[Freeipa-devel] [freeipa PR#416][synchronized] replica install: relax domain level check for promotion

frasertweedale Tue, 31 Jan 2017 17:03:18 -0800

   URL: https://github.com/freeipa/freeipa/pull/416
Author: frasertweedale
 Title: #416: replica install: relax domain level check for promotion
Action: synchronized


To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/416/head:pr416
git checkout pr416

From 5517b9e47ced44bc6913fb7e3ec5202ce96a0b37 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftwee...@redhat.com>
Date: Fri, 6 Jan 2017 16:04:10 +1000
Subject: [PATCH] replica install: relax domain level check for promotion

promote_check currently requires DL == 1.  Relax the check to
require DL >= 1, so that things will work for future DL increases.

Also separate the concerns of retrieving the current domain level,
validating whether the domain level is supported by the IPA version,
and validating whether the current domain level supports the replica
installation method attempted (i.e. replica file versus promotion).

Part of: https://fedorahosted.org/freeipa/ticket/5011
---
 ipaserver/install/server/replicainstall.py | 56 ++++++++++++++++--------------
 1 file changed, 30 insertions(+), 26 deletions(-)

diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index 18222c8..a312079 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -556,38 +556,25 @@ def common_check(no_ntp):
             pass
 
 
-def check_domain_level(api, expected):
+def current_domain_level(api):
+    """Return the current domain level.
+
+    """
     # Detect the current domain level
     try:
-        current = api.Command['domainlevel_get']()['result']
+        return api.Command['domainlevel_get']()['result']
     except errors.NotFound:
         # If we're joining an older master, domain entry is not
         # available
-        current = constants.DOMAIN_LEVEL_0
+        return constants.DOMAIN_LEVEL_0
 
-    if current == constants.DOMAIN_LEVEL_0:
-        message = (
-            "You must provide a file generated by ipa-replica-prepare to "
-            "create a replica when the domain is at level 0."
-        )
-    else:
-        message = (
-            "You used wrong mechanism to install a replica in domain level "
-            "{dl}:\n"
-            "\tDomain level 0 requires a replica file as a positional "
-            "arugment.\n"
-            "\tFor domain level 1 replica instalation, a replica file must "
-            "not be used but you can can join the domain by running "
-            "ipa-client-install first and then try"
-            "to run this installation again."
-            .format(dl=expected)
-        )
 
-    if current != expected:
-        raise RuntimeError(message)
+def check_domain_level_is_supported(current):
+    """Check that the given domain level is supported by this server version.
 
-    # Detect if current level is out of supported range
-    # for this IPA version
+    :raises: ScriptError if DL is out of supported range for this IPA version.
+
+    """
     under_lower_bound = current < constants.MIN_DOMAIN_LEVEL
     above_upper_bound = current > constants.MAX_DOMAIN_LEVEL
 
@@ -768,7 +755,13 @@ def install_check(installer):
                    config.host_name)
             raise ScriptError(msg, rval=3)
 
-        check_domain_level(remote_api, expected=constants.DOMAIN_LEVEL_0)
+        domain_level = current_domain_level(remote_api)
+        check_domain_level_is_supported(domain_level)
+        if domain_level != constants.DOMAIN_LEVEL_0:
+            raise RuntimeError(
+                "You must provide a file generated by ipa-replica-prepare to "
+                "create a replica when the domain is at level 0."
+            )
 
         # Check pre-existing host entry
         try:
@@ -1088,7 +1081,18 @@ def promote_check(installer):
                                      config.master_host_name, None)
 
         promotion_check_ipa_domain(conn, remote_api.env.basedn)
-        check_domain_level(remote_api, expected=constants.DOMAIN_LEVEL_1)
+
+        domain_level = current_domain_level(remote_api)
+        check_domain_level_is_supported(domain_level)
+        if domain_level < constants.DOMAIN_LEVEL_1:
+            raise RuntimeError(
+                "You used the wrong mechanism to install a replica in "
+                "domain level {dl}:\n"
+                "\tFor domain level >= 1 replica installation, first join the "
+                "domain by running ipa-client-install, then run "
+                "ipa-replica-install without a replica file."
+                .format(dl=domain_level)
+            )
 
         # Check authorization
         result = remote_api.Command['hostgroup_find'](

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#416][synchronized] replica install: relax domain level check for promotion

Reply via email to