summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Cholasta <jcholast@redhat.com>2013-06-03 10:20:52 +0200
committerPetr Viktorin <pviktori@redhat.com>2013-06-12 12:59:54 +0200
commit5ae8515c20d1963a371210e47982beec5dd6ea00 (patch)
treeff3e91ae6c9a54f80368441d0e4a32a6d975ad44
parent2ccadf4726d580d12043070180c3c85b58b5db44 (diff)
downloadfreeipa-5ae8515c20d1963a371210e47982beec5dd6ea00.zip
freeipa-5ae8515c20d1963a371210e47982beec5dd6ea00.tar.gz
freeipa-5ae8515c20d1963a371210e47982beec5dd6ea00.tar.xz
Do not allow installing CA replicas in CA-less setup.
https://fedorahosted.org/freeipa/ticket/3673 https://fedorahosted.org/freeipa/ticket/3674
-rwxr-xr-xinstall/tools/ipa-ca-install4
-rwxr-xr-xinstall/tools/ipa-replica-install4
2 files changed, 8 insertions, 0 deletions
diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install
index 3b7e9d2..060cc66 100755
--- a/install/tools/ipa-ca-install
+++ b/install/tools/ipa-ca-install
@@ -160,6 +160,10 @@ def main():
config.dir = dir
config.setup_ca = True
+ if ipautil.file_exists(config.dir + "/dscert.p12"):
+ print 'CA cannot be installed in CA-less setup.'
+ sys.exit(1)
+
portfile = config.dir + "/dogtag_directory_port.txt"
if not ipautil.file_exists(portfile):
dogtag_master_ds_port = str(dogtag.Dogtag9Constants.DS_PORT)
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 209ca85..5b3a88f 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -513,6 +513,10 @@ def main():
config.dir = dir
config.setup_ca = options.setup_ca
+ if config.setup_ca and ipautil.file_exists(config.dir + "/dscert.p12"):
+ print 'CA cannot be installed in CA-less setup.'
+ sys.exit(1)
+
installutils.verify_fqdn(config.master_host_name, options.no_host_dns)
portfile = config.dir + "/dogtag_directory_port.txt"