mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 08:21:05 -06:00
replica install: relax domain level check for promotion
promote_check currently requires DL == 1. Relax the check to require DL >= 1, so that things will work for future DL increases. Also separate the concerns of retrieving the current domain level, validating whether the domain level is supported by the IPA version, and validating whether the current domain level supports the replica installation method attempted (i.e. replica file versus promotion). Part of: https://fedorahosted.org/freeipa/ticket/5011 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
parent
d7cfbb870f
commit
f51869bf52
@ -556,38 +556,25 @@ def common_check(no_ntp):
|
||||
pass
|
||||
|
||||
|
||||
def check_domain_level(api, expected):
|
||||
def current_domain_level(api):
|
||||
"""Return the current domain level.
|
||||
|
||||
"""
|
||||
# Detect the current domain level
|
||||
try:
|
||||
current = api.Command['domainlevel_get']()['result']
|
||||
return api.Command['domainlevel_get']()['result']
|
||||
except errors.NotFound:
|
||||
# If we're joining an older master, domain entry is not
|
||||
# available
|
||||
current = constants.DOMAIN_LEVEL_0
|
||||
return constants.DOMAIN_LEVEL_0
|
||||
|
||||
if current == constants.DOMAIN_LEVEL_0:
|
||||
message = (
|
||||
"You must provide a file generated by ipa-replica-prepare to "
|
||||
"create a replica when the domain is at level 0."
|
||||
)
|
||||
else:
|
||||
message = (
|
||||
"You used wrong mechanism to install a replica in domain level "
|
||||
"{dl}:\n"
|
||||
"\tDomain level 0 requires a replica file as a positional "
|
||||
"arugment.\n"
|
||||
"\tFor domain level 1 replica instalation, a replica file must "
|
||||
"not be used but you can can join the domain by running "
|
||||
"ipa-client-install first and then try"
|
||||
"to run this installation again."
|
||||
.format(dl=expected)
|
||||
)
|
||||
|
||||
if current != expected:
|
||||
raise RuntimeError(message)
|
||||
def check_domain_level_is_supported(current):
|
||||
"""Check that the given domain level is supported by this server version.
|
||||
|
||||
# Detect if current level is out of supported range
|
||||
# for this IPA version
|
||||
:raises: ScriptError if DL is out of supported range for this IPA version.
|
||||
|
||||
"""
|
||||
under_lower_bound = current < constants.MIN_DOMAIN_LEVEL
|
||||
above_upper_bound = current > constants.MAX_DOMAIN_LEVEL
|
||||
|
||||
@ -768,7 +755,13 @@ def install_check(installer):
|
||||
config.host_name)
|
||||
raise ScriptError(msg, rval=3)
|
||||
|
||||
check_domain_level(remote_api, expected=constants.DOMAIN_LEVEL_0)
|
||||
domain_level = current_domain_level(remote_api)
|
||||
check_domain_level_is_supported(domain_level)
|
||||
if domain_level != constants.DOMAIN_LEVEL_0:
|
||||
raise RuntimeError(
|
||||
"You must provide a file generated by ipa-replica-prepare to "
|
||||
"create a replica when the domain is at level 0."
|
||||
)
|
||||
|
||||
# Check pre-existing host entry
|
||||
try:
|
||||
@ -1090,7 +1083,18 @@ def promote_check(installer):
|
||||
config.master_host_name, None)
|
||||
|
||||
promotion_check_ipa_domain(conn, remote_api.env.basedn)
|
||||
check_domain_level(remote_api, expected=constants.DOMAIN_LEVEL_1)
|
||||
|
||||
domain_level = current_domain_level(remote_api)
|
||||
check_domain_level_is_supported(domain_level)
|
||||
if domain_level < constants.DOMAIN_LEVEL_1:
|
||||
raise RuntimeError(
|
||||
"You used the wrong mechanism to install a replica in "
|
||||
"domain level {dl}:\n"
|
||||
"\tFor domain level >= 1 replica installation, first join the "
|
||||
"domain by running ipa-client-install, then run "
|
||||
"ipa-replica-install without a replica file."
|
||||
.format(dl=domain_level)
|
||||
)
|
||||
|
||||
# Check authorization
|
||||
result = remote_api.Command['hostgroup_find'](
|
||||
|
Loading…
Reference in New Issue
Block a user