On 10/19/2015 04:51 PM, Martin Babinsky wrote:
On 10/19/2015 02:47 PM, Martin Basti wrote:
On 15.10.2015 16:29, Martin Babinsky wrote:
https://fedorahosted.org/freeipa/ticket/5175
NACK
with domain level 0
ipa-replica-prepare <replica_hostname>
ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: DEBUG: File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 169, in
execute
self.ask_for_options()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ipa_replica_prepare.py",
line 215, in ask_for_options
bind_pw=self.dirman_password)
File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 61,
in connect
self.id, threading.currentThread().getName()
ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: DEBUG: The
ipa-replica-prepare command failed, exception: Exception: connect:
'context.ldap2_140616703529424' already exists in thread 'MainThread'
ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: ERROR:
connect: 'context.ldap2_140616703529424' already exists in thread
'MainThread'
ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: ERROR: The
ipa-replica-prepare command failed.
without your patch it works
Martin^2
The function was leaking opened backend connection due to incorrect
disconnect logic. Updated patch should fix this.
Reworked patch attached which used existing function in dsinstance.py to
check domain level.
However, note that it may require my patch 0088 to function correctly.
--
Martin^3 Babinsky
From ff54c17fdd39cc06e5cc0241a12edb0a22f7caac Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Thu, 15 Oct 2015 16:07:48 +0200
Subject: [PATCH] disable ipa-replica-prepare in non-zero IPA domain level
the original replica installation path (ipa-replica-prepare +
ipa-replica-install) remains valid only when IPA domain level is zero. When
this is not the case, ipa-replica-prepare will print out an error message which
instructs the user to use the new replica promotion machinery to setup
replicas.
https://fedorahosted.org/freeipa/ticket/5175
---
ipaserver/install/ipa_replica_prepare.py | 26 +++++++++++++++++++++++++-
1 file changed, 25 insertions(+), 1 deletion(-)
diff --git a/ipaserver/install/ipa_replica_prepare.py b/ipaserver/install/ipa_replica_prepare.py
index 2b4a60e16bd23f9d4c8e0135708950a6cc40db9a..df79bdfcee71ea9675007d6f80d97f29106624bf 100644
--- a/ipaserver/install/ipa_replica_prepare.py
+++ b/ipaserver/install/ipa_replica_prepare.py
@@ -41,7 +41,21 @@ from ipapython import version
from ipalib import api
from ipalib import errors
from ipaplatform.paths import paths
-from ipalib.constants import CACERT
+from ipalib.constants import CACERT, MIN_DOMAIN_LEVEL
+
+
+UNSUPPORTED_DOMAIN_LEVEL_TEMPLATE = """
+Replica creation using '{}' to generate replica file is supported only
+in {}-level IPA domain.
+
+The current IPA domain level is {} and thus the replica must be created by
+promoting an existing IPA client.
+
+To set up a replica use the following procedure:
+ 1.) set up a client on the host using 'ipa-client-install'
+ 2.) promote the client to replica running 'ipa-replica-install' *without*
+ replica file specified
+"""
class ReplicaPrepare(admintool.AdminTool):
@@ -161,6 +175,8 @@ class ReplicaPrepare(admintool.AdminTool):
api.bootstrap(in_server=True)
api.finalize()
+ self.check_domainlevel(api)
+
if api.env.host == self.replica_fqdn:
raise admintool.ScriptError("You can't create a replica on itself")
@@ -673,3 +689,11 @@ class ReplicaPrepare(admintool.AdminTool):
'-w', dm_pwd_fd.name,
'-o', ca_file
])
+
+ def check_domainlevel(self, api):
+ domain_level = dsinstance.get_domain_level(api)
+ if domain_level > MIN_DOMAIN_LEVEL:
+ raise RuntimeError(
+ UNSUPPORTED_DOMAIN_LEVEL_TEMPLATE.format(
+ self.command_name, MIN_DOMAIN_LEVEL, domain_level)
+ )
--
2.4.3
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
