From 076775a0f8c9ee0d17b1ed9356f1a8429fc47443 Mon Sep 17 00:00:00 2001 From: Ana Krivokapic Date: Thu, 24 Jan 2013 11:13:19 -0500 Subject: Take into consideration services when deleting replicas When deleting a replica from IPA domain: * Abort if the installation is about to be left without CA * Warn if the installation is about to be left without DNS Ticket: https://fedorahosted.org/freeipa/ticket/2879 --- install/tools/ipa-replica-manage | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'install/tools/ipa-replica-manage') diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage index 0dad14319..809103565 100755 --- a/install/tools/ipa-replica-manage +++ b/install/tools/ipa-replica-manage @@ -628,6 +628,29 @@ def del_master(realm, hostname, options): print "Deleting this server will orphan '%s'. " % orphaned_server print "You will need to reconfigure your replication topology to delete this server." sys.exit(1) + + # Check that we are not leaving the installation without CA and/or DNS + this_services = [] + other_services = [] + + for master_cn in [m.getValue('cn') for m in masters]: + master_dn = DN(('cn', master_cn), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), ipautil.realm_to_suffix(realm)) + services = delrepl.conn.getList(master_dn, ldap.SCOPE_ONELEVEL) + services_cns = [s.getValue('cn') for s in services] + + if master_cn == hostname: + this_services = services_cns + else: + other_services.append(services_cns) + + if 'CA' in this_services and not any(['CA' in o for o in other_services]): + print "Deleting this server is not allowed as it would leave your installation without a CA." + sys.exit(1) + + if 'DNS' in this_services and not any(['DNS' in o for o in other_services]): + print "Deleting this server will leave your installation without a DNS." + if not options.force and not ipautil.user_input("Continue to delete?", False): + sys.exit("Deletion aborted") else: print "Skipping calculation to determine if one or more masters would be orphaned." -- cgit