Do not allow installing CA replicas in CA-less setup.

https://fedorahosted.org/freeipa/ticket/3673
https://fedorahosted.org/freeipa/ticket/3674

2 files changed, 8 insertions, 0 deletions

diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install
index 3b7e9d206..060cc6692 100755
--- a/install/tools/ipa-ca-install
+++ b/install/tools/ipa-ca-install
@@ -160,6 +160,10 @@ def main():
     config.dir = dir
     config.setup_ca = True
 
+    if ipautil.file_exists(config.dir + "/dscert.p12"):
+        print 'CA cannot be installed in CA-less setup.'
+        sys.exit(1)
+
     portfile = config.dir + "/dogtag_directory_port.txt"
     if not ipautil.file_exists(portfile):
         dogtag_master_ds_port = str(dogtag.Dogtag9Constants.DS_PORT)
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 209ca850f..5b3a88f6a 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -513,6 +513,10 @@ def main():
     config.dir = dir
     config.setup_ca = options.setup_ca
 
+    if config.setup_ca and ipautil.file_exists(config.dir + "/dscert.p12"):
+        print 'CA cannot be installed in CA-less setup.'
+        sys.exit(1)
+
     installutils.verify_fqdn(config.master_host_name, options.no_host_dns)
 
     portfile = config.dir + "/dogtag_directory_port.txt"