IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

disable ipa-replica-prepare in non-zero IPA domain level

Browse Source 
the original replica installation path (ipa-replica-prepare +
ipa-replica-install) remains valid only when IPA domain level is zero. When
this is not the case, ipa-replica-prepare will print out an error message which
instructs the user to use the new replica promotion machinery to setup
replicas.

https://fedorahosted.org/freeipa/ticket/5175

Reviewed-By: Martin Basti <mbasti@redhat.com>
This commit is contained in:
Martin Babinsky
2015-10-15 16:07:48 +02:00
committed by Martin Basti
parent 98bf90e4ce
commit d81260ef60
1 changed files with 27 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
ipaserver/install/ipa_replica_prepare.py
View File

@@ -41,7 +41,21 @@ from ipapython import version
from ipalib import api from ipalib import api
from ipalib import errors from ipalib import errors
from ipaplatform.paths import paths from ipaplatform.paths import paths
from ipalib.constants import CACERT from ipalib.constants import CACERT, MIN_DOMAIN_LEVEL
UNSUPPORTED_DOMAIN_LEVEL_TEMPLATE = """
Replica creation using '{command_name}' to generate replica file
is supported only in {min_domain_level}-level IPA domain.
The current IPA domain level is {curr_domain_level} and thus the replica must
be created by promoting an existing IPA client.
To set up a replica use the following procedure:
1.) set up a client on the host using 'ipa-client-install'
2.) promote the client to replica running 'ipa-replica-install'
*without* replica file specified
"""
class ReplicaPrepare(admintool.AdminTool): class ReplicaPrepare(admintool.AdminTool):
@@ -161,6 +175,8 @@ class ReplicaPrepare(admintool.AdminTool):
api.bootstrap(in_server=True) api.bootstrap(in_server=True)
api.finalize() api.finalize()
self.check_domainlevel(api)
if api.env.host == self.replica_fqdn: if api.env.host == self.replica_fqdn:
raise admintool.ScriptError("You can't create a replica on itself") raise admintool.ScriptError("You can't create a replica on itself")
@@ -673,3 +689,13 @@ class ReplicaPrepare(admintool.AdminTool):
'-w', dm_pwd_fd.name, '-w', dm_pwd_fd.name,
'-o', ca_file '-o', ca_file
]) ])
def check_domainlevel(self, api):
domain_level = dsinstance.get_domain_level(api)
if domain_level > MIN_DOMAIN_LEVEL:
raise RuntimeError(
UNSUPPORTED_DOMAIN_LEVEL_TEMPLATE.format(
command_name=self.command_name,
min_domain_level=MIN_DOMAIN_LEVEL,
curr_domain_level=domain_level)
)