diff options
author | Martin Kosek <mkosek@redhat.com> | 2011-07-14 14:09:53 +0200 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2011-07-14 22:36:53 -0400 |
commit | d802aa57f16e3267b4db739721a56e041e5f888e (patch) | |
tree | e5bd63dfcf490160e08b012c72f174ee5f021be3 | |
parent | aece880d8f53d3f641a5a1ca3df494eb352117b1 (diff) | |
download | freeipa-d802aa57f16e3267b4db739721a56e041e5f888e.tar.gz freeipa-d802aa57f16e3267b4db739721a56e041e5f888e.tar.xz freeipa-d802aa57f16e3267b4db739721a56e041e5f888e.zip |
Fix self-signed replica installation
When a replica for self-signed server is being installed, the
installer crashes with "Not a dogtag CA installation". Make sure
that installation is handled correctly for both dogtag and
self-signed replicas.
https://fedorahosted.org/freeipa/ticket/1479
-rwxr-xr-x | install/tools/ipa-ca-install | 4 | ||||
-rw-r--r-- | ipaserver/install/cainstance.py | 4 |
2 files changed, 6 insertions, 2 deletions
diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install index edd8f4cfd..e6adae057 100755 --- a/install/tools/ipa-ca-install +++ b/install/tools/ipa-ca-install @@ -134,6 +134,10 @@ def main(): # Configure the CA if necessary (CA, cs) = cainstance.install_replica_ca(config, postinstall=True) + if not CA: + # not a dogtag CA replica + sys.exit("Not a dogtag CA installation!") + # We need to ldap_enable the CA now that DS is up and running CA.ldap_enable('CA', config.host_name, config.dirman_password, util.realm_to_suffix(config.realm_name)) diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 4ace26db5..fbc566a28 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -1109,8 +1109,8 @@ def install_replica_ca(config, postinstall=False): cafile = config.dir + "/cacert.p12" if not ipautil.file_exists(cafile): - # not a dogtag CA replica - sys.exit('Not a dogtag CA installation') + # self-signed replica + return (None, None) if not config.setup_ca: # We aren't configuring the CA in this step but we still need |