URL: https://github.com/freeipa/freeipa/pull/5178
Author: tiran
Title: #5178: [Backport][ipa-4-8] Replace sudo with runuser
Action: opened
PR body:
"""
This PR was opened automatically because PR #5177 was pushed to master and backport to ipa-4-8 is required.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5178/head:pr5178
git checkout pr5178
URL: https://github.com/freeipa/freeipa/pull/5173
Author: tiran
Title: #5173: Use separate install logs for AD and DNS instance
Action: opened
PR body:
"""
ipa-dns-install and ipa-adtrust-install no longer overwrite
ipaserver-install.log. Instead they use a separate log file.
Add AD-Trust, DNS, KRA, and replica log files to backups.
Fixes: https://pagure.io/freeipa/issue/8528
Signed-off-by: Christian Heimes <cheimes(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5173/head:pr5173
git checkout pr5173
URL: https://github.com/freeipa/freeipa/pull/5172
Author: miskopo
Title: #5172: ipatests: test_adtrust_install: Adtrust agents are recreated after upgrade
Action: opened
PR body:
"""
Test for adtrust agents being recreated after ipa-upgrade. If adtrust
agents are manually removed before an upgrade, they should be automatically
recreated after.
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1781153
Signed-off-by: Michal Polovka <mpolovka(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5172/head:pr5172
git checkout pr5172
URL: https://github.com/freeipa/freeipa/pull/5167
Author: tiran
Title: #5167: Speed up PKI installer steps
Action: opened
PR body:
"""
## Skip duplicate import of cert profiles
All supported Dogtag versions import the cert profiles during pkispawn
when using the LDAP profile backend.
This reduces the installation time by 9 to 14 seconds
## Dogtag: Remove set_audit_renewal step
The step set_audit_renewal modifies Dogtag's caSignedLogCert.cfg to bump
renewal to 2 years. The problem was fixed in Dogtag upstream in 2012 before
Dogtag 10.0 came out, see https://github.com/dogtagpki/pki/commit/f5b8ea5b087f642a0208c228dce6f700cd7…
The update step would also no longer work. Profiles have been migrated
to LDAP several FreeIPA releases ago. pkispawn populates LDAP with all
of Dogtag's default profiles. FreeIPA does not overwrite any existing
profiles.
Win: 11 to 50 seconds
## Spawn PKI: Execute more steps early
Move several steps to an earlier phase of CA spawn. RA and ACME agent
ACLs are now configured while the server is down. This avoids yet
another restart and saves between 11 and 50 seconds per installation.
Total: ~30s to ~90s
Related: https://pagure.io/freeipa/issue/8521
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5167/head:pr5167
git checkout pr5167
URL: https://github.com/freeipa/freeipa/pull/5164
Author: tiran
Title: #5164: Speed up DS related installer steps
Action: opened
PR body:
"""
## Remove root-autobind configuration
The new lib389-based installer configured 389-DS with LDAPI support and
autobind for root.
cn=root-autobind,cn=config entry is no longer needed.
## Skip offline dse.ldif patching by default
The installer now stop and patches dse.ldif only when the option
--dirsrv-config-file is used. LDBM nsslapd-db-locks are increased in a
new step. This speeds up installer by 4 or more seconds on a fast system.
## Remove magic sleep from create_index_task
11 years ago 5ad91a0781 added a magic sleep to work around a rare deadlock
bug in memberOf plugin. Thierry is not aware of any outstanding issues
with memberOf plugin that could lead to a deadlock.
Total speedup: ~10s
Related: https://pagure.io/freeipa/issue/8521
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5164/head:pr5164
git checkout pr5164
URL: https://github.com/freeipa/freeipa/pull/5135
Author: menonsudhir
Title: #5135: ipatests: ipa-healthcheck test fixes running on RHEL
Action: opened
PR body:
"""
ipatests: ipa-healthcheck test fixes running on RHEL
1. Added function in tasks.py to get healthcheck version.
2. Added if else condition to certain tests to check healthcheck version and then assert the expected test output
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5135/head:pr5135
git checkout pr5135