diff options
| author | Thomas Woerner <twoerner@redhat.com> | 2018-08-07 11:17:23 +0200 |
|---|---|---|
| committer | Christian Heimes <cheimes@redhat.com> | 2018-08-13 12:35:06 +0200 |
| commit | 5f5180b8254d93592eefbaf96ccf87715af43528 (patch) | |
| tree | 73b88958d6d745db052cf708e33f369169e0360a | |
| parent | a170b284c494703c1b3a60cd16fd93b3f0098164 (diff) | |
| download | freeipa-5f5180b8254d93592eefbaf96ccf87715af43528.tar.gz freeipa-5f5180b8254d93592eefbaf96ccf87715af43528.tar.xz freeipa-5f5180b8254d93592eefbaf96ccf87715af43528.zip | |
Remove support for replica_file option from ipa-kra-install
Raise "Domain level 0 is not supported anymore" error if there are
remainaing args after parsing. Remove all "DOMAIN LEVEL 0" and
"DOMAIN LEVEL 1" prefixes from the man page.
See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
| -rw-r--r-- | install/tools/man/ipa-kra-install.1 | 11 | ||||
| -rw-r--r-- | ipaserver/install/ipa_kra_install.py | 7 |
2 files changed, 8 insertions, 10 deletions
diff --git a/install/tools/man/ipa-kra-install.1 b/install/tools/man/ipa-kra-install.1 index 51afaac64..b7661f7cc 100644 --- a/install/tools/man/ipa-kra-install.1 +++ b/install/tools/man/ipa-kra-install.1 @@ -20,10 +20,6 @@ .SH "NAME" ipa\-kra\-install \- Install a KRA on a server .SH "SYNOPSIS" -.SS "DOMAIN LEVEL 0" -.TP -ipa\-kra\-install [\fIOPTION\fR]... [replica_file] -.SS "DOMAIN LEVEL 1" .TP ipa\-kra\-install [\fIOPTION\fR]... .SH "DESCRIPTION" @@ -31,12 +27,9 @@ Adds a KRA as an IPA\-managed service. This requires that the IPA server is alre The KRA (Key Recovery Authority) is a component used to securely store secrets such as passwords, symmetric keys and private asymmetric keys. It is used as the back-end repository for the IPA Password Vault. -In a domain at domain level 0, ipa\-kra\-install can be run without replica_file to add KRA to the existing CA, or with replica_file to install the KRA service on the replica. -ipa\-kra\-install will contact the CA to determine if a KRA has already been installed on another replica, and if so, will exit indicating that a replica_file is required. - -The replica_file is created using the ipa\-replica\-prepare utility. A new replica_file should be generated on the master IPA server after the KRA has been installed and configured, so that the replica_file will contain the master KRA configuration and system certificates. +Domain level 0 is not supported anymore. -In a domain at domain level 1, ipa\-kra\-install can be used to add KRA to the existing CA, or to install the KRA service on a replica, and does not require any replica file. +ipa\-kra\-install can be used to add KRA to the existing CA, or to install the KRA service on a replica. KRA can only be removed along with the entire server using ipa\-server\-install \-\-uninstall. .SH "OPTIONS" diff --git a/ipaserver/install/ipa_kra_install.py b/ipaserver/install/ipa_kra_install.py index 29f54239c..ac5a27b32 100644 --- a/ipaserver/install/ipa_kra_install.py +++ b/ipaserver/install/ipa_kra_install.py @@ -48,7 +48,7 @@ class KRAInstall(admintool.AdminTool): command_name = 'ipa-kra-install' - usage = "%prog [options] [replica_file]" + usage = "%prog [options]" description = "Install a master or replica KRA." @@ -121,6 +121,8 @@ class KRAInstaller(KRAInstall): if len(self.args) > 1: self.option_parser.error("Too many arguments provided") elif len(self.args) == 1: + # Domain level 0 is not supported anymore + self.option_parser.error("Domain level 0 is not supported anymore") self.replica_file = self.args[0] if not os.path.isfile(self.replica_file): self.option_parser.error( @@ -191,6 +193,9 @@ class KRAInstaller(KRAInstall): config.top_dir = tempfile.mkdtemp("ipa") config.dir = config.top_dir else: + # Domain level 0 is not supported anymore + raise admintool.ScriptError( + "Domain level 0 is not supported anymore") config = create_replica_config( self.options.password, self.replica_file, |