From 1e6366bc9f10de66de84b9506341f021fb3650d9 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka Date: Nov 11 2016 11:17:25 +0000 Subject: Offer more general way to check domain level in replicainstall Domain levels 0 and 1 use the same mechanism of checking domain level correctness. Group them together and make it more general should there be more domain levels in the future (although lets hope there won't be). https://fedorahosted.org/freeipa/ticket/6392 Reviewed-By: Martin Basti Reviewed-By: Jan Cholasta --- diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 5892c1c..af9cd30 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -570,6 +570,52 @@ def common_check(no_ntp): pass +def check_domain_level(api, expected): + # Detect the current domain level + try: + current = api.Command['domainlevel_get']()['result'] + except errors.NotFound: + # If we're joining an older master, domain entry is not + # available + current = constants.DOMAIN_LEVEL_0 + + if expected == constants.DOMAIN_LEVEL_0: + message = ( + "You must provide a file generated by ipa-replica-prepare to " + "create a replica when the domain is at level 0." + ) + else: + message = ( + "You used wrong mechanism to install a replica in domain level " + "{dl}:\n" + "\tDomain level 0 requires a replica file as a positional " + "arugment.\n" + "\tFor domain level 1 replica instalation, a replica file must " + "not be used but you can can join the domain by running " + "ipa-client-install first and then try" + "to run this installation again." + .format(dl=expected) + ) + + if current != expected: + raise RuntimeError(message) + + # Detect if current level is out of supported range + # for this IPA version + under_lower_bound = current < constants.MIN_DOMAIN_LEVEL + above_upper_bound = current > constants.MAX_DOMAIN_LEVEL + + if under_lower_bound or above_upper_bound: + message = ("This version of FreeIPA does not support " + "the Domain Level which is currently set for " + "this domain. The Domain Level needs to be " + "raised before installing a replica with " + "this version is allowed to be installed " + "within this domain.") + root_logger.error(message) + raise ScriptError(message, rval=3) + + def enroll_dl0_replica(installer, fstore, remote_api, debug=False): """ Do partial host enrollment in DL0: @@ -729,36 +775,7 @@ def install_check(installer): config.host_name) raise ScriptError(msg, rval=3) - # Detect the current domain level - try: - current = remote_api.Command['domainlevel_get']()['result'] - except errors.NotFound: - # If we're joining an older master, domain entry is not - # available - current = constants.DOMAIN_LEVEL_0 - - if current != constants.DOMAIN_LEVEL_0: - raise RuntimeError( - "You cannot use a replica file to join a replica when the " - "domain is above level 0. Please join the system to the " - "domain by running ipa-client-install first, the try again " - "without a replica file." - ) - - # Detect if current level is out of supported range - # for this IPA version - under_lower_bound = current < constants.MIN_DOMAIN_LEVEL - above_upper_bound = current > constants.MAX_DOMAIN_LEVEL - - if under_lower_bound or above_upper_bound: - message = ("This version of FreeIPA does not support " - "the Domain Level which is currently set for " - "this domain. The Domain Level needs to be " - "raised before installing a replica with " - "this version is allowed to be installed " - "within this domain.") - root_logger.error(message) - raise ScriptError(message, rval=3) + check_domain_level(remote_api, expected=constants.DOMAIN_LEVEL_0) # Check pre-existing host entry try: @@ -1073,19 +1090,8 @@ def promote_check(installer): replman = ReplicationManager(config.realm_name, config.master_host_name, None) - # Detect the current domain level - try: - current = remote_api.Command['domainlevel_get']()['result'] - except errors.NotFound: - # If we're joining an older master, domain entry is not - # available - current = constants.DOMAIN_LEVEL_0 - - if current == constants.DOMAIN_LEVEL_0: - raise RuntimeError( - "You must provide a file generated by ipa-replica-prepare to " - "create a replica when the domain is at level 0." - ) + promotion_check_ipa_domain(conn, remote_api.env.basedn) + check_domain_level(remote_api, expected=constants.DOMAIN_LEVEL_1) # Check authorization result = remote_api.Command['hostgroup_find']( @@ -1125,7 +1131,6 @@ def promote_check(installer): conn.disconnect() conn.connect(ccache=ccache) - promotion_check_ipa_domain(conn, remote_api.env.basedn) # Check that we don't already have a replication agreement if replman.get_replication_agreement(config.host_name): @@ -1136,21 +1141,6 @@ def promote_check(installer): .format(host=config.host_name)) raise ScriptError(msg, rval=3) - # Detect if current level is out of supported range - # for this IPA version - under_lower_bound = current < constants.MIN_DOMAIN_LEVEL - above_upper_bound = current > constants.MAX_DOMAIN_LEVEL - - if under_lower_bound or above_upper_bound: - message = ("This version of FreeIPA does not support " - "the Domain Level which is currently set for " - "this domain. The Domain Level needs to be " - "raised before installing a replica with " - "this version is allowed to be installed " - "within this domain.") - root_logger.error(message) - raise ScriptError(rval=3) - # Detect if the other master can handle replication managers # cn=replication managers,cn=sysaccounts,cn=etc,$SUFFIX dn = DN(('cn', 'replication managers'), ('cn', 'sysaccounts'),