Hi,

the attached patch fixes <https://fedorahosted.org/freeipa/ticket/5983>.

Honza

--
Jan Cholasta
From 3df2600c8ac36140c1b944e0d458bac33bc727be Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jchol...@redhat.com>
Date: Wed, 29 Jun 2016 14:16:42 +0200
Subject: [PATCH] replica install: don't allow install against a newer server

If the version of the remote server is higher than the local version, don't
allow installing a replica of it.

https://fedorahosted.org/freeipa/ticket/5983
---
 ipaserver/install/server/replicainstall.py | 28 ++++++++++++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index 0277d32..5fc8ccd 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -5,6 +5,7 @@
 from __future__ import print_function
 
 import collections
+from distutils.version import LooseVersion
 import dns.exception as dnsexception
 import dns.name as dnsname
 import dns.resolver as dnsresolver
@@ -25,7 +26,7 @@ from ipapython.ipa_log_manager import root_logger
 from ipaplatform import services
 from ipaplatform.tasks import tasks
 from ipaplatform.paths import paths
-from ipalib import api, certstore, constants, create_api, errors, x509
+from ipalib import api, certstore, constants, create_api, errors, rpc, x509
 import ipaclient.ipachangeconf
 import ipaclient.ntpconf
 from ipaserver.install import (
@@ -478,6 +479,24 @@ def promote_openldap_conf(hostname, master):
         root_logger.info("Failed to update {}: {}".format(ldap_conf, e))
 
 
+def check_remote_version(api):
+    client = rpc.jsonclient(api)
+    client.finalize()
+
+    client.connect()
+    try:
+        env = client.forward(u'env', u'version')['result']
+    finally:
+        client.disconnect()
+
+    remote_version = env['version']
+    version = api.env.version
+    if LooseVersion(remote_version) > LooseVersion(version):
+        raise RuntimeError(
+            "Cannot install replica of a server of higher version ({}) than"
+            "the local version ({})".format(remote_version, version))
+
+
 @common_cleanup
 def install_check(installer):
     options = installer
@@ -1090,10 +1109,15 @@ def promote_check(installer):
                            "the client and try again.")
 
     ldapuri = 'ldaps://%s' % ipautil.format_netloc(config.master_host_name)
+    xmlrpc_uri = 'https://{}/ipa/xml'.format(
+        ipautil.format_netloc(config.master_host_name))
     remote_api = create_api(mode=None)
     remote_api.bootstrap(in_server=True, context='installer',
-                         ldap_uri=ldapuri)
+                         ldap_uri=ldapuri, xmlrpc_uri=xmlrpc_uri)
     remote_api.finalize()
+
+    check_remote_version(remote_api)
+
     conn = remote_api.Backend.ldap2
     replman = None
     try:
-- 
2.7.4

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to