URL: https://github.com/freeipa/freeipa/pull/553
Author: stlaz
 Title: #553: Add check for removing last KRA server
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/553/head:pr553
git checkout pr553
From d03f868d2e9396231a2bcb1e754a1ed853716699 Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka <slazn...@redhat.com>
Date: Wed, 8 Mar 2017 09:58:38 +0100
Subject: [PATCH 1/2] Add check to prevent removal of last KRA

https://pagure.io/freeipa/issue/6538
---
 ipaserver/plugins/server.py | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/ipaserver/plugins/server.py b/ipaserver/plugins/server.py
index 08caa1c..b1ee472 100644
--- a/ipaserver/plugins/server.py
+++ b/ipaserver/plugins/server.py
@@ -494,6 +494,19 @@ def handler(msg, ignore_last_of_role):
                       "without a DNS."), ignore_last_of_role)
 
         if self.api.Command.ca_is_enabled()['result']:
+            try:
+                vault_config = self.api.Command.vaultconfig_show()['result']
+                kra_servers = vault_config.get('kra_server_server', [])
+            except errors.InvocationError:
+                # KRA is not configured
+                pass
+            else:
+                if kra_servers == [hostname]:
+                    handler(
+                        _("Deleting this server is not allowed as it would "
+                          "leave your installation without a KRA."),
+                        ignore_last_of_role)
+
             ca_servers = ipa_config.get('ca_server_server', [])
             ca_renewal_master = ipa_config.get(
                 'ca_renewal_master_server', [])

From a1d0f93035370de229916de4e693d8aa2f8878d2 Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka <slazn...@redhat.com>
Date: Wed, 8 Mar 2017 13:07:12 +0100
Subject: [PATCH 2/2] Add message about last KRA to WebUI Topology view

https://pagure.io/freeipa/issue/6538
---
 install/ui/src/freeipa/topology.js | 25 ++++++++++++++++++-------
 install/ui/test/data/ipa_init.json |  4 ++--
 ipaserver/plugins/internal.py      |  4 ++--
 3 files changed, 22 insertions(+), 11 deletions(-)

diff --git a/install/ui/src/freeipa/topology.js b/install/ui/src/freeipa/topology.js
index c33adba..66c5594 100644
--- a/install/ui/src/freeipa/topology.js
+++ b/install/ui/src/freeipa/topology.js
@@ -497,23 +497,34 @@ topology.servers_search_facet = function(spec, no_init) {
             on_success(data, text_status, xhr);
 
             var result = data.result.results;
-            var counter = 0;
+            var ca_counter = 0;
+            var kra_counter = 0;
 
             for (var i=0, l=result.length; i<l; i++) {
                 var current = result[i];
                 var roles = current.result.enabled_role_servrole;
                 for (var k=0, m=roles.length; k<m; k++) {
-                    if (roles[k] === 'CA server') counter++;
+                    if (roles[k] === 'CA server') ca_counter++;
+                    if (roles[k] === 'KRA server') kra_counter++;
                 }
             }
 
-            // Create dialog and show it only when there is only one CA server
-            if (counter != 1) return;
+            // Show a dialog when there is only one CA or KRA server
+            if (ca_counter != 1 && kra_counter != 1) return;
+
+            var message = text.get(
+                '@i18n:objects.servers.svc_warning_message') + '<ul>';
+            if (ca_counter === 1) {
+                message += '<li>CA</li>\n';
+            }
+            if (kra_counter === 1) {
+                message += '<li>KRA</li>\n';
+            }
+            message += '</ul>';
 
-            var message = text.get('@i18n:objects.servers.ca_warning_message');
             var dialog = IPA.dialog({
-                name: 'ca_warning',
-                title: '@i18n:objects.servers.ca_warning_title',
+                name: 'svc_warning',
+                title: '@i18n:objects.servers.svc_warning_title',
                 sections: [
                     {
                         show_header: false,
diff --git a/install/ui/test/data/ipa_init.json b/install/ui/test/data/ipa_init.json
index 2fe0ef4..f49e84b 100644
--- a/install/ui/test/data/ipa_init.json
+++ b/install/ui/test/data/ipa_init.json
@@ -552,8 +552,8 @@
                             "label_singular": "Server Role",
                         },
                         "servers": {
-                            "ca_warning_message": "It is strongly recommended to keep the CA services installed on more than one server.",
-                            "ca_warning_title": "Warning: Only One CA Server Detected",
+                            "svc_warning_title": "Warning: Consider service replication",
+                            "svc_warning_message": "It is strongly recommended to keep the following services installed on more than one server:",
                             "remove_server": "Delete Server",
                             "remove_server_msg": "Deleting a server removes it permanently from the topology. Note that this is a non-reversible action."
                         },
diff --git a/ipaserver/plugins/internal.py b/ipaserver/plugins/internal.py
index e82e5fc..002bcd7 100644
--- a/ipaserver/plugins/internal.py
+++ b/ipaserver/plugins/internal.py
@@ -704,8 +704,8 @@ class i18n_messages(Command):
                 "label_singular": _("Server Role"),
             },
             "servers": {
-                "ca_warning_message": _("It is strongly recommended to keep the CA services installed on more than one server."),
-                "ca_warning_title": _("Warning: Only One CA Server Detected"),
+                "svc_warning_title": _("Warning: Consider service replication"),
+                "svc_warning_message": _("It is strongly recommended to keep the following services installed on more than one server:"),
                 "remove_server": _("Delete Server"),
                 "remove_server_msg": _("Deleting a server removes it permanently from the topology. Note that this is a non-reversible action.")
             },
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to