diff options
author | Tomas Babej <tbabej@redhat.com> | 2015-05-14 10:49:55 +0200 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2015-05-26 11:59:47 +0000 |
commit | f3010498af2a4b98512d219b8e09101176c172fe (patch) | |
tree | d62ef1b1e718abb0c8565ca84371c2d488686761 /install/tools/ipa-replica-install | |
parent | 9eedffdfa62b4fa64244f048969b45b27a995c7a (diff) | |
download | freeipa-f3010498af2a4b98512d219b8e09101176c172fe.tar.gz freeipa-f3010498af2a4b98512d219b8e09101176c172fe.tar.xz freeipa-f3010498af2a4b98512d219b8e09101176c172fe.zip |
Add Domain Level feature
https://fedorahosted.org/freeipa/ticket/5018
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Diffstat (limited to 'install/tools/ipa-replica-install')
-rwxr-xr-x | install/tools/ipa-replica-install | 32 |
1 files changed, 28 insertions, 4 deletions
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index c75848b1a..1df782b73 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -43,7 +43,7 @@ from ipaserver.install import cainstance from ipaserver.install import kra from ipaserver.install import dns as dns_installer from ipalib import api, create_api, errors, util, certstore, x509 -from ipalib.constants import CACERT +from ipalib import constants from ipapython import version from ipapython.config import IPAOptionParser from ipapython import sysrestore @@ -224,12 +224,12 @@ def install_ca_cert(ldap, base_dn, realm, cafile): try: certs = certstore.get_ca_certs(ldap, base_dn, realm, False) except errors.NotFound: - shutil.copy(cafile, CACERT) + shutil.copy(cafile, constants.CACERT) else: certs = [c[0] for c in certs if c[2] is not False] - x509.write_certificate_list(certs, CACERT) + x509.write_certificate_list(certs, constants.CACERT) - os.chmod(CACERT, 0444) + os.chmod(constants.CACERT, 0444) except Exception, e: print "error copying files: " + str(e) sys.exit(1) @@ -569,6 +569,30 @@ def main(): print " %% ipa-replica-manage del %s --force" % config.host_name exit(3) + # Detect the current domain level + try: + current = remote_api.Command['domainlevel_get']()['result'] + except errors.NotFound: + # If we're joining an older master, domain entry is not + # available + current = 0 + + # Detect if current level is out of supported range + # for this IPA version + under_lower_bound = current < constants.MIN_DOMAIN_LEVEL + above_upper_bound = current > constants.MAX_DOMAIN_LEVEL + + if under_lower_bound or above_upper_bound: + message = ("This version of FreeIPA does not support " + "the Domain Level which is currently set for " + "this domain. The Domain Level needs to be " + "raised before installing a replica with " + "this version is allowed to be installed " + "within this domain.") + root_logger.error(message) + print(message) + exit(3) + # Check pre-existing host entry try: entry = conn.find_entries(u'fqdn=%s' % config.host_name, ['fqdn'], DN(api.env.container_host, api.env.basedn)) |