On Aug. 2, 2014, 11:41 a.m., Simo Sorce wrote:
config/roles/domaincontroller/role.py, lines 47-48 http://reviewboard-fedoraserver.rhcloud.com/r/63/diff/1/?file=254#file254line47
Don't you need to list kerberos and https ports too ? (and ntp)
The firewalld service objects contain the complete set of available ports. There are two flavors of them, one that has everything but ldaps and one that has everything but ldap-on-389. For the Fedora Server, we're defaulting to having both 389 and 636 open.
On Aug. 2, 2014, 11:41 a.m., Simo Sorce wrote:
config/roles/domaincontroller/role.py, line 157 http://reviewboard-fedoraserver.rhcloud.com/r/63/diff/1/?file=254#file254line157
Are we sure it is a good idea to default the DM password to the admin password ?
We're trying to simplify things as much as is reasonably possible. You can *always* choose to specify it, but after talking to UXD folks, they mostly agree that it's acceptable for the initial passwords to be the same.
Another option would be to randomly-generate the admin password and return it, but that will require some consideration (since it will mean revising the API to expect return values).
- Stephen
----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: http://reviewboard-fedoraserver.rhcloud.com/r/63/#review210 -----------------------------------------------------------
On Aug. 1, 2014, 9:11 p.m., Stephen Gallagher wrote:
This is an automatically generated e-mail. To reply, visit: http://reviewboard-fedoraserver.rhcloud.com/r/63/
(Updated Aug. 1, 2014, 9:11 p.m.)
Review request for RoleKit Mailing List, Miloslav Trmac, Stephen Gallagher, Simo Sorce, and Thomas Woerner.
Repository: rolekit
Description
Domain Controller deployment
Diffs
config/roles/domaincontroller/role.py 358deca3fc7172929d53d2c77efd5c919da2aea9
Diff: http://reviewboard-fedoraserver.rhcloud.com/r/63/diff/
Testing
Performed a mostly-successful deployment of FreeIPA onto a Fedora 21 VM.
(Mostly-successful because there appears to be an ipa-server-install bug preventing successful completion, but that should be irrelevant to this patch).
Thanks,
Stephen Gallagher