mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 23:50:03 -06:00
Remove support for replica_file option from ipa-kra-install
Raise "Domain level 0 is not supported anymore" error if there are remainaing args after parsing. Remove all "DOMAIN LEVEL 0" and "DOMAIN LEVEL 1" prefixes from the man page. See: https://pagure.io/freeipa/issue/7669 Signed-off-by: Thomas Woerner <twoerner@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
This commit is contained in:
parent
a170b284c4
commit
5f5180b825
@ -20,10 +20,6 @@
|
||||
.SH "NAME"
|
||||
ipa\-kra\-install \- Install a KRA on a server
|
||||
.SH "SYNOPSIS"
|
||||
.SS "DOMAIN LEVEL 0"
|
||||
.TP
|
||||
ipa\-kra\-install [\fIOPTION\fR]... [replica_file]
|
||||
.SS "DOMAIN LEVEL 1"
|
||||
.TP
|
||||
ipa\-kra\-install [\fIOPTION\fR]...
|
||||
.SH "DESCRIPTION"
|
||||
@ -31,12 +27,9 @@ Adds a KRA as an IPA\-managed service. This requires that the IPA server is alre
|
||||
|
||||
The KRA (Key Recovery Authority) is a component used to securely store secrets such as passwords, symmetric keys and private asymmetric keys. It is used as the back-end repository for the IPA Password Vault.
|
||||
|
||||
In a domain at domain level 0, ipa\-kra\-install can be run without replica_file to add KRA to the existing CA, or with replica_file to install the KRA service on the replica.
|
||||
ipa\-kra\-install will contact the CA to determine if a KRA has already been installed on another replica, and if so, will exit indicating that a replica_file is required.
|
||||
Domain level 0 is not supported anymore.
|
||||
|
||||
The replica_file is created using the ipa\-replica\-prepare utility. A new replica_file should be generated on the master IPA server after the KRA has been installed and configured, so that the replica_file will contain the master KRA configuration and system certificates.
|
||||
|
||||
In a domain at domain level 1, ipa\-kra\-install can be used to add KRA to the existing CA, or to install the KRA service on a replica, and does not require any replica file.
|
||||
ipa\-kra\-install can be used to add KRA to the existing CA, or to install the KRA service on a replica.
|
||||
|
||||
KRA can only be removed along with the entire server using ipa\-server\-install \-\-uninstall.
|
||||
.SH "OPTIONS"
|
||||
|
@ -48,7 +48,7 @@ class KRAInstall(admintool.AdminTool):
|
||||
|
||||
command_name = 'ipa-kra-install'
|
||||
|
||||
usage = "%prog [options] [replica_file]"
|
||||
usage = "%prog [options]"
|
||||
|
||||
description = "Install a master or replica KRA."
|
||||
|
||||
@ -121,6 +121,8 @@ class KRAInstaller(KRAInstall):
|
||||
if len(self.args) > 1:
|
||||
self.option_parser.error("Too many arguments provided")
|
||||
elif len(self.args) == 1:
|
||||
# Domain level 0 is not supported anymore
|
||||
self.option_parser.error("Domain level 0 is not supported anymore")
|
||||
self.replica_file = self.args[0]
|
||||
if not os.path.isfile(self.replica_file):
|
||||
self.option_parser.error(
|
||||
@ -191,6 +193,9 @@ class KRAInstaller(KRAInstall):
|
||||
config.top_dir = tempfile.mkdtemp("ipa")
|
||||
config.dir = config.top_dir
|
||||
else:
|
||||
# Domain level 0 is not supported anymore
|
||||
raise admintool.ScriptError(
|
||||
"Domain level 0 is not supported anymore")
|
||||
config = create_replica_config(
|
||||
self.options.password,
|
||||
self.replica_file,
|
||||
|
Loading…
Reference in New Issue
Block a user