IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
10,031 Commits 11 Branches 60 Tags
c3374c6e16a10e8780401c58c04dcf8d95ea1a4d
Commit Graph

19 Commits

Author SHA1 Message Date
Stanislav Laznicka
f0487946cd Don't ignore --ignore-last-of-role for last CA 
Use a handler created for the purpose of deciding whether
to raise exception or not.

https://fedorahosted.org/freeipa/ticket/6259

Reviewed-By: Oleg Fayans <ofayans@redhat.com>
 2016-08-29 13:46:47 +02:00
Christian Heimes
c346a2d1d1 Remove Custodia server keys from LDAP 
The server-del plugin now removes the Custodia keys for encryption and
key signing from LDAP.

https://fedorahosted.org/freeipa/ticket/6015

Reviewed-By: Martin Basti <mbasti@redhat.com>
 2016-08-24 14:26:57 +02:00
Martin Babinsky
9392b21271 Fix incorrect construction of service principal during replica cleanup 
https://fedorahosted.org/freeipa/ticket/5985

Reviewed-By: Martin Basti <mbasti@redhat.com>
 2016-06-27 12:59:48 +02:00
Martin Basti
c6f7d94d5b DNS Locations: server-mod: fix if statement 
Statement used for detection if objeclass change is needed was logically
wrong, this fixes it.

https://fedorahosted.org/freeipa/ticket/2008

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2016-06-27 10:22:39 +02:00
Martin Basti
926462d335 Server-del: fix system records removal 
Services on replica to be removed  must be deleted first, otherwise
update of system records will not take this change into account

https://fedorahosted.org/freeipa/ticket/2008

Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2016-06-23 12:33:43 +02:00
Martin Babinsky
be3ad1ed7a server-del: harden check for last roles 
The current implementation of check for last CA/DNS server and DNSSec key
master in `server-del` is quite fragile and wroks with quite a few assumptions
which may not be always true (CA and DNS is always configured etc.).

This patch hardens the check so that it does not break when the above
assuptions do not hold.

https://fedorahosted.org/freeipa/ticket/5960

Reviewed-By: Martin Basti <mbasti@redhat.com>
 2016-06-22 17:26:56 +02:00
Martin Babinsky
a540c909a7 Fix listing of enabled roles in server-find 
The roles can be thought of as membership attributes so we should only
list
them if `--all` is specified and `--no-members` is not.

Also do not show them if `--raw` is passed in.

https://fedorahosted.org/freeipa/ticket/5181

Reviewed-By: Martin Basti <mbasti@redhat.com>
 2016-06-17 19:00:14 +02:00
Martin Babinsky
a6eb87bd68 server-del: perform full master removal in managed topology 
This patch implements most of the del_master_managed() functionality as a part
of `server-del` command.

`server-del` nows performs these actions:
  * check topology connectivity
  * check that at least one CA/DNS server and DNSSec masters are left
    after removal
  * cleanup all LDAP entries/attributes exposing information about the master
  * cleanup master DNS records
  * remove master and service principals
  * remove master entry from LDAP
  * check that all segments pointing to the master were removed

  `server-del` now accepts the following options:
  * `--force`: force master removal even if it doesn't exist
  * `--ignore-topology-disconnect`: ignore errors arising from disconnected
    topology before and after master removal
  * `--ignore-last-of-role`: remove master even if it is last DNS server,
    and DNSSec key master. The last CA will *not* be removed regardless of
    this option.

https://fedorahosted.org/freeipa/ticket/5588

Reviewed-By: Martin Basti <mbasti@redhat.com>
 2016-06-17 18:55:19 +02:00
Martin Basti
4155eb7b13 DNS Locations: Rename ipalocationweight to ipaserviceweight 
Service weight explains better meaning of attribute than location
weight, because location itself have no weight only services have.

https://fedorahosted.org/freeipa/ticket/2008

Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2016-06-17 18:05:03 +02:00
Martin Basti
8dde1201ed DNS Locations: show warning if there is no DNS servers in location 
DNS servers must be in each location, otherwise DNS location without DNS
server assigned will not work.

https://fedorahosted.org/freeipa/ticket/2008

Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2016-06-17 18:05:03 +02:00
Martin Basti
1997733cdf DNS Locations: require to restart named-pkcs11 affter location change 
Send a warning message that named-pkcs11 service must be restarted after
changes related to locations or server weight

https://fedorahosted.org/freeipa/ticket/2008

Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2016-06-17 18:05:03 +02:00
Martin Basti
ef12cad30b DNS Locations: set proper substitution variable 
DNS Server (bind-dyndb-ldap) needs to have set
'idnsSubstitutionVariable;ipalocation' in ldap to the proper location

https://fedorahosted.org/freeipa/ticket/2008

Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2016-06-17 18:05:03 +02:00
Martin Basti
2157ea0e6d DNS Locations: dnsserver-* commands 
New commands for manipulation with DNS server configuration were added:
 * dnsserver-show
 * dnsserver-mod
 * dnsserver-find

https://fedorahosted.org/bind-dyndb-ldap/wiki/Design/PerServerConfigInLDAP
https://fedorahosted.org/freeipa/ticket/2008

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2016-06-17 15:22:24 +02:00
Martin Basti
4076e8e4e5 DNS Locations: server-mod: add automatic records update 
For any location or server weight change is required to update records

https://fedorahosted.org/freeipa/ticket/2008

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2016-06-17 15:22:24 +02:00
Martin Basti
394b094fc2 DNS Locations: permission: allow to read status of services 
New permission was added: "System: Read Status of Services on IPA Servers"
This permission is needed for detection which records should be created
on which servers.

https://fedorahosted.org/freeipa/ticket/2008

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2016-06-17 15:22:24 +02:00
Martin Babinsky
b9aa31191b Server Roles: make server-{show,find} utilize role information 
server-show command will now display list of roles enabled on the master
(unless `--raw` is given).

server-find gained `--servroles` options which facilitate search for server
having one or more enabled roles.

http://www.freeipa.org/page/V4/Server_Roles
https://fedorahosted.org/freeipa/ticket/5181

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
 2016-06-13 17:50:54 +02:00
Martin Basti
79544aa51a DNS Location: location-show: return list of servers in location 
location-show returns list of servers curently assigned to the location

https://fedorahosted.org/freeipa/ticket/2008

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2016-06-03 15:58:21 +02:00
Martin Basti
15abfcf0f7 DNS Locations: extend server-* command with locations 
Server find, server show, server mod should work with IPA locations.

https://fedorahosted.org/freeipa/ticket/2008

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2016-06-03 15:58:21 +02:00
Jan Cholasta
6e44557b60 ipalib: move server-side plugins to ipaserver 
Move the remaining plugin code from ipalib.plugins to ipaserver.plugins.

Remove the now unused ipalib.plugins package.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
 2016-06-03 09:00:34 +02:00