Fixes https://fedorahosted.org/freeipa/ticket/4492

--
Martin^3 Babinsky
From 8c29064df3649db5784e96440bae3ae0ed19dcd3 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Wed, 15 Jul 2015 14:15:49 +0200
Subject: [PATCH] ipa-ca-install: print more specific errors when CA is already
 installed

This patch implements a more thorough checking for already installed CAs
during standalone CA installation using ipa-ca-install. The installer now
differentiates between CA that is already installed locally and CA installed
on one or more masters in topology and prints an appropriate error message.

https://fedorahosted.org/freeipa/ticket/4492
---
 ipaserver/install/ca.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py
index 498cc48a742d1b2d862eb9dfdb18743cfb211b78..39f4435e2d8f1b66b4b1acf2f2219c33120707dc 100644
--- a/ipaserver/install/ca.py
+++ b/ipaserver/install/ca.py
@@ -45,8 +45,16 @@ def install_check(standalone, replica_config, options):
 
         return
 
-    if standalone and api.Command.ca_is_enabled()['result']:
-        sys.exit("CA is already installed.\n")
+    if standalone:
+        if cainstance.is_ca_installed_locally():
+            sys.exit("CA is already installed on this host.")
+        elif api.Command.ca_is_enabled()['result']:
+            sys.exit(
+                "One or more CA masters are already present in IPA realm "
+                "'%s'.\nIf you wish to replicate CA to this host, please "
+                "re-run 'ipa-ca-install'\nwith a replica file generated on "
+                "an existing CA master as argument." % realm_name
+            )
 
     if options.external_cert_files:
         if not cainstance.is_step_one_done():
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to