Remove support for replica_file option from ipa-kra-install

Raise "Domain level 0 is not supported anymore" error if there are
remainaing args after parsing. Remove all "DOMAIN LEVEL 0" and
"DOMAIN LEVEL 1" prefixes from the man page.

See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
This commit is contained in:
Thomas Woerner 2018-08-07 11:17:23 +02:00 committed by Christian Heimes
parent a170b284c4
commit 5f5180b825
2 changed files with 8 additions and 10 deletions

View File

@ -20,10 +20,6 @@
.SH "NAME"
ipa\-kra\-install \- Install a KRA on a server
.SH "SYNOPSIS"
.SS "DOMAIN LEVEL 0"
.TP
ipa\-kra\-install [\fIOPTION\fR]... [replica_file]
.SS "DOMAIN LEVEL 1"
.TP
ipa\-kra\-install [\fIOPTION\fR]...
.SH "DESCRIPTION"
@ -31,12 +27,9 @@ Adds a KRA as an IPA\-managed service. This requires that the IPA server is alre
The KRA (Key Recovery Authority) is a component used to securely store secrets such as passwords, symmetric keys and private asymmetric keys. It is used as the back-end repository for the IPA Password Vault.
In a domain at domain level 0, ipa\-kra\-install can be run without replica_file to add KRA to the existing CA, or with replica_file to install the KRA service on the replica.
ipa\-kra\-install will contact the CA to determine if a KRA has already been installed on another replica, and if so, will exit indicating that a replica_file is required.
Domain level 0 is not supported anymore.
The replica_file is created using the ipa\-replica\-prepare utility. A new replica_file should be generated on the master IPA server after the KRA has been installed and configured, so that the replica_file will contain the master KRA configuration and system certificates.
In a domain at domain level 1, ipa\-kra\-install can be used to add KRA to the existing CA, or to install the KRA service on a replica, and does not require any replica file.
ipa\-kra\-install can be used to add KRA to the existing CA, or to install the KRA service on a replica.
KRA can only be removed along with the entire server using ipa\-server\-install \-\-uninstall.
.SH "OPTIONS"

View File

@ -48,7 +48,7 @@ class KRAInstall(admintool.AdminTool):
command_name = 'ipa-kra-install'
usage = "%prog [options] [replica_file]"
usage = "%prog [options]"
description = "Install a master or replica KRA."
@ -121,6 +121,8 @@ class KRAInstaller(KRAInstall):
if len(self.args) > 1:
self.option_parser.error("Too many arguments provided")
elif len(self.args) == 1:
# Domain level 0 is not supported anymore
self.option_parser.error("Domain level 0 is not supported anymore")
self.replica_file = self.args[0]
if not os.path.isfile(self.replica_file):
self.option_parser.error(
@ -191,6 +193,9 @@ class KRAInstaller(KRAInstall):
config.top_dir = tempfile.mkdtemp("ipa")
config.dir = config.top_dir
else:
# Domain level 0 is not supported anymore
raise admintool.ScriptError(
"Domain level 0 is not supported anymore")
config = create_replica_config(
self.options.password,
self.replica_file,