Hello, Fix ipa-replica-prepare's error message about missing local CA instance
ipa-replica-prepare must be run on a replica with CA or all the certs needs to be provided (for CA-less case). The old messages were utterly confusing because they mixed errors about missing certs and missing local CA instance into one text. https://fedorahosted.org/freeipa/ticket/6134 -- Petr^2 Spacek
From c47c6966107f7d913137667cb9164f5f43c5daaa Mon Sep 17 00:00:00 2001 From: Petr Spacek <pspa...@redhat.com> Date: Mon, 1 Aug 2016 17:32:04 +0200 Subject: [PATCH] Fix ipa-replica-prepare's error message about missing local CA instance ipa-replica-prepare must be run on a replica with CA or all the certs needs to be provided (for CA-less case). The old messages were utterly confusing because they mixed errors about missing certs and missing local CA instance into one text. https://fedorahosted.org/freeipa/ticket/6134 --- ipaserver/install/ipa_replica_prepare.py | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/ipaserver/install/ipa_replica_prepare.py b/ipaserver/install/ipa_replica_prepare.py index fdd32f0c8437a0d8c3947d57089662ea09bb2304..49c4552a80540e4b7c1242bdaf9dc583259d7149 100644 --- a/ipaserver/install/ipa_replica_prepare.py +++ b/ipaserver/install/ipa_replica_prepare.py @@ -236,6 +236,10 @@ class ReplicaPrepare(admintool.AdminTool): except errors.DatabaseError as e: raise admintool.ScriptError(e.desc) + if ca_enabled and not ipautil.file_exists(paths.CA_CS_CFG_PATH): + raise admintool.ScriptError( + "CA is not installed on this server. " + "ipa-replica-prepare must be ran on an IPA server with CA.") if not ca_enabled and not options.http_cert_files: raise admintool.ScriptError( "Cannot issue certificates: a CA is not installed. Use the " @@ -347,13 +351,6 @@ class ReplicaPrepare(admintool.AdminTool): "Apache Server SSL certificate and Directory Server SSL " "certificate are not signed by the same CA certificate") - if (not ipautil.file_exists(paths.CA_CS_CFG_PATH) and - options.dirsrv_pin is None): - self.log.info("If you installed IPA with your own certificates " - "using PKCS#12 files you must provide PKCS#12 files for any " - "replicas you create as well.") - raise admintool.ScriptError("The replica must be created on the " - "primary IPA server.") def run(self): options = self.options -- 2.7.4
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code