Use Dogtag 10 only when it is available

Put the changes from Ade's dogtag 10 patch into namespaced constants in
dogtag.py, which are then referenced in the code.

Make ipaserver.install.CAInstance use the service name specified in the
configuration. Uninstallation, where config is removed before CA uninstall,
also uses the (previously) configured value.

This and Ade's patch address https://fedorahosted.org/freeipa/ticket/2846

1 files changed, 4 insertions, 1 deletions

diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare
index ce25681f..56f132a3 100755
--- a/install/tools/ipa-replica-prepare
+++ b/install/tools/ipa-replica-prepare
@@ -33,6 +33,7 @@ from ipaserver.install.replication import enable_replication_version_checking
 from ipaserver.install.installutils import resolve_host, BadHostError, HostLookupError
 from ipaserver.plugins.ldap2 import ldap2
 from ipapython import version
+from ipapython import dogtag
 from ipapython.config import IPAOptionParser
 from ipalib import api, errors, util
 from ipapython.dn import DN
@@ -304,7 +305,9 @@ def main():
         if options.reverse_zone and not bindinstance.verify_reverse_zone(options.reverse_zone, options.ip_address):
             sys.exit(1)
 
-    if not certs.ipa_self_signed() and not ipautil.file_exists("/var/lib/pki/pki-tomcat/conf/ca/CS.cfg") and not options.dirsrv_pin:
+    if (not certs.ipa_self_signed() and
+            not ipautil.file_exists(dogtag.configured_constants().CS_CFG_PATH) and
+            not options.dirsrv_pin):
         sys.exit("The replica must be created on the primary IPA server.\nIf you installed IPA with your own certificates using PKCS#12 files you must provide PKCS#12 files for any replicas you create as well.")
 
     check_ipa_configuration(api.env.realm)