[freeipa PR#954][opened] py3 conncheck + service plugin fixes
by stlaz
URL: https://github.com/freeipa/freeipa/pull/954
Author: stlaz
Title: #954: py3 conncheck + service plugin fixes
Action: opened
PR body:
"""
commit 09942d0268f02ed15df5f7f3aad3220196c5a41c (HEAD -> py3-conncheck, private/py3-conncheck)
Author: Stanislav Laznicka <slaznick(a)redhat.com>
Date: Wed Aug 2 16:05:16 2017 +0200
conncheck: fix progression on failure
traceback.format_exc() does not take exception object as an argument.
This made Python 3 get stuck amid ipa-replica-conncheck, probably
because it was waiting for a thread to finish.
https://pagure.io/freeipa/issue/4985
commit fe820cbc1f3469150ab90af401b119d5d316f3ab
Author: Stanislav Laznicka <slaznick(a)redhat.com>
Date: Wed Aug 2 15:59:39 2017 +0200
kerberos: fix sorting Principal objects
When service-find was issued under Python 3, the command fails
because it tried to sort a list of Principal objects which was not
possible.
https://pagure.io/freeipa/issue/4985
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/954/head:pr954
git checkout pr954
6 years, 8 months
[freeipa PR#965][opened] [ipa-4-5] Restore old version of caIPAserviceCert for upgrade only
by frasertweedale
URL: https://github.com/freeipa/freeipa/pull/965
Author: frasertweedale
Title: #965: [ipa-4-5] Restore old version of caIPAserviceCert for upgrade only
Action: opened
PR body:
"""
The latest version of caIPAserviceCert profile includes a feature
that is not available before Dogtag 10.4, and this version of the
profile is intended for new installs only (otherwise, problems will
arise in topologies containing CA replicas at an earlier version).
But IPA versions before v4.2 did not use LDAP-based profiles, so the
new version of the profile gets imported when upgrading from
pre-v4.2 to v4.5 or later.
We do not yet have a proper version- and topology-aware profile
update mechanism, so to resolve this issue, ship the older version
of the profile alongside the newer version, and make sure we use the
older version when importing the profile in an upgrade context.
https://pagure.io/freeipa/issue/7097
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/965/head:pr965
git checkout pr965
6 years, 8 months
[freeipa PR#964][opened] Restore old version of caIPAserviceCert for upgrade only
by frasertweedale
URL: https://github.com/freeipa/freeipa/pull/964
Author: frasertweedale
Title: #964: Restore old version of caIPAserviceCert for upgrade only
Action: opened
PR body:
"""
The latest version of caIPAserviceCert profile includes a feature
that is not available before Dogtag 10.4, and this version of the
profile is intended for new installs only (otherwise, problems will
arise in topologies containing CA replicas at an earlier version).
But IPA versions before v4.2 did not use LDAP-based profiles, so the
new version of the profile gets imported when upgrading from
pre-v4.2 to v4.5 or later.
We do not yet have a proper version- and topology-aware profile
update mechanism, so to resolve this issue, ship the older version
of the profile alongside the newer version, and make sure we use the
older version when importing the profile in an upgrade context.
https://pagure.io/freeipa/issue/7097
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/964/head:pr964
git checkout pr964
6 years, 8 months
Running FreeIPA under Python 3
by Stanislav Láznička
Hi all,
Python 3 porting of FreeIPA is almost finishing. If you want to try and help development of FreeIPA in Python 3, feel free to do the following:
1) run installation (or the 'ipa') scripts with Python 3 like so: `python3 -bb /path/to/script`. You can find most if not all installation scripts in /usr/sbin directory. The "-bb" switch allows detection of using string/bytes instances incorrectly (for details, see help/man).
2) run the server in Python 3. To do that, you just simply install python3-mod_wsgi on your system and then restart the httpd service (if you've previously installed IPA, otherwise you should be fine to just install it without restarting anything).
You want to be doing this on at least Fedora 26 since it contains the latest version of python-ldap. Please report any issues you might encounter.
Happy hacking,
Standa
6 years, 8 months