Re: [Freeipa-devel] [PATCH] 1052 add version to prepared replica files

[Martin Kosek]

On Fri, 2012-08-31 at 13:49 -0400, Rob Crittenden wrote:
 When installing a replica in an upgrade situation we want to be sure we 
 install the same version or higher. This will have to bake a bit until 
 the next full version of IPA but the idea is to prevent installing a 
 newer replica file on an older server.
 
 To test this you need to rip apart a prepared file and tweak the version 
 forward or backward.
 
 To do this, do something like:
 
 # gpg -d replica-info-pitbull.example.com.gpg | tar xf -
 # edit realm_info/realm_info
 # tar cf replica-info-pitbull.example.com realm_info
 # gpg --batch --homedir `pwd`/.gnupg --passphrase-fd 0 --yes --no-tty -o 
 replica-info-pitbull.example.com.gpg -c replica-info-pitbull.example.com
 type in DM password
 
 rob

Works fine.

ACK. Pushed to master, ipa-3-0.

Martin

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 1052 add version to prepared replica files

[Rob Crittenden]

When installing a replica in an upgrade situation we want to be sure we 
install the same version or higher. This will have to bake a bit until 
the next full version of IPA but the idea is to prevent installing a 
newer replica file on an older server.


To test this you need to rip apart a prepared file and tweak the version 
forward or backward.


To do this, do something like:

# gpg -d replica-info-pitbull.example.com.gpg | tar xf -
# edit realm_info/realm_info
# tar cf replica-info-pitbull.example.com realm_info
# gpg --batch --homedir `pwd`/.gnupg --passphrase-fd 0 --yes --no-tty -o 
replica-info-pitbull.example.com.gpg -c replica-info-pitbull.example.com

type in DM password

rob
From cf1998b2341a72b5b1a24317f64ad8976fb02bb9 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Wed, 29 Aug 2012 11:32:03 -0400
Subject: [PATCH] Add version to replica prepare file, prevent installing to
 older version

---
 install/tools/ipa-replica-install   |  4 
 install/tools/ipa-replica-prepare   |  1 +
 install/tools/man/ipa-replica-install.1 |  2 ++
 install/tools/man/ipa-replica-prepare.1 | 14 --
 ipaserver/install/installutils.py   |  7 ++-
 5 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index d7baf9c05794d95472091059cb96c54cf00bfc41..41e1ef575889ce81da5ce939095e88da44d33ed3 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -328,6 +328,10 @@ def main():
 
 config = ReplicaConfig()
 read_replica_info(dir, config)
+root_logger.debug('Installing replica file with version %d (0 means no version in prepared file).' % config.version)
+if config.version and config.version  version.NUM_VERSION:
+root_logger.error('A replica file from a newer release (%d) cannot be installed on an older version (%d)' % (config.version, version.NUM_VERSION))
+sys.exit(1)
 config.dirman_password = dirman_password
 try:
 host = get_host_name(options.no_host_dns)
diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare
index 3578488264564b6335033f87a62cd4e1e7f8b719..d1ffe4e2e1d0eee3571713b24cc9d57d59acaa24 100755
--- a/install/tools/ipa-replica-prepare
+++ b/install/tools/ipa-replica-prepare
@@ -207,6 +207,7 @@ def save_config(dir, realm_name, host_name,
 config.set(realm, domain_name, domain_name)
 config.set(realm, destination_host, dest_host)
 config.set(realm, subject_base, str(subject_base))
+config.set(realm, version, str(version.NUM_VERSION))
 fd = open(dir + /realm_info, w)
 config.write(fd)
 
diff --git a/install/tools/man/ipa-replica-install.1 b/install/tools/man/ipa-replica-install.1
index 1a0f89a410b3409adbc790b114d14fee8e9e1952..3f4459727aafbe96280ab1abd12f113386b07921 100644
--- a/install/tools/man/ipa-replica-install.1
+++ b/install/tools/man/ipa-replica-install.1
@@ -29,6 +29,8 @@ The replica_file is created using the ipa\-replica\-prepare utility.
 If the installation fails you may need to run ipa\-server\-install \-\-uninstall before running ipa\-replica\-install again.
 
 The installation will fail if the host you are installing the replica on exists as a host in IPA or an existing replication agreement exists (for example, from a previously failed installation).
+
+A replica should only be installed on the same or higher version of IPA on the remote system.
 .SH OPTIONS
 .SS BASIC OPTIONS
 .TP
diff --git a/install/tools/man/ipa-replica-prepare.1 b/install/tools/man/ipa-replica-prepare.1
index f30ed10c17cfde9e54c3ce9556a8d03671398227..8e1e60a25628432bf380e7af1d2d2dac9abf8c8a 100644
--- a/install/tools/man/ipa-replica-prepare.1
+++ b/install/tools/man/ipa-replica-prepare.1
@@ -1,21 +1,21 @@
 .\ A man page for ipa-replica-prepare
 .\ Copyright (C) 2008 Red Hat, Inc.
-.\ 
+.\
 .\ This program is free software; you can redistribute it and/or modify
 .\ it under the terms of the GNU General Public License as published by
 .\ the Free Software Foundation, either version 3 of the License, or
 .\ (at your option) any later version.
-.\ 
+.\
 .\ This program is distributed in the hope that it will be useful, but
 .\ WITHOUT ANY WARRANTY; without even the implied warranty of
 .\ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 .\ General Public License for more details.
-.\ 
+.\
 .\ You should have received a copy of the GNU General Public License
 .\ along with this program.  If not, see http://www.gnu.org/licenses/.
-.\ 
+.\
 .\ Author: Rob Crittenden rcrit...@redhat.com
-.\ 
+.\
 .TH ipa-replica-prepare 1 Mar 14 2008 FreeIPA FreeIPA Manual Pages
 .SH NAME
 ipa\-replica\-prepare \- Create an IPA replica file
@@ -28,9 +28,11 @@ A replica can only be created on an IPA server installed with ipa\-server\-insta
 
 You must provide the fully\-qualified hostname of the machine you want to install the replica on and a host\-specific replica_file