IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-25 16:31:08 -06:00
Code Issues Packages Projects Releases Wiki Activity

Offer more general way to check domain level in replicainstall

Browse Source 
Domain levels 0 and 1 use the same mechanism of checking domain
level correctness. Group them together and make it more general
should there be more domain levels in the future (although lets
hope there won't be).

https://fedorahosted.org/freeipa/ticket/6392

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
Stanislav Laznicka 2016-11-07 17:36:57 +01:00 committed by Jan Cholasta
parent 37578cfc2b
commit 1e6366bc9f
1 changed files with 49 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
ipaserver/install/server/replicainstall.py
View File

@ -570,6 +570,52 @@ def common_check(no_ntp):
pass
def check_domain_level(api, expected):
# Detect the current domain level
try:
current = api.Command['domainlevel_get']()['result']
except errors.NotFound:
# If we're joining an older master, domain entry is not
# available
current = constants.DOMAIN_LEVEL_0
if expected == constants.DOMAIN_LEVEL_0:
message = (
"You must provide a file generated by ipa-replica-prepare to "
"create a replica when the domain is at level 0."
)
else:
message = (
"You used wrong mechanism to install a replica in domain level "
"{dl}:\n"
"\tDomain level 0 requires a replica file as a positional "
"arugment.\n"
"\tFor domain level 1 replica instalation, a replica file must "
"not be used but you can can join the domain by running "
"ipa-client-install first and then try"
"to run this installation again."
.format(dl=expected)
)
if current != expected:
raise RuntimeError(message)
# Detect if current level is out of supported range
# for this IPA version
under_lower_bound = current < constants.MIN_DOMAIN_LEVEL
above_upper_bound = current > constants.MAX_DOMAIN_LEVEL
if under_lower_bound or above_upper_bound:
message = ("This version of FreeIPA does not support "
"the Domain Level which is currently set for "
"this domain. The Domain Level needs to be "
"raised before installing a replica with "
"this version is allowed to be installed "
"within this domain.")
root_logger.error(message)
raise ScriptError(message, rval=3)
def enroll_dl0_replica(installer, fstore, remote_api, debug=False):
"""
Do partial host enrollment in DL0:
@ -729,36 +775,7 @@ def install_check(installer):
config.host_name)
raise ScriptError(msg, rval=3)
# Detect the current domain level
try:
current = remote_api.Command['domainlevel_get']()['result']
except errors.NotFound:
# If we're joining an older master, domain entry is not
# available
current = constants.DOMAIN_LEVEL_0
if current != constants.DOMAIN_LEVEL_0:
raise RuntimeError(
"You cannot use a replica file to join a replica when the "
"domain is above level 0. Please join the system to the "
"domain by running ipa-client-install first, the try again "
"without a replica file."
)
# Detect if current level is out of supported range
# for this IPA version
under_lower_bound = current < constants.MIN_DOMAIN_LEVEL
above_upper_bound = current > constants.MAX_DOMAIN_LEVEL
if under_lower_bound or above_upper_bound:
message = ("This version of FreeIPA does not support "
"the Domain Level which is currently set for "
"this domain. The Domain Level needs to be "
"raised before installing a replica with "
"this version is allowed to be installed "
"within this domain.")
root_logger.error(message)
raise ScriptError(message, rval=3)
check_domain_level(remote_api, expected=constants.DOMAIN_LEVEL_0)
# Check pre-existing host entry
try:
@ -1073,19 +1090,8 @@ def promote_check(installer):
replman = ReplicationManager(config.realm_name,
config.master_host_name, None)
# Detect the current domain level
try:
current = remote_api.Command['domainlevel_get']()['result']
except errors.NotFound:
# If we're joining an older master, domain entry is not
# available
current = constants.DOMAIN_LEVEL_0
if current == constants.DOMAIN_LEVEL_0:
raise RuntimeError(
"You must provide a file generated by ipa-replica-prepare to "
"create a replica when the domain is at level 0."
)
promotion_check_ipa_domain(conn, remote_api.env.basedn)
check_domain_level(remote_api, expected=constants.DOMAIN_LEVEL_1)
# Check authorization
result = remote_api.Command['hostgroup_find'](
@ -1125,7 +1131,6 @@ def promote_check(installer):
conn.disconnect()
conn.connect(ccache=ccache)
promotion_check_ipa_domain(conn, remote_api.env.basedn)
# Check that we don't already have a replication agreement
if replman.get_replication_agreement(config.host_name):
@ -1136,21 +1141,6 @@ def promote_check(installer):
.format(host=config.host_name))
raise ScriptError(msg, rval=3)
# Detect if current level is out of supported range
# for this IPA version
under_lower_bound = current < constants.MIN_DOMAIN_LEVEL
above_upper_bound = current > constants.MAX_DOMAIN_LEVEL
if under_lower_bound or above_upper_bound:
message = ("This version of FreeIPA does not support "
"the Domain Level which is currently set for "
"this domain. The Domain Level needs to be "
"raised before installing a replica with "
"this version is allowed to be installed "
"within this domain.")
root_logger.error(message)
raise ScriptError(rval=3)
# Detect if the other master can handle replication managers
# cn=replication managers,cn=sysaccounts,cn=etc,$SUFFIX
dn = DN(('cn', 'replication managers'), ('cn', 'sysaccounts'),