diff options
author | Rob Crittenden <rcritten@redhat.com> | 2011-09-27 17:44:20 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2011-09-27 17:51:44 +0200 |
commit | 08ec4b0ddf0a6c8278d13d162345bc0f6821f993 (patch) | |
tree | 8e953a69896ddf06f320557b76bd28475cb32030 /ipaserver/install | |
parent | 84744a25915f4a6ff84809f17daae95d170d3b98 (diff) | |
download | freeipa-08ec4b0ddf0a6c8278d13d162345bc0f6821f993.tar.gz freeipa-08ec4b0ddf0a6c8278d13d162345bc0f6821f993.tar.xz freeipa-08ec4b0ddf0a6c8278d13d162345bc0f6821f993.zip |
Detect CA installation type in ipa-replica-prepare and ipa-ca-install.
ipa-ca-install can only add a dogtag CA to an IPA install.
ipa-replica-prepare can only be run on the initial master with a
selfsign backend.
https://fedorahosted.org/freeipa/ticket/1756
https://fedorahosted.org/freeipa/ticket/1757
Diffstat (limited to 'ipaserver/install')
-rw-r--r-- | ipaserver/install/certs.py | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index affa26127..feac48a89 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -65,6 +65,19 @@ def ipa_self_signed(): else: return False +def ipa_self_signed_master(): + """ + The selfsign backend is enabled only one a single master. + + Return True/False whether this is that master. + + Returns None if not a self-signed server. + """ + if ipa_self_signed(): + return api.env.enable_ra + else: + return None + def find_cert_from_txt(cert, start=0): """ Given a cert blob (str) which may or may not contian leading and |