From 3d13e08deee3586635e583c1d5ac8c722530ac2f Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabinsk@redhat.com>
Date: Wed, 15 Jul 2015 14:15:49 +0200
Subject: [PATCH] ipa-ca-install: print more specific errors when CA is already
 installed

This patch implements a more thorough checking for already installed CAs
during standalone CA installation using ipa-ca-install. The installer now
differentiates between CA that is already installed locally and CA installed
on one or more masters in topology and prints an appropriate error message.

https://fedorahosted.org/freeipa/ticket/4492

Reviewed-By: Martin Basti <mbasti@redhat.com>
---
 ipaserver/install/ca.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py
index 0de992cb0c15f8161aae4937699baae2a94d305a..84cbf423246534259cd6b7a8cca25caa16e5594f 100644
--- a/ipaserver/install/ca.py
+++ b/ipaserver/install/ca.py
@@ -45,8 +45,16 @@ def install_check(standalone, replica_config, options):
 
         return
 
-    if standalone and api.Command.ca_is_enabled()['result']:
-        sys.exit("CA is already installed.\n")
+    if standalone:
+        if cainstance.is_ca_installed_locally():
+            sys.exit("CA is already installed on this host.")
+        elif api.Command.ca_is_enabled()['result']:
+            sys.exit(
+                "One or more CA masters are already present in IPA realm "
+                "'%s'.\nIf you wish to replicate CA to this host, please "
+                "re-run 'ipa-ca-install'\nwith a replica file generated on "
+                "an existing CA master as argument." % realm_name
+            )
 
     if options.external_cert_files:
         if not cainstance.is_step_one_done():
-- 
2.5.0