From e1d6f9c6b94d96ca7d78a6eed64e9c705120d6fe Mon Sep 17 00:00:00 2001
From: Simo Sorce <ssorce@redhat.com>
Date: Mon, 22 Nov 2010 13:29:56 -0500
Subject: Make pkinit setup optional in ipa-replica-prepare too.

Also add fixes for ipa-replica-install as that had issues too.

Fixes: https://fedorahosted.org/freeipa/ticket/527
---
 install/tools/ipa-replica-install | 15 ++++++++++-----
 install/tools/ipa-replica-prepare |  5 +++++
 2 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index c58aed990..65107f027 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -158,7 +158,7 @@ def install_ca(config):
 
     cs = cainstance.CADSInstance()
     cs.create_instance(config.ds_user, config.realm_name, config.host_name, config.domain_name, config.dirman_password)
-    ca = cainstance.CAInstance()
+    ca = cainstance.CAInstance(config.realm_name)
     ca.configure_instance("pkiuser", config.host_name, config.dirman_password, config.dirman_password, pkcs12_info=(cafile,), master_host=config.master_host_name, subject_base=config.subject_base)
 
     return ca
@@ -295,10 +295,6 @@ def main():
     if options.setup_dns:
         check_bind()
 
-    # check the pkinit plugin is installed
-    if options.setup_pkinit:
-        check_pkinit()
-
     check_dirsrv()
 
     # get the directory manager password
@@ -349,6 +345,15 @@ def main():
     api.bootstrap(in_server=True)
     api.finalize()
 
+    #Automatically disable pkinit w/ dogtag until that is supported
+    #[certs.ipa_self_signed() must be called only after api.finalize()]
+    if not ipautil.file_exists(config.dir + "/pkinitcert.p12") and not certs.ipa_self_signed():
+        options.setup_pkinit = False
+
+    # check the pkinit plugin is installed
+    if options.setup_pkinit:
+        check_pkinit()
+
     # Try out the password
     ldapuri = 'ldap://%s' % config.master_host_name
     try:
diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare
index af7680155..d70741f1a 100755
--- a/install/tools/ipa-replica-prepare
+++ b/install/tools/ipa-replica-prepare
@@ -242,6 +242,11 @@ def main():
     api.bootstrap(in_server=True)
     api.finalize()
 
+    #Automatically disable pkinit w/ dogtag until that is supported
+    #[certs.ipa_self_signed() must be called only after api.finalize()]
+    if not options.pkinit_pkcs12 and not certs.ipa_self_signed():
+        options.setup_pkinit = False
+
     if options.ip_address:
         if not bindinstance.dns_container_exists(api.env.host, api.env.realm):
             print "You can't add a DNS record because DNS is not set up."
-- 
cgit