Check IPA configuration in install tools

Install tools may fail with unexpected error when IPA server is not installed on a system. Improve user experience by implementing a check to affected tools. https://fedorahosted.org/freeipa/ticket/1327 https://fedorahosted.org/freeipa/ticket/1347
2025-02-25 18:55:28 -06:00 · 2011-07-18 09:33:57 +02:00
parent 5f0adc3fbe
commit 50a2c45760
8 changed files with 58 additions and 11 deletions
--- a/install/tools/ipa-compliance
+++ b/install/tools/ipa-compliance
@@ -35,6 +35,7 @@ try:

    from ipaserver.plugins.ldap2 import ldap2
    from ipalib import api, errors, backend
+    from ipaserver.install import installutils
 except ImportError, e:
    # If python-rhsm isn't installed exit gracefully and quietly.
    if e.args[0] == 'No module named rhsm.certificate':
@@ -165,8 +166,7 @@ def check_compliance(tmpdir, debug=False):
            print 'IPA is in compliance: %d of %d entitlements used.' % (hostcount, available)

 def main():
-    if os.getegid() != 0:
-        sys.exit("Must be root to check compliance")
+    installutils.check_server_configuration()

    if not os.path.exists('/etc/ipa/default.conf'):
        return 0
@@ -189,4 +189,12 @@ def main():

    return 0

-sys.exit(main())
+try:
+    if not os.geteuid()==0:
+        sys.exit("\nMust be root to check compliance\n")
+
+    main()
+except SystemExit, e:
+    sys.exit(e)
+except RuntimeError, e:
+    sys.exit(e)
--- a/install/tools/ipa-dns-install
+++ b/install/tools/ipa-dns-install
@@ -24,6 +24,7 @@ import traceback
 from ipaserver.plugins.ldap2 import ldap2
 from ipaserver.install import bindinstance, ntpinstance
 from ipaserver.install.installutils import *
+from ipaserver.install import installutils
 from ipapython import version
 from ipapython import ipautil, sysrestore
 from ipalib import api, errors, util
@@ -71,6 +72,8 @@ def main():
    if os.getegid() != 0:
        sys.exit("Must be root to setup server")

+    installutils.check_server_configuration()
+
    standard_logging_setup("/var/log/ipaserver-install.log", options.debug, filemode='a')
    print "\nThe log file for this installation can be found in /var/log/ipaserver-install.log"

--- a/install/tools/ipa-ldap-updater
+++ b/install/tools/ipa-ldap-updater
@@ -85,9 +85,7 @@ def main():
        loglevel = logging.DEBUG

    if os.getegid() == 0:
-        fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
-        if not fstore.has_files():
-            sys.exit("IPA is not configured on this system.")
+        installutils.check_server_configuration()
    elif not os.path.exists('/etc/ipa/default.conf'):
        sys.exit("IPA is not configured on this system.")

@@ -149,8 +147,7 @@ except BadSyntax, e:
    print "  %s" % e
    sys.exit(1)
 except RuntimeError, e:
-    print "%s" % e
-    sys.exit(1)
+    sys.exit(e)
 except SystemExit, e:
    sys.exit(e)
 except KeyboardInterrupt, e:
--- a/install/tools/ipa-nis-manage
+++ b/install/tools/ipa-nis-manage
@@ -87,6 +87,8 @@ def main():
    if os.getegid() != 0:
        sys.exit('Must be root to use this tool.')

+    installutils.check_server_configuration()
+
    options, args = parse_options()
    if options.debug:
        loglevel = logging.DEBUG
--- a/install/tools/ipa-replica-manage
+++ b/install/tools/ipa-replica-manage
@@ -412,6 +412,11 @@ def force_sync(realm, thishost, fromhost, dirman_passwd):
    repl.force_sync(repl.conn, thishost)

 def main():
+    if os.getegid() == 0:
+        installutils.check_server_configuration()
+    elif not os.path.exists('/etc/ipa/default.conf'):
+        sys.exit("IPA is not configured on this system.")
+
    options, args = parse_options()

    # Just initialize the environment. This is so the installer can have
@@ -480,6 +485,8 @@ except KeyboardInterrupt:
    sys.exit(1)
 except SystemExit, e:
    sys.exit(e)
+except RuntimeError, e:
+    sys.exit(e)
 except ldap.INVALID_CREDENTIALS:
    print "Invalid password"
    sys.exit(1)
--- a/install/tools/ipa-replica-prepare
+++ b/install/tools/ipa-replica-prepare
@@ -65,6 +65,7 @@ def parse_options():
                      default=True, help="disables pkinit setup steps")

    options, args = parser.parse_args()
+    config.init_config()

    if not options.ip_address:
        if options.reverse_zone:
@@ -230,6 +231,7 @@ def get_dirman_password():
    return installutils.read_password("Directory Manager (existing master)", confirm=False, validate=False)

 def main():
+    installutils.check_server_configuration()
    if not check_replication_plugin():
        sys.exit(1)
    options, args = parse_options()
@@ -460,6 +462,8 @@ try:
    main()
 except SystemExit, e:
    sys.exit(e)
+except RuntimeError, e:
+    sys.exit(e)
 except Exception, e:
    print "preparation of replica failed: %s" % str(e)
    message = str(e)
--- a/install/tools/ipa-server-certinstall
+++ b/install/tools/ipa-server-certinstall
@@ -32,6 +32,7 @@ from ipapython.ipautil import user_input
 from ipaserver.install import certs, dsinstance, httpinstance, installutils
 from ipalib import api
 from ipaserver.plugins.ldap2 import ldap2
+from ipaserver.install import installutils

 def get_realm_name():
    c = krbV.default_context()
@@ -120,6 +121,8 @@ def import_cert(dirname, pkcs12_fname, pkcs12_passwd, db_password):
    return server_cert

 def main():
+    installutils.check_server_configuration()
+
    options, pkcs12_fname = parse_options()

    cfg = dict(in_server=True,)
@@ -160,4 +163,12 @@ def main():

    return 0

-sys.exit(main())
+try:
+    if not os.geteuid()==0:
+        sys.exit("\nYou must be root to run this script.\n")
+
+    main()
+except SystemExit, e:
+    sys.exit(e)
+except RuntimeError, e:
+    sys.exit(e)
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -32,8 +32,7 @@ import time
 import tempfile
 from ConfigParser import SafeConfigParser

-from ipapython import ipautil
-from ipapython import dnsclient
+from ipapython import ipautil, dnsclient, sysrestore

 class HostnameLocalhost(Exception):
    pass
@@ -499,3 +498,19 @@ def read_replica_info(dir, rconfig):
    rconfig.domain_name = config.get("realm", "domain_name")
    rconfig.host_name = config.get("realm", "destination_host")
    rconfig.subject_base = config.get("realm", "subject_base")
+
+def check_server_configuration():
+    """
+    Check if IPA server is configured on the system.
+
+    This is done by checking if there are system restore (uninstall) files
+    present on the system. Note that this check can only be run with root
+    privileges.
+
+    When IPA is not configured, this function raises a RuntimeError exception.
+    Most convenient use case for the function is in install tools that require
+    configured IPA for its function.
+    """
+    server_fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
+    if not server_fstore.has_files():
+        raise RuntimeError("IPA is not configured on this system.")