Add a --uninstall option to ipa-server-install which tries to
restore the system to the way it was before ipa-server-install
was run using the state backed up through sysrestore.py.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
This patch adds a sysrestore module which allows ipa-server-install
code to backup any system state so that it can be restored again
with e.g. ipa-server-install --uninstall.
The idea is that any files ipa-server-install modifies gets backed
up to /var/cache/ipa/sysrestore/ while any "meta" state, like
whether a service is enabled with chkconfig, is saved to
/var/cache/ipa/sysrestore.state.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
httpinstance.py currently uses a hardcoded /tmp/ipa temporary
directory. Make it use tempfile.mkdtemp() instead.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
Add a simple helper to check whether a service is running
and make ipa-server-install use it to check whether ntpd
is running.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
Following the changelog history from my dev tree, some comments are useful imo
------------------------------------------------------
user: Simo Sorce <ssorce@redhat.com>
date: Fri Dec 21 03:05:36 2007 -0500
files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c
description:
Remove remnants of the initial test tool
changeset: 563:4fe574b7bdf1
user: Simo Sorce <ssorce@redhat.com>
date: Fri Dec 21 02:58:37 2007 -0500
files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
description:
Maybe actually encrypting the keys will help :-)
changeset: 562:488ded41242a
user: Simo Sorce <ssorce@redhat.com>
date: Thu Dec 20 23:53:50 2007 -0500
files: ipa-server/ipa-install/share/Makefile.am ipa-server/ipa-install/share/default-aci.ldif
description:
Fixes
changeset: 561:4518f6f5ecaf
user: Simo Sorce <ssorce@redhat.com>
date: Thu Dec 20 23:53:32 2007 -0500
files: ipa-admintools/Makefile ipa-admintools/ipa-addservice
description:
transform the old ipa-getkeytab in a tool to add services as the new
ipa-getkeytab won't do it (and IMO it makes more sense to keep the
two functions separate anyway).
changeset: 559:25a7f8ee973d
user: Simo Sorce <ssorce@redhat.com>
date: Thu Dec 20 23:48:59 2007 -0500
files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
description:
Bugfixes
changeset: 558:28fcabe4aeba
user: Simo Sorce <ssorce@redhat.com>
date: Thu Dec 20 23:48:29 2007 -0500
files: ipa-client/configure.ac ipa-client/ipa-client.spec ipa-client/ipa-client.spec.in ipa-client/ipa-getkeytab.c
description:
Configure fixes
Add ipa-getkeytab to spec
Client fixes
changeset: 557:e92a4ffdcda4
user: Simo Sorce <ssorce@redhat.com>
date: Thu Dec 20 20:57:10 2007 -0500
files: ipa-client/Makefile.am ipa-client/configure.ac
description:
Try to make ipa-getkeytab build via autotools
changeset: 556:224894175d6b
user: Simo Sorce <ssorce@redhat.com>
date: Thu Dec 20 20:35:56 2007 -0500
files: ipa-admintools/ipa-getkeytab ipa-client/ipa-getkeytab.c
description:
Messed a bit with hg commands.
To make it short:
- Remove the python ipa-getkeytab program
- Rename the keytab plugin test program to ipa-getkeytab
- Put the program in ipa-client as it should be distributed with the client
tools
changeset: 555:5e1a068f2e90
user: Simo Sorce <ssorce@redhat.com>
date: Thu Dec 20 20:20:40 2007 -0500
files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c
description:
Polish the client program
changeset: 554:0a5b19a167cf
user: Simo Sorce <ssorce@redhat.com>
date: Thu Dec 20 18:53:49 2007 -0500
files: ipa-server/ipa-install/share/default-aci.ldif ipa-server/ipa-install/share/default-keytypes.ldif ipa-server/ipa-install/share/kdc.conf.template ipa-server/ipa-install/share/kerberos.ldif ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c ipa-server/ipaserver/krbinstance.py
description:
Support retrieving enctypes from LDAP
Filter enctypes
Update test program
changeset: 553:f75d7886cb91
user: Simo Sorce <ssorce@redhat.com>
date: Thu Dec 20 00:17:40 2007 -0500
files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c
description:
Fix ber generation and remove redundant keys
changeset: 552:0769cafe6dcd
user: Simo Sorce <ssorce@redhat.com>
date: Wed Dec 19 19:31:37 2007 -0500
files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c
description:
Avoid stupid segfault
changeset: 551:1acd5fdb5788
user: Simo Sorce <ssorce@redhat.com>
date: Wed Dec 19 18:39:12 2007 -0500
files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
description:
If ber_peek_tag() returns LBER_ERROR it may just be that we are at the
end of the buffer. Unfortunately ber_scanf is broken in the sense that
it doesn't actually really consider sequence endings (due probably to the fact
they are just representation and do not reflect in the underlieing DER
encoding.)
changeset: 550:e974fb2726a4
user: Simo Sorce <ssorce@redhat.com>
date: Wed Dec 19 18:35:07 2007 -0500
files: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c ipa-server/ipa-slapi-plugins/ipa-pwd-extop/test-get-keytab.c
description:
First shot at the new method
There's a few places where we spawn of kadmin to add/modify
principals and create keytabs.
Refactor all that code into installutils.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
Just in case there is an existing ipa-webgui running
before ipa-server-install, restart the instance rather
than just starting it.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
This requires a bit of trickery. I use the onblur() javascript function
to note when the field is left and store whatever was entered there.
Then when the page is submitted if a dn doesn't exist for that field
but they did enter something, do a lookup to see if there is a group by
that name.
Creation steps are currently done with:
self.start_creation(2, "Create foo")
self.step("do foo")
self.foo()
self.step("do bar")
self.bar()
self.done_creation()
This patch refactors that into the much more
straightforward:
self.step("do foo", self.foo)
self.step("do bar", self.bar)
self.start_creation("Create foo")
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
The following files hav no template variables, so don't
bother templating them:
- memberof-conf.ldif
- referint-conf.ldif
- dna-conf.ldif
- certmap.conf.template
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
Just a patch to refactor lots of similar code in
dsinstance and krbinstance using a simple helper
method.
Note, there are some differences:
- Some code used to call ldapmodify without -h 127.0.0.1
- Some of the code used to just print an error rather than
using logging.critical()
- Some code used to log some extra debug
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
update_key_val_in_file() shouldn't try and write to
a file if the key is already set to the given value
in the file
Rationale here is that if we write these files out
while building a system image, ipa-server-install
shouldn't need to re-write them and, therefore,
they don't need to be writable.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
Recently, dsinstance and krbinstance was fixed to
not import * from ipautil; do the same for the
rest of ipaserver.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
It seems that in openldap-2.4.x ldapmodify has gotten somewhat
more picky about the ldif it accepts. See here for more details:
https://bugzilla.redhat.com/422251
Not sure whether ldapmodify will be fixed, but for now just
fix the ldif.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
This uses the UniversalPreferencesWrite function to set the browser
preferences to allow negotiation and ticket forwarding in the IPA domain.
A self-signed certificate is generated to sign the javascript.
