From a41457ec3a905a68af60c1b359c25679c3c5a7b7 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 27 Sep 2011 17:44:20 +0200
Subject: Detect CA installation type in ipa-replica-prepare and
 ipa-ca-install.

ipa-ca-install can only add a dogtag CA to an IPA install.

ipa-replica-prepare can only be run on the initial master with a
selfsign backend.

https://fedorahosted.org/freeipa/ticket/1756
https://fedorahosted.org/freeipa/ticket/1757
---
 install/tools/ipa-replica-prepare | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'install/tools/ipa-replica-prepare')

diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare
index 16536b378..038fd69c9 100755
--- a/install/tools/ipa-replica-prepare
+++ b/install/tools/ipa-replica-prepare
@@ -243,6 +243,9 @@ def main():
     if not options.pkinit_pkcs12 and not certs.ipa_self_signed():
         options.setup_pkinit = False
 
+    if certs.ipa_self_signed_master() == False:
+        sys.exit('A selfsign CA backend can only prepare on the original master')
+
     try:
         installutils.verify_fqdn(replica_fqdn, system_name_check=False)
     except RuntimeError, e:
-- 
cgit