Re: [Freeipa-devel] [PATCH 429] replica-install: Allow install on top of already configured client

2015-05-29 Thread Martin Kosek 

On 05/28/2015 03:35 PM, Jan Cholasta wrote:

Dne 26.5.2015 v 17:49 Jan Cholasta napsal(a):

Dne 20.5.2015 v 17:27 Jan Cholasta napsal(a):

Hi,

the attached patch implements the initial bits for
https://fedorahosted.org/freeipa/ticket/2888.

Test by running ipa-client-install and then ipa-replica-install on the
same host.


Updated patch attached.


Another update, patch attached.


AFAIK, the patch is good. But as I discussed with guys offline, I would not 
push this patch to FreeIPA 4.2 unless we are certain that the whole replica 
promotion (with Custodia related work) is complete and pushed - replica 
promotion without custodia integration does not have much value.


This may mean postponing the work to 4.3, I am aware of that.

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 429] replica-install: Allow install on top of already configured client

2015-05-26 Thread Jan Cholasta 

Dne 20.5.2015 v 17:27 Jan Cholasta napsal(a):

Hi,

the attached patch implements the initial bits for
https://fedorahosted.org/freeipa/ticket/2888.

Test by running ipa-client-install and then ipa-replica-install on the
same host.


Updated patch attached.

--
Jan Cholasta
From 55ffe67cdcb1f832a87279a2af31de737333b411 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Wed, 20 May 2015 15:20:31 +
Subject: [PATCH] replica-install: Allow install on top of already configured
 client

https://fedorahosted.org/freeipa/ticket/2888
---
 install/tools/ipa-replica-install | 186 --
 ipaserver/install/krbinstance.py  |   6 +-
 2 files changed, 141 insertions(+), 51 deletions(-)

diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 1df782b..7ce9404 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -24,10 +24,12 @@ import socket
 import os, pwd, shutil
 from optparse import OptionGroup
 from contextlib import contextmanager
+from ConfigParser import RawConfigParser
 
 import dns.resolver
 import dns.reversename
 import dns.exception
+import SSSDConfig
 
 from ipapython import ipautil
 
@@ -151,6 +153,24 @@ def parse_options():
 elif options.reverse_zones and options.no_reverse:
 parser.error(You cannot specify a --reverse-zone option together with --no-reverse)
 
+client_fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
+if client_fstore.has_files():
+if options.mkhomedir:
+parser.error(You cannot specify a --mkhomedir option 
+ when IPA client is already configured)
+if options.trust_sshfp:
+parser.error(You cannot specify a --ssh-trust-dns option 
+ when IPA client is already configured)
+if not options.conf_ssh:
+parser.error(You cannot specify a --no-ssh option 
+ when IPA client is already configured)
+if not options.conf_sshd:
+parser.error(You cannot specify a --no-sshd option 
+ when IPA client is already configured)
+if not options.create_sshfp:
+parser.error(You cannot specify a --no-dns-sshfp option 
+ when IPA client is already configured)
+
 options.zonemgr = None
 options.dnssec_master = False
 
@@ -204,7 +224,7 @@ def install_replica_ds(config):
 
 return ds
 
-def install_krb(config, setup_pkinit=False):
+def install_krb(config, setup_pkinit=False, client_configured=False):
 krb = krbinstance.KrbInstance()
 
 #pkinit files
@@ -214,7 +234,7 @@ def install_krb(config, setup_pkinit=False):
 krb.create_replica(config.realm_name,
config.master_host_name, config.host_name,
config.domain_name, config.dirman_password,
-   setup_pkinit, pkcs12_info)
+   setup_pkinit, pkcs12_info, None, client_configured)
 
 return krb
 
@@ -418,11 +438,40 @@ def main():
 if not ipautil.file_exists(filename):
 sys.exit(Replica file %s does not exist % filename)
 
+if installutils.is_ipa_configured():
+sys.exit(IPA server is already configured on this system.\n
+ If you want to reinstall the IPA server, please uninstall 
+ it first using 'ipa-server-install --uninstall'.)
+
 client_fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
-if client_fstore.has_files():
-sys.exit(IPA client is already configured on this system.\n +
-Please uninstall it first before configuring the replica,  +
-using 'ipa-client-install --uninstall'.)
+client_configured = client_fstore.has_files()
+if client_configured:
+try:
+sssdconfig = SSSDConfig.SSSDConfig()
+sssdconfig.import_config()
+
+domains = sssdconfig.list_active_domains()
+for name in domains:
+domain = sssdconfig.get_domain(name)
+try:
+provider = domain.get_option('id_provider')
+except SSSDConfig.NoOptionError:
+continue
+if provider == 'ipa':
+break
+else:
+raise RuntimeError(IPA domain not configured in SSSD)
+
+if not services.service('sssd').is_enabled():
+raise RuntimeError(SSSD is not enabled)
+
+if not services.service('sssd').is_running():
+raise RuntimeError(SSSD is not running)
+except Exception as e:
+root_logger.error(%s, e)
+sys.exit(SSSD is not configured for IPA client on this system.\n
+ Please uninstall IPA client using 'ipa-client-install 
+ --uninstall' and re-run ipa-replica-install.)
 
 global sstore
 sstore =