From a41457ec3a905a68af60c1b359c25679c3c5a7b7 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 27 Sep 2011 17:44:20 +0200
Subject: Detect CA installation type in ipa-replica-prepare and
 ipa-ca-install.

ipa-ca-install can only add a dogtag CA to an IPA install.

ipa-replica-prepare can only be run on the initial master with a
selfsign backend.

https://fedorahosted.org/freeipa/ticket/1756
https://fedorahosted.org/freeipa/ticket/1757
---
 ipaserver/install/certs.py | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'ipaserver/install/certs.py')

diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index affa26127..feac48a89 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -65,6 +65,19 @@ def ipa_self_signed():
     else:
         return False
 
+def ipa_self_signed_master():
+    """
+    The selfsign backend is enabled only one a single master.
+
+    Return True/False whether this is that master.
+
+    Returns None if not a self-signed server.
+    """
+    if ipa_self_signed():
+        return api.env.enable_ra
+    else:
+        return None
+
 def find_cert_from_txt(cert, start=0):
     """
     Given a cert blob (str) which may or may not contian leading and
-- 
cgit