replica install: add remote connection check over API

Add server_conncheck command which calls ipa-replica-conncheck --replica over oddjob. https://fedorahosted.org/freeipa/ticket/5497 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> Reviewed-By: Tomas Babej <tbabej@redhat.com>
2025-02-25 18:55:28 -06:00 · 2015-12-09 08:18:21 +01:00
parent 00f591d4e9
commit 8d7f67e08c
20 changed files with 299 additions and 77 deletions
--- a/ipalib/messages.py
+++ b/ipalib/messages.py
@@ -321,6 +321,16 @@ class CommandDeprecatedWarning(PublicMessage):
    format = _(u"'%(command)s' is deprecated. %(additional_info)s")


+class ExternalCommandOutput(PublicMessage):
+    """
+    **13016** Line of output from an external command.
+    """
+
+    errno = 13016
+    type = "info"
+    format = _("%(line)s")
+
+
 def iter_messages(variables, base):
    """Return a tuple with all subclasses
    """
--- a/ipalib/plugins/server.py
+++ b/ipalib/plugins/server.py
@@ -5,11 +5,15 @@
 import string
 import os

-from ipalib import api
+import dbus
+import dbus.mainloop.glib
+
+from ipalib import api, crud, errors, messages
 from ipalib import Int, Str
 from ipalib.plugable import Registry
 from ipalib.plugins.baseldap import *
 from ipalib.plugins import baseldap
+from ipalib.request import context
 from ipalib import _, ngettext

 __doc__ = _("""
@@ -188,3 +192,67 @@ class server_del(LDAPDelete):
    __doc__ = _('Delete IPA server.')
    NO_CLI = True
    msg_summary = _('Deleted IPA server "%(value)s"')
+
+
+@register()
+class server_conncheck(crud.PKQuery):
+    __doc__ = _("Check connection to remote IPA server.")
+
+    NO_CLI = True
+
+    takes_args = (
+        Str(
+            'remote_cn',
+            cli_name='remote_name',
+            label=_('Remote server name'),
+            doc=_('Remote IPA server hostname'),
+        ),
+    )
+
+    has_output = output.standard_value
+
+    def execute(self, *keys, **options):
+        # the server must be the local host
+        if keys[-2] != api.env.host:
+            raise errors.ValidationError(
+                name='cn', error=_("must be \"%s\"") % api.env.host)
+
+        # the server entry must exist
+        try:
+            self.obj.get_dn_if_exists(*keys[:-1])
+        except errors.NotFound:
+            self.obj.handle_not_found(keys[-2])
+
+        # the user must have the Replication Administrators privilege
+        privilege = u'Replication Administrators'
+        privilege_dn = self.api.Object.privilege.get_dn(privilege)
+        ldap = self.obj.backend
+        filter = ldap.make_filter(
+            {'krbprincipalname': context.principal, 'memberof': privilege_dn},
+            rules=ldap.MATCH_ALL)
+        try:
+            ldap.find_entries(base_dn=self.api.env.basedn, filter=filter)
+        except errors.NotFound:
+            raise errors.ACIError(
+                info=_("not allowed to perform server connection check"))
+
+        dbus.mainloop.glib.DBusGMainLoop(set_as_default=True)
+
+        bus = dbus.SystemBus()
+        obj = bus.get_object('org.freeipa.server', '/',
+                             follow_name_owner_changes=True)
+        server = dbus.Interface(obj, 'org.freeipa.server')
+
+        ret, stdout, stderr = server.conncheck(keys[-1])
+
+        result = dict(
+            result=(ret == 0),
+            value=keys[-2],
+        )
+
+        for line in stdout.splitlines():
+            messages.add_message(options['version'],
+                                 result,
+                                 messages.ExternalCommandOutput(line=line))
+
+        return result