def execute(self, *args, **options): """ Checks all the IPA masters for supported domain level ranges. If the desired domain level is within the supported range of all masters, it will be raised. Domain level cannot be lowered. """ ldap = self.api.Backend.ldap2 current_entry = ldap.get_entry(get_domainlevel_dn(self.api)) current_value = int(current_entry.single_value['ipadomainlevel']) desired_value = int(args[0]) # Domain level cannot be lowered if int(desired_value) < int(current_value): message = _("Domain Level cannot be lowered.") raise errors.InvalidDomainLevelError(reason=message) # Check if every master supports the desired level for master in get_master_entries(ldap, self.api): supported = get_domainlevel_range(master) if supported.min > desired_value or supported.max < desired_value: message = _("Domain Level cannot be raised to {0}, server {1} " "does not support it.".format( desired_value, master['cn'][0])) raise errors.InvalidDomainLevelError(reason=message) current_entry.single_value['ipaDomainLevel'] = desired_value ldap.update_entry(current_entry) return {'result': int(current_entry.single_value['ipaDomainLevel'])}
def validate_domain_level(api): try: current = int(api.Command.domainlevel_get()['result']) except errors.NotFound: current = MIN_DOMAIN_LEVEL if current < DOMAIN_LEVEL_1: raise errors.InvalidDomainLevelError( reason=_('Topology management requires minimum domain level {0} ' ).format(DOMAIN_LEVEL_1))
def check_for_supported_domain_level(self): """ check if we are in 0-level topology. If not, raise an error pointing the user to the replica promotion pathway """ domain_level = dsinstance.get_domain_level(api) if domain_level > DOMAIN_LEVEL_0: self.log.error( UNSUPPORTED_DOMAIN_LEVEL_TEMPLATE.format( command_name=self.command_name, domain_level=DOMAIN_LEVEL_0, curr_domain_level=domain_level)) raise errors.InvalidDomainLevelError( reason="'{command}' is allowed only in domain level " "{prep_domain_level}".format(command=self.command_name, prep_domain_level=DOMAIN_LEVEL_0))
def check_conflict_entries(ldap, api, desired_value): """ Check if conflict entries exist in topology subtree """ container_dn = DN(('cn', 'ipa'), ('cn', 'etc'), api.env.basedn) conflict = "(nsds5replconflict=*)" subentry = "(|(objectclass=ldapsubentry)(objectclass=*))" try: ldap.get_entries(filter="(& %s %s)" % (conflict, subentry), base_dn=container_dn, scope=ldap.SCOPE_SUBTREE) message = _( "Domain Level cannot be raised to {0}, " "existing replication conflicts have to be resolved.").format( desired_value) raise errors.InvalidDomainLevelError(reason=message) except errors.NotFound: pass