Check IPA configuration in install tools

Install tools may fail with unexpected error when IPA server is not
installed on a system. Improve user experience by implementing
a check to affected tools.

https://fedorahosted.org/freeipa/ticket/1327
https://fedorahosted.org/freeipa/ticket/1347

8 files changed, 58 insertions, 11 deletions

diff --git a/install/tools/ipa-compliance b/install/tools/ipa-compliance
index 81cd8c370..8ae91b777 100644
--- a/install/tools/ipa-compliance
+++ b/install/tools/ipa-compliance
@@ -35,6 +35,7 @@ try:
 
     from ipaserver.plugins.ldap2 import ldap2
     from ipalib import api, errors, backend
+    from ipaserver.install import installutils
 except ImportError, e:
     # If python-rhsm isn't installed exit gracefully and quietly.
     if e.args[0] == 'No module named rhsm.certificate':
@@ -165,8 +166,7 @@ def check_compliance(tmpdir, debug=False):
             print 'IPA is in compliance: %d of %d entitlements used.' % (hostcount, available)
 
 def main():
-    if os.getegid() != 0:
-        sys.exit("Must be root to check compliance")
+    installutils.check_server_configuration()
 
     if not os.path.exists('/etc/ipa/default.conf'):
         return 0
@@ -189,4 +189,12 @@ def main():
 
     return 0
 
-sys.exit(main())
+try:
+    if not os.geteuid()==0:
+        sys.exit("\nMust be root to check compliance\n")
+
+    main()
+except SystemExit, e:
+    sys.exit(e)
+except RuntimeError, e:
+    sys.exit(e)
diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install
index cc091dd08..7c83dc869 100755
--- a/install/tools/ipa-dns-install
+++ b/install/tools/ipa-dns-install
@@ -24,6 +24,7 @@ import traceback
 from ipaserver.plugins.ldap2 import ldap2
 from ipaserver.install import bindinstance, ntpinstance
 from ipaserver.install.installutils import *
+from ipaserver.install import installutils
 from ipapython import version
 from ipapython import ipautil, sysrestore
 from ipalib import api, errors, util
@@ -71,6 +72,8 @@ def main():
     if os.getegid() != 0:
         sys.exit("Must be root to setup server")
 
+    installutils.check_server_configuration()
+
     standard_logging_setup("/var/log/ipaserver-install.log", options.debug, filemode='a')
     print "\nThe log file for this installation can be found in /var/log/ipaserver-install.log"
 
diff --git a/install/tools/ipa-ldap-updater b/install/tools/ipa-ldap-updater
index ec57109d3..5b63c120e 100755
--- a/install/tools/ipa-ldap-updater
+++ b/install/tools/ipa-ldap-updater
@@ -85,9 +85,7 @@ def main():
         loglevel = logging.DEBUG
 
     if os.getegid() == 0:
-        fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
-        if not fstore.has_files():
-            sys.exit("IPA is not configured on this system.")
+        installutils.check_server_configuration()
     elif not os.path.exists('/etc/ipa/default.conf'):
         sys.exit("IPA is not configured on this system.")
 
@@ -149,8 +147,7 @@ except BadSyntax, e:
     print "  %s" % e
     sys.exit(1)
 except RuntimeError, e:
-    print "%s" % e
-    sys.exit(1)
+    sys.exit(e)
 except SystemExit, e:
     sys.exit(e)
 except KeyboardInterrupt, e:
diff --git a/install/tools/ipa-nis-manage b/install/tools/ipa-nis-manage
index f61610af8..6eb619c3c 100755
--- a/install/tools/ipa-nis-manage
+++ b/install/tools/ipa-nis-manage
@@ -87,6 +87,8 @@ def main():
     if os.getegid() != 0:
         sys.exit('Must be root to use this tool.')
 
+    installutils.check_server_configuration()
+
     options, args = parse_options()
     if options.debug:
         loglevel = logging.DEBUG
diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage
index 1adf0cebb..c3dd0b3fe 100755
--- a/install/tools/ipa-replica-manage
+++ b/install/tools/ipa-replica-manage
@@ -412,6 +412,11 @@ def force_sync(realm, thishost, fromhost, dirman_passwd):
     repl.force_sync(repl.conn, thishost)
 
 def main():
+    if os.getegid() == 0:
+        installutils.check_server_configuration()
+    elif not os.path.exists('/etc/ipa/default.conf'):
+        sys.exit("IPA is not configured on this system.")
+
     options, args = parse_options()
 
     # Just initialize the environment. This is so the installer can have
@@ -480,6 +485,8 @@ except KeyboardInterrupt:
     sys.exit(1)
 except SystemExit, e:
     sys.exit(e)
+except RuntimeError, e:
+    sys.exit(e)
 except ldap.INVALID_CREDENTIALS:
     print "Invalid password"
     sys.exit(1)
diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare
index cb279481d..14ee53913 100755
--- a/install/tools/ipa-replica-prepare
+++ b/install/tools/ipa-replica-prepare
@@ -65,6 +65,7 @@ def parse_options():
                       default=True, help="disables pkinit setup steps")
 
     options, args = parser.parse_args()
+    config.init_config()
 
     if not options.ip_address:
         if options.reverse_zone:
@@ -230,6 +231,7 @@ def get_dirman_password():
     return installutils.read_password("Directory Manager (existing master)", confirm=False, validate=False)
 
 def main():
+    installutils.check_server_configuration()
     if not check_replication_plugin():
         sys.exit(1)
     options, args = parse_options()
@@ -460,6 +462,8 @@ try:
     main()
 except SystemExit, e:
     sys.exit(e)
+except RuntimeError, e:
+    sys.exit(e)
 except Exception, e:
     print "preparation of replica failed: %s" % str(e)
     message = str(e)
diff --git a/install/tools/ipa-server-certinstall b/install/tools/ipa-server-certinstall
index 74ded157c..312d41202 100755
--- a/install/tools/ipa-server-certinstall
+++ b/install/tools/ipa-server-certinstall
@@ -32,6 +32,7 @@ from ipapython.ipautil import user_input
 from ipaserver.install import certs, dsinstance, httpinstance, installutils
 from ipalib import api
 from ipaserver.plugins.ldap2 import ldap2
+from ipaserver.install import installutils
 
 def get_realm_name():
     c = krbV.default_context()
@@ -120,6 +121,8 @@ def import_cert(dirname, pkcs12_fname, pkcs12_passwd, db_password):
     return server_cert
 
 def main():
+    installutils.check_server_configuration()
+
     options, pkcs12_fname = parse_options()
 
     cfg = dict(in_server=True,)
@@ -160,4 +163,12 @@ def main():
 
     return 0
 
-sys.exit(main())
+try:
+    if not os.geteuid()==0:
+        sys.exit("\nYou must be root to run this script.\n")
+
+    main()
+except SystemExit, e:
+    sys.exit(e)
+except RuntimeError, e:
+    sys.exit(e)
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index 68fce7e69..ba49eb8b7 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -32,8 +32,7 @@ import time
 import tempfile
 from ConfigParser import SafeConfigParser
 
-from ipapython import ipautil
-from ipapython import dnsclient
+from ipapython import ipautil, dnsclient, sysrestore
 
 class HostnameLocalhost(Exception):
     pass
@@ -499,3 +498,19 @@ def read_replica_info(dir, rconfig):
     rconfig.domain_name = config.get("realm", "domain_name")
     rconfig.host_name = config.get("realm", "destination_host")
     rconfig.subject_base = config.get("realm", "subject_base")
+
+def check_server_configuration():
+    """
+    Check if IPA server is configured on the system.
+
+    This is done by checking if there are system restore (uninstall) files
+    present on the system. Note that this check can only be run with root
+    privileges.
+
+    When IPA is not configured, this function raises a RuntimeError exception.
+    Most convenient use case for the function is in install tools that require
+    configured IPA for its function.
+    """
+    server_fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
+    if not server_fstore.has_files():
+        raise RuntimeError("IPA is not configured on this system.")