From 4c70590c2a78b6d2cbfed585502442f733f26389 Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Mon, 8 Jun 2015 08:32:58 +0000 Subject: install: Fix external CA server install https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: David Kupka --- ipaserver/install/ca.py | 32 +++++++++++++++----------------- ipaserver/install/server/install.py | 7 ++++--- 2 files changed, 19 insertions(+), 20 deletions(-) (limited to 'ipaserver/install') diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py index 8a8214c68..1ef8b2c41 100644 --- a/ipaserver/install/ca.py +++ b/ipaserver/install/ca.py @@ -25,9 +25,6 @@ def install_check(standalone, replica_config, options): host_name = options.host_name subject_base = options.subject - if replica_config is None and options.external_cert_files: - return - if replica_config is not None: if standalone and api.env.ra_plugin == 'selfsign': sys.exit('A selfsign CA can not be added') @@ -51,17 +48,7 @@ def install_check(standalone, replica_config, options): if standalone and api.Command.ca_is_enabled()['result']: sys.exit("CA is already installed.\n") - if options.external_ca: - if cainstance.is_step_one_done(): - print("CA is already installed.\nRun the installer with " - "--external-cert-file.") - sys.exit(1) - if ipautil.file_exists(paths.ROOT_IPA_CSR): - print("CA CSR file %s already exists.\nIn order to continue " - "remove the file and run the installer again." % - paths.ROOT_IPA_CSR) - sys.exit(1) - elif options.external_cert_files: + if options.external_cert_files: if not cainstance.is_step_one_done(): # This can happen if someone passes external_ca_file without # already having done the first stage of the CA install. @@ -72,10 +59,21 @@ def install_check(standalone, replica_config, options): external_cert_file, external_ca_file = installutils.load_external_cert( options.external_cert_files, options.subject) + elif options.external_ca: + if cainstance.is_step_one_done(): + print("CA is already installed.\nRun the installer with " + "--external-cert-file.") + sys.exit(1) + if ipautil.file_exists(paths.ROOT_IPA_CSR): + print("CA CSR file %s already exists.\nIn order to continue " + "remove the file and run the installer again." % + paths.ROOT_IPA_CSR) + sys.exit(1) - if not cainstance.check_port(): - print ("IPA requires port 8443 for PKI but it is currently in use.") - sys.exit("Aborting installation") + if not options.external_cert_files: + if not cainstance.check_port(): + print("IPA requires port 8443 for PKI but it is currently in use.") + sys.exit("Aborting installation") if standalone: dirname = dsinstance.config_dirname( diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py index 6f47723bb..faa96127a 100644 --- a/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py @@ -422,8 +422,6 @@ def install_check(options): # Make sure the 389-ds ports are available check_dirsrv(options.unattended) - ca.install_check(False, None, options) - if options.conf_ntp: try: ipaclient.ntpconf.check_timedate_services() @@ -578,6 +576,9 @@ def install_check(options): else: admin_password = options.admin_password + if setup_ca: + ca.install_check(False, None, options) + if setup_kra: try: kra.install_check(None, options, False, @@ -760,7 +761,7 @@ def install(options): options.subject, 1101, 1100, None) if setup_ca: - if options.external_ca: + if not options.external_cert_files and options.external_ca: # stage 1 of external CA installation options.realm_name = realm_name options.domain_name = domain_name -- cgit