No longer create a PKCS#12 file that contains the CA
No longer send the entire CA to each replica, generate the SSL certs on master
Fix number of bugs in ipa-replica-install and prepare
Produce status output during replica creation
If you run ipa_generate_password() multiple times, one
after the other, then you get the same password each time.
This is because it uses the current time to seed the
pseudo random number generator.
The easiest solution is to just use the default method
which seeds itself from /dev/urandom if available,
and uses a fractional time value otherwise.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
The ipa_webgui and ipa_kpasswd instance code is identical
and I want to add another similar instance down the line,
so re-factor the code into a service.SimpleServiceInstance
class.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
DsInstance.pkcs12_info isn't currently initialised in
the constructore so, e.g. __enable_ssl() assumes that
create_instance() has initialised it.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
If, in future, we change the server ID so that it's not
derived from the realm name, there's a fair few places
that need to be changed.
Make that easier by having config_dirname() take the
server ID rather than the realm name. That makes sense
anyway so we don't have to realm_to_serverid() so
much.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
Let's assume that all ipaserver.dsinstance could be used
somewhere where asking questions on stdout/stdin is not
approriate and re-factor the code to be suitable in
those situations too.
i.e. make check_existing_installation() return a list of
server IDs and make check_ports() return an (unsecure,
secure) tuple indication which ports are in use.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
- Removing shebangs (#!) from a bunch of python libraries
- Don't use a variable name in init scripts for the lock file
- Keep the init script name consistent with the binary name, so renamed
ipa-kpasswd.init to ipa_kpasswd.init
- Add status option to the init scripts
- Move most python scripts out of /usr/share/ipa and into the python
site-packages directories (ipaserver and ipaclient)
- Remove unnecessary sys.path.append("/usr/share/ipa")
- Fix the license string in the spec files
- Rename ipa-webgui to ipa_webgui everywhere
- Fix a couple of issues reported by pychecker in ipa-python
Add a --uninstall option to ipa-server-install which tries to
restore the system to the way it was before ipa-server-install
was run using the state backed up through sysrestore.py.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
This patch adds a sysrestore module which allows ipa-server-install
code to backup any system state so that it can be restored again
with e.g. ipa-server-install --uninstall.
The idea is that any files ipa-server-install modifies gets backed
up to /var/cache/ipa/sysrestore/ while any "meta" state, like
whether a service is enabled with chkconfig, is saved to
/var/cache/ipa/sysrestore.state.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
httpinstance.py currently uses a hardcoded /tmp/ipa temporary
directory. Make it use tempfile.mkdtemp() instead.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
Add a simple helper to check whether a service is running
and make ipa-server-install use it to check whether ntpd
is running.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
