From 3d13e08deee3586635e583c1d5ac8c722530ac2f Mon Sep 17 00:00:00 2001

From: Martin Babinsky <mbabinsk@redhat.com>

Date: Wed, 15 Jul 2015 14:15:49 +0200

Subject: [PATCH] ipa-ca-install: print more specific errors when CA is already

 installed

This patch implements a more thorough checking for already installed CAs

during standalone CA installation using ipa-ca-install. The installer now

differentiates between CA that is already installed locally and CA installed

on one or more masters in topology and prints an appropriate error message.

https://fedorahosted.org/freeipa/ticket/4492

Reviewed-By: Martin Basti <mbasti@redhat.com>

---

 ipaserver/install/ca.py | 12 ++++++++++--

 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py

index 0de992cb0c15f8161aae4937699baae2a94d305a..84cbf423246534259cd6b7a8cca25caa16e5594f 100644

--- a/ipaserver/install/ca.py

+++ b/ipaserver/install/ca.py

@@ -45,8 +45,16 @@ def install_check(standalone, replica_config, options):

         return

-    if standalone and api.Command.ca_is_enabled()['result']:

-        sys.exit("CA is already installed.\n")

+    if standalone:

+        if cainstance.is_ca_installed_locally():

+            sys.exit("CA is already installed on this host.")

+        elif api.Command.ca_is_enabled()['result']:

+            sys.exit(

+                "One or more CA masters are already present in IPA realm "

+                "'%s'.\nIf you wish to replicate CA to this host, please "

+                "re-run 'ipa-ca-install'\nwith a replica file generated on "

+                "an existing CA master as argument." % realm_name

+            )

     if options.external_cert_files:

         if not cainstance.is_step_one_done():

-- 

2.5.0