On 10/19/2015 02:47 PM, Martin Basti wrote:



On 15.10.2015 16:29, Martin Babinsky wrote:
https://fedorahosted.org/freeipa/ticket/5175



NACK

with domain level 0

ipa-replica-prepare <replica_hostname>

ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: DEBUG: File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 169, in
execute
     self.ask_for_options()
   File
"/usr/lib/python2.7/site-packages/ipaserver/install/ipa_replica_prepare.py",
line 215, in ask_for_options
     bind_pw=self.dirman_password)
   File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 61,
in connect
     self.id, threading.currentThread().getName()
ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: DEBUG: The
ipa-replica-prepare command failed, exception: Exception: connect:
'context.ldap2_140616703529424' already exists in thread 'MainThread'
ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: ERROR:
connect: 'context.ldap2_140616703529424' already exists in thread
'MainThread'
ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: ERROR: The
ipa-replica-prepare command failed.

without your patch it works

Martin^2

The function was leaking opened backend connection due to incorrect disconnect logic. Updated patch should fix this.

--
Martin^3 Babinsky
From 99f42975f478eabf7bd6ebfbf403d04db2ab6866 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Thu, 15 Oct 2015 16:07:48 +0200
Subject: [PATCH] disable ipa-replica-prepare in non-zero IPA domain level

the original replica installation path (ipa-replica-prepare +
ipa-replica-install) remains valid only when IPA domain level is zero. When
this is not the case, ipa-replica-prepare will print out an error message which
instructs the user to use the new replica promotion machinery to setup
replicas.

https://fedorahosted.org/freeipa/ticket/5175
---
 ipaserver/install/ipa_replica_prepare.py | 38 +++++++++++++++++++++++++++++++-
 1 file changed, 37 insertions(+), 1 deletion(-)

diff --git a/ipaserver/install/ipa_replica_prepare.py b/ipaserver/install/ipa_replica_prepare.py
index 2b4a60e16bd23f9d4c8e0135708950a6cc40db9a..f4214c8b3c9f084bfe2557b6e750bfe7c1670ee6 100644
--- a/ipaserver/install/ipa_replica_prepare.py
+++ b/ipaserver/install/ipa_replica_prepare.py
@@ -41,7 +41,21 @@ from ipapython import version
 from ipalib import api
 from ipalib import errors
 from ipaplatform.paths import paths
-from ipalib.constants import CACERT
+from ipalib.constants import CACERT, MIN_DOMAIN_LEVEL
+
+
+UNSUPPORTED_DOMAIN_LEVEL_TEMPLATE = """
+Replica creation using '{}' to generate replica file is supported only
+in {}-level IPA domain.
+
+The current IPA domain level is {} and thus the replica must be created by
+promoting an existing IPA client.
+
+To set up a replica use the following procedure:
+    1.) set up a client on the host using 'ipa-client-install'
+    2.) promote the client to replica running 'ipa-replica-install' *without*
+        replica file specified
+"""
 
 
 class ReplicaPrepare(admintool.AdminTool):
@@ -161,6 +175,8 @@ class ReplicaPrepare(admintool.AdminTool):
         api.bootstrap(in_server=True)
         api.finalize()
 
+        self.check_domainlevel(api)
+
         if api.env.host == self.replica_fqdn:
             raise admintool.ScriptError("You can't create a replica on itself")
 
@@ -673,3 +689,23 @@ class ReplicaPrepare(admintool.AdminTool):
             '-w', dm_pwd_fd.name,
             '-o', ca_file
         ])
+
+    def check_domainlevel(self, api):
+        was_connected = api.Backend.ldap2.isconnected()
+        try:
+            if not was_connected:
+                api.Backend.ldap2.connect()
+
+            domain_level = api.Command.domainlevel_get()['result']
+        except Exception as e:
+            raise RuntimeError(
+                "Cannot determine current domain level: {}".format(e))
+        finally:
+            if not was_connected:
+                api.Backend.ldap2.disconnect()
+
+        if domain_level > MIN_DOMAIN_LEVEL:
+            raise RuntimeError(
+                UNSUPPORTED_DOMAIN_LEVEL_TEMPLATE.format(
+                self.command_name, MIN_DOMAIN_LEVEL, domain_level)
+            )
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to