On 06/02/2015 02:24 PM, Ludwig Krispenz wrote:
hi,
is there a real replacement for "del", it is not in the scope of the
topology commands, the removal of teh agreement is rejected and later
done by the plugin, but what about removal of the host, services,
cleanruv ?
Ludwig
On 06/02/2015 02:10 PM, Tomas Babej wrote:
Hi,
With Domain Level 1 and above, the usage of ipa-replica-manage commands
that alter the replica topology is deprecated. Following commands
are prohibited:
* connect
* disconnect
* del
Upon executing any of these commands, users are pointed out to the
ipa topologysegment-* replacements.
Part of: https://fedorahosted.org/freeipa/ticket/4302
Tomas is on vacation. I've removed 'del' from his patch and will create
a new one for handling of 'del'.
If that's OK, we can push this one.
--
Petr Vobornik
From 0d49c689c69acffa060934589090f246b2342d2c Mon Sep 17 00:00:00 2001
From: Tomas Babej <tba...@redhat.com>
Date: Tue, 2 Jun 2015 14:06:26 +0200
Subject: [PATCH] ipa-replica-manage: Do not allow topology altering commands
from DL 1
With Domain Level 1 and above, the usage of ipa-replica-manage commands
that alter the replica topology is deprecated. Following commands
are prohibited:
* connect
* disconnect
Upon executing any of these commands, users are pointed out to the
ipa topologysegment-* replacements.
Part of: https://fedorahosted.org/freeipa/ticket/4302
---
install/tools/ipa-replica-manage | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage
index 0d2688e6d73b1591c5e386656b7198c20d71558a..a55ca7a89435aa79733b6edbf72d7c51b219d23c 100755
--- a/install/tools/ipa-replica-manage
+++ b/install/tools/ipa-replica-manage
@@ -747,12 +747,6 @@ def del_master(realm, hostname, options):
try:
if bindinstance.dns_container_exists(options.host, thisrepl.suffix,
dm_password=options.dirman_passwd):
- if options.dirman_passwd:
- api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')),
- bind_pw=options.dirman_passwd)
- else:
- ccache = krbV.default_context().default_ccache()
- api.Backend.ldap2.connect(ccache=ccache)
bind = bindinstance.BindInstance()
bind.remove_master_dns_records(hostname, realm, realm.lower())
bind.remove_ipa_ca_dns_records(hostname, realm.lower())
@@ -1209,6 +1203,22 @@ def main():
options.dirman_passwd = dirman_passwd
+ # Initialize the LDAP connection
+ if options.dirman_passwd:
+ api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')),
+ bind_pw=options.dirman_passwd)
+ else:
+ ccache = krbV.default_context().default_ccache()
+ api.Backend.ldap2.connect(ccache=ccache)
+
+ # Check the domain level
+ if args[0] in ("connect", "disconnect"):
+ domainlevel = api.Command['domainlevel_get']().get('result', 0)
+ if domainlevel > 0:
+ sys.exit("The {0} command is deprecated with domain level 1. "
+ "Please use ipa topologysegment-* commands to manage "
+ "IPA replication topology.".format(args[0]))
+
if args[0] == "list":
replica = None
if len(args) == 2:
--
2.1.0
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
