mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 08:21:05 -06:00
Pick new CA renewal master when deleting a replica.
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
parent
baa665fe40
commit
d1386be4d5
@ -25,7 +25,8 @@ import os
|
||||
import krbV
|
||||
from ipapython.ipa_log_manager import *
|
||||
|
||||
from ipaserver.install import replication, installutils, bindinstance
|
||||
from ipaserver.install import (replication, installutils, bindinstance,
|
||||
cainstance, certs)
|
||||
from ipalib import api, errors, util
|
||||
from ipalib.constants import CACERT
|
||||
from ipapython import ipautil, ipaldap, version, dogtag
|
||||
@ -272,7 +273,12 @@ def del_master(realm, hostname, options):
|
||||
except Exception, e:
|
||||
sys.exit("There were issues removing a connection: %s" % e)
|
||||
|
||||
# 6. And clean up the removed replica DNS entries if any.
|
||||
# 6. Pick CA renewal master
|
||||
ca = cainstance.CAInstance(api.env.realm, certs.NSS_DIR)
|
||||
if ca.is_renewal_master(hostname):
|
||||
ca.set_renewal_master(options.host)
|
||||
|
||||
# 7. And clean up the removed replica DNS entries if any.
|
||||
try:
|
||||
if bindinstance.dns_container_exists(options.host, api.env.basedn,
|
||||
dm_password=options.dirman_passwd):
|
||||
|
@ -28,7 +28,7 @@ import socket
|
||||
|
||||
from ipapython import ipautil
|
||||
from ipaserver.install import replication, dsinstance, installutils
|
||||
from ipaserver.install import bindinstance
|
||||
from ipaserver.install import bindinstance, cainstance, certs
|
||||
from ipaserver.plugins import ldap2
|
||||
from ipapython import version, ipaldap
|
||||
from ipalib import api, errors, util
|
||||
@ -665,6 +665,7 @@ def del_master(realm, hostname, options):
|
||||
# Check that we are not leaving the installation without CA and/or DNS
|
||||
this_services = []
|
||||
other_services = []
|
||||
ca_hostname = None
|
||||
|
||||
for master_cn in [m.single_value['cn'] for m in masters]:
|
||||
master_dn = DN(('cn', master_cn), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), ipautil.realm_to_suffix(realm))
|
||||
@ -679,6 +680,8 @@ def del_master(realm, hostname, options):
|
||||
this_services = services_cns
|
||||
else:
|
||||
other_services.append(services_cns)
|
||||
if ca_hostname is None and 'CA' in services_cns:
|
||||
ca_hostname = master_cn
|
||||
|
||||
if 'CA' in this_services and not any(['CA' in o for o in other_services]):
|
||||
print "Deleting this server is not allowed as it would leave your installation without a CA."
|
||||
@ -688,6 +691,14 @@ def del_master(realm, hostname, options):
|
||||
print "Deleting this server will leave your installation without a DNS."
|
||||
if not options.force and not ipautil.user_input("Continue to delete?", False):
|
||||
sys.exit("Deletion aborted")
|
||||
|
||||
# Pick CA renewal master
|
||||
ca = cainstance.CAInstance(api.env.realm, certs.NSS_DIR)
|
||||
if ca.is_renewal_master(hostname):
|
||||
try:
|
||||
ca.set_renewal_master(options.host)
|
||||
except errors.NotFound:
|
||||
ca.set_renewal_master(ca_hostname)
|
||||
else:
|
||||
print "Skipping calculation to determine if one or more masters would be orphaned."
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user