URL: https://github.com/freeipa/freeipa/pull/553 Author: stlaz Title: #553: Add check for removing last KRA server Action: synchronized
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/553/head:pr553 git checkout pr553
From d03f868d2e9396231a2bcb1e754a1ed853716699 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Wed, 8 Mar 2017 09:58:38 +0100 Subject: [PATCH 1/2] Add check to prevent removal of last KRA https://pagure.io/freeipa/issue/6538 --- ipaserver/plugins/server.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/ipaserver/plugins/server.py b/ipaserver/plugins/server.py index 08caa1c..b1ee472 100644 --- a/ipaserver/plugins/server.py +++ b/ipaserver/plugins/server.py @@ -494,6 +494,19 @@ def handler(msg, ignore_last_of_role): "without a DNS."), ignore_last_of_role) if self.api.Command.ca_is_enabled()['result']: + try: + vault_config = self.api.Command.vaultconfig_show()['result'] + kra_servers = vault_config.get('kra_server_server', []) + except errors.InvocationError: + # KRA is not configured + pass + else: + if kra_servers == [hostname]: + handler( + _("Deleting this server is not allowed as it would " + "leave your installation without a KRA."), + ignore_last_of_role) + ca_servers = ipa_config.get('ca_server_server', []) ca_renewal_master = ipa_config.get( 'ca_renewal_master_server', []) From 5842402368985752c078d3f1f0d8edd33f708e57 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Wed, 8 Mar 2017 13:07:12 +0100 Subject: [PATCH 2/2] Add message about last KRA to WebUI Topology view https://pagure.io/freeipa/issue/6538 --- install/ui/src/freeipa/topology.js | 37 ++++++++++++++++++++++++------------- install/ui/test/data/ipa_init.json | 3 ++- ipaserver/plugins/internal.py | 3 ++- 3 files changed, 28 insertions(+), 15 deletions(-) diff --git a/install/ui/src/freeipa/topology.js b/install/ui/src/freeipa/topology.js index c33adba..c4f3f65 100644 --- a/install/ui/src/freeipa/topology.js +++ b/install/ui/src/freeipa/topology.js @@ -497,23 +497,40 @@ topology.servers_search_facet = function(spec, no_init) { on_success(data, text_status, xhr); var result = data.result.results; - var counter = 0; + var ca_counter = 0; + var kra_counter = 0; for (var i=0, l=result.length; i<l; i++) { var current = result[i]; var roles = current.result.enabled_role_servrole; for (var k=0, m=roles.length; k<m; k++) { - if (roles[k] === 'CA server') counter++; + if (roles[k] === 'CA server') ca_counter++; + if (roles[k] === 'KRA server') kra_counter++; } } // Create dialog and show it only when there is only one CA server - if (counter != 1) return; + if (ca_counter != 1 && kra_counter != 1) return; + + var messages = []; + if (ca_counter == 1) + messages.push( + { + field: false, + $type: 'html', + html: text.get('@i18n:objects.servers.ca_warning_message') + }); + if (kra_counter == 1) + messages.push( + { + field: false, + $type: 'html', + html: text.get('@i18n:objects.servers.kra_warning_message') + }); - var message = text.get('@i18n:objects.servers.ca_warning_message'); var dialog = IPA.dialog({ - name: 'ca_warning', - title: '@i18n:objects.servers.ca_warning_title', + name: 'dogtag_warning', + title: '@i18n:objects.servers.dogtag_warning_title', sections: [ { show_header: false, @@ -523,13 +540,7 @@ topology.servers_search_facet = function(spec, no_init) { widget_cls: "col-sm-12 controls", label_cls: "hide" }, - fields: [ - { - field: false, - $type: 'html', - html: message - } - ] + fields: messages } ] }); diff --git a/install/ui/test/data/ipa_init.json b/install/ui/test/data/ipa_init.json index 2fe0ef4..f3c5b7d 100644 --- a/install/ui/test/data/ipa_init.json +++ b/install/ui/test/data/ipa_init.json @@ -552,8 +552,9 @@ "label_singular": "Server Role", }, "servers": { + "dogtag_warning_title": "Warning: Only One CA/KRA Server Detected", "ca_warning_message": "It is strongly recommended to keep the CA services installed on more than one server.", - "ca_warning_title": "Warning: Only One CA Server Detected", + "kra_warning_message": "It is strongly recommended to keep the KRA services installed on more than one server.", "remove_server": "Delete Server", "remove_server_msg": "Deleting a server removes it permanently from the topology. Note that this is a non-reversible action." }, diff --git a/ipaserver/plugins/internal.py b/ipaserver/plugins/internal.py index e82e5fc..617aea3 100644 --- a/ipaserver/plugins/internal.py +++ b/ipaserver/plugins/internal.py @@ -704,8 +704,9 @@ class i18n_messages(Command): "label_singular": _("Server Role"), }, "servers": { + "dogtag_warning_title": _("Warning: Only One CA/KRA Server Detected"), "ca_warning_message": _("It is strongly recommended to keep the CA services installed on more than one server."), - "ca_warning_title": _("Warning: Only One CA Server Detected"), + "kra_warning_message": _("It is strongly recommended to keep the KRA services installed on more than one server."), "remove_server": _("Delete Server"), "remove_server_msg": _("Deleting a server removes it permanently from the topology. Note that this is a non-reversible action.") },
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code