When a replica for self-signed server is being installed, the installer crashes with "Not a dogtag CA installation". Make sure that installation is handled correctly for both dogtag and self-signed replicas.
https://fedorahosted.org/freeipa/ticket/1479
>From 30b0ef2e61207a5accff0017061bc5c3cc91e4e7 Mon Sep 17 00:00:00 2001 From: Martin Kosek <mko...@redhat.com> Date: Thu, 14 Jul 2011 14:09:53 +0200 Subject: [PATCH] Fix self-signed replica installation When a replica for self-signed server is being installed, the installer crashes with "Not a dogtag CA installation". Make sure that installation is handled correctly for both dogtag and self-signed replicas. https://fedorahosted.org/freeipa/ticket/1479 --- install/tools/ipa-ca-install | 4 ++++ ipaserver/install/cainstance.py | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install index edd8f4cfda6db4bd8fad98023fe9b5f1a76fb593..e6adae057b1e8ce6161833e3678e5447fe75d1be 100755 --- a/install/tools/ipa-ca-install +++ b/install/tools/ipa-ca-install @@ -134,6 +134,10 @@ def main(): # Configure the CA if necessary (CA, cs) = cainstance.install_replica_ca(config, postinstall=True) + if not CA: + # not a dogtag CA replica + sys.exit("Not a dogtag CA installation!") + # We need to ldap_enable the CA now that DS is up and running CA.ldap_enable('CA', config.host_name, config.dirman_password, util.realm_to_suffix(config.realm_name)) diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 4ace26db5a99afda26cfd023887eb71f48c69d55..fbc566a289487580beec9c1cef64160338b25afb 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -1109,8 +1109,8 @@ def install_replica_ca(config, postinstall=False): cafile = config.dir + "/cacert.p12" if not ipautil.file_exists(cafile): - # not a dogtag CA replica - sys.exit('Not a dogtag CA installation') + # self-signed replica + return (None, None) if not config.setup_ca: # We aren't configuring the CA in this step but we still need -- 1.7.6
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel