Add Domain Level feature

https://fedorahosted.org/freeipa/ticket/5018 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
author: Tomas Babej <tbabej@redhat.com> 2015-05-14 10:49:55 +0200
committer: Jan Cholasta <jcholast@redhat.com> 2015-05-26 11:59:47 +0000
commit: f3010498af2a4b98512d219b8e09101176c172fe (patch)
tree: d62ef1b1e718abb0c8565ca84371c2d488686761 /install/tools/ipa-replica-install
parent: 9eedffdfa62b4fa64244f048969b45b27a995c7a (diff)
download: freeipa-f3010498af2a4b98512d219b8e09101176c172fe.tar.gz
freeipa-f3010498af2a4b98512d219b8e09101176c172fe.tar.xz
freeipa-f3010498af2a4b98512d219b8e09101176c172fe.zip
1 files changed, 28 insertions, 4 deletions
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index c75848b1a..1df782b73 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -43,7 +43,7 @@ from ipaserver.install import cainstance
 from ipaserver.install import kra
 from ipaserver.install import dns as dns_installer
 from ipalib import api, create_api, errors, util, certstore, x509
-from ipalib.constants import CACERT
+from ipalib import constants
 from ipapython import version
 from ipapython.config import IPAOptionParser
 from ipapython import sysrestore
@@ -224,12 +224,12 @@ def install_ca_cert(ldap, base_dn, realm, cafile):
         try:
             certs = certstore.get_ca_certs(ldap, base_dn, realm, False)
         except errors.NotFound:
-            shutil.copy(cafile, CACERT)
+            shutil.copy(cafile, constants.CACERT)
         else:
             certs = [c[0] for c in certs if c[2] is not False]
-            x509.write_certificate_list(certs, CACERT)
+            x509.write_certificate_list(certs, constants.CACERT)
 
-        os.chmod(CACERT, 0444)
+        os.chmod(constants.CACERT, 0444)
     except Exception, e:
         print "error copying files: " + str(e)
         sys.exit(1)
@@ -569,6 +569,30 @@ def main():
                 print "    %% ipa-replica-manage del %s --force" % config.host_name
                 exit(3)
 
+            # Detect the current domain level
+            try:
+                current = remote_api.Command['domainlevel_get']()['result']
+            except errors.NotFound:
+                # If we're joining an older master, domain entry is not
+                # available
+                current = 0
+
+            # Detect if current level is out of supported range
+            # for this IPA version
+            under_lower_bound = current < constants.MIN_DOMAIN_LEVEL
+            above_upper_bound = current > constants.MAX_DOMAIN_LEVEL
+
+            if under_lower_bound or above_upper_bound:
+                message = ("This version of FreeIPA does not support "
+                           "the Domain Level which is currently set for "
+                           "this domain. The Domain Level needs to be "
+                           "raised before installing a replica with "
+                           "this version is allowed to be installed "
+                           "within this domain.")
+                root_logger.error(message)
+                print(message)
+                exit(3)
+
             # Check pre-existing host entry
             try:
                 entry = conn.find_entries(u'fqdn=%s' % config.host_name, ['fqdn'], DN(api.env.container_host, api.env.basedn))
author	Tomas Babej <tbabej@redhat.com>	2015-05-14 10:49:55 +0200
committer	Jan Cholasta <jcholast@redhat.com>	2015-05-26 11:59:47 +0000
commit	f3010498af2a4b98512d219b8e09101176c172fe (patch)
tree	d62ef1b1e718abb0c8565ca84371c2d488686761 /install/tools/ipa-replica-install
parent	9eedffdfa62b4fa64244f048969b45b27a995c7a (diff)
download	freeipa-f3010498af2a4b98512d219b8e09101176c172fe.tar.gz freeipa-f3010498af2a4b98512d219b8e09101176c172fe.tar.xz freeipa-f3010498af2a4b98512d219b8e09101176c172fe.zip