Пример #1
0
    def execute(self, *args, **options):
        """
        Checks all the IPA masters for supported domain level ranges.

        If the desired domain level is within the supported range of all
        masters, it will be raised.

        Domain level cannot be lowered.
        """

        ldap = self.api.Backend.ldap2

        current_entry = ldap.get_entry(get_domainlevel_dn(self.api))
        current_value = int(current_entry.single_value['ipadomainlevel'])
        desired_value = int(args[0])

        # Domain level cannot be lowered
        if int(desired_value) < int(current_value):
            message = _("Domain Level cannot be lowered.")
            raise errors.InvalidDomainLevelError(reason=message)

        # Check if every master supports the desired level
        for master in get_master_entries(ldap, self.api):
            supported = get_domainlevel_range(master)

            if supported.min > desired_value or supported.max < desired_value:
                message = _("Domain Level cannot be raised to {0}, server {1} "
                            "does not support it.".format(
                                desired_value, master['cn'][0]))
                raise errors.InvalidDomainLevelError(reason=message)

        current_entry.single_value['ipaDomainLevel'] = desired_value
        ldap.update_entry(current_entry)

        return {'result': int(current_entry.single_value['ipaDomainLevel'])}
Пример #2
0
def validate_domain_level(api):
    try:
        current = int(api.Command.domainlevel_get()['result'])
    except errors.NotFound:
        current = MIN_DOMAIN_LEVEL

    if current < DOMAIN_LEVEL_1:
        raise errors.InvalidDomainLevelError(
            reason=_('Topology management requires minimum domain level {0} '
                     ).format(DOMAIN_LEVEL_1))
Пример #3
0
    def check_for_supported_domain_level(self):
        """
        check if we are in 0-level topology. If not, raise an error pointing
        the user to the replica promotion pathway
        """

        domain_level = dsinstance.get_domain_level(api)
        if domain_level > DOMAIN_LEVEL_0:
            self.log.error(
                UNSUPPORTED_DOMAIN_LEVEL_TEMPLATE.format(
                    command_name=self.command_name,
                    domain_level=DOMAIN_LEVEL_0,
                    curr_domain_level=domain_level))
            raise errors.InvalidDomainLevelError(
                reason="'{command}' is allowed only in domain level "
                "{prep_domain_level}".format(command=self.command_name,
                                             prep_domain_level=DOMAIN_LEVEL_0))
Пример #4
0
def check_conflict_entries(ldap, api, desired_value):
    """
    Check if conflict entries exist in topology subtree
    """

    container_dn = DN(('cn', 'ipa'), ('cn', 'etc'), api.env.basedn)
    conflict = "(nsds5replconflict=*)"
    subentry = "(|(objectclass=ldapsubentry)(objectclass=*))"
    try:
        ldap.get_entries(filter="(& %s %s)" % (conflict, subentry),
                         base_dn=container_dn,
                         scope=ldap.SCOPE_SUBTREE)
        message = _(
            "Domain Level cannot be raised to {0}, "
            "existing replication conflicts have to be resolved.").format(
                desired_value)
        raise errors.InvalidDomainLevelError(reason=message)
    except errors.NotFound:
        pass