Do better detection on status of CA DS instance when installing.

The conditional used to determine if thd CA 389-ds instance was already configured was rather poor so it was possible to pass command-line arguments in to confuse it. This would cause it to not be installed at all causing the dogtag installation to fail in a strange way. https://fedorahosted.org/freeipa/ticket/1244
author: Rob Crittenden <rcritten@redhat.com> 2011-06-10 15:28:46 -0400
committer: Rob Crittenden <rcritten@redhat.com> 2011-06-13 00:15:14 -0400
commit: 9f72637b13c2001d1c7e8842f75347f9af74190e (patch)
tree: b34b1491db062d763a45fab375faaa47ec2726ff /install/tools/ipa-server-install
parent: cb70784e6fd864132d8e6f97e2a5c7d179ef5c0b (diff)
download: freeipa-9f72637b13c2001d1c7e8842f75347f9af74190e.tar.gz
freeipa-9f72637b13c2001d1c7e8842f75347f9af74190e.tar.xz
freeipa-9f72637b13c2001d1c7e8842f75347f9af74190e.zip
1 files changed, 4 insertions, 4 deletions
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 18319bed9..8fb13a3a7 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -750,15 +750,15 @@ def main():
             print "%s does not exist" % options.external_ca_file
             sys.exit(1);
 
-        if options.external_cert_file is None:
-            cs = cainstance.CADSInstance()
+        cs = cainstance.CADSInstance(host_name, realm_name, domain_name, dm_password)
+        if not cs.is_configured():
             cs.create_instance(realm_name, host_name, domain_name, dm_password, subject_base=options.subject)
         ca = cainstance.CAInstance(realm_name, certs.NSS_DIR)
         if external == 0:
             ca.configure_instance(host_name, dm_password, dm_password,
                                   subject_base=options.subject)
         elif external == 1:
-            # stage 2 of external CA installation
+            # stage 1 of external CA installation
             options.realm_name = realm_name
             options.domain_name = domain_name
             options.master_password = master_password
@@ -771,11 +771,11 @@ def main():
                                   csr_file="/root/ipa.csr",
                                   subject_base=options.subject)
         else:
+            # stage 2 of external CA installation
             if not ca.is_installed():
                 # This can happen if someone passes external_ca_file without
                 # already having done the first stage of the CA install.
                 sys.exit('CA is not installed yet. To install with an external CA is a two-stage process.\nFirst run the installer with --external-ca.')
-            cs = cainstance.CADSInstance(host_name, realm_name, domain_name, dm_password)
             ca.configure_instance(host_name, dm_password, dm_password,
                                   cert_file=options.external_cert_file,
                                   cert_chain_file=options.external_ca_file,
author	Rob Crittenden <rcritten@redhat.com>	2011-06-10 15:28:46 -0400
committer	Rob Crittenden <rcritten@redhat.com>	2011-06-13 00:15:14 -0400
commit	9f72637b13c2001d1c7e8842f75347f9af74190e (patch)
tree	b34b1491db062d763a45fab375faaa47ec2726ff /install/tools/ipa-server-install
parent	cb70784e6fd864132d8e6f97e2a5c7d179ef5c0b (diff)
download	freeipa-9f72637b13c2001d1c7e8842f75347f9af74190e.tar.gz freeipa-9f72637b13c2001d1c7e8842f75347f9af74190e.tar.xz freeipa-9f72637b13c2001d1c7e8842f75347f9af74190e.zip