Re: [Freeipa-devel] [PATCH] 0010 ipa-client-install does not clean up /etc/ipa/ca.crt after a failed attempt
On 10/16/2013 10:52 AM, Martin Basti wrote: > On Wed, 2013-10-16 at 10:36 +0200, Martin Kosek wrote: >> On 10/16/2013 10:10 AM, Martin Basti wrote: >>> On Tue, 2013-10-15 at 11:37 +0200, Martin Basti wrote: Added warning if cert. exists (client) https://fedorahosted.org/freeipa/ticket/3944 >> >> 1) Patch subject uses wrong path to cert >> > Fixed >> 2) The warning seems to chatty to me: >> >> # ipa-client-install -p admin -w kokos123 >> Certificate '/etc/ipa/ca.crt' exists and will be used. Make sure that >> certificate is valid (or remove it), otherwise client will not be able to >> join. >> Discovery was successful! >> ... >> >> We just want to notify user that we are using the cert and what is the path >> (as >> this is something new to FreeIPA newbies), this seems easier to read to me: >> >> # ipa-client-install -p admin -w kokos123 >> Using existing certificate /etc/ipa/ca.crt >> Discovery was successful! >> ... >> > Fixed > ACK! Pushed to master. Thanks, Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0010 ipa-client-install does not clean up /etc/ipa/ca.crt after a failed attempt
On Wed, 2013-10-16 at 10:36 +0200, Martin Kosek wrote:
> On 10/16/2013 10:10 AM, Martin Basti wrote:
> > On Tue, 2013-10-15 at 11:37 +0200, Martin Basti wrote:
> >> Added warning if cert. exists (client)
> >>
> >> https://fedorahosted.org/freeipa/ticket/3944
>
> 1) Patch subject uses wrong path to cert
>
Fixed
> 2) The warning seems to chatty to me:
>
> # ipa-client-install -p admin -w kokos123
> Certificate '/etc/ipa/ca.crt' exists and will be used. Make sure that
> certificate is valid (or remove it), otherwise client will not be able to
> join.
> Discovery was successful!
> ...
>
> We just want to notify user that we are using the cert and what is the path
> (as
> this is something new to FreeIPA newbies), this seems easier to read to me:
>
> # ipa-client-install -p admin -w kokos123
> Using existing certificate /etc/ipa/ca.crt
> Discovery was successful!
> ...
>
Fixed
> Martin
--
Martin Basti
>From 1ba0ef838dab971f51005cae0bd8f9e39f398ee3 Mon Sep 17 00:00:00 2001
From: Martin Basti
Date: Tue, 15 Oct 2013 11:31:49 +0200
Subject: [PATCH] Added warning if cert '/etc/ipa/ca.crt' exists
https://fedorahosted.org/freeipa/ticket/3944
---
ipa-client/ipa-install/ipa-client-install | 4
1 file changed, 4 insertions(+)
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 3c78c844b17468f347ef04198d58a12b11e4b4cb..cf27788f8c189721a1f644fa5841466abfbca54e 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -1889,6 +1889,10 @@ def install(options, env, fstore, statestore):
root_logger.warning("Option 'force-join' has no additional effect "
"when used with together with option 'keytab'.")
+# Check if old certificate exist and show warning
+if not options.ca_cert_file and get_cert_path(options.ca_cert_file) == CACERT:
+root_logger.warning("Using existing certificate '%s'.", CACERT)
+
# Create the discovery instance
ds = ipadiscovery.IPADiscovery()
--
1.8.3.1
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0010 ipa-client-install does not clean up /etc/ipa/ca.crt after a failed attempt
On 10/16/2013 10:10 AM, Martin Basti wrote: > On Tue, 2013-10-15 at 11:37 +0200, Martin Basti wrote: >> Added warning if cert. exists (client) >> >> https://fedorahosted.org/freeipa/ticket/3944 1) Patch subject uses wrong path to cert 2) The warning seems to chatty to me: # ipa-client-install -p admin -w kokos123 Certificate '/etc/ipa/ca.crt' exists and will be used. Make sure that certificate is valid (or remove it), otherwise client will not be able to join. Discovery was successful! ... We just want to notify user that we are using the cert and what is the path (as this is something new to FreeIPA newbies), this seems easier to read to me: # ipa-client-install -p admin -w kokos123 Using existing certificate /etc/ipa/ca.crt Discovery was successful! ... Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0010 ipa-client-install does not clean up /etc/ipa/ca.crt after a failed attempt
On Tue, 2013-10-15 at 11:37 +0200, Martin Basti wrote:
> Added warning if cert. exists (client)
>
> https://fedorahosted.org/freeipa/ticket/3944
> ___
> Freeipa-devel mailing list
> Freeipa-devel@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
Supress warning if user select /etc/ipa/ca.crt manually with
--ca-cert-file option
--
Martin Basti
>From 129183b1d8237eca61bd9219d7c44a84e1747cce Mon Sep 17 00:00:00 2001
From: Martin Basti
Date: Tue, 15 Oct 2013 11:31:49 +0200
Subject: [PATCH] Added warning if cert '/etc/ipa/ca.cert' exists
https://fedorahosted.org/freeipa/ticket/3944
---
ipa-client/ipa-install/ipa-client-install | 6 ++
1 file changed, 6 insertions(+)
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 3c78c844b17468f347ef04198d58a12b11e4b4cb..00a45a8929783d3e0f71171a6a149f5633396f53 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -1889,6 +1889,12 @@ def install(options, env, fstore, statestore):
root_logger.warning("Option 'force-join' has no additional effect "
"when used with together with option 'keytab'.")
+# Check if old certificate exist and show warning
+if not options.ca_cert_file and get_cert_path(options.ca_cert_file) == CACERT:
+root_logger.warning("Certificate '%s' exists and will be used. "
+"Make sure that certificate is valid (or remove it), "
+"otherwise client will not be able to join.", CACERT)
+
# Create the discovery instance
ds = ipadiscovery.IPADiscovery()
--
1.8.3.1
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 0010 ipa-client-install does not clean up /etc/ipa/ca.crt after a failed attempt
Added warning if cert. exists (client)
https://fedorahosted.org/freeipa/ticket/3944
--
Martin Basti
>From 934ebe5277005e314fd1ef7fb92525219429b7af Mon Sep 17 00:00:00 2001
From: Martin Basti
Date: Tue, 15 Oct 2013 11:31:49 +0200
Subject: [PATCH] Added warning if cert '/etc/ipa/ca.cert' exists
https://fedorahosted.org/freeipa/ticket/3944
---
ipa-client/ipa-install/ipa-client-install | 6 ++
1 file changed, 6 insertions(+)
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 3c78c844b17468f347ef04198d58a12b11e4b4cb..3532584bf7436743bfa4add788b90f05e316fbb7 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -1889,6 +1889,12 @@ def install(options, env, fstore, statestore):
root_logger.warning("Option 'force-join' has no additional effect "
"when used with together with option 'keytab'.")
+# Check if old certificate exist and show warning
+if get_cert_path(options.ca_cert_file) == CACERT:
+root_logger.warning("Certificate '%s' exists and will be used. "
+"Make sure that certificate is valid (or remove it), "
+"otherwise client will not be able to join.", CACERT)
+
# Create the discovery instance
ds = ipadiscovery.IPADiscovery()
--
1.8.3.1
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
