ipa-ca-install: print more specific errors when CA is already installed

This patch implements a more thorough checking for already installed CAs
during standalone CA installation using ipa-ca-install. The installer now
differentiates between CA that is already installed locally and CA installed
on one or more masters in topology and prints an appropriate error message.

https://fedorahosted.org/freeipa/ticket/4492

Reviewed-By: Martin Basti <mbasti@redhat.com>

1 files changed, 10 insertions, 2 deletions

diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py
index 498cc48a7..39f4435e2 100644
--- a/ipaserver/install/ca.py
+++ b/ipaserver/install/ca.py
@@ -45,8 +45,16 @@ def install_check(standalone, replica_config, options):
 
         return
 
-    if standalone and api.Command.ca_is_enabled()['result']:
-        sys.exit("CA is already installed.\n")
+    if standalone:
+        if cainstance.is_ca_installed_locally():
+            sys.exit("CA is already installed on this host.")
+        elif api.Command.ca_is_enabled()['result']:
+            sys.exit(
+                "One or more CA masters are already present in IPA realm "
+                "'%s'.\nIf you wish to replicate CA to this host, please "
+                "re-run 'ipa-ca-install'\nwith a replica file generated on "
+                "an existing CA master as argument." % realm_name
+            )
 
     if options.external_cert_files:
         if not cainstance.is_step_one_done():