replica install: relax domain level check for promotion

promote_check currently requires DL == 1. Relax the check to require DL >= 1, so that things will work for future DL increases. Also separate the concerns of retrieving the current domain level, validating whether the domain level is supported by the IPA version, and validating whether the current domain level supports the replica installation method attempted (i.e. replica file versus promotion). Part of: https://fedorahosted.org/freeipa/ticket/5011 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
author: Fraser Tweedale <ftweedal@redhat.com> 2017-01-06 16:04:10 +1000
committer: Martin Basti <mbasti@redhat.com> 2017-02-09 15:24:48 +0100
commit: f51869bf5214e2d2322f85bf72b7ae86b6893974 (patch)
tree: 3eecfdbe0b32f7bccd9fbdc8ec3f62eff955598e /ipaserver
parent: d7cfbb870fce40b50f6df2446c864099f8ea833e (diff)
download: freeipa-f51869bf5214e2d2322f85bf72b7ae86b6893974.tar.gz
freeipa-f51869bf5214e2d2322f85bf72b7ae86b6893974.tar.xz
freeipa-f51869bf5214e2d2322f85bf72b7ae86b6893974.zip
1 files changed, 30 insertions, 26 deletions
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index 7d7a4996f..24cc661d2 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -556,38 +556,25 @@ def common_check(no_ntp):
             pass
 
 
-def check_domain_level(api, expected):
+def current_domain_level(api):
+    """Return the current domain level.
+
+    """
     # Detect the current domain level
     try:
-        current = api.Command['domainlevel_get']()['result']
+        return api.Command['domainlevel_get']()['result']
     except errors.NotFound:
         # If we're joining an older master, domain entry is not
         # available
-        current = constants.DOMAIN_LEVEL_0
+        return constants.DOMAIN_LEVEL_0
 
-    if current == constants.DOMAIN_LEVEL_0:
-        message = (
-            "You must provide a file generated by ipa-replica-prepare to "
-            "create a replica when the domain is at level 0."
-        )
-    else:
-        message = (
-            "You used wrong mechanism to install a replica in domain level "
-            "{dl}:\n"
-            "\tDomain level 0 requires a replica file as a positional "
-            "arugment.\n"
-            "\tFor domain level 1 replica instalation, a replica file must "
-            "not be used but you can can join the domain by running "
-            "ipa-client-install first and then try"
-            "to run this installation again."
-            .format(dl=expected)
-        )
 
-    if current != expected:
-        raise RuntimeError(message)
+def check_domain_level_is_supported(current):
+    """Check that the given domain level is supported by this server version.
 
-    # Detect if current level is out of supported range
-    # for this IPA version
+    :raises: ScriptError if DL is out of supported range for this IPA version.
+
+    """
     under_lower_bound = current < constants.MIN_DOMAIN_LEVEL
     above_upper_bound = current > constants.MAX_DOMAIN_LEVEL
 
@@ -768,7 +755,13 @@ def install_check(installer):
                    config.host_name)
             raise ScriptError(msg, rval=3)
 
-        check_domain_level(remote_api, expected=constants.DOMAIN_LEVEL_0)
+        domain_level = current_domain_level(remote_api)
+        check_domain_level_is_supported(domain_level)
+        if domain_level != constants.DOMAIN_LEVEL_0:
+            raise RuntimeError(
+                "You must provide a file generated by ipa-replica-prepare to "
+                "create a replica when the domain is at level 0."
+            )
 
         # Check pre-existing host entry
         try:
@@ -1090,7 +1083,18 @@ def promote_check(installer):
                                      config.master_host_name, None)
 
         promotion_check_ipa_domain(conn, remote_api.env.basedn)
-        check_domain_level(remote_api, expected=constants.DOMAIN_LEVEL_1)
+
+        domain_level = current_domain_level(remote_api)
+        check_domain_level_is_supported(domain_level)
+        if domain_level < constants.DOMAIN_LEVEL_1:
+            raise RuntimeError(
+                "You used the wrong mechanism to install a replica in "
+                "domain level {dl}:\n"
+                "\tFor domain level >= 1 replica installation, first join the "
+                "domain by running ipa-client-install, then run "
+                "ipa-replica-install without a replica file."
+                .format(dl=domain_level)
+            )
 
         # Check authorization
         result = remote_api.Command['hostgroup_find'](
author	Fraser Tweedale <ftweedal@redhat.com>	2017-01-06 16:04:10 +1000
committer	Martin Basti <mbasti@redhat.com>	2017-02-09 15:24:48 +0100
commit	f51869bf5214e2d2322f85bf72b7ae86b6893974 (patch)
tree	3eecfdbe0b32f7bccd9fbdc8ec3f62eff955598e /ipaserver
parent	d7cfbb870fce40b50f6df2446c864099f8ea833e (diff)
download	freeipa-f51869bf5214e2d2322f85bf72b7ae86b6893974.tar.gz freeipa-f51869bf5214e2d2322f85bf72b7ae86b6893974.tar.xz freeipa-f51869bf5214e2d2322f85bf72b7ae86b6893974.zip