Re: [Freeipa-devel] [PATCH] First part of the replica promotion tests + testplan

2015-11-09 Thread Martin Basti 



On 09.11.2015 15:09, Oleg Fayans wrote:

Hi guys,

Here are first two automated testcases from this (so far incomplete) 
testplan: http://www.freeipa.org/page/V4/Replica_Promotion/Test_plan


Testplan review is highly appreciated






Hello,

I did not test patch, I just read the testplan, I have a few comments:

I'm not sure how test plan should look to cover QA needs, so maybe my 
following notes what is missing in test plan are not important.


1)
CA has been affected by replica promotion patches
1a)
test if ipa-ca-install works on replica with domain level 1 (test exists)
1b)
test if ipa-ca-install works on replica with domain level 0 (test exists)
1c)
test if ipa-ca-install works on master with domain level 1 (test exists)
1d)
test if ipa-ca-install works on master with domain level 0 (test exists)
1e)
test if ipa-ca-install with replica file fails with domain level 1 on 
replica

1f)
test if ipa-ca-install fails without replica file with domain level 0 on 
replica

1g)
test if ipa-ca-install works on CA-less master with domain level 0 (I'm 
not sure but probably tests exists)

1h)
test if ipa-ca-install works on CA-less master with domain level 1 (I'm 
not sure but probably tests exists)


2)
KRA has been affected by replica promotion patches
2a)
test if ipa-kra-install works on replica with domain level 1 (test exists)
2b)
test if ipa-kra-install works on replica with domain level 0 (test exists)
2c)
test if ipa-krainstall works on master with domain level 1 (test exists)
2d)
test if ipa-kra-install works on master with domain level 0 (test exists)
2e)
test if ipa-kra-install with replica file fails with domain level 1 on 
replica

2f)
test if ipa-kra-install fails without replica file with domain level 0 
on replica


3) (not sure if this belongs to replica promotion or topology plugin 
testing)

ipa-replica-manage behaves differently with domain level 1
3a)
ipa-replica-manage connect should nto work with domain level 1
3b)
ipa-replica-manage disconnect should not work with domain level 1

4)
ipa-csreplica-manage behaves differently with domain level 1
4a)
ipa-csreplica-manage connect should not work with domain level 1
4b)
ipa-csreplica-manage disconnect should not work with domain level 1
4c)
ipa-csreplica-manage del should not work with domain level 1

5) (this is not related to replica so much, but we miss this test)
5a)
create new replica after master is restored from backup with domain level 1
5b)
create new replica after master is restored from backup with domain level 0

Martin^2
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 506] cert renewal: make renewal of ipaCert atomic

2015-11-09 Thread Rob Crittenden 
Jan Cholasta wrote:
> Hi,
> 
> the attached patch fixes .
> 
> Honza
> 
> 
> 

There be a note in renew_ra_cert that the lock is obtained in advance by
renew_ra_cert_pre.

It looks like it will silently fail if the lock cannot be acquired. Is
that desired?

rob

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] 0001 Refactor test_user_plugin

2015-11-09 Thread Filip Škola 
Another patch was applied in the meantime.

Attaching an updated version.

F.

On Mon, 9 Nov 2015 13:35:02 +0100
Milan Kubík  wrote:

> On 11/06/2015 11:32 AM, Filip Škola wrote:
> >
> >
> Hi,
> the patch doesn't apply.
> 

>From ff593642291cece0360ee85f58f28f1c270d41a0 Mon Sep 17 00:00:00 2001
From: Filip Skola 
Date: Fri, 6 Nov 2015 10:57:37 +0100
Subject: [PATCH] Refactor test_user_plugin, use UserTracker for tests

---
 ipatests/test_xmlrpc/test_user_plugin.py | 2810 +-
 1 file changed, 1196 insertions(+), 1614 deletions(-)

diff --git a/ipatests/test_xmlrpc/test_user_plugin.py b/ipatests/test_xmlrpc/test_user_plugin.py
index 81185e449acaa127aa9429fff9587d39a2be81e6..63a61a908c5623431c95c76b970919145e82a2e0 100644
--- a/ipatests/test_xmlrpc/test_user_plugin.py
+++ b/ipatests/test_xmlrpc/test_user_plugin.py
@@ -2,6 +2,7 @@
 #   Rob Crittenden 
 #   Pavel Zuna 
 #   Jason Gerard DeRose 
+#   Filip Skola 
 #
 # Copyright (C) 2008, 2009  Red Hat
 # see file 'COPYING' for use and warranty information
@@ -23,6 +24,7 @@
 Test the `ipalib/plugins/user.py` module.
 """
 
+import pytest
 import functools
 import datetime
 import ldap
@@ -33,41 +35,38 @@ from ipatests.test_xmlrpc import objectclasses
 from ipatests.util import (
 assert_equal, assert_not_equal, raises, assert_deepequal)
 from xmlrpc_test import (
-XMLRPC_test, Declarative, fuzzy_digits, fuzzy_uuid, fuzzy_password,
+XMLRPC_test, fuzzy_digits, fuzzy_uuid, fuzzy_password,
 fuzzy_string, fuzzy_dergeneralizedtime, add_sid, add_oc, raises_exact)
 from ipapython.dn import DN
 from ipatests.test_xmlrpc.ldaptracker import Tracker
 import pytest
 
-user1 = u'tuser1'
-user2 = u'tuser2'
 admin1 = u'admin'
-admin2 = u'admin2'
-renameduser1 = u'tuser'
 group1 = u'group1'
-admins_group = u'admins'
+admin_group = u'admins'
 
 invaliduser1 = u'+tuser1'
 invaliduser2 = u'tuser1234567890123456789012345678901234567890'
 
 sshpubkey = (u'ssh-rsa B3NzaC1yc2EDAQABAAABAQDGAX3xAeLeaJggwTqMjxNwa6X'
-  'HBUAikXPGMzEpVrlLDCZtv00djsFTBi38PkgxBJVkgRWMrcBsr/35lq7P6w8KGI'
-  'wA8GI48Z0qBS2NBMJ2u9WQ2hjLN6GdMlo77O0uJY3251p12pCVIS/bHRSq8kHO2'
-  'No8g7KA9fGGcagPfQH+ee3t7HUkpbQkFTmbPPN++r3V8oVUk5LxbryB3UIIVzNm'
-  'cSIn3JrXynlvui4MixvrtX6zx+O/bBo68o8/eZD26QrahVbA09fivrn/4h3TM01'
-  '9Eu/c2jOdckfU3cHUV/3Tno5d6JicibyaoDDK7S/yjdn5jhaz8MSEayQvFkZkiF'
-  '0L public key test')
+ 'HBUAikXPGMzEpVrlLDCZtv00djsFTBi38PkgxBJVkgRWMrcBsr/35lq7P6w8KGI'
+ 'wA8GI48Z0qBS2NBMJ2u9WQ2hjLN6GdMlo77O0uJY3251p12pCVIS/bHRSq8kHO2'
+ 'No8g7KA9fGGcagPfQH+ee3t7HUkpbQkFTmbPPN++r3V8oVUk5LxbryB3UIIVzNm'
+ 'cSIn3JrXynlvui4MixvrtX6zx+O/bBo68o8/eZD26QrahVbA09fivrn/4h3TM01'
+ '9Eu/c2jOdckfU3cHUV/3Tno5d6JicibyaoDDK7S/yjdn5jhaz8MSEayQvFkZkiF'
+ '0L public key test')
 sshpubkeyfp = (u'13:67:6B:BF:4E:A2:05:8E:AE:25:8B:A1:31:DE:6F:1B '
-'public key test (ssh-rsa)')
+   'public key test (ssh-rsa)')
 
-validlanguage1 = u'en-US;q=0.987 , en, abcdfgh-abcdefgh;q=1, a;q=1.000'
-validlanguage2 = u'*'
+validlanguages = {
+u'en-US;q=0.987 , en, abcdfgh-abcdefgh;q=1, a;q=1.000',
+u'*'
+}
 
-invalidlanguage1 = u'abcdfghji-abcdfghji'
-invalidlanguage2 = u'en-us;q=0,123'
-invalidlanguage3 = u'en-us;q=0.1234'
-invalidlanguage4 = u'en-us;q=1.1'
-invalidlanguage5 = u'en-us;q=1.'
+invalidlanguages = {
+u'abcdfghji-abcdfghji', u'en-us;q=0,123',
+u'en-us;q=0.1234', u'en-us;q=1.1', u'en-us;q=1.'
+}
 
 principal_expiration_string = "2020-12-07T19:54:13Z"
 principal_expiration_date = datetime.datetime(2020, 12, 7, 19, 54, 13)
@@ -79,1583 +78,6 @@ expired_expiration_string = "1991-12-07T19:54:13Z"
 isodate_re = re.compile('^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z$')
 
 
-def get_user_result(uid, givenname, sn, operation='show', omit=[],
-**overrides):
-"""Get a user result for a user-{add,mod,find,show} command
-
-This gives the result as from a user_add(uid, givenname=givenname, sn=sn);
-modifications to that can be specified in ``omit`` and ``overrides``.
-
-The ``operation`` can be one of:
-- add
-- show
-- show-all ((show with the --all flag)
-- find
-- mod
-
-Attributes named in ``omit`` are removed from the result; any additional
-or non-default values can be specified in ``overrides``.
-"""
-# sn can be None; this should only be used from `get_admin_result`
-cn = overrides.get('cn', ['%s %s' % (givenname, sn or '')])
-cn[0] = cn[0].strip()
-result = add_sid(dict(
-homedirectory=[u'/home/%s' % uid],
-loginshell=[u'/bin/sh'],
-uid=[uid],
-uidnumber=[fuzzy_digits],
-gidnumber=[fuzzy_digits],
-mail=[u'%s@%s' % (uid, api.env.domain)],
-has_keytab=False,
-has_password=False,
-))
-if sn:
-result['sn'] = [sn]
-if give

[Freeipa-devel] [PATCH] First part of the replica promotion tests + testplan

2015-11-09 Thread Oleg Fayans 

Hi guys,

Here are first two automated testcases from this (so far incomplete) 
testplan: http://www.freeipa.org/page/V4/Replica_Promotion/Test_plan


Testplan review is highly appreciated


--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.
From 4f82f36f28bdb700331bb353b0d3862ec4d14a8e Mon Sep 17 00:00:00 2001
From: Oleg Fayans 
Date: Mon, 9 Nov 2015 15:02:45 +0100
Subject: [PATCH] First part of replica promotion tests

---
 ipatests/test_integration/tasks.py |  3 +-
 .../test_integration/test_replica_promotion.py | 61 ++
 2 files changed, 63 insertions(+), 1 deletion(-)
 create mode 100644 ipatests/test_integration/test_replica_promotion.py

diff --git a/ipatests/test_integration/tasks.py b/ipatests/test_integration/tasks.py
index ae26444f6d267c2ea2688cb2aaab5a2059688595..7bb4cbf286babffcb48c8e9e39691df636d89d4d 100644
--- a/ipatests/test_integration/tasks.py
+++ b/ipatests/test_integration/tasks.py
@@ -38,6 +38,7 @@ from ipatests.test_integration import util
 from ipatests.test_integration.env_config import env_to_script
 from ipatests.test_integration.host import Host
 from ipalib.util import get_reverse_zone_default
+from ipalib.constants import MAX_DOMAIN_LEVEL
 
 log = log_mgr.get_logger(__name__)
 
@@ -804,7 +805,7 @@ def tree2_topo(master, replicas):
 master = replica
 
 
-def install_topo(topo, master, replicas, clients,
+def install_topo(topo, master, replicas, clients, domain_level=MAX_DOMAIN_LEVEL,
  skip_master=False, setup_replica_cas=True):
 """Install IPA servers and clients in the given topology"""
 replicas = list(replicas)
diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py
new file mode 100644
index ..2b856b6d62aa914a2ec538303541980a9fc98f57
--- /dev/null
+++ b/ipatests/test_integration/test_replica_promotion.py
@@ -0,0 +1,61 @@
+from ipatests.test_integration.base import IntegrationTest
+from ipatests.test_integration import tasks
+from ipatests.test_integration.test_caless import assert_error
+
+
+class TestLevel0(IntegrationTest):
+"""
+Testcase http://www.freeipa.org/page/V4/Replica_Promotion/Test_plan#
+Test_case:_Make_sure_the_feature_is_unavailable_under_domain_level_0
+"""
+
+topology = 'line'
+num_clients = 1
+domain_level = 0
+num_replicas = 0
+
+@classmethod
+def install(cls, mh):
+tasks.install_topo(cls.topology, cls.master,
+   cls.replicas, cls.clients,
+   cls.domain_level)
+
+def test_promotion_disabled(self):
+client = self.clients[0]
+args = ['ipa-replica-install', '-U',
+'-p', self.master.config.dirman_password,
+'-w', self.master.config.admin_password,
+'--ip-address', client.ip]
+result = client.run_command(args, raiseonerr=False)
+assert_error(result,
+ 'You must provide a file generated by ipa-replica-prepare'
+ ' to create a replica when the domain is at level 0', 1)
+
+
+class TestLevel1(IntegrationTest):
+"""
+TestCase: http://www.freeipa.org/page/V4/Replica_Promotion/Test_plan#
+Test_case:_Make_sure_the_old_workflow_is_disabled_at_domain_level_1
+"""
+
+topology = 'line'
+num_clients = 0
+domain_level = 1
+num_replicas = 1
+
+@classmethod
+def install(cls, mh):
+tasks.install_topo(cls.topology, cls.master,
+   cls.replicas[:-1], cls.clients,
+   cls.domain_level)
+
+def test_replica_prepare_disabled(self):
+config = self.master.config
+replica = self.replicas[0]
+args = ['ipa-replica-prepare',
+'-p', config.dirman_password,
+'--ip-address', replica.ip,
+replica.hostname]
+
+result = self.master.run_command(args, raiseonerr=False)
+assert_error(result, 'supported only in 0-level IPA domain', 1)
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0343] Upgrade: enable custodia service during upgrade

2015-11-09 Thread Gabe Alford 
Ack.

Thanks,

Gabe

On Tue, Nov 3, 2015 at 11:18 AM, Martin Basti  wrote:

> https://fedorahosted.org/freeipa/ticket/5429
>
> Patch attached.
>
> --
> Manage your subscription for the Freeipa-devel mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-devel
> Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
>
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [PATCH 0063] ipa-replica-manage del continues when host does not exist in domain level 1

2015-11-09 Thread Gabe Alford 
Hello,

Fix for https://fedorahosted.org/freeipa/ticket/5424

thanks,

Gabe
From f2f0deee5ca743518d97efe4f01cc22c0672e87a Mon Sep 17 00:00:00 2001
From: Gabe 
Date: Sun, 8 Nov 2015 17:18:17 -0700
Subject: [PATCH] ipa-replica-manage del continues when host does not exist in
 domain level 1

- Raises error and stops operation unless --cleanup is specified.

https://fedorahosted.org/freeipa/ticket/5424
---
 install/tools/ipa-replica-manage | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage
index b9998da44dcc1f01c5eb342ee713634de0ee84ee..ccd48eb635a27b5752484ce68b094c2daf7291fa 100755
--- a/install/tools/ipa-replica-manage
+++ b/install/tools/ipa-replica-manage
@@ -740,7 +740,12 @@ def del_master_managed(realm, hostname, options):
 try:
 api.Command.server_del(hostname_u)
 except errors.NotFound:
-print("Server entry already deleted: %s" % (hostname))
+if not options.cleanup:
+print("%s does not exist. Please specify an actual server or add" \
+  " the\n--cleanup option to force clean up." % (hostname))
+sys.exit(1)
+else:
+print("Server entry already deleted: %s" % (hostname))
 
 # 6. Cleanup
 try:
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] 0001 Refactor test_user_plugin

2015-11-09 Thread Milan Kubík 

On 11/06/2015 11:32 AM, Filip Škola wrote:




Hi,
the patch doesn't apply.

--
Milan Kubik

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0380] spec: Add Provides directives to alternative package names

2015-11-09 Thread Tomas Babej 


On 11/09/2015 01:10 PM, Jan Cholasta wrote:
> Hi,
> 
> On 9.11.2015 12:58, Tomas Babej wrote:
>> Hi,
>>
>> this fixes:
>>
>> https://fedorahosted.org/freeipa/ticket/5408
> 
> a) Don't include %{release} in the Provides, release number is
> meaningless between distros.
> 

Good point.

> b) Please put the Provides near the related Conflicts and Obsoletes,
> like this:
> 
> Provides: %{alt_name}-XXX = %{version}
> Conflicts: %{alt_name}-XXX
> Obsoletes: %{alt_name}-XXX < %{version}
> 
> Honza
> 

Updated version attached.
From c95f9383fcb428a2a21838dcb4940f974e4c57dd Mon Sep 17 00:00:00 2001
From: Tomas Babej 
Date: Mon, 9 Nov 2015 12:15:59 +0100
Subject: [PATCH] spec: Add Provides directives to alternative package names

https://fedorahosted.org/freeipa/ticket/5408
---
 freeipa.spec.in | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 913f03926ef3d2bcdcfc51a6036f7c076a7fb7ef..c3ca3413ffc3850b849a69adbbae8476355f3c76 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -162,6 +162,7 @@ Requires: gzip
 Requires: python-gssapi >= 1.1.0
 Requires: custodia
 
+Provides: %{alt_name}-server = %{version}
 Conflicts: %{alt_name}-server
 Obsoletes: %{alt_name}-server < %{version}
 
@@ -203,6 +204,7 @@ Requires: bind-pkcs11-utils >= 9.9.4-21
 %endif
 Requires: opendnssec >= 1.4.6-4
 
+Provides: %{alt_name}-server-dns = %{version}
 Conflicts: %{alt_name}-server-dns
 Obsoletes: %{alt_name}-server-dns < %{version}
 
@@ -234,6 +236,7 @@ Requires(post): python
 Requires(postun): %{_sbindir}/update-alternatives
 Requires(preun): %{_sbindir}/update-alternatives
 
+Provides: %{alt_name}-server-trust-ad = %{version}
 Conflicts: %{alt_name}-server-trust-ad
 Obsoletes: %{alt_name}-server-trust-ad < %{version}
 
@@ -272,6 +275,7 @@ Requires: libnfsidmap
 Requires: nfs-utils
 Requires(post): policycoreutils
 
+Provides: %{alt_name}-client = %{version}
 Conflicts: %{alt_name}-client
 Obsoletes: %{alt_name}-client < %{version}
 
@@ -292,6 +296,7 @@ Requires: %{name}-python = %{version}-%{release}
 Requires: %{name}-client = %{version}-%{release}
 Requires: python-ldap
 
+Provides: %{alt_name}-admintools = %{version}
 Conflicts: %{alt_name}-admintools
 Obsoletes: %{alt_name}-admintools < %{version}
 
@@ -327,6 +332,7 @@ Requires: python-setuptools
 Requires: python-six
 Requires: python-jwcrypto
 
+Provides: %{alt_name}-python = %{version}
 Conflicts: %{alt_name}-python
 Obsoletes: %{alt_name}-python < %{version}
 
@@ -353,6 +359,7 @@ Requires: python-polib
 Requires: python-pytest-multihost >= 0.5
 Requires: python-pytest-sourceorder
 
+Provides: %{alt_name}-tests = %{version}
 Conflicts: %{alt_name}-tests
 Obsoletes: %{alt_name}-tests < %{version}
 
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0380] spec: Add Provides directives to alternative package names

2015-11-09 Thread Jan Cholasta 

Hi,

On 9.11.2015 12:58, Tomas Babej wrote:

Hi,

this fixes:

https://fedorahosted.org/freeipa/ticket/5408


a) Don't include %{release} in the Provides, release number is 
meaningless between distros.


b) Please put the Provides near the related Conflicts and Obsoletes, 
like this:


Provides: %{alt_name}-XXX = %{version}
Conflicts: %{alt_name}-XXX
Obsoletes: %{alt_name}-XXX < %{version}

Honza

--
Jan Cholasta

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [PATCH 0380] spec: Add Provides directives to alternative package names

2015-11-09 Thread Tomas Babej 
Hi,

this fixes:

https://fedorahosted.org/freeipa/ticket/5408

Tomas
From 8e8ada880170e7fb145d01edf5e4864ea7047d64 Mon Sep 17 00:00:00 2001
From: Tomas Babej 
Date: Mon, 9 Nov 2015 12:15:59 +0100
Subject: [PATCH] spec: Add Provides directives to alternative package names

https://fedorahosted.org/freeipa/ticket/5408
---
 freeipa.spec.in | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 913f03926ef3d2bcdcfc51a6036f7c076a7fb7ef..2086e161c17b1e9ffd984305c418d9a377d59613 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -110,6 +110,7 @@ and integration with Active Directory based infrastructures (Trusts).
 %package server
 Summary: The IPA authentication server
 Group: System Environment/Base
+Provides: %{alt_name}-server = %{version}-%{release}
 Requires: %{name}-python = %{version}-%{release}
 Requires: %{name}-client = %{version}-%{release}
 Requires: %{name}-admintools = %{version}-%{release}
@@ -188,6 +189,7 @@ If you are installing an IPA server, you need to install this package.
 %package server-dns
 Summary: IPA integrated DNS server with support for automatic DNSSEC signing
 Group: System Environment/Base
+Provides: %{alt_name}-server-dns = %{version}-%{release}
 Requires: %{name}-server = %{version}-%{release}
 Requires: bind-dyndb-ldap >= 6.0-4
 %if 0%{?fedora} >= 21
@@ -217,6 +219,7 @@ Integrated DNS server is BIND 9. OpenDNSSEC provides key management.
 %package server-trust-ad
 Summary: Virtual package to install packages required for Active Directory trusts
 Group: System Environment/Base
+Provides: %{alt_name}-server-trust-ad = %{version}-%{release}
 Requires: %{name}-server = %version-%release
 Requires: samba-python
 Requires: samba >= %{samba_version}
@@ -248,6 +251,7 @@ dependencies at once.
 %package client
 Summary: IPA authentication for use on clients
 Group: System Environment/Base
+Provides: %{alt_name}-client = %{version}-%{release}
 Requires: %{name}-python = %{version}-%{release}
 Requires: python-ldap
 Requires: cyrus-sasl-gssapi%{?_isa}
@@ -288,6 +292,7 @@ installed on every client machine.
 %package admintools
 Summary: IPA administrative tools
 Group: System Environment/Base
+Provides: %{alt_name}-admintools = %{version}-%{release}
 Requires: %{name}-python = %{version}-%{release}
 Requires: %{name}-client = %{version}-%{release}
 Requires: python-ldap
@@ -306,6 +311,7 @@ This package provides command-line tools for IPA administrators.
 %package python
 Summary: Python libraries used by IPA
 Group: System Environment/Libraries
+Provides: %{alt_name}-python = %{version}-%{release}
 Requires: python-gssapi >= 1.1.2
 Requires: gnupg
 Requires: iproute
@@ -341,6 +347,7 @@ If you are using IPA, you need to install this package.
 %if ! %{ONLY_CLIENT}
 %package tests
 Summary: IPA tests and test tools
+Provides: %{alt_name}-tests = %{version}-%{release}
 Requires: %{name}-client = %{version}-%{release}
 Requires: %{name}-python = %{version}-%{release}
 Requires: tar
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [patch 0023] Applied tier0 and tier1 marks on unit tests and xmlrpc tests

2015-11-09 Thread Martin Basti 



On 05.11.2015 17:18, Aleš Mareček wrote:

Looks good, ACK.

Pushed to ipa-4-2: 2f703e524552f1122645fdb83bb7808ef75e52fe
Pushed to master: 0a64e9bd7061550b478be889b0e7fc90f560b06c




- Original Message -

From: "Milan Kubík" 
To: freeipa-devel@redhat.com
Sent: Thursday, November 5, 2015 12:20:29 PM
Subject: Re: [Freeipa-devel] [patch 0023] Applied tier0 and tier1 marks on unit 
tests and xmlrpc tests

On 11/05/2015 11:20 AM, Milan Kubík wrote:


Hi list,

these patches introduce the tier categorization into the tests using
pytest's mark mechanism. It is a step towards a change in our CI
with which we hope to get more usefull/readable results as well as
allow us to structure our CI in more logical way.

Because of technical reasons, all tests that are subclasses of `Declarative`
class are marked as tier1 tests. In these tests, if one suite is marked, all
of
the Declarative tests will be run as a big blob.

The marks are not set in stone, please provide some feedback if you think
some of the tests shoult go elsewhere.



Self NACK after irc nitpick. Fixed pep8 complaints.

--
Milan Kubik

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code


--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [PATCH 506] cert renewal: make renewal of ipaCert atomic

2015-11-09 Thread Jan Cholasta 

Hi,

the attached patch fixes .

Honza

--
Jan Cholasta
From d3f532e6a21731216f6593fe368a114d4c60e411 Mon Sep 17 00:00:00 2001
From: Jan Cholasta 
Date: Mon, 9 Nov 2015 10:53:02 +0100
Subject: [PATCH] cert renewal: make renewal of ipaCert atomic

This prevents errors when renewing other certificates during the renewal of
ipaCert.

https://fedorahosted.org/freeipa/ticket/5436
---
 install/restart_scripts/Makefile.am   |  1 +
 install/restart_scripts/renew_ra_cert |  4 +++-
 install/restart_scripts/renew_ra_cert_pre | 18 ++
 ipaserver/install/cainstance.py   |  2 +-
 ipaserver/install/server/upgrade.py   |  4 ++--
 5 files changed, 25 insertions(+), 4 deletions(-)
 create mode 100755 install/restart_scripts/renew_ra_cert_pre

diff --git a/install/restart_scripts/Makefile.am b/install/restart_scripts/Makefile.am
index 58057aa..c4bf819 100644
--- a/install/restart_scripts/Makefile.am
+++ b/install/restart_scripts/Makefile.am
@@ -7,6 +7,7 @@ app_DATA =  \
 	renew_ca_cert			\
 	renew_ra_cert			\
 	stop_pkicad			\
+	renew_ra_cert_pre		\
 	$(NULL)
 
 EXTRA_DIST =\
diff --git a/install/restart_scripts/renew_ra_cert b/install/restart_scripts/renew_ra_cert
index cf770a9..102e8c6 100644
--- a/install/restart_scripts/renew_ra_cert
+++ b/install/restart_scripts/renew_ra_cert
@@ -77,8 +77,10 @@ def _main():
 
 
 def main():
-with certs.renewal_lock:
+try:
 _main()
+finally:
+certs.renewal_lock.release('renew_ra_cert')
 
 
 try:
diff --git a/install/restart_scripts/renew_ra_cert_pre b/install/restart_scripts/renew_ra_cert_pre
new file mode 100755
index 000..d0f743c
--- /dev/null
+++ b/install/restart_scripts/renew_ra_cert_pre
@@ -0,0 +1,18 @@
+#!/usr/bin/python2 -E
+#
+# Copyright (C) 2015  FreeIPA Contributors see COPYING for license
+#
+
+import syslog
+import traceback
+
+from ipaserver.install import certs
+
+
+def main():
+certs.renewal_lock.acquire('renew_ra_cert')
+
+try:
+main()
+except Exception:
+syslog.syslog(syslog.LOG_ERR, traceback.format_exc())
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 23fdf30..1cbc0d0 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -1339,7 +1339,7 @@ class CAInstance(DogtagInstance):
 pin=None,
 pinfile=paths.ALIAS_PWDFILE_TXT,
 secdir=paths.HTTPD_ALIAS_DIR,
-pre_command=None,
+pre_command='renew_ra_cert_pre',
 post_command='renew_ra_cert')
 except RuntimeError as e:
 self.log.error(
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index 4337995..b9621a3 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -806,7 +806,7 @@ def certificate_renewal_update(ca):
 dogtag_constants = dogtag.configured_constants()
 
 # bump version when requests is changed
-version = 3
+version = 4
 requests = (
 (
 dogtag_constants.ALIAS_DIR,
@@ -844,7 +844,7 @@ def certificate_renewal_update(ca):
 paths.HTTPD_ALIAS_DIR,
 'ipaCert',
 'dogtag-ipa-ca-renew-agent',
-None,
+'renew_ra_cert_pre',
 'renew_ra_cert',
 None,
 ),
-- 
2.4.3

From 09ab23ea3fce5d4f4534f5ade951b0cb35228323 Mon Sep 17 00:00:00 2001
From: Jan Cholasta 
Date: Mon, 9 Nov 2015 10:53:02 +0100
Subject: [PATCH] cert renewal: make renewal of ipaCert atomic

This prevents errors when renewing other certificates during the renewal of
ipaCert.

https://fedorahosted.org/freeipa/ticket/5436
---
 install/restart_scripts/Makefile.am   |  1 +
 install/restart_scripts/renew_ra_cert |  4 +++-
 install/restart_scripts/renew_ra_cert_pre | 18 ++
 ipaserver/install/cainstance.py   |  2 +-
 ipaserver/install/server/upgrade.py   |  4 ++--
 5 files changed, 25 insertions(+), 4 deletions(-)
 create mode 100755 install/restart_scripts/renew_ra_cert_pre

diff --git a/install/restart_scripts/Makefile.am b/install/restart_scripts/Makefile.am
index 58057aa..c4bf819 100644
--- a/install/restart_scripts/Makefile.am
+++ b/install/restart_scripts/Makefile.am
@@ -7,6 +7,7 @@ app_DATA =  \
 	renew_ca_cert			\
 	renew_ra_cert			\
 	stop_pkicad			\
+	renew_ra_cert_pre		\
 	$(NULL)
 
 EXTRA_DIST =\
diff --git a/install/restart_scripts/renew_ra_cert b/install/restart_scripts/renew_ra_cert
index 3a36f73..f4b193f 100644
--- a/install/restart_scripts/renew_ra_cert
+++ b/install/restart_scripts/renew_ra_cert
@@ -77,8 +77,10 @@ def _main():
 
 
 def main():
-with certs.renewal_lock:
+try:
 _main()
+finally:
+certs.renewal_lock.release('renew_ra_cert')
 
 
 try:
diff --git a/install/restart_sc

Re: [Freeipa-devel] [PATCH 0094] Fix bogus error message in choice-type installer options

2015-11-09 Thread Martin Babinsky 

On 11/09/2015 07:15 AM, Jan Cholasta wrote:

On 6.11.2015 17:02, Martin Babinsky wrote:

On 11/06/2015 10:30 AM, Martin Babinsky wrote:

https://fedorahosted.org/freeipa/ticket/5433





Attaching updated patch.


NACK, the first patch was better, there should be quotes around the values.



Attaching updated patch.

--
Martin^3 Babinsky
From 9a4b22231a8ed8aaaceb43bf26e800c63bebc91a Mon Sep 17 00:00:00 2001
From: Martin Babinsky 
Date: Fri, 6 Nov 2015 10:05:42 +0100
Subject: [PATCH] fix error reporting when installer option is supplied with
 invalid choice

https://fedorahosted.org/freeipa/ticket/5433
---
 ipapython/install/cli.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ipapython/install/cli.py b/ipapython/install/cli.py
index d2250e51650b9de1c85473399e3462f42bf8770b..aed0bc9fe12e0c56987a4e2f78d73f476dcfc2c8 100644
--- a/ipapython/install/cli.py
+++ b/ipapython/install/cli.py
@@ -218,7 +218,8 @@ class ConfigureTool(admintool.AdminTool):
 if value not in value_type:
 raise ValueError(
 "invalid choice {0} (choose from {1})".format(
-repr(value), ', '.join(repr(value_type
+repr(value), ', '.join(
+sorted(repr(v) for v in value_type
 return value
 else:
 parse = value_type
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code