Make pkinit setup optional in ipa-replica-prepare too.

Also add fixes for ipa-replica-install as that had issues too.

Fixes: https://fedorahosted.org/freeipa/ticket/527

1 files changed, 10 insertions, 5 deletions

diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index c58aed990..65107f027 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -158,7 +158,7 @@ def install_ca(config):
 
     cs = cainstance.CADSInstance()
     cs.create_instance(config.ds_user, config.realm_name, config.host_name, config.domain_name, config.dirman_password)
-    ca = cainstance.CAInstance()
+    ca = cainstance.CAInstance(config.realm_name)
     ca.configure_instance("pkiuser", config.host_name, config.dirman_password, config.dirman_password, pkcs12_info=(cafile,), master_host=config.master_host_name, subject_base=config.subject_base)
 
     return ca
@@ -295,10 +295,6 @@ def main():
     if options.setup_dns:
         check_bind()
 
-    # check the pkinit plugin is installed
-    if options.setup_pkinit:
-        check_pkinit()
-
     check_dirsrv()
 
     # get the directory manager password
@@ -349,6 +345,15 @@ def main():
     api.bootstrap(in_server=True)
     api.finalize()
 
+    #Automatically disable pkinit w/ dogtag until that is supported
+    #[certs.ipa_self_signed() must be called only after api.finalize()]
+    if not ipautil.file_exists(config.dir + "/pkinitcert.p12") and not certs.ipa_self_signed():
+        options.setup_pkinit = False
+
+    # check the pkinit plugin is installed
+    if options.setup_pkinit:
+        check_pkinit()
+
     # Try out the password
     ldapuri = 'ldap://%s' % config.master_host_name
     try: