Re: [Freeipa-devel] [PATCH 0355-0356, 0363] Prevent using replica file with ipa-ca-install and domain

Martin Basti Fri, 27 Nov 2015 05:06:47 -0800


On 26.11.2015 15:00, Martin Basti wrote:



On 24.11.2015 16:48, Jan Cholasta wrote:

On 24.11.2015 10:21, Martin Basti wrote:

https://fedorahosted.org/freeipa/ticket/5455

Patches attached.


+    def run(self):
+        self._run()

Wouldn't it be better to rename _run() to run() instead?

Updated patches attached.

Updated patches attached, thanks to Oleg I was able to reproduce KRAissue too (patch 363)

From dc7b086702060eaf11c5066826d8fd91536c6dcc Mon Sep 17 00:00:00 2001
From: Martin Basti <[email protected]>
Date: Thu, 19 Nov 2015 15:40:20 +0100
Subject: [PATCH 1/2] ipa-ca-install: error when replica file is passed with
 domain level > 0

with replica promotion (domain level > 0) there are no replica files,
thus adding replica file as parameter when domain level > 0 should be
disallowed.

https://fedorahosted.org/freeipa/ticket/5455
---
 install/tools/ipa-ca-install | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install
index fafd5d091ee1dd72da8b3e3ee08506b38a96aceb..b1d58f7504e36bef5c55caf5341d0d6126495158 100755
--- a/install/tools/ipa-ca-install
+++ b/install/tools/ipa-ca-install
@@ -110,6 +110,9 @@ def install_replica(safe_options, options, filename):
     domain_level = dsinstance.get_domain_level(api)
     if domain_level > DOMAIN_LEVEL_0:
         options.promote = True
+        if filename is not None:
+            sys.exit("Too many parameters provided. "
+                     "No replica file is required")
     else:
         options.promote = False
         if filename is None:
-- 
2.5.0

From 1caac20e91e87912bdb2d99f0e3b42ad2f8dcb8c Mon Sep 17 00:00:00 2001
From: Martin Basti <[email protected]>
Date: Mon, 23 Nov 2015 13:38:11 +0100
Subject: [PATCH 2/2] KRA install: show installation message only if install
 really started

Message that installation started/failed was shown even when
install_check fail (installation itself did not start).
This commit show messages only if installation started.

Enhacement for https://fedorahosted.org/freeipa/ticket/5455
---
 ipaserver/install/ipa_kra_install.py | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/ipaserver/install/ipa_kra_install.py b/ipaserver/install/ipa_kra_install.py
index d8fbf580e53010f8d42b4f8d6464997055c2c13c..79b4ae899c6cc9915316d44f6d9e1d035d12ca60 100644
--- a/ipaserver/install/ipa_kra_install.py
+++ b/ipaserver/install/ipa_kra_install.py
@@ -152,7 +152,7 @@ class KRAInstaller(KRAInstall):
                 raise admintool.ScriptError(
                     "Directory Manager password required")
 
-    def _run(self):
+    def run(self):
         super(KRAInstaller, self).run()
 
         if not cainstance.is_ca_installed_locally():
@@ -174,8 +174,6 @@ class KRAInstaller(KRAInstall):
                 raise RuntimeError("Too many parameters provided. "
                                    "No replica file is required.")
 
-        print(dedent(self.INSTALLER_START_MESSAGE))
-
         self.options.dm_password = self.options.password
         self.options.setup_ca = False
 
@@ -217,11 +215,10 @@ class KRAInstaller(KRAInstall):
         except RuntimeError as e:
             raise admintool.ScriptError(str(e))
 
-        kra.install(api, config, self.options)
+        print(dedent(self.INSTALLER_START_MESSAGE))
 
-    def run(self):
         try:
-            self._run()
+            kra.install(api, config, self.options)
         except:
             self.log.error(dedent(self.FAIL_MESSAGE))
             raise
-- 
2.5.0

From 53e7d4340e275f9dba9b802d3c7bdffca0cd4acf Mon Sep 17 00:00:00 2001
From: Martin Basti <[email protected]>
Date: Fri, 27 Nov 2015 13:56:09 +0100
Subject: [PATCH] ipa-kra-install: error when replica file is passed with
 domain level > 0

installing kra on promoted replica (domain level > 0) does not require
replica file.

https://fedorahosted.org/freeipa/ticket/5455
---
 ipaserver/install/ipa_kra_install.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ipaserver/install/ipa_kra_install.py b/ipaserver/install/ipa_kra_install.py
index 79b4ae899c6cc9915316d44f6d9e1d035d12ca60..643ad40311be40ac4f2721b3ccf744947ed18ac6 100644
--- a/ipaserver/install/ipa_kra_install.py
+++ b/ipaserver/install/ipa_kra_install.py
@@ -169,10 +169,10 @@ class KRAInstaller(KRAInstall):
                 self.options.promote = True
             elif not self.args:
                 raise RuntimeError("A replica file is required.")
-        else:
-            if self.args:
-                raise RuntimeError("Too many parameters provided. "
-                                   "No replica file is required.")
+
+        if self.args and (not self.installing_replica or self.options.promote):
+            raise RuntimeError("Too many parameters provided. "
+                               "No replica file is required.")
 
         self.options.dm_password = self.options.password
         self.options.setup_ca = False
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0355-0356, 0363] Prevent using replica file with ipa-ca-install and domain

Reply via email to