From a441df090bbcad9aba943a93923b6927ac0ba8a2 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Tue, 26 Mar 2019 11:42:15 +0100
Subject: [PATCH] ipareplica_prepare: Use MIN_DOMAIN_LEVEL instead of
 DOMAIN_LEVEL_1 in checks

With FreeIPA 4.7.0 there is no support for domain level 0 anymore, the
check for the minimal domain level should use MIN_DOMAIN_LEVEL instead of
DOMAIN_LEVEL_1.
---
 roles/ipareplica/library/ipareplica_prepare.py | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/roles/ipareplica/library/ipareplica_prepare.py b/roles/ipareplica/library/ipareplica_prepare.py
index bfda57f2..9d33ad22 100644
--- a/roles/ipareplica/library/ipareplica_prepare.py
+++ b/roles/ipareplica/library/ipareplica_prepare.py
@@ -420,17 +420,17 @@ def main():
 
         ansible_log.debug("-- CHECK DOMAIN_LEVEL --")
 
+        # Make sure that domain fulfills minimal domain level
+        # requirement
         domain_level = current_domain_level(remote_api)
         check_domain_level_is_supported(domain_level)
-        if domain_level < constants.DOMAIN_LEVEL_1:
-            ansible_module.fail_json(msg=
-                "You used the wrong mechanism to install a replica in "
-                "domain level {dl}:\n"
-                "\tFor domain level >= 1 replica installation, first join the "
-                "domain by running ipa-client-install, then run "
-                "ipa-replica-install without a replica file."
-                .format(dl=domain_level)
-            )
+        if domain_level < constants.MIN_DOMAIN_LEVEL:
+            ansible_module.fail_json(
+                msg=
+                "Cannot promote this client to a replica. The domain level "
+                "must be raised to {mindomainlevel} before the replica can be "
+                "installed".format(
+                    mindomainlevel=constants.MIN_DOMAIN_LEVEL))
 
         ansible_log.debug("-- CHECK AUTHORIZATION --")
 
-- 
GitLab