diff options
author | Martin Babinsky <mbabinsk@redhat.com> | 2015-07-15 14:15:49 +0200 |
---|---|---|
committer | Petr Vobornik <pvoborni@redhat.com> | 2015-07-16 15:33:43 +0200 |
commit | f5fa38399277ab16fa32832f53580651ad4a4026 (patch) | |
tree | c09ba40e42d5346cfe6f67c02dc8071003c6f612 /ipaserver | |
parent | cc5be14eb7f59f4ac507e110871f15f8c9d48402 (diff) | |
download | freeipa-f5fa38399277ab16fa32832f53580651ad4a4026.tar.gz freeipa-f5fa38399277ab16fa32832f53580651ad4a4026.tar.xz freeipa-f5fa38399277ab16fa32832f53580651ad4a4026.zip |
ipa-ca-install: print more specific errors when CA is already installed
This patch implements a more thorough checking for already installed CAs
during standalone CA installation using ipa-ca-install. The installer now
differentiates between CA that is already installed locally and CA installed
on one or more masters in topology and prints an appropriate error message.
https://fedorahosted.org/freeipa/ticket/4492
Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/ca.py | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py index 498cc48a7..39f4435e2 100644 --- a/ipaserver/install/ca.py +++ b/ipaserver/install/ca.py @@ -45,8 +45,16 @@ def install_check(standalone, replica_config, options): return - if standalone and api.Command.ca_is_enabled()['result']: - sys.exit("CA is already installed.\n") + if standalone: + if cainstance.is_ca_installed_locally(): + sys.exit("CA is already installed on this host.") + elif api.Command.ca_is_enabled()['result']: + sys.exit( + "One or more CA masters are already present in IPA realm " + "'%s'.\nIf you wish to replicate CA to this host, please " + "re-run 'ipa-ca-install'\nwith a replica file generated on " + "an existing CA master as argument." % realm_name + ) if options.external_cert_files: if not cainstance.is_step_one_done(): |