging.
https://fedorahosted.org/freeipa/ticket/1207
Request logging on the server only happened if you added verbose=True
or debug=True to the IPA config file. We should log the basics at
least: who, what, result.
Move a lot of entries from info to debug logging as well.
Related to ticket 873
Instead pof always capturing the output, make it possible to let
it go to the standard output pipes.
Use this in ipactl to let init scripts show their output.
Fixes: https://fedorahosted.org/freeipa/ticket/765
When a randomly generated password contains a space character
as the first or the last character, installation fails on
kdb5_ldap_util calling, which does not accept that. This patch
fixes the generator to generate space only on allowed position.
This patch also ensures that no password is printed to
server install log.
https://fedorahosted.org/freeipa/ticket/731
if ipa-replica-manage list is given a master name as argument then the tool
has the old behavior of listing that specific master replication agreements
Fixes: https://fedorahosted.org/freeipa/ticket/625
The changes include:
* Change license blobs in source files to mention GPLv3+ not GPLv2 only
* Add GPLv3+ license text
* Package COPYING not LICENSE as the license blobs (even the old ones)
mention COPYING specifically, it is also more common, I think
https://fedorahosted.org/freeipa/ticket/239
Fedora 14 introduced the following incompatiblities:
- the kerberos binaries moved from /usr/kerberos/[s]/bin to /usr/[s]bin
- the xmlrpclib in Python 2.7 is not fully backwards compatible to 2.6
Also, when moving the installed host service principals:
- don't assume that krbticketflags is set
- allow multiple values for krbextradata
ticket 155
This replaces the old no logging mechanism that only handled not logging
passwords passed on the command-line. The dogtag installer was including
passwords in the output.
This also adds no password logging to the sslget invocations and removes
a couple of extraneous log commands.
ticket 156
Remove SAFE_STRING_PATTERN, safe_string_re, needs_base64(),
wrap_binary_data(), unwrap_binary_data() from both instances
of ipautil.py. This code is no longer in use and the
SAFE_STRING_PATTERN regular expression string was causing xgettext
to abort because it wasn't a valid ASCII string.
There are times where a caller will want to determine the course of
action based on the returncode instead of relying on it != 0.
This also lets the caller get the contents of stdout and stderr.
Signed-off-by: John Dennis <jdennis@redhat.com>
along with stdout,stderr also log the initial command
This implements better logging of external commands. Formerly we were
just outputting stdout and stderr without labeling which was which. We
also omitted the initial command and it's arguments. This made it
difficult when reviewing the logs to know what the command was and
what was stdout vs. stderr. This patch fixes that.
This also adds a new option to the template system. If you include
eval(string) in a file that goes through the templater then the
string in the eval will be evaluated by the Python interpreter. This is
used so one can do $UIDSTART+1. If any errors occur during the evaluation
the original string is is returned, eval() and all so it is up to the
developer to make sure the evaluation passes.
The default value for uid and gid is now a random value between
1,000,000 and (2^31 - 1,000,000)
